Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

• 7e62e1e prepare release 2.0.5
• d250ad7 in jcl-over-slf4j rename LICENSE.TXT as LICENSE, add LICENSE file to log4j-ov...
• 3bc58f3 add SecurityManager support
• 207bb29 start work on 2.0.5-SNAPSHOT
• 35dd7ff removed unused META-INF/services entry
• 440c2f3 prepare release 2.0.4
• 43a3630 use the class loader that loaded LoggerFactory (instead of the threadContextC...
• 557bf7c [SLF4J-548] Fix ServiceLoader usage in servlet environment
• 6324105 enhance manifest with capabilities
• e540299 edit blurb on release championing
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from postgresql's changelog.

Changelog

Notable changes since version 42.0.0, read the complete History of Changes.

The format is based on Keep a Changelog.

[Unreleased]

Changed

Added

Fixed

[42.5.1] (2022-11-21 15:21:59 -0500)

Security

• security: StreamWrapper spills to disk if setText, or setBytea sends very large Strings or arrays to the server. createTempFile creates a file which can be read by other users on unix like systems (Not macos). This has been fixed in this version fixes CVE-2022-41946 see the security advisory for more details. Reported by Jonathan Leitschuh This has been fixed in versions 42.5.1, 42.4.3 42.3.8, 42.2.27.jre7. Note there is no fix for 42.2.26.jre6. See the security advisory for work arounds.

Fixed

• fix: make sure we select array_in from pg_catalog to avoid duplicate array_in functions fixes #Issue 2548 [PR #2552](pgjdbc/pgjdbc#2552)
• fix: binary decoding of bool values [PR #2640](pgjdbc/pgjdbc#2640)
• perf: improve performance of PgResultSet getByte/getShort/getInt/getLong for float-typed columns [PR #2634](pgjdbc/pgjdbc#2634)
• chore: fix various spelling errors [PR #2592](pgjdbc/pgjdbc#2592)
• chore: Feature/urlparser improve URLParser [PR #2641](pgjdbc/pgjdbc#2592)

• 9008dc9 Merge pull request from GHSA-562r-vg33-8x8h
• 135be5a chore: bump Checkstyle to 9.3
• 1d7465a chore: bump Gradle to 7.5.1
• 4743ccf minor: Update the LeftCurly according to the updation in checkstyle
• d5ed52e chore: add .git-blame-ignore-revst to hide reformatting commits from GitHub b...
• 98c04a0 exclude ArrayTest versions less than 9.1 (#2645)
• 9f90de9 revert change to PGProperty.get() to keep the API the same (#2644)
• ee06e22 Feature/urlparser improve3 pr1 (#2641)
• 56a487c fix: binary decoding of bool values (#2640)
• b738991 remove javadoc links for java 17 and above (#2637)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

• a59a2e4 [maven-release-plugin] prepare release maven-source-plugin-3.2.1
• c954a7e make build as reproducible as possible for now
• d5b9878 [MSOURCES-123] set archiver reproducible mode earlier
• 258d666 MSOURCES-122 make output independant from OS newline
• 5b4e02f [maven-release-plugin] prepare for next development iteration
• 2a74824 [maven-release-plugin] prepare release maven-source-plugin-3.2.0
• 816ebc4 MSOURCES-120 fix reproducible IT: remove plugin version from pom.xml
• 32f122a MSOURCES-120 make output jar file binary Reproducible
• 6e715b1 [MSOURCES-95] Source JAR is re-created even if sources are not changed
• 9154e1a [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from mssql-jdbc's releases.

[11.2.1] HotFix & Stable Release

Fixed issues

• Made com.microsoft.azure:msal4j an optional dependency again 1893
• Fixed query cancellation bug that intermittently occurs in batch queries 1897

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• 2be384b [maven-release-plugin] prepare release jackson-core-2.14.1
• dd0b3b6 Prepare for 2.14.1 release
• ede8519 Rearrange README a bit
• ccd23d5 Add JDK and Android compatibility sections on README
• 8108879 Correct Android SDK compatibility statement in pom.xml
• af41fe5 Merge branch '2.13' into 2.14
• 2faf10b Fix #838: Add Android SDK compatibility check with AnimalSniffer (#841)
• c1f5462 Fix #838: Add Android SDK compatibility check with AnimalSniffer (#841)
• a615ffe Backport release note update
• 006bdab Fix previous commit on wrong branch :)
• Additional commits viewable in compare view

• See full diff in compare view

• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from spring-boot-starter-web's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

Sourced from spring-boot-starter-data-jpa's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

Sourced from spring-boot-starter-test's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

Sourced from spring-boot-starter-validation's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

Sourced from spring-boot-starter-aop's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

Sourced from spring-boot-starter-security's releases.

v3.0.0

See the Release notes for 3.0 for upgrade instructions and details of new features.

:star: New Features

• Provide a configuration property for the observation patterns of Spring Integration components #33099

:lady_beetle: Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #33287
• Auto-configuration ignores user-provided ObservationConventions #33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #33244
• Actuator responses no longer format timestamps as ISO-8601 #33236
• Configuration property is not bound in a native image when property has get, set, and is methods #33232
• Configuration property binding does not deal with bridge methods #33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #33203
• Native profile should configure execution in pluginManagement #33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #33169
• JBoss logging does not route directly to SLF4J when using Logback #33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #33114
• Maven process-aot does not specify source and target release when compiling generated sources #33112
• Some Actuator beans are ineligible for post-processing #33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #33106
• @ContextHierarchy should never be used with main method #33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #32844
• Maven goal spring-boot:build-image runs package phase twice #26455

:notebook_with_decorative_cover: Documentation

• Document observation for R2DBC #33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #33333
• Actuator document is misleading about k8s startup probe #33327
• Update documented for @Timed to reflect narrower support #33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #33281
• Link to Micrometer's @Timed documentation #33266
• Clarify use of the spring.cache.type property with Hazelcast #33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #33239
• Document that the jar task should not be disabled when building a native image #33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #33235
• Links to Features describes sections that have moved elsewhere #33214
• Fix broken links in docs #33209
• Document the need for compilation with -parameters when targeting a native image #33182

... (truncated)

• c9c359f Release v3.0.0
• fb2cc73 Work around Thymeleaf's dependency on spring-security-bom:6.0.0-RC2
• 355b428 Merge branch '2.7.x'
• 7ea5881 Update LATEST_GA to false to prepare for 3.0.0's release
• 1de09f4 Merge branch '2.6.x' into 2.7.x
• e922650 Upgrade to Spring Framework 6.0.2
• 4b8a28a Next development version (v2.7.7-SNAPSHOT)
• 14ba9b1 Start building against Spring Framework 6.0.2 snapshots
• d4a9100 Next development version (v2.6.15-SNAPSHOT)
• 28cb225 Merge branch '2.7.x'
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from okhttp's changelog.

Change Log

Version 5.0.0-alpha.10

2022-06-26

• Fix: Configure the multiplatform artifact (com.squareup.okhttp3:okhttp:3.x.x) to depend on the JVM artifact (com.squareup.okhttp3:okhttp-jvm:3.x.x) for Maven builds. This should work-around an issue where Maven doesn't interpret Gradle metadata.
• Fix: Make another attempt at supporting Kotlin 1.5.31 at runtime. We were crashing on DurationUnit which was a typealias in 1.5.x.
• Upgrade: [Okio 3.2.0][okio_3_2_0].

Version 5.0.0-alpha.9

2022-06-16

• New: Enforce label length limits in URLs. HttpUrl now rejects URLs whose domains aren't valid. This includes overly-long domain names (longer than 253 characters), overly-long labels (more than 63 characters between dots), and empty labels.
• New: Don't include the Content-Length header in multipart bodies. Servers must delimit OkHttp's request bodies using the boundary only. (This change makes OkHttp more consistent with browsers and other HTTP clients.)
• New: Drop the tunnelProxy argument in MockWebServer.useHttps(). This change only impacts the OkHttp 5.x API which uses the mockwebserver3 package.
• Fix: Don't call toDuration() which isn't available in kotlin-stdlib 1.4.

Version 5.0.0-alpha.8

2022-06-08

• Fix: Change how H2_PRIOR_KNOWLEDGE works with HTTP proxies. Previously OkHttp assumed the proxy itself was a prior knowledge HTTP/2 server. With this update, OkHttp attempts a CONNECT tunnel just as it would with HTTPS. For prior knowledge with proxies OkHttp's is now consistent with these curl arguments:

  curl \
    --http2-prior-knowledge \
    --proxy localhost:8888 \
    --proxytunnel \
    http://squareup.com/robots.txt
  

• Fix: Support executing OkHttp on kotlin-stdlib versions as old as 1.4. The library still builds on up-to-date Kotlin releases (1.6.21) but no longer needs that version as a runtime dependency. This should make it easier to use OkHttp in Gradle plugins.

... (truncated)

• 6b07f62 Prepare for release 4.10.0.
• c657392 Fix Conscrypt NPE workaround (#7219) (#7230)
• 5aa716a 4.10: Version bump of kotlin, okio. (#7225)
• acf8735 Backport of square/okhttp#6495 (#6940)
• 86acfbd Prepare next development version.
• 0a27e9f Prepare for release 4.9.3.
• 97a8f6c Confirm we can read a response that completed before RST_STREAM (#6293) (#6914)
• b1a39f4 Prepare next development version.
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)