Re: [struts-community-plugins/struts2-jquery] Update dependency org.springframework:spring-context to v6 [SECURITY] (PR #554)

Sat, 19 Oct 2024 01:47:06 -0700 

This upgrade won't work.  Needs to stay on 5x.

On 19/10/2024 00:30, renovate[bot] wrote:


This PR contains the following updates:

Package         Change  Age     Adoption        Passing         Confidence

org.springframework:spring-context 
<https://redirect.github.com/spring-projects/spring-framework> 
|5.3.37| -> |6.0.0| 	age 
<https://docs.renovatebot.com/merge-confidence/> 	adoption 
<https://docs.renovatebot.com/merge-confidence/> 	passing 
<https://docs.renovatebot.com/merge-confidence/> 	confidence 
<https://docs.renovatebot.com/merge-confidence/>



      GitHub Vulnerability Alerts


        CVE-2024-38820 <https://nvd.nist.gov/vuln/detail/CVE-2024-38820>


The fix for CVE-2022-22968 
<https://github.com/advisories/GHSA-g5mm-vmx4-3rg7> made 
disallowedFields patterns in DataBinder case insensitive. However, 
String.toLowerCase() has some Locale dependent exceptions that could 
potentially result in fields not protected as expected.


------------------------------------------------------------------------


      Release Notes

spring-projects/spring-framework (org.springframework:spring-context)


      |v6.0.0|
      
<https://redirect.github.com/spring-projects/spring-framework/releases/tag/v6.0.0>


Compare Source 
<https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.39...v6.0.0>



See What's New in Spring Framework 6.x 
<https://redirect.github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x> 
and Upgrading to Spring Framework 6.x 
<https://redirect.github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x> 
for upgrade instructions and details of new features.



        ⭐ New Features

  * Avoid direct URL construction and URL equality checks #​29486
    <https://redirect.github.com/spring-projects/spring-framework/issues/29486>
  * Simplify creating RFC 7807 responses from functional endpoints
    #​29462
    <https://redirect.github.com/spring-projects/spring-framework/issues/29462>
  * Allow test classes to provide runtime hints via declarative
    mechanisms #​29455
    <https://redirect.github.com/spring-projects/spring-framework/issues/29455>


        📔 Documentation

  * Align javadoc of DefaultParameterNameDiscoverer with its behavior
    #​29494
    <https://redirect.github.com/spring-projects/spring-framework/pull/29494>
  * Document AOT support in the TestContext framework #​29482
    <https://redirect.github.com/spring-projects/spring-framework/issues/29482>
  * Document Ahead of Time processing in the reference guide #​29350
    <https://redirect.github.com/spring-projects/spring-framework/issues/29350>


        🔨 Dependency Upgrades

  * Upgrade to Reactor 2022.0.0 #​29465
    <https://redirect.github.com/spring-projects/spring-framework/issues/29465>


        ❤️ Contributors

Thank you to all the contributors who worked on this release:


@​ophiuhus <https://redirect.github.com/ophiuhus> and @​wilkinsona 
<https://redirect.github.com/wilkinsona>



      |v5.3.39|
      
<https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.39>


Compare Source 
<https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.38...v5.3.39>



        ⭐ New Features

  * SimpleEvaluationContext should disable array allocation #​33386
    <https://redirect.github.com/spring-projects/spring-framework/issues/33386>


      |v5.3.38|
      
<https://redirect.github.com/spring-projects/spring-framework/releases/tag/v5.3.38>


Compare Source 
<https://redirect.github.com/spring-projects/spring-framework/compare/v5.3.37...v5.3.38>



        ⭐ New Features

  * Efficient handling of conditional HTTP requests #​33378
    <https://redirect.github.com/spring-projects/spring-framework/issues/33378>


        🐞 Bug Fixes

  * Fix incorrect weak ETag validation #​33377
    <https://redirect.github.com/spring-projects/spring-framework/issues/33377>
  * |SimpleEvaluationContext| does not enforce read-only semantics
    #​33320
    <https://redirect.github.com/spring-projects/spring-framework/issues/33320>
  * |ConversionService| cannot convert primitive array to |Object[]|
    #​33314
    <https://redirect.github.com/spring-projects/spring-framework/issues/33314>
  * SpEL |Indexer| silently ignores failure to set property as index
    #​33312
    <https://redirect.github.com/spring-projects/spring-framework/issues/33312>
  * Mockito mock falsely initialized as CGLIB proxy with AspectJ
    aspect #​33142
    <https://redirect.github.com/spring-projects/spring-framework/issues/33142>
  * "file:." cannot be resolved to |java.nio.file.Path| (and plain "."
    value resolves to classpath root) #​33140
    <https://redirect.github.com/spring-projects/spring-framework/issues/33140>


        📔 Documentation

  * Typo in Annotation-driven Listener Endpoints section of Spring
    Framework documentation #​33052
    <https://redirect.github.com/spring-projects/spring-framework/issues/33052>
  * Container Extension Points section of Spring Framework
    documentation refers to the wrong property name #​33039
    <https://redirect.github.com/spring-projects/spring-framework/issues/33039>
  * Incorrect constructor details in the javadoc for
    ApplicationContextEvent #​33034
    <https://redirect.github.com/spring-projects/spring-framework/issues/33034>


        🔨 Dependency Upgrades

  * Upgrade to Reactor 2020.0.47 #​33322
    <https://redirect.github.com/spring-projects/spring-framework/issues/33322>

------------------------------------------------------------------------


      Configuration


📅 *Schedule*: Branch creation - "" (UTC), Automerge - At any time (no 
schedule defined).



🚦 *Automerge*: Disabled by config. Please merge this manually once 
you are satisfied.



♻ *Rebasing*: Whenever PR becomes conflicted, or you tick the 
rebase/retry checkbox.



🔕 *Ignore*: Close this PR and you won't be reminded about this update 
again.


------------------------------------------------------------------------

  * If you want to rebase/retry this PR, check this box

------------------------------------------------------------------------


This PR was generated by Mend Renovate <https://mend.io/renovate/>. 
View the repository job log 
<https://developer.mend.io/github/struts-community-plugins/struts2-jquery>.


------------------------------------------------------------------------


        You can view, comment on, or merge this pull request online at:

https://github.com/struts-community-plugins/struts2-jquery/pull/554


        Commit Summary

  * c658691
    
<https://github.com/struts-community-plugins/struts2-jquery/pull/554/commits/c658691f8bb47bec1ac7a71aa3efef739eedca29>
    Update dependency org.springframework:spring-context to v6 [SECURITY]


        File Changes


(1 file 
<https://github.com/struts-community-plugins/struts2-jquery/pull/554/files>)


  * *M* struts2-jquery-grid-showcase/pom.xml
    
<https://github.com/struts-community-plugins/struts2-jquery/pull/554/files#diff-40f8cecf0b8ba988d544292f0d55d504445576655ce05d5606994e054dda7d5c>
    (2)


        Patch Links:

  * https://github.com/struts-community-plugins/struts2-jquery/pull/554.patch
  * https://github.com/struts-community-plugins/struts2-jquery/pull/554.diff
Reply to this email directly, view it on GitHub 
<https://github.com/struts-community-plugins/struts2-jquery/pull/554>, 
or unsubscribe 
<https://github.com/notifications/unsubscribe-auth/AA6AJN2SEPMX5ZYHFF5X5CTZ4GKXRAVCNFSM6AAAAABQG3SG7KVHI2DSMVQWIX3LMV43ASLTON2WKOZSGU4TQNJUHAYDGNY>.
You are receiving this because you are subscribed to this 
thread.Message ID: 
<struts-community-plugins/struts2-jquery/pull/5...@github.com>














    











					Reply via email to