Sourced from dubbo's releases.

dubbo-2.7.13

Features

• Add the file parameter to MetadataReportBuilder(#8031)
• Delay export server should print stack trace if there are exception occur. (#8125)
• Increase the service detection logic on the consumer side of redisRegistry (#7929)
• support dubbo:annotation element tag in xml when using legacy namespace. (#7995)
• support disable shutdown hook (#8369)

BugFixs

• fix instance change event name format problem. (#8346)
• fix String.format lack of arg which is from BroadcastClusterInvoker link (#8348)
• disable telnet by default and fix ut, reset resources (#8239)
• annotation cannt be serializable,so change to String (#7908)
• Fix the issue that the ReferenceConfigCache#destroy method does not call proxy.$destroy() (#8065)
• fix multi-registry bug (#8034)
• [Dubbo-6720] fix bug same interface unexport and export fail. also support hotload service (#6720)
• Fix urls may be null, and NullPointerException will be thrown in ConfigValidationUtils (#8020) (#8021)
• Fix duplicated import (#8015)
• Fix spring spi extension keeps printing warn log during starting. (#6144)
• Dubbo-8172]Not shuwdown ExecutorService when DefaultFuture. closeChannel() (#8188)

Optimization

• optimize ShortestResponseLoadBalance active param (#8318)
• Set specific serializer for native hessian and hessian rpc protocol (#8238)
• Enhance metadata report config. (#8268)
• for compatible nacos server lower version, we should check the response from nacos server is null. (#8229)
• use service name mapping key to avoid logic conflict. (#8184)
• Tests transaction of callback method #8098 (#8120)
• improve the code of URLStrParser.java (#8085)
• remove redundant class: \common\utils\ClassHelper.java (#8084)
• EventPublishingServiceDiscovery add error log (#8066)
• add cache for scan result. (#7477) (#8057)
• Remove needless toString convert (#8092)
• optimize generic filter (#8067)
• Ignore invalid MetadataReportConfig (#8068)
• Optimize StatusTelnetHandler code and extract constants (#8041)
• Remove redundant code in ServiceConfig#checkAndUpdateSubConfigs method (#8036)
• Optimize DubboProtocol code and extract constants (#8004)
• Optimize URL#addParameters method to reuse existing methods (#8005)
• De-duplicate the filter returned by the getActivateExtension method (#7600)
• throw exception on path+version not found when decoding request (#8357)

Code Improvement

... (truncated)

Sourced from dubbo's changelog.

Release Notes

2.7.6

Features

• Support Service Authentication apache/dubbo#5461

Enhancement

• Removing the internal JDK API from FileSystemDynamicConfiguration
• Refactor the APT test-cases implementation of dubbo-metadata-processor in Java 9+
• Remove feature envy
• JsonRpcProtocol support Generalization
• Reduce object allocation for ProtocolUtils.serviceKey
• Reduce object allocation for ContextFilter.invoke

Bugfixes

• Fixed bugs reported from 2.7.5 or lower versions, check 2.7.6 milestone for details.

Compatibility

1. Filter refactor, the callback method onResponse annotated as @​Deprecated has been removed, users of lower versions that have extended Filter implementations and enabled Filter callbacks should be careful of this change.
2. RpcContext added some experimental APIs to support generic Object transmission.

2.7.5

Features

• Support HTTP/2 through gRPC, offers all features supported by HTTP/2 and gRPC
  • Stream communication: client stream, server stream and bi-stream.
  • Reactive stream style RPC call.
  • Back pressure based on HTTP/2 flow-control mechanism.
  • TLS secure transport layer.
  • Define service using IDL
• Protobuf support for native Dubbo
  • Define service using IDL
  • Protobuf serialization
• TLS for netty4 server
• New SPI for dynamically adding extra parameters into provider URL, especially env parameters.
• [BETA] Brand new Service Discovery mechanism: Service Reflection - instance (application) level service discovery.
• [BETA] Brand new API for bootstraping Dubbo projects

Performance Tuning

• Overall performance improved by nearly 30% compared to v2.7.3 (by QPS in certain circumstances)
• Improved consumer side thread model to avoid thread allocation and context switch, especially useful for services serving big traffic.

Enhancement

• Load balance strategy among multiple registries:
  • Preferred
  • Same zone first
  • Weighted LB
  • The first one available

... (truncated)

• 9c49efe [Dubbo-8172]Not shuwdown ExecutorService when DefaultFuture. closeChannel() (...
• 46dc478 update pom
• b4d9f44 fix bug
• 9810c5e Fix the test case of HessianProtocol does not pass on some machines.
• ca794b6 throw exception on path+version not found when decoding request (#8357)
• bfa4b3b fix migrationRule bug (#8358)
• ffabb89 change alibaba_spring_context_support_version to 1.0.11 (#8217)
• d82ce47 fix instance change event name format problem. (#8346)
• b142cdb fix String.format lack of arg which is from BroadcastClusterInvoker link #834...
• 41e989b optimize ShortestResponseLoadBalance active param (#8318)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from dom4j's releases.

version-2.1.1

Bug fix release.

Potential breaking changes

• If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
• Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions):
  • http://xml.org/sax/properties/external-general-entities
  • http://xml.org/sax/properties/external-parameter-entities

Fixed issues

• #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @​s0m30ne)
• #34 CVS directories left in the source tree (reported by @​ebourg)
• #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @​abenkovskii)
• #39 writer.writeOpen(x) doesn't write namespaces (reported by @​borissmidt)
• #40 concurrency problem with QNameCache (@​jbennett2091)
• #43 and #46 all dependencies are optional (reported by @​Zardoz89 and @​vmassol)
• #44 SAXReader: hardcoded namespace features (reported by @​philippeu)
• #48 validate QNames (reported by @​mario-areias)

• b408f43 Fix bug in encoding whitespaces introduced with bugfix of #38.
• b3d9226 Add files via upload
• 75e59b1 #38 Support for supplementary unicode characters in XMLWriter.
• 351bfef #39 XMLWriter.writeOpen(Element) writes namespaces declared directly on element.
• 53f923a #28 Disable downloading external resources by default.
• 161078a #44 Default SAXParser features are set when SAXParser is created, so they can...
• 92d8795 Fix tests with invalid QNames.
• 8f6a7f6 #28 Disable downloading external resources with DocumentHelper.parseText() he...
• 983701f #34 Remove old CVS files from repository.
• 239569f #46 Jaxen is optional dependency only
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from dom4j's releases.

version-2.1.1

Bug fix release.

Potential breaking changes

• If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
• Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions):
  • http://xml.org/sax/properties/external-general-entities
  • http://xml.org/sax/properties/external-parameter-entities

Fixed issues

• #28 Possible vulnerability of DocumentHelper.parseText() to XML injection (reported by @​s0m30ne)
• #34 CVS directories left in the source tree (reported by @​ebourg)
• #38 XMLWriter does not escape supplementary unicode characters correctly (reported by @​abenkovskii)
• #39 writer.writeOpen(x) doesn't write namespaces (reported by @​borissmidt)
• #40 concurrency problem with QNameCache (@​jbennett2091)
• #43 and #46 all dependencies are optional (reported by @​Zardoz89 and @​vmassol)
• #44 SAXReader: hardcoded namespace features (reported by @​philippeu)
• #48 validate QNames (reported by @​mario-areias)

• b408f43 Fix bug in encoding whitespaces introduced with bugfix of #38.
• b3d9226 Add files via upload
• 75e59b1 #38 Support for supplementary unicode characters in XMLWriter.
• 351bfef #39 XMLWriter.writeOpen(Element) writes namespaces declared directly on element.
• 53f923a #28 Disable downloading external resources by default.
• 161078a #44 Default SAXParser features are set when SAXParser is created, so they can...
• 92d8795 Fix tests with invalid QNames.
• 8f6a7f6 #28 Disable downloading external resources with DocumentHelper.parseText() he...
• 983701f #34 Remove old CVS files from repository.
• 239569f #46 Jaxen is optional dependency only
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from fastjson's releases.

FASTJSON 1.2.83版本发布（安全修复）

这是一个安全修复版本，修复最近收到在特定场景下可以绕过autoType关闭限制的漏洞，建议fastjson用户尽快采取安全措施保障系统安全。

安全修复方案 ：https://github.com/alibaba/fastjson/wiki/security_update_20220523

Issues

1. 安全加固
2. 修复JDK17下setAccessible报错的问题 #4077

• 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.83/
• 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98
• 源码 https://github.com/alibaba/fastjson/tree/1.2.83

fastjson 1.2.79版本发布，BUG修复

这又是一个bug fixed的版本，大家按需升级

Issues

1. 修复引入MethodInheritanceComparator导致某些场景序列化报错的问题
2. 增强JDK 9兼容
3. 修复JSONArray/JSONObject的equals方法在内部对象map/list相同时不直接返回true的问题

相关链接

• 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.79/
• 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98
• 源码 https://github.com/alibaba/fastjson/tree/1.2.79

fastjson 1.2.76版本发布，BUG修复增强兼容

这又是一个bug fixed的版本，大家按需升级

Issues

1. 修复一些直接抛RuntimeException的问题 #3631
2. parser自动识别gzip bytes #3614
3. 修复Throwable继承类属性不支持自动类型转换问题 #3217
4. 修复PrettyFormat情况下引用计算不对的问题 #3672
5. 修复AutoType不兼容LinkedHashMap的问题
6. 增强对Enum类型的自定类型转换
7. 修复deserializeUsing在泛型某些场景不能正常工作的问题 #3693
8. 提升JSONReader性能，减少小对象创建 #3627
9. 增强对JSONPath对filter的支持 #3629
10. JSONPath支持忽略NullValue的选项 #3607
11. 增强对定制化enum的支持 #3601
12. 增强对java.time.Instant和org.joda.time.Instant的支持 #3539
13. 修复Parser某些场景不能识别引用的问题

相关链接

• 下载 https://repo1.maven.org/maven2/com/alibaba/fastjson/1.2.76/
• 文档 https://github.com/alibaba/fastjson/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98
• 源码 https://github.com/alibaba/fastjson/tree/1.2.76

fastjson 1.2.75版本发布，例行Bug修复

... (truncated)

• 26f13f8 1.2.83
• 8f3410f bug fix for autotype
• cd3c2de improved jdk8 java.time support
• c63866e remove unused import
• 35db4ad bug fix for autoType
• 3f009e1 Merge pull request #4085 from hengyunabc/fix_setAccessible
• dd3de5f fix InaccessibleObjectException in jdk17. #4077
• a234f9a Merge pull request #4084 from alibaba/revert-4078-master
• 0814909 Revert "fix InaccessibleObjectException in jdk17. #4077"
• ab82d0b Merge pull request #4078 from hengyunabc/master
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from dubbo's releases.

dubbo-2.7.15

Bugfix

• dubbo-spring-boot-actuator compatible with Spring Boot Actuator 2.6.x
• Check before use to avoid possible NPE in MetadataInfo
• Fix DubboConfigEarlyInitializationPostProcessor registered twice in Spring Framework
• Fix issue where dead connections would not be reconnected
• Fix netty server ssl context file leak
• Fix potential NPE in URLBuilder.java
• Make the warm-up process smoother
• Reset the client value of LazyConnectExchangeClient after close
• Fix StringIndexOutOfBoundsException at addParam
• Change default step to FORCE_INTERFACE

Dependency Upgrade

• Upgrade log4j2 version: 2.11.1 -> 2.17.0
• Upgrade Hessian Lite version: 3.2.11 -> 3.2.12
• Upgrade to jedis: 3.6.0 -> 3.7.0
• Upgrade jetcd: 0.5.3 -> 0.5.7
• Upgrade xstream version: 1.4.10 -> 1.4.12
• Upgrade curator version: 4.0.1 -> 4.2.0

dubbo-2.7.14

Change Lists

• add Dynamic Configuration Override Support For ServiceDiscovery. (#8389)
• fix mock parameters doesn't work when it contain ':' or '='. (#8379)
• fix the issue of taking the zone parameter value in ZoneAwareClusterInvoker. (#8521)
• add the switch for check class is in serialize white list , default is true. (#8537)
• fix NPE on serialization checking when request timed out. (#8587)
• fix NetUtils.ignoreNetworkInterface can't process network card name contains '(' symbol. (#8629)
• unify the way of getting local address. (#8679)
• fix retries param didn't work well when it is 0. (#8743)
• close client immediately when destroy unused invoker. (#8756)
• fix destroy IllegalStateException and doOverrideIfNecessary NPE. (#8683)
• show message according to log level when DefaultFuture.closeChannel. (#8778)
• use MapUtils instead of AttachmentsAdapter. (#8772)

Dependency Changes

• netty4: 4.1.51.Final -> 4.1.66.Final
• netty4_ssl: 2.0.39.Final -> 2.0.40.Final
• http_client: 4.5.3 -> 4.5.13
• jetty: 9.4.11.v20180605 -> 9.4.43.v20210629
• apollo_client: 1.1.1 -> 1.8.0
• tomcat_embed: 8.5.31-> 9.0.48
• commons_io: 2.6 -> 2.7
• curator: 5.0.0 -> 5.1.0
• hessian_lite: 3.2.8 -> 3.2.11

dubbo-2.7.13

... (truncated)

Sourced from dubbo's changelog.

Release Notes

2.7.6

Features

• Support Service Authentication apache/dubbo#5461

Enhancement

• Removing the internal JDK API from FileSystemDynamicConfiguration
• Refactor the APT test-cases implementation of dubbo-metadata-processor in Java 9+
• Remove feature envy
• JsonRpcProtocol support Generalization
• Reduce object allocation for ProtocolUtils.serviceKey
• Reduce object allocation for ContextFilter.invoke

Bugfixes

• Fixed bugs reported from 2.7.5 or lower versions, check 2.7.6 milestone for details.

Compatibility

1. Filter refactor, the callback method onResponse annotated as @​Deprecated has been removed, users of lower versions that have extended Filter implementations and enabled Filter callbacks should be careful of this change.
2. RpcContext added some experimental APIs to support generic Object transmission.

2.7.5

Features

• Support HTTP/2 through gRPC, offers all features supported by HTTP/2 and gRPC
  • Stream communication: client stream, server stream and bi-stream.
  • Reactive stream style RPC call.
  • Back pressure based on HTTP/2 flow-control mechanism.
  • TLS secure transport layer.
  • Define service using IDL
• Protobuf support for native Dubbo
  • Define service using IDL
  • Protobuf serialization
• TLS for netty4 server
• New SPI for dynamically adding extra parameters into provider URL, especially env parameters.
• [BETA] Brand new Service Discovery mechanism: Service Reflection - instance (application) level service discovery.
• [BETA] Brand new API for bootstraping Dubbo projects

Performance Tuning

• Overall performance improved by nearly 30% compared to v2.7.3 (by QPS in certain circumstances)
• Improved consumer side thread model to avoid thread allocation and context switch, especially useful for services serving big traffic.

Enhancement

• Load balance strategy among multiple registries:
  • Preferred
  • Same zone first
  • Weighted LB
  • The first one available

... (truncated)

• 767620a [2.7] Prepare Dubbo 2.7.15 Release
• 0d9b094 [2.7] Fix pond ignore in URLStrParser (#9465)
• 55672e4 [2.7] Update Hessian Lite version (#9456)
• 8cc9579 upgrade log4j2 version to 2.17.0 (#9444)
• 63e714a dubbo-spring-boot-actuator compatible with Spring Boot Actuator 2.6.x (#9394)...
• daeeeb7 upgrade log4j2 to 2.16.0 (#9433)
• 578bfcb Improve the readability of the getOrder method (#9361)
• 1296ff8 [master] Optimize some code for DubboConfigEarlyRegistrationPostProcessor (#9...
• c0b7f95 Check before use to avoid possible NPE in MetadataInfo (#9420)
• 9cfb1ae Fix DubboConfigEarlyInitializationPostProcessor registered twice in Spring Fr...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.