Wildbook
Wildbook copied to clipboard
WildMeOrg
Bump org.apache.shiro:shiro-core from 1.4.2 to 2.0.2
Bumps org.apache.shiro:shiro-core from 1.4.2 to 2.0.2.
Release notes
Sourced from org.apache.shiro:shiro-core's releases.
Apache Shiro 2.0.2
Enhancements
- #1381 enh: Build on JDK 22 by
@lprimakin apache/shiro#1530- #1762 enh: follow desired request scheme when doing redirection by
@lprimakin apache/shiro#1727- enh(jakarta,it-tests): no longer relying on hardcoded https port in t… by
@lprimakin apache/shiro#1808Bug fixes
- [SHIRO-875] Fix creating subjects from a
SubjectFactorythat disables session-creation by@boris-petrovin apache/shiro#1514- bugfix(deps): remove junit bom from root by
@lprimakin apache/shiro#1690Maintenance Tasks
- chore: re-enabled API compatibility check plugin by
@lprimakin apache/shiro#1652- enh(checkstyle): disable method name validation for test classes by
@lprimakin apache/shiro#1650Dependency updates
- update quartz to 2.4.0-rc2, fix CVE-2023-39017 by
@minchai23in apache/shiro#1498- chore(deps): bump org.quartz-scheduler:quartz from 2.4.0-rc2 to 2.5.0-rc1 by
@dependabotin apache/shiro#1503- chore(deps-dev): bump org.assertj:assertj-core from 3.25.3 to 3.26.0 by
@dependabotin apache/shiro#1505- chore(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.6.14 by
@dependabotin apache/shiro#1506- chore(deps): bump com.puppycrawl.tools:checkstyle from 10.16.0 to 10.17.0 by
@dependabotin apache/shiro#1504- chore(deps): bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.14 to 1.7.0 by
@dependabotin apache/shiro#1508- chore(deps): bump bytebuddy.version from 1.14.16 to 1.14.17 by
@dependabotin apache/shiro#1509- chore(deps-dev): bump org.hsqldb:hsqldb from 2.7.2 to 2.7.3 by
@dependabotin apache/shiro#1511- chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by
@dependabotin apache/shiro#1515- chore(deps): bump com.flowlogix:flowlogix-jee from 5.5.3 to 5.5.4 by
@dependabotin apache/shiro#1518- chore(deps): bump org.apache.maven.plugins:maven-jxr-plugin from 3.3.2 to 3.4.0 by
@dependabotin apache/shiro#1519- chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by
@dependabotin apache/shiro#1520- chore(deps): bump org.apache.maven.plugins:maven-help-plugin from 3.4.0 to 3.4.1 by
@dependabotin apache/shiro#1522- chore(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 by
@dependabotin apache/shiro#1523- chore(deps): bump org.htmlunit:htmlunit from 4.1.0 to 4.2.0 by
@dependabotin apache/shiro#1524- chore(deps-dev): bump org.easymock:easymock from 5.2.0 to 5.3.0 by
@dependabotin apache/shiro#1527- chore(deps): bump org.apache.commons:commons-configuration2 from 2.10.1 to 2.11.0 by
@dependabotin apache/shiro#1528- chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 by
@dependabotin apache/shiro#1533- chore(deps): bump org.apache.maven.plugins:maven-pmd-plugin from 3.22.0 to 3.23.0 by
@dependabotin apache/shiro#1534- chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 by
@dependabotin apache/shiro#1535- chore(deps): bump spring.version from 5.3.36 to 5.3.37 by
@dependabotin apache/shiro#1539- chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 by
@dependabotin apache/shiro#1536- deps: updated javassist to latest by
@lprimakin apache/shiro#1545- chore(deps-dev): bump tomcat.version from 10.1.24 to 10.1.25 by
@dependabotin apache/shiro#1546- chore(deps): bump org.apache.maven.plugins:maven-scm-publish-plugin from 3.2.1 to 3.3.0 by
@dependabotin apache/shiro#1553- chore(deps): bump junit.version from 5.10.2 to 5.10.3 by
@dependabotin apache/shiro#1555- chore(deps): bump org.htmlunit:htmlunit from 4.2.0 to 4.3.0 by
@dependabotin apache/shiro#1556- chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by
@dependabotin apache/shiro#1557- chore(deps): bump org.projectlombok:lombok from 1.18.32 to 1.18.34 by
@dependabotin apache/shiro#1558- chore(deps): bump org.owasp:dependency-check-maven from 9.2.0 to 10.0.0 by
@dependabotin apache/shiro#1564- chore(deps): bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.0 by
@dependabotin apache/shiro#1562- chore(deps): bump groovy.version from 4.0.21 to 4.0.22 by
@dependabotin apache/shiro#1563- chore(deps): bump org.owasp:dependency-check-maven from 10.0.0 to 10.0.1 by
@dependabotin apache/shiro#1565- chore(deps): bump jetty.version from 9.4.54.v20240208 to 9.4.55.v20240627 by
@dependabotin apache/shiro#1567- chore(deps): bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 by
@dependabotin apache/shiro#1568
... (truncated)
Changelog
Sourced from org.apache.shiro:shiro-core's changelog.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
This is not an official release notes document. It exists for Shiro developers to jot down their notes while working in the source code. These notes will be combined with Jira’s auto-generated release notes during a release for the total set.
###########################################################
2.0.0
###########################################################
Improvement
[SHIRO-290] Implement bcrypt and argon2 KDF algorithmsBackwards Incompatible Changes
- Changed default DefaultPasswordService.java algorithm to "Argon2id".
- PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.
- Made salt non-nullable.
- Removed methods in PasswordMatcher.
###########################################################
1.7.1
###########################################################
Bug
[SHIRO-797] - Shiro 1.7.0 is lower than using springboot version 2.0.7 dependency error###########################################################
... (truncated)
Commits
e7ef2ca[maven-release-plugin] prepare release shiro-root-2.0.2f30d515Merge pull request #1865 from apache/dependabot/maven/org.htmlunit-htmlunit-4...76e97a1chore(deps): bump org.htmlunit:htmlunit from 4.5.0 to 4.6.0cef1b05Merge pull request #1864 from apache/dependabot/maven/org.apache.maven.skins-...2c548b1chore(deps): bump org.apache.maven.skins:maven-fluido-skin45020fcMerge pull request #1855 from apache/dependabot/maven/bytebuddy.version-1.15.1060871eaMerge pull request #1856 from apache/dependabot/maven/org.hsqldb-hsqldb-2.7.4405f54achore(deps-dev): bump org.hsqldb:hsqldb from 2.7.3 to 2.7.4ebc62afchore(deps): bump bytebuddy.version from 1.15.7 to 1.15.103795f30Merge pull request #1854 from apache/dependabot/maven/com.puppycrawl.tools-ch...- Additional commits viewable in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Major version bump requires deeper review. Is there a minor version bump that would be appropriate?
A newer version of org.apache.shiro:shiro-core exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.