dependabot[bot] opened a new pull request, #2851: URL: https://github.com/apache/servicecomb-java-chassis/pull/2851
Bumps [governator-annotations](https://github.com/Netflix/governator) from 1.14.2 to 1.17.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Netflix/governator/releases";>governator-annotations's releases</a>.</em></p> <blockquote> <h2>Avoid referring to internal Guice classes</h2> <p>Avoids depending on <code>com.google.inject.internal.CircularDependencyProxy</code> explicitly. Instead only use it if the class can be found at runtime.</p> <p>This will make it easier for folks looking to upgrade the Guice version.</p> <h2>Update Jetty to latest 9.4.* patch</h2> <p>Resolution: <a href="https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614";>https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-1021614</a></p> <h2>Update Jetty to latest 9.2 patch</h2> <p>Dependency-only release for Jetty updates</p> <h2>Governator Java11 compatibility</h2> <p>Added missing Java11 dependencies. Shaded ASM to avoid conflicts.</p> <h2>governator-jetty updates</h2> <p>add finer-grained configuration options to governator-jetty, including max header size</p> <h2>fix assisted inject predestroy</h2> <p>Instances provisioned by Guice using assisted injection that also declare lifecycle methods (such as <a href="https://github.com/PreDestroy";><code>@​PreDestroy</code></a> annotated methods or implement AutoCloseable) are not handled correctly. This bugfix release introduces specific handling of the NO_SCOPE scope built into Guice, to ensure that associated instances using lifecycle methods are handled correctly.</p> <h2>Fix PreDestroyMonitor memory leak</h2> <p>fixes a memory leak caused by unscoped instances injected via Provider. The situation commonly occurs when a provider is declared for a type that implements AutoCloseable or is annotated with '<a href="https://github.com/PreDestroy";><code>@​PreDestroy</code></a>'. At runtime, the injected instances are bound with 'no scope' by Guice, leading to a large number of cleanup actions pointing to potentially the same object.</p> <h2>1.17.5</h2> <p><a href="https://github-redirect.dependabot.com/Netflix/governator/issues/348";>#348</a> Change Grapher#graph roots check to be isEmpty instead of null <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/375";>#375</a> Log info message after injector created successfully <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/378";>#378</a> use release version of spock <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/379";>#379</a> update to the latest gradle and nebula versions</p> <h2>Ignore NoClassDefFoundError in classpath scanner</h2> <p>No release notes provided.</p> <h2>Deprecate SingletonModule</h2> <p>No release notes provided.</p> <h2>Add check for spring-guice integration</h2> <p>No release notes provided.</p> <h2>Use Stage.TOOL</h2> <p>Always use Stage.TOOL when using ElementVisitors for inspection of bindings prior to injector creation.</p> <h2>Remove support for JSR-303 Validation</h2> <p>Removed <a href="https://github.com/Netflix/governator/wiki/Field-Validation";>JSR-303 Bean Validation support</a>. This feature was no longer being used internally and only served to tie Governator to old versions of hibernate-validator.</p> <h2>Added Spock testing framework support</h2> <p>No release notes provided.</p> <h2>fix predestroy ordering</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Netflix/governator/commit/edfcccc259b20f05d20bdb8fd0bf8ad46ea5c8c6";><code>edfcccc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/413";>#413</a> from carl-mastrangelo/nocircles</li> <li><a href="https://github.com/Netflix/governator/commit/96d3f38792c8160b0ae8a6788f2b4981357be592";><code>96d3f38</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/414";>#414</a> from Netflix/rpalcolea-patch-1</li> <li><a href="https://github.com/Netflix/governator/commit/48416f79266debc670902c6135444370c22e40bb";><code>48416f7</code></a> Update build.gradle</li> <li><a href="https://github.com/Netflix/governator/commit/da7f0b6e4decf00e2a7167ed9b41762b152e48df";><code>da7f0b6</code></a> Avoid referring to internal Guice classes</li> <li><a href="https://github.com/Netflix/governator/commit/ffaa7e8323b68a079a3bd8aff5ed214b54bcb094";><code>ffaa7e8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/412";>#412</a> from Netflix/replace-jcenter</li> <li><a href="https://github.com/Netflix/governator/commit/e3b76f928a28ac9942070e493da88967856f2422";><code>e3b76f9</code></a> Replace JCenter with Maven Central</li> <li><a href="https://github.com/Netflix/governator/commit/03ddc8c6f949005dbd0ab2d14fdc09a735479d8c";><code>03ddc8c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/411";>#411</a> from Netflix/replace-bintray</li> <li><a href="https://github.com/Netflix/governator/commit/fc503ea8adfa7cd70a3e496ecb707566037121f4";><code>fc503ea</code></a> Upgrade nebula.netflixoss to replace bintray publication and update TravisCI ...</li> <li><a href="https://github.com/Netflix/governator/commit/5c84c58ab0a39a2264a57f87179b5405eae8a248";><code>5c84c58</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/Netflix/governator/issues/410";>#410</a> from jleibund/Netflix/update_jetty</li> <li><a href="https://github.com/Netflix/governator/commit/77d16c8e92d19c7b71e8c7c01ecc2723444d2b2b";><code>77d16c8</code></a> Update Jetty to latest 9.4.* patch</li> <li>Additional commits viewable in <a href="https://github.com/Netflix/governator/compare/v1.14.2...v1.17.12";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
