Bump the java group with 14 updates

[dependabot]

Bumps the java group with 14 updates:

Package	From	To
org.apache.commons:commons-collections4	4.4	4.5.0
com.fasterxml.jackson.core:jackson-databind	2.18.3	2.19.0
org.apache.httpcomponents.client5:httpclient5	5.4.3	5.4.4
org.springframework.boot:spring-boot-maven-plugin	3.4.4	3.4.5
org.springframework.boot:spring-boot-starter-test	3.4.4	3.4.5
org.springframework.security:spring-security-test	6.4.4	6.4.5
com.graphql-java:graphql-java-extended-scalars	17.0	22.0
io.projectreactor:reactor-core	3.4.11	3.7.5
org.eclipse.jgit:org.eclipse.jgit	5.13.0.202109080827-r	7.2.0.202503040940-r
org.hibernate:hibernate-search-engine	5.11.10.Final	5.11.12.Final
net.coobird:thumbnailator	0.4.14	0.4.20
net.lingala.zip4j:zip4j	2.9.0	2.11.5
org.springframework.boot:spring-boot-dependencies	3.4.4	3.4.5
com.github.eirslett:frontend-maven-plugin	1.15.0	1.15.1

Updates org.apache.commons:commons-collections4 from 4.4 to 4.5.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.19.0

Commits

• See full diff in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.4.4

This maintenance release corrects several regressions reported since the last release, including a defect causing some private domains in SSL certificates to get rejected as a mismatch.

Change Log

• DNS host/identity normalization should be performed only once per public API call. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2366: Fix regression in RequestEntityProxy#isRepeatable behavior. (#630) Contributed by Arturo Bernal

• HTTPCLIENT-2365: Fix handling of private domains by PublicSuffixMatcher. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2364: Fix incorrect re-binding of the upgraded SSL socket to the HTTP connection by the DefaultHttpClientConnectionOperator#upgrade(*) methods. Contributed by Oleg Kalnichevski

Commits

• ffe4a05 HttpClient 5.4.4 release
• b435224 Updated release notes for HttpClient 5.4.4 release
• b5dc350 DNS host / identity normalization should be performed only once per public AP...
• 2f57d44 HTTPCLIENT-2366 - Fix isRepeatable method in RequestEntityProxy to return tru...
• 924b38f HTTPCLIENT-2365, regression: corrected handling of private domains by PublicS...
• 93a87be HTTPCLIENT-2364: Fixed incorrect re-binding of the upgraded SSL socket to the...
• a6b3306 Upgraded HttpClient version to 5.4.4-SNAPSHOT
• See full diff in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.4.4 to 3.4.5

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.4.5

🐞 Bug Fixes

• Spring Boot with native image container image build fails on podman due to directory permissions #45256
• Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
• Wrong jOOQ exception translator with empty db name #45219
• MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
• IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
• OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
• MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
• ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
• TypeUtils does not handle generics with identical names in different positions #45039
• HttpClient5 5.4.3 breaks local Docker transport #45028
• spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
• Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
• DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
• SSL config does not watch for symlink file changes #44887
• EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
• DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
• JsonValueWriter can throw StackOverflowError on deeply nested items #44627
• In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
• Logging a Path object using structured logging throws StackOverflowError #44507

📔 Documentation

• Make @Component a javadoc link #45258
• Fix documentation links to buildpacks.io #45241
• Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
• Show the use of token properties in authorization server clients configuration example #45176
• Add details of the purpose of the metrics endpoint #45047
• Escape the asterisk in spring-application.adoc #45033
• Add reference to Styra (OPA) Spring Boot SDK #44976
• Update CDS documentation to cover AOTCache #44970
• WebFlux security documentation incorrectly links to servlet classes #44966
• Replace mentions of deprecated MockBean annotation #44947
• TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
• Documentation lists coordinates for some dependencies that are not actually managed #44879
• Polish javadoc of SpringProfileAction #44826

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.24 #45184
• Upgrade to Couchbase Client 3.7.9 #45072
• Upgrade to Hibernate 6.6.13.Final #45073
• Upgrade to HttpClient5 5.4.3 #45074
• Upgrade to HttpCore5 5.3.4 #45075
• Upgrade to Jaybird 5.0.7.java11 #45076
• Upgrade to Jetty 12.0.19 #45077
• Upgrade to jOOQ 3.19.22 #45078
• Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits

• b882c29 Release v3.4.5
• 918066f Merge branch '3.3.x' into 3.4.x
• ab0c332 Next development version (v3.3.12-SNAPSHOT)
• 71acf93 Merge branch '3.3.x' into 3.4.x
• d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
• d24a38f Merge branch '3.3.x' into 3.4.x
• 933572a Upgrade to Netty 4.1.120.Final
• 016b3de Upgrade to Netty 4.1.120.Final
• 46a709a Merge branch '3.3.x' into 3.4.x
• 55f67c9 Fix potential null problem in actuator
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-test from 3.4.4 to 3.4.5

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v3.4.5

🐞 Bug Fixes

• Spring Boot with native image container image build fails on podman due to directory permissions #45256
• Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
• Wrong jOOQ exception translator with empty db name #45219
• MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
• IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
• OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
• MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
• ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
• TypeUtils does not handle generics with identical names in different positions #45039
• HttpClient5 5.4.3 breaks local Docker transport #45028
• spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
• Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
• DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
• SSL config does not watch for symlink file changes #44887
• EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
• DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
• JsonValueWriter can throw StackOverflowError on deeply nested items #44627
• In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
• Logging a Path object using structured logging throws StackOverflowError #44507

📔 Documentation

• Make @Component a javadoc link #45258
• Fix documentation links to buildpacks.io #45241
• Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
• Show the use of token properties in authorization server clients configuration example #45176
• Add details of the purpose of the metrics endpoint #45047
• Escape the asterisk in spring-application.adoc #45033
• Add reference to Styra (OPA) Spring Boot SDK #44976
• Update CDS documentation to cover AOTCache #44970
• WebFlux security documentation incorrectly links to servlet classes #44966
• Replace mentions of deprecated MockBean annotation #44947
• TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
• Documentation lists coordinates for some dependencies that are not actually managed #44879
• Polish javadoc of SpringProfileAction #44826

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.24 #45184
• Upgrade to Couchbase Client 3.7.9 #45072
• Upgrade to Hibernate 6.6.13.Final #45073
• Upgrade to HttpClient5 5.4.3 #45074
• Upgrade to HttpCore5 5.3.4 #45075
• Upgrade to Jaybird 5.0.7.java11 #45076
• Upgrade to Jetty 12.0.19 #45077
• Upgrade to jOOQ 3.19.22 #45078
• Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits

• b882c29 Release v3.4.5
• 918066f Merge branch '3.3.x' into 3.4.x
• ab0c332 Next development version (v3.3.12-SNAPSHOT)
• 71acf93 Merge branch '3.3.x' into 3.4.x
• d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
• d24a38f Merge branch '3.3.x' into 3.4.x
• 933572a Upgrade to Netty 4.1.120.Final
• 016b3de Upgrade to Netty 4.1.120.Final
• 46a709a Merge branch '3.3.x' into 3.4.x
• 55f67c9 Fix potential null problem in actuator
• Additional commits viewable in compare view

Updates org.springframework.security:spring-security-test from 6.4.4 to 6.4.5

Release notes

Sourced from org.springframework.security:spring-security-test's releases.

6.4.5

⭐ New Features

• Add link to docs zip file to the reference #16799
• Fix attribute name in http.adoc #16784
• Update ServerOAuth2AuthorizedClientExchangeFilterFunction javadoc #16783

🪲 Bug Fixes

• [Docs] Broken link on Spring MVC Test Integration page #16785
• ServerBearerTokenAuthenticationConverter validates parameters when not enabled #16901
• Clarify WebInvocationPrivilegeEvaluator JavaDoc #16782
• CookieServerCsrfTokenRepository.withHttpOnlyFalse() ineffective if setCookieCustomizer() is used #16862
• Correct closing tag in default PassKey HTML form #16601
• Fix WebAuthn saves Anonymous PublicKeyCredentialUserEntity #16606
• OpenSaml support should preserve encrypted elements for further analysis #16367
• Sorting in AuthorizationAdvisorProxyFactory should be thread-safe #16837
• WebFlux reference links to Servlet docs #16786
• XML config does not apply request-handler-ref to CsrfAuthenticationStrategy #16844

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.17 to 1.5.18 #16767
• Bump io.micrometer:micrometer-observation from 1.14.5 to 1.14.6 #16938
• Bump io.projectreactor:reactor-bom from 2023.0.16 to 2023.0.17 #16944
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.3 to 1.0.4 #16919
• Bump org-aspectj from 1.9.22.1 to 1.9.24 #16928
• Bump org-eclipse-jetty from 11.0.24 to 11.0.25 #16758
• Bump org.hibernate.orm:hibernate-core from 6.6.12.Final to 6.6.13.Final #16895
• Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12 #16960
• Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6 #16959

🔩 Build Updates

• Bump spring-io/spring-doc-actions from 0.0.19 to 0.0.20 #16894
• Release 6.4.5 #16972

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​AB-xdev, @​Borghii, and @​dependabot[bot]

Commits

• e8aef09 Release 6.4.5
• f8d417d Preserve Encrypted Elements
• 79bacf8 Bump org.springframework:spring-framework-bom from 6.2.5 to 6.2.6
• 9bcfeab Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12
• 254c9c9 Merge branch '6.3.x' into 6.4.x
• a5d9633 Bump org.springframework:spring-framework-bom from 6.1.18 to 6.1.19
• e5d9659 Merge branch '6.3.x' into 6.4.x
• 99c4f58 Bump org.springframework.ldap:spring-ldap-core from 3.2.11 to 3.2.12
• cb60d8b Merge branch '6.3.x' into 6.4.x
• c1aa99f Enforce BCrypt password length for new passwords only
• Additional commits viewable in compare view

Updates com.graphql-java:graphql-java-extended-scalars from 17.0 to 22.0

Release notes

Sourced from com.graphql-java:graphql-java-extended-scalars's releases.

22.0

This release updates graphql-java to v22.0.

See the graphql-java release notes: https://github.com/graphql-java/graphql-java/releases/tag/v22.0

What's Changed

• Update readme for v21 by @​dondonz in graphql-java/graphql-java-extended-scalars#114
• Bump com.graphql-java:graphql-java from 21.0 to 21.1 by @​dependabot in graphql-java/graphql-java-extended-scalars#116
• Bump com.graphql-java:graphql-java from 21.1 to 21.3 by @​dependabot in graphql-java/graphql-java-extended-scalars#120
• Bump actions/setup-java from 3 to 4 by @​dependabot in graphql-java/graphql-java-extended-scalars#123
• Update README.md with dgs links by @​sshevlyagin in graphql-java/graphql-java-extended-scalars#127
• Bump io.github.gradle-nexus.publish-plugin from 1.0.0 to 1.3.0 by @​dependabot in graphql-java/graphql-java-extended-scalars#99
• Bump actions/checkout from 3 to 4 by @​dependabot in graphql-java/graphql-java-extended-scalars#117
• Bump org.codehaus.groovy:groovy from 2.5.13 to 3.0.20 by @​dependabot in graphql-java/graphql-java-extended-scalars#125
• Bump gradle/wrapper-validation-action from 1 to 2 by @​dependabot in graphql-java/graphql-java-extended-scalars#128
• Update to v22 by @​bbakerman in graphql-java/graphql-java-extended-scalars#135

New Contributors

• @​sshevlyagin made their first contribution in graphql-java/graphql-java-extended-scalars#127

Full Changelog: graphql-java/graphql-java-extended-scalars@v21.0...v22.0

21.0

This release updates graphql-java to v21.0 and as a result, this library now requires Java 11 as a minimum version.

See the blog announcing the change for graphql-java.

What's Changed

• docs: readme makeover by @​setchy in graphql-java/graphql-java-extended-scalars#94
• docs: update version by @​setchy in graphql-java/graphql-java-extended-scalars#106
• Bump com.graphql-java:graphql-java from 20.2 to 20.3 by @​dependabot in graphql-java/graphql-java-extended-scalars#108
• Update to Java 11, Gradle 8.3, GraphQL Java v21.0 by @​dondonz in graphql-java/graphql-java-extended-scalars#113

Full Changelog: graphql-java/graphql-java-extended-scalars@20.2...v21.0

20.2

This release includes GraphQL Java 20.2. This release continues to use Java 8.

What's Changed

• Fix bug when NullValue is nested inside ObjectValue by @​dondonz in graphql-java/graphql-java-extended-scalars#91
• Prepend 0.0.0 to master build versions by @​dondonz in graphql-java/graphql-java-extended-scalars#92
• docs: update to reference scalars.graphql.org specification for DateTime by @​setchy in graphql-java/graphql-java-extended-scalars#93
• ci: add dependabot configuration by @​yeikel in graphql-java/graphql-java-extended-scalars#96
• Bump biz.aQute.bnd.builder from 6.2.0 to 6.4.0 by @​dependabot in graphql-java/graphql-java-extended-scalars#98
• build(deps): bump graphql to 20.2 by @​yeikel in graphql-java/graphql-java-extended-scalars#95

New Contributors

• @​yeikel made their first contribution in graphql-java/graphql-java-extended-scalars#96
• @​dependabot made their first contribution in graphql-java/graphql-java-extended-scalars#98

... (truncated)

Commits

• f9f4d57 Merge pull request #135 from graphql-java/update-to-22
• bdccedd Update readme
• 9bac79a Update to 22.0
• e155037 start of a branch to update to 22
• f6191ff Merge pull request #128 from graphql-java/dependabot/github_actions/gradle/wr...
• c5acb26 Bump gradle/wrapper-validation-action from 1 to 2
• 40f8f40 Merge pull request #125 from graphql-java/dependabot/gradle/org.codehaus.groo...
• d9fbb5a Update Groovy and corresponding Spock versions
• c933a33 Merge pull request #117 from graphql-java/dependabot/github_actions/actions/c...
• 3182277 Merge pull request #99 from graphql-java/dependabot/gradle/io.github.gradle-n...
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-core from 3.4.11 to 3.7.5

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.7.5

Reactor Core 3.7.5 is part of 2024.0.5 Release Train.

What's Changed

✨ New features and improvements

• Depend on Micrometer 1.14.6 by @​violetagg in cdcba76dccd06fee7402637d505357be2aa836bb
• Depend on Micrometer Tracing 1.4.5 by @​violetagg in cdcba76dccd06fee7402637d505357be2aa836bb
• Depend on Context Propagation 1.1.3 by @​violetagg in cdcba76dccd06fee7402637d505357be2aa836bb

Full Changelog: reactor/reactor-core@v3.7.4...v3.7.5

v3.7.4

What's Changed

✨ New features and improvements

• Bump byteBuddyVersion from 1.17.0 to 1.17.2 by @​dependabot in reactor/reactor-core#4003
• Bump io.projectreactor.tools:blockhound from 1.0.10.RELEASE to 1.0.11.RELEASE by @​dependabot in reactor/reactor-core#3986
• Depend on Micrometer v1.14.5 by @​chemicL in 88b652d

📖 Documentation

• fix doc title displayed as untitled by @​dev-jonghoonpark in reactor/reactor-core#4008

New Contributors

• @​dev-jonghoonpark made their first contribution in reactor/reactor-core#4008

Full Changelog: reactor/reactor-core@v3.7.3...v3.7.4

v3.7.3

Reactor Core 3.7.3 is part of 2024.0.3 Release Train.

What's Changed

✨ New features and improvements

• Support logging exception stack traces when the last argument is Throwable by @​raccoonback in #3960
• Bump byteBuddy from 1.15.4 to 1.17.0 by @​dependabot in #3977

🐞 Bug fixes

• Prevent duplicate Observation.stop with Micrometer by @​chemicL in #3976
• Interrupt VirtualThread task only from another Thread by @​chemicL in #3979

📖 Documentation

• Fix javaagent parameter syntax by @​nickcaballero in #3973

New Contributors

• @​Aleexender made their first contribution in #3966
• @​nickcaballero made their first contribution in #3973
• @​raccoonback made their first contribution in #3960

... (truncated)

Commits

• cdcba76 [release] Prepare and release 3.7.5
• efaad11 Merge-ignore release 3.6.16 into 3.7.5
• 8ae542a [release] Next development version 3.6.17-SNAPSHOT
• ae2dc3c [release] Prepare and release 3.6.16
• ef2702d Merge #4015 into 3.7.5
• 4de9509 Eliminate most compiler warnings (#4015)
• 9e7150c [release] Next development version 3.7.5-SNAPSHOT
• 88b652d [release] Prepare and release 3.7.4
• 202e164 [build] Install asciidoctor-pdf before deploying
• b41adc8 Revert "[release] Prepare and release 3.7.4"
• Additional commits viewable in compare view

Updates org.eclipse.jgit:org.eclipse.jgit from 5.13.0.202109080827-r to 7.2.0.202503040940-r

Commits

• fddef06 JGit v7.2.0.202503040940-r
• c43126f JGit v7.2.0.202503040805-r
• 28136bc CacheRegion: fix non translatable text warnings
• 1468a80 Merge branch 'master' into stable-7.2
• 4ef8870 Ensure access to autoRefresh is thread-safe
• ac5146f FileReftableStack: use FileSnapshot to detect modification
• 1ff9c2a FileReftableDatabase: consider ref updates by another process
• 5db57fe BlameRegionMerger: report invalid regions with checked exception.
• 3483bd7 Merge "[ssh known_hosts] Handle unknown keys better"
• 1b70d59 Prepare 7.2.0-SNAPSHOT builds
• Additional commits viewable in compare view

Updates org.hibernate:hibernate-search-engine from 5.11.10.Final to 5.11.12.Final

Changelog

Sourced from org.hibernate:hibernate-search-engine's changelog.

5.11.12.Final (2023-01-31)

** Bug * HSEARCH-4789 [HSearch 5] Indexing entities with a shared id across tenants results in removal from those tenants

5.11.11.Final (2022-10-27)

** Improvement * HSEARCH-4432 Upgrade to Hibernate ORM 5.4.33.Final

** Task * HSEARCH-4717 Upgrade to Byteman 4.0.20 * HSEARCH-4696 Move all Jenkins-related config to ci/ * HSEARCH-4695 Add Jenkins jobs to test component upgrades * HSEARCH-4595 Upgrade to Byteman 4.0.19 * HSEARCH-4472 Move the release job to a separate Jenkinsfile * HSEARCH-4459 Stop testing Hibernate Search against JDK 12 -> 16 * HSEARCH-4434 Avoid unnecessary synchronization in ExpectedLog4jLog * HSEARCH-4433 Upgrade to Log4j 2 in Hibernate Search 5.x tests * HSEARCH-4415 Sign published artifacts * HSEARCH-4371 Upgrade to Byteman 4.0.18 * HSEARCH-3244 Simplify configuration of AWS Elasticsearch endpoints in the Jenkins CI

Commits

• db66403 [Jenkins release job] Preparing release 5.11.12.Final
• 42b8ae7 [Jenkins release job] changelog.txt updated by release build 5.11.12.Final
• 03645e6 HSEARCH-4789 Use a common implementation for some Update/Delete work executors
• 7c595c5 HSEARCH-4789 Test updates/deletes in multi-tenant environments
• 304bd1d Include required tocbot js script in documentation
• 9bbd73d Move documentation to Google Analytics 4
• df44df5 [Jenkins release job] Preparing next development iteration
• 212e091 [Jenkins release job] Preparing release 5.11.11.Final
• cacf3f6 [Jenkins release job] changelog.txt updated by release build 5.11.11.Final
• 50bf2fa HSEARCH-4717 Upgrade to Byteman 4.0.20
• Additional commits viewable in compare view

Updates net.coobird:thumbnailator from 0.4.14 to 0.4.20

Commits

• 951d04f Update README with release info for 0.4.20.
• 9188264 Update POM for 0.4.20 release.
• e725fab Merge branch 'develop'
• 7e22d5a Merge branch 'bugfix-issue207' into develop
• e92a248 Add more tests for source region and Exif orientation.
• 5297c96 Fix bug for incorrect source region for some Exif orientations.
• 2b13a57 Fix source region selection when image has an Exif orientation. (#207)
• 9bf95ad Add tests for sourceRegion involving files, including those with Exif orien...
• 3f84a6b Update license name to align with SPDX identifer and update copyright date.
• 01ff6b0 Update license information in POM to use SPDX identifier per Maven recommenda...
• Additional commits viewable in compare view

Updates net.lingala.zip4j:zip4j from 2.9.0 to 2.11.5

Release notes

Sourced from net.lingala.zip4j:zip4j's releases.

v2.11.5

Improvements:

#476 & #493 Allow overriding empty files even if it is not a zip file

v2.11.4

Bug fixes:

#484 Use getPath instead of toPath to avoid java nio #486 Set symlink as a file even if it points to directory

v2.11.3

Security fixes:

#485 Fix CVE-2023-22899

v2.11.2

Improvements:

Use SecureRandom instead of Random to implement a cryptographically strong random number

Bug fixes:

Fix null check Append file separator to path check only if required Fix endOfCentralDirectory location calculation when setting comment Use Path comparison over String comparison for Path traversal vulnerability Set lastModifiedFileTime for all entries and not just directories Use charset when generating AES vendor id info

v2.11.1

Bug fixes:

#396 Use case sensitive comparison for file headers #440 Replace Windows file separator with zip separator #442 Remove file attributes check

v2.11.0

Bug fixes:

#328 Add option to handle passwords with or without utf8 charset #333 Fix issue with reading 7Zip split files with headers not just in first split part #421 Remove clone method #428 Add close method in NumberedSplitRandomAccessFile #432 Fallback to zip standard charset if utf-8 flag is not set #433 Add directories to zip as well when symlink target is a directory #434 Use last modified file time from ZipParameters #435 Add null check when getting and applying Windows file attributes #438 Remove lines to skip reading content if entry is directory

... (truncated)

Commits

• 8e2b749 #493 Allow adding content to empty files
• 025ce8c Release v2.11.4
• a28ca75 #486 Set symlink as a file even if it points to directory
• 7f74287 #490 Fix NOTICE
• 08c9dfd #490 Add NOTICE
• 5856eca #484 Use getPath instead of toPath to avoid java nio
• 7b9a500 Release v2.11.3
• ddd8fdc #485 Calculate AES mac with cache and push back functionality
• 597b31a #485 Check for MAC even when DataDescritor exists
• 942fe57 Release v2.11.2
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.4.4 to 3.4.5

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.4.5

🐞 Bug Fixes

• Spring Boot with native image container image build fails on podman due to directory permissions #45256
• Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
• Wrong jOOQ exception translator with empty db name #45219
• MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
• IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
• OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
• MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
• ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
• TypeUtils does not handle generics with identical names in different positions #45039
• HttpClient5 5.4.3 breaks local Docker transport #45028
• spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
• Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
• DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
• SSL config does not watch for symlink file changes #44887
• EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
• DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
• JsonValueWriter can throw StackOverflowError on deeply nested items #44627
• In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
• Logging a Path object using structured logging throws StackOverflowError