cloud-sdk-java icon indicating copy to clipboard operation
cloud-sdk-java copied to clipboard

Published 20 hours ago verified publisher icon SAP

chore: [DevOps] bump the production-minor-patch group across 1 directory with 6 updates

Open dependabot[bot] opened this issue 9 months ago • 0 comments

Bumps the production-minor-patch group with 6 updates in the / directory:

Package From To
org.springframework:spring-framework-bom 6.1.6 6.1.7
com.sap.cloud:neo-java-web-api 4.76.4 4.77.7
org.openapitools:openapi-generator 7.5.0 7.6.0
com.sap.cloud.security:java-bom 3.4.3 3.5.0
com.google.code.gson:gson 2.10.1 2.11.0
io.grpc:grpc-bom 1.63.0 1.64.0

Updates org.springframework:spring-framework-bom from 6.1.6 to 6.1.7

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v6.1.7

:star: New Features

  • ResponseEntity is not reliably closed with InputStreamResource #32802
  • Accept ajc-compiled @Aspect classes for Spring AOP proxy usage #32793
  • Failure to process a bean definition ahead-of-time with an instance supplier should provide more contextual information #32775
  • Provide methods to unambiguously send form data with MockMvc #32757
  • Introduce NoOp implementation for ResponseErrorHandler #32750
  • Support varargs invocations in SpEL for varargs array subtype #32704
  • StreamUtils.copyRange overreads source stream in some cases #32695
  • Modify error message when timeout is less than TIMEOUT_DEFAULT #32635
  • Jetty HttpConnections not closed with SSE on Jetty 12.0.7+ when clients close the connection #32629
  • Prevent duplicate subscription ID's in destinationCache of DefaultSubscriptionRegistry #32625
  • When retrieval of a LoadTimeWeaverAware bean fails the resulting exception message may not indicate why it was being created #32470

:lady_beetle: Bug Fixes

  • Do not send Cookie header in reactive JdkClientHttpRequest if no cookies added #32799
  • Inconsistent use of cleaned URLs in PathMatchingResourcePatternResolver #32828
  • DeferredQueryInvocationHandler fails to unwrap QuerySqmImpl class outside of transaction #32766
  • BindingReflectionHintsRegistrar#registerReflectionHints can be invoked with a null type #32753
  • AnnotationConfigWebApplicationContext should propagate ApplicationStartup to BeanFactory #32747
  • Ignore non-String keys in PropertiesPropertySource.getPropertyNames() #32742
  • MergedAnnotations search does not find container for repeatable annotation #32731
  • "multiple subscribers not supported" when using WebClient exchange #32727
  • ConfigurationClassEnhancer should consistently trigger FastClass creation at build-time #32682
  • HttpComponentsClientHttpRequestFactory does not set Content-Length: 0 #32678
  • Wrong proxy generation order during AOT for classes with ScopedProxyMode.TARGET\_CLASS and advisors #32669
  • Unhandled JMS listener exceptions are not propagated #32666
  • beanFactory#getBean with arguments ignore them if an Instance supplier is defined #32657
  • Incorrect AsyncRequestTimeoutException handling in ResponseEntityExceptionHandler #32644
  • Include actual cause's message in various parsing exception messages #32636
  • Configuration class with Bean factory method on an interface generates wrong target with AOT #32609
  • RestClient observations are stopped before ResponseSpec calls #32575
  • MvcUriComponentsBuilder.fromMethodName does not pick the annotated method transparently #32553
  • Deadlock/Stall in ConcurrentWebSocketSessionDecorator with Undertow 2.3.10 #32445
  • RSocket setup payload can cause Netty ByteBuf leak #32424
  • WebFlux temporary file not always deleted with parallel uploads. #31217

:notebook_with_decorative_cover: Documentation

  • Replace RFC 7807 by RFC 9457 in documentation #32806
  • Links to Framework and Servlet Javadoc from Framework's Kotlin API documentation are broken #32797
  • Fix incorrect class reference syntax in Kotlin code sample #32733
  • Improve documentation advising against use of HandlerInterceptor for security #32729
  • Inconsistent behaviour on transactional async method #32709
  • Document that getBean with arguments is not recommended with AOT #32690
  • Provide an example of custom request URL with RestClient in the reference guide #32685
  • Correct documentation on streaming with MockMvcWebTestClient #32687
  • Document limitations of CGLIB proxy class generation in JPMS module setups #32671

... (truncated)

Commits
  • 5d6f2c8 Release v6.1.7
  • 010e8a3 Polishing contribution
  • 78549d4 Fix cookie management in reactive JdkClientHttpRequest
  • e4e6910 Polishing
  • 2270df5 Enforce cleaned URL for root resource from ClassLoader
  • 70886e3 Upgrade to Reactor 2023.0.6
  • e509385 Add InputStreamResource(InputStreamSource) constructor for lambda expressions
  • b7aafda Polishing
  • a89a88d Upgrade to Micrometer 1.12.6
  • c6b6ccd Close ResponseBodyEmitter in case of write errors
  • Additional commits viewable in compare view

Updates com.sap.cloud:neo-java-web-api from 4.76.4 to 4.77.7

Updates org.openapitools:openapi-generator from 7.5.0 to 7.6.0

Release notes

Sourced from org.openapitools:openapi-generator's releases.

v7.6.0 released

General

  • Skip setting output folder in online service #18652
  • fix: Upgrade testng to avoid CVE-2022-4065 #18635
  • [refactor] Use getType in ModelUtils #18577
  • Fix null type check when simplifying any type #18504
  • fix: ExampleGenerator for composed child schemas and array schemas #18479

C#

  • [csharp] Fixed nullability of composed schemas #18408
  • [C#] made the HttpSigning method public to get the signed header #18496

C++

  • [[BUG][C][cpp-restsdk] fix missing Set.h #18631
  • [C++][Pistache] Compile error when nesting component/schema reference objects #18586

Dart

  • [dart-dio] Incorrect hashCode and == overide for fields withList #18198
  • [dart] [dart-dio] Support Dart3 #18001

Go

  • [GO][Client] Generated GO Client Time Query Param Millisecond Resolution Fix #18673
  • Add an option to skip unmarshall json in Go client generator #18448
  • [GO] Add assert constraints checks for complex types in the model template #18654
  • [Go] uses sanitized model name instead of the name #18644
  • [go-server] Fix: error handling and linting #18550

HTML

  • [html2] Fix incorrectly sanitizesd response headers #18685
  • [html2] Add oneOf support #18642
  • [html2] Support alias types #18579
  • [html2] Fix rendering of arrays of objects in html2 docs #18561

Java

  • upgrade microprofile to junit5 #18669
  • upgrade okhttp-gson and google-api-client to junit5 #18668
  • [BUG][JAVA] Prevent generating "pattern" and "size" to ENUM #18658
  • [BUG][JAVA] oneOf/anyOf multiple constructors with same erasure #18645
  • Add support for Helidon 4 MP client and server generation #18627
  • upgrade java native to junit5 #18617
  • upgrade apache-httpclient to junit5 #18616
  • upgrade resteasy to junit5 #18615
  • [jaxrs-spec] fix nullable import, migrate tests to 3.0 spec #18606
  • [BUG] [Java] Invalid code generation for oneof types #18544
  • Add new option allArgConstructor for java client, spring generators #18538
  • [Java][Client] Add support for the new Spring RestClient #18522
  • Fixes incorrect Jackson imports in Java templates used in ApiClient.java when useJakartaEe=true #18507

Kotlin

  • [KOTLIN] Kotlinx serialization, use first party retrofit converter factory #18656

... (truncated)

Commits
  • ab7d0cb 7.6.0 release (#18708)
  • ef0d10d Use time.RFC3339Nano instead of time.RFC3339, do not want to loose the millis...
  • 33617ee Improve generation of selected models with dependent models (#18462)
  • 9b0ca06 [html2] Change to correct variable (#18685)
  • 3d15864 [dart-dio] Incorrect hashCode and == overide for fields withList (#18198)
  • 8924083 Ruby: Fixed CodeQL polynomial regexp (#18699)
  • e9f961e [rust-axum] Split up api trait per tag (#18621)
  • 57dceae Improve typescript-fetch code generation for oneOf cases without discrimina...
  • 62238c6 [typescript-fetch] Make instanceOf infer type and check for undefineds (#18694)
  • 2fe397c synn beea validation template (jaxrs) (#18697)
  • Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 3.4.3 to 3.5.0

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

Version 3.5.0

  • [java-api]
    • ClientIdentity interface has been extended with 2 new methods getCertificateChain() and getPrivateKey() and ClientCertificate class has been extended with new constructor that takes java.security.cert.Certificate[] and java.security.PrivateKey as an argument and corresponding getters for these fields.
    • user_token grant type has been re-added to GrantType enum
  • [token-client] SSLContextFactory class has been extended and supports Keys in PKCS#8 format with ECC algorithm.
  • [spring-security]
    • fixed NPE in IdentityServicesPropertySourceFactory on application startup when bound to a list of XSUAA services whose service plans are ALL not supported
    • provides an autoconfiguration that creates an Identity Service JwtDecoder with enabled proof token check. To enable it, set the sap.spring.security.identity.prooftoken spring property to true.
    • Fixes an issue with MockMvc when the SecurityContexts are synced. It sets SecurityContextStrategy based on an EnvironmentPostProcessor as in this scenario the servlet initialization is not happening and the code runs too late due to that.

Dependency upgrades

  • Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6
  • Bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.39.1
  • Bump spring.core.version from 6.1.6 to 6.1.7
Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.5.0

  • [java-api]
    • ClientIdentity interface has been extended with 2 new methods getCertificateChain() and getPrivateKey() and ClientCertificate class has been extended with new constructor that takes java.security.cert.Certificate[] and java.security.PrivateKey as an argument and corresponding getters for these fields.
    • user_token grant type has been re-added to GrantType enum
  • [token-client] SSLContextFactory class has been extended and supports Keys in PKCS#8 format with ECC algorithm.
  • [spring-security]
    • fixed NPE in IdentityServicesPropertySourceFactory on application startup when bound to a list of XSUAA services whose service plans are ALL not supported
    • provides an autoconfiguration that creates an Identity Service JwtDecoder with enabled proof token check. To enable it, set the sap.spring.security.identity.prooftoken spring property to true.
    • Fixes an issue with MockMvc when the SecurityContexts are synced. It sets SecurityContextStrategy based on an EnvironmentPostProcessor as in this scenario the servlet initialization is not happening and the code runs too late due to that.

Dependency upgrades

  • Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6
  • Bump com.nimbusds:nimbus-jose-jwt from 9.37.3 to 9.39.1
  • Bump spring.core.version from 6.1.6 to 6.1.7
Commits
  • e4215fa Bump version to 3.5.0 (#1545)
  • 5b49ddb provide a JwtDecoder bean with enabled prooftoken check (#1539)
  • 601b29c Bump spring.core.version from 6.1.6 to 6.1.7 (#1544)
  • cbcb310 Set SecurityContextStrategy based on an EnvironmentPostProcessor (#1536)
  • 22058f9 Bump io.projectreactor:reactor-core from 3.6.5 to 3.6.6 (#1540)
  • 805ee37 Bump io.projectreactor:reactor-test from 3.6.5 to 3.6.6 (#1541)
  • 2f4c931 Bump org.owasp:dependency-check-maven from 9.1.0 to 9.2.0 (#1542)
  • 636a03a Bump com.nimbusds:nimbus-jose-jwt from 9.39 to 9.39.1 (#1543)
  • 37c630a Support PKCS#8 standard keys from Zero trust Identity Service (#1528)
  • ceca47e add user_token again to GrantType enum to allow validation of such tokens (#1...
  • Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.10.1 to 2.11.0

Commits
  • 828a97b [maven-release-plugin] prepare release gson-parent-2.11.0
  • 93bc0f2 Skip signing graal-native-test module. (#2675)
  • b153ca1 [maven-release-plugin] rollback the release of gson-parent-2.11.0
  • 0e3d2aa [maven-release-plugin] prepare for next development iteration
  • 545b802 [maven-release-plugin] prepare release gson-parent-2.11.0
  • 8bfdbb4 Guarantee that JsonElement.toString() produces JSON (#2659)
  • 9008b09 Extend Troubleshooting Guide with some ProGuard / R8 information (#2656)
  • 05652c3 Document that other JVM languages are not fully supported (#2666)
  • 454a491 Improved Long-Double Number Policy (#2674)
  • 570d911 Bump the github-actions group with 4 updates (#2671)
  • Additional commits viewable in compare view

Updates io.grpc:grpc-bom from 1.63.0 to 1.64.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.64.0

API Changes

  • compiler: the option jakarta_omit was renamed @generated=omit (#11086) (8a21afcc9)

New Features

  • New API LoadBalancer.getChannelTarget() (4561bb5b8)
  • opentelemetry: Publish new module grpc-opentelemetry (5ba1a5563). The feature is still missing documentation and an example. It only supports metrics; tracing and logs will be future enhancements. See gRFC A66
  • bazel: Add support for bzlmod (#11046) (d1890c0ac)
  • bazel: Replace usages of the old compatibility maven targets with @maven targets (00649913b)
  • okhttp: Support serverBuilder.maxConcurrentCallsPerConnection (Fixes #11062). (#11063) (805072339)
  • xds: Experimental metrics recording in WRR LB (06df25b65, 35a171bc1, 2897b3939), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry. See gRFC A78
  • rls: Experimental metrics recording in RLS LB (a9fb272b7, a1d19327f, 813331837), to be exported by grpc-opentelemetry if explicitly enabled in GrpcOpenTelemetry

Improvements

  • examples: support bazel build for retry policy example (58de563fa)
  • netty: Allow deframer errors to close stream with a status code, as long as headers have not yet been sent (e036b1b19). This will greatly improve the debuggability of certain server errors in particular cases. Instead of the client seeing “CANCELLED: RST_STREAM closed stream. HTTP/2 error code: CANCEL”, they could see “RESOURCE_EXHAUSTED: gRPC message exceeds maximum size 4194304: 6144592”
  • netty: Improve handling of unexpected write queue promise failures (#11016)
  • servlet: Avoid unnecessary FINEST hex string conversion by checking log level. Fixes #11031. (f7ee5f318)
  • StatusException/StatusRuntimeException hide stack trace in a simpler way (#11064) (e36f099be)
  • util: Status desc for outlier detection ejection (#11036) (10cb4a3be)
  • binder: Helper class to allow in process servers to use peer uids in test (#11014) (537dbe826)
  • Add load() statements for the Bazel builtin top-level java symbols (#11105) (add8c37a4)
  • Add StatusProto.toStatusException overload to accept Throwable (#11083) (5c9b49231)

Bug fixes

  • Fix retry race condition that can lead to double decrementing inFlightSubStreams and so miss calling closed (#11026) (bdb623031)
  • Change defaults to use the older PickFirstLoadBalancer and disable Happy Eyeballs. This disables a performance optimization added in v1.63. (#11120) We have had a report that the new implementation can trigger a NullPointerException
  • core: Transition to CONNECTING immediately when exiting idle (2c5f0c22c). Previously the visible state change from channel.getState() was delayed until the name resolver returned results. This had no impact to RPC behavior
  • xds: Specify a locale for upper/lower case conversions (e6305930d)
  • rls: Synchronization fixes in CachingRlsLbClient (6e97b180b). These races had not been witnessed in practice
  • rls: Guarantee backoff will update RLS picker (f9b6e5f92). This fixes a regression introduced by 6e97b180b that could hang RPCs instead of using fallback, but fixes a pre-existing bug that could greatly delay RPCs from using fallback.
  • rls: Fix time handling in CachingRlsLbClient (da619e2bd). This could have caused backoff entries to improperly be considered expired
  • xds: Properly disable the default endpoint identification algorithm with XdsChannelCredentials (097a46b76). The credential does its own verification and the default needs to be disabled for SPIFFE
  • netty: Release SendGrpcFrameCommand when stream is missing (#11116) (fb9a10809)
  • okhttp: Remove finished stream even if a pending stream was started (d21fe32be)

Dependencies

  • cronet: Update Cronet to latest release + Move to Stable Cronet APIs. (5a8da19f3)
  • cronet: @​javadoc update android permission MODIFY_NETWORK_ACCOUNTING (deprecated) => UPDATE_DEVICE_STATS (c703a1ee0)
  • cronet: Update to Java-8 API's and tighten the scopes (163efa371)
  • cronet: Update to StandardCharsets and assertNotNull API's (77e59b29d)

Acknowledgements

@​panchenko @​Ashok-Varma @​benjaminp @​AutomatedTester @​hypnoce @​keith @​laglangyue

... (truncated)

Commits
  • a54c72f Bump version to 1.64.0
  • 2c1b07c Update README etc to reference 1.64.0
  • 9798e4a all: Add opentelemetry
  • d086f5a opentelemetry: Mark registerGlobal() as experimental
  • 3158f91 rls: Guarantee backoff will update RLS picker
  • 80f872e xds, rls: Experimental metrics are disabled by default (#11196) (#11197)
  • cc587e6 opentelemetry: Publish grpc opentelemetry (#11187) (#11195)
  • 8133318 rls: Add gauge metric recording (#11175)
  • f737cbc api: Hide internal metric APIs
  • 1e731be opentelemetry: Rename and stabilize API OpenTelemetryModule
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar May 20 '24 10:05 dependabot[bot]