dependabot[bot] opened a new pull request, #1286: URL: https://github.com/apache/knox/pull/1286
Bumps [org.apache.shiro:shiro-web](https://github.com/apache/shiro) from 1.13.0 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/shiro/releases";>org.apache.shiro:shiro-web's releases</a>.</em></p> <blockquote> <h2>Apache Shiro 2.2.0</h2> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/iampratap7997-dot";><code>@iampratap7997-dot</code></a> made their first contribution in <a href="https://redirect.github.com/apache/shiro/pull/2518";>apache/shiro#2518</a></li> </ul> <h2>Bug Fixes</h2> <ul> <li><a href="https://redirect.github.com/apache/shiro/issues/2578";>#2578</a> Filter extra cookies on resubmit by <a href="https://github.com/lprimak";><code>@lprimak</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2588";>apache/shiro#2588</a></li> <li><a href="https://redirect.github.com/apache/shiro/issues/2633";>#2633</a> bugfix(jakarta-ee): form resubmit: login submit response processing f… by <a href="https://github.com/lprimak";><code>@lprimak</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2632";>apache/shiro#2632</a></li> <li><a href="https://github.com/apache/shiro/commit/2558789ea8a3f43aed90bd72abf23440e19c6577";>bugfix: logout is not blocked if it's remembered request even if resubmitted</a></li> </ul> <h2>Security Enhancements</h2> <ul> <li><a href="https://github.com/apache/shiro/commit/be89663a1fd69c3b213c835f1ee7991a1450510d";>enh: rememberMe cookie options</a></li> <li><a href="https://github.com/apache/shiro/commit/92eb6fb331f96a9e75363a63f41356b601cdd065";>enh: destroy existing session upon login</a></li> <li><a href="https://github.com/apache/shiro/commit/80f635c5180c7cf562fed4cab7099072ab21bd10";>enh(jakarta-ee): added secure configuration for session cookies automatically</a></li> <li><a href="https://github.com/apache/shiro/commit/c95a185e6ed2b4668ab25e6313717e6e1182a2b9";>enh: reverted secureInDevMode addition and added native session manag…</a></li> <li><a href="https://github.com/apache/shiro/commit/be31c133e61843f14fddd209da4d9c3609bcc9ef";>enh(jakarta-ee): encrypt SAVED_REQUEST_KEY cookie</a></li> <li><a href="https://github.com/apache/shiro/commit/a46600f2cf7856aae4e8507e1e4c7063447845e2";>improvement: implemented session key rotation via changeSessionId() in Web-Container mode only</a></li> </ul> <h2>Improvements</h2> <ul> <li>Enable markdownlint rule MD040 by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2507";>apache/shiro#2507</a></li> <li>CONTRIBUTING: whitespace cleanup for codeblocks by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2506";>apache/shiro#2506</a></li> <li>Actions labeler: add label for groovy files by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2491";>apache/shiro#2491</a></li> <li>Add 3 more pre-commit hooks by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2490";>apache/shiro#2490</a></li> <li>pre-commit: add markdown-link-check by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2519";>apache/shiro#2519</a></li> <li>Fix typos in java integration-tests for jakarta-ee by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2520";>apache/shiro#2520</a></li> <li>chore: regenerate ignored words list <code>codespell.txt</code> by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2521";>apache/shiro#2521</a></li> <li>Enable markdown-lint rule MD034 by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2522";>apache/shiro#2522</a></li> <li>markdown-lint: set line length to 180 by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2523";>apache/shiro#2523</a></li> <li>chore: fix typos in Java tests by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2524";>apache/shiro#2524</a></li> <li>chore: standardize markdown heading underlines by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2525";>apache/shiro#2525</a></li> <li>chore: fix spelling / word casing in java docs by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2526";>apache/shiro#2526</a></li> <li>yamllint enable rule checking for comments by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2527";>apache/shiro#2527</a></li> <li><a href="https://redirect.github.com/apache/shiro/issues/2489";>#2489</a> Add CITATION.cff for Apache Shiro by <a href="https://github.com/iampratap7997-dot";><code>@iampratap7997-dot</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2518";>apache/shiro#2518</a></li> <li>gha: actions/checkout set <code>persist-credentials: false</code> by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2532";>apache/shiro#2532</a></li> <li>chore: remove unneeded duplicate words in java docs by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2531";>apache/shiro#2531</a></li> <li>gha: pr labeler label more file types by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2530";>apache/shiro#2530</a></li> <li>Add official pre-commit hook pretty-format-json by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2529";>apache/shiro#2529</a></li> <li>yamllint add rule checking for braces and brackets by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2528";>apache/shiro#2528</a></li> <li>chore: standardize XML declarations by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2558";>apache/shiro#2558</a></li> <li>misc(java): remove unneeded duplicate words by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2556";>apache/shiro#2556</a></li> <li>yamllint enable rule checking for line length by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2557";>apache/shiro#2557</a></li> <li>Add EditorConfig checker with pre-commit by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2559";>apache/shiro#2559</a></li> <li><a href="https://redirect.github.com/apache/shiro/issues/2488";>#2488</a> chore: add .gitattributes file for line ending normalization and file… by <a href="https://github.com/lprimak";><code>@lprimak</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2574";>apache/shiro#2574</a></li> <li>Configure EditorConfig for groovy,cff,yaml,yml by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2576";>apache/shiro#2576</a></li> <li>Add pre-commit hook to stop zip files being committed by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2580";>apache/shiro#2580</a></li> <li>Decouple codespell from pre-commit config with rc file by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2581";>apache/shiro#2581</a></li> <li>docs(java): fix typo by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2582";>apache/shiro#2582</a></li> <li>security: pre-commit add zizmor static analysis for actions by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2583";>apache/shiro#2583</a></li> <li>gha(labeler): indent YAML with 2 spaces by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2584";>apache/shiro#2584</a></li> <li>Add <code>manual</code> stage pre-commit hook <code>chmod</code> for markdown permissions by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2586";>apache/shiro#2586</a></li> <li>yamllint enable <code>document-start</code> rule checking by <a href="https://github.com/jbampton";><code>@jbampton</code></a> in <a href="https://redirect.github.com/apache/shiro/pull/2585";>apache/shiro#2585</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/shiro/blob/main/RELEASE-NOTES";>org.apache.shiro:shiro-web's changelog</a>.</em></p> <blockquote> <h1>Licensed to the Apache Software Foundation (ASF) under one</h1> <h1>or more contributor license agreements. See the NOTICE file</h1> <h1>distributed with this work for additional information</h1> <h1>regarding copyright ownership. The ASF licenses this file</h1> <h1>to you under the Apache License, Version 2.0 (the</h1> <h1>"License"); you may not use this file except in compliance</h1> <h1>with the License. You may obtain a copy of the License at</h1> <h1></h1> <h1><a href="http://www.apache.org/licenses/LICENSE-2.0";>http://www.apache.org/licenses/LICENSE-2.0</a></h1> <h1></h1> <h1>Unless required by applicable law or agreed to in writing,</h1> <h1>software distributed under the License is distributed on an</h1> <h1>"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</h1> <h1>KIND, either express or implied. See the License for the</h1> <h1>specific language governing permissions and limitations</h1> <h1>under the License.</h1> <h4>DEPRECATED</h4> <p>Currently Apache Shiro uses GitHub releases for release notes, so this file is no longer being updated. It will be removed in a future release.</p> <h4>DEPRECATED</h4> <p>This is not an official release notes document. It exists for Shiro developers to jot down their notes while working in the source code. These notes will be combined with Jira’s auto-generated release notes during a release for the total set.</p> <p>###########################################################</p> <h1>2.0.0</h1> <p>###########################################################</p> <p>Improvement</p> <pre><code>[SHIRO-290] Implement bcrypt and argon2 KDF algorithms </code></pre> <h2>Backwards Incompatible Changes</h2> <ul> <li>Changed default DefaultPasswordService.java algorithm to "Argon2id".</li> <li>PasswordService.encryptPassword(Object plaintext) will now throw a NullPointerException on null parameter. It was never specified how this method would behave.</li> <li>Made salt non-nullable.</li> <li>Removed methods in PasswordMatcher.</li> </ul> <p>###########################################################</p> <h1>1.7.1</h1> <p>###########################################################</p> <p>Bug</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/shiro/commit/8454a317eeeee01a31b7fb0373cbe5372b466b0e";><code>8454a31</code></a> [maven-release-plugin] prepare release shiro-root-2.2.0</li> <li><a href="https://github.com/apache/shiro/commit/0819229898498542aa29bbe8eb9fc9239e33056d";><code>0819229</code></a> chore: remove extra newline</li> <li><a href="https://github.com/apache/shiro/commit/a46600f2cf7856aae4e8507e1e4c7063447845e2";><code>a46600f</code></a> improvement: implemented session key rotation via changeSessionId() in Web-Co...</li> <li><a href="https://github.com/apache/shiro/commit/be31c133e61843f14fddd209da4d9c3609bcc9ef";><code>be31c13</code></a> enh(jakarta-ee): encrypt SAVED_REQUEST_KEY cookie</li> <li><a href="https://github.com/apache/shiro/commit/97218c0d896a234e3c7a5b8613a75764db81daee";><code>97218c0</code></a> Merge pull request <a href="https://redirect.github.com/apache/shiro/issues/2689";>#2689</a> from apache/dependabot/github_actions/github-actions...</li> <li><a href="https://github.com/apache/shiro/commit/d6246a062fc58fbce9d7c44778787aa11fe21bb5";><code>d6246a0</code></a> Merge pull request <a href="https://redirect.github.com/apache/shiro/issues/2691";>#2691</a> from apache/dependabot/maven/org.apache.karaf.featur...</li> <li><a href="https://github.com/apache/shiro/commit/5ab9e46bc27dc79a9637db20450ae33c9e74ecdd";><code>5ab9e46</code></a> Merge pull request <a href="https://redirect.github.com/apache/shiro/issues/2692";>#2692</a> from apache/dependabot/maven/org.owasp-dependency-ch...</li> <li><a href="https://github.com/apache/shiro/commit/4cb75d9f8f07d684e363beba434c9edce2cc9ce0";><code>4cb75d9</code></a> chore(deps): bump org.owasp:dependency-check-maven from 12.2.1 to 12.2.2</li> <li><a href="https://github.com/apache/shiro/commit/05a915f01ed2ef6384bca65b570fa1fe67c979b7";><code>05a915f</code></a> chore(deps): bump org.apache.karaf.features:framework</li> <li><a href="https://github.com/apache/shiro/commit/0cc8c1a7072e295b6fbdf1016f38c994c8a0f23f";><code>0cc8c1a</code></a> chore(deps): bump github/codeql-action</li> <li>Additional commits viewable in <a href="https://github.com/apache/shiro/compare/shiro-root-1.13.0...shiro-root-2.2.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/knox/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
