Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump ratpack-session from 1.1.1 to 1.9.0 #11

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump ratpack-session from 1.1.1 to 1.9.0 #11

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 1, 2021

Bumps ratpack-session from 1.1.1 to 1.9.0.

Release notes

Sourced from ratpack-session's releases.

v1.9.0

No release notes provided.

v1.8.2

This release updates the Gradle plugin to be compatible with Gradle 7.

v1.8.1

This release fixes several bugs, adds compatibility with Gradle's configuration caching, and updates two dependencies with critical vulnerabilities.

We hope you enjoy Ratpack 1.8.1.

v1.8.0

Ratpack 1.8.0 is now available!

This release adds support for configuring a proxy to utilize with the HttpClient for outgoing requests, additional convenience methods for Promise.retry, a number of dependency updates, and other improvements .

The following core dependencies have been upgraded:

  • Netty 4.1.37.Final → 4.1.48.Final
  • Netty TCNative 2.0.25.Final → 2.0.30.Final
  • Jackson 2.9.8 → 2.10.3
  • Slf4j 1.7.25 → 1.7.30
  • Guava 21.0 → 28.2-jre
  • Dropwizard Metrics 4.0.5 → 4.1.6
  • Log4j 2.6.2 → 2.13.1
  • Caffeine 2.6.2 → 2.8.1
  • Retrofit 2.4.0 → 2.8.1

Ratpack's HttpClient can now be configured to utilize a proxy server when sending requests using the HttpClientSpec. proxy method. Configuring the proxy requires specifying the host and port of the proxy. Optionally, the configured proxy can be bypassed for a set of destinations. This set uses the same pattern matching utilized by the core Java libraries and specified here: https://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html. It should be noted that the HttpClient does not respect the http.proxyHost, http.proxyPort, and http.nonProxyHosts system properties.

In this release, Promise.retry has been extended to allow for specifying a Predicate to indicate when the RetryPolicy should be evaluated.

There are also a few other new convenience methods added to support easier development and testing of Ratpack applications. Thanks to all who contributed.

We hope you enjoy Ratpack 1.8.

--

Team Ratpack

v1.7.6

This release includes a fix for a security vulnerability. This upgrade is recommended for all Ratpack users.

Versions of Ratpack 0.9.10 through and including 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (aka. XSS), in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data.

This vulnerability only exists in the handler that renders an internal server error as a readable HTML page which is activates when Ratpack is running in development mode. This mode is only activate by user request (i.e. setting development(true) in the ServerConfig, setting RATPACK_DEVELOPMENT=true in the environment), or when Ratpack detects it is running in an IDE (i.e. IntelliJ), being run by the Groovy shell, or attached to a debugger. By default, Ratpack sets development(false) when packaged as a Jar.

Users should verify that they are not running Ratpack with development mode activated in production environments.

... (truncated)

Commits
  • d62e05d Version 1.9.0
  • 4d55ef1 Fix site publishing
  • 5a502bc Fix publication of manual zip
  • 78eef1c Don't allow publishing of SNAPSHOT Gradle plugins
  • 2cab397 Reorder build logic to ensure base conf is applied to subprojects
  • 3067bd4 Allow more time for Nexus repository closing
  • 1939fd2 Resume version 1.9
  • 326bfb1 Version 1.9.0-rc-2
  • 7b3aae1 Update to nexus publishing plugin
  • d2a4f1f Remove references to Bintray
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump ratpack-session from 1.1.1 to 1.9.0
b24b6dc 
Bumps [ratpack-session](https://github.com/ratpack/ratpack) from 1.1.1 to 1.9.0.
- [Release notes](https://github.com/ratpack/ratpack/releases)
- [Changelog](https://github.com/ratpack/ratpack/blob/master/release-notes.md)
- [Commits](ratpack/ratpack@v1.1.1...v1.9.0)

---
updated-dependencies:
- dependency-name: io.ratpack:ratpack-session
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants