Update all dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
actions/checkout	action	major	v3 -> v4
gradle (source)		minor	8.1.1 -> 8.4
com.github.ben-manes.caffeine:caffeine	dependencies	patch	3.1.6 -> 3.1.8
io.gitlab.arturbosch.detekt (source)	plugin	patch	1.23.0 -> 1.23.1
io.gitlab.arturbosch.detekt:detekt-formatting (source)	dependencies	patch	1.23.0 -> 1.23.1
com.netflix.dgs.codegen	plugin	major	5.12.4 -> 6.0.3
com.netflix.graphql.dgs:graphql-dgs-platform-dependencies	dependencies	major	7.2.0 -> 8.0.0
io.ktor:ktor-serialization-kotlinx-xml	dependencies	patch	2.3.2 -> 2.3.5
io.ktor:ktor-client-mock	dependencies	patch	2.3.2 -> 2.3.5
io.ktor:ktor-client-content-negotiation	dependencies	patch	2.3.2 -> 2.3.5
io.ktor:ktor-client-cio	dependencies	patch	2.3.2 -> 2.3.5
io.ktor:ktor-client-core	dependencies	patch	2.3.2 -> 2.3.5
com.google.cloud.tools.jib	plugin	minor	3.3.2 -> 3.4.0
io.spring.dependency-management	plugin	patch	1.1.0 -> 1.1.3
org.springframework.boot (source)	plugin	patch	3.1.1 -> 3.1.5
org.jetbrains.kotlin.plugin.serialization (source)	plugin	minor	1.8.21 -> 1.9.10
org.jetbrains.kotlin.plugin.spring (source)	plugin	minor	1.8.21 -> 1.9.10
org.jetbrains.kotlin.jvm (source)	plugin	minor	1.8.21 -> 1.9.10

---

Release Notes

actions/checkout (actions/checkout)

v4

Compare Source

• Support fetching without the --progress option
• Update to node20

gradle/gradle (gradle)

v8.4: 8.4

Compare Source

The Gradle team is excited to announce Gradle 8.4.

Amongst other improvements, this release addresses two security vulnerabilities:

• Incorrect permission assignment for symlinked files used in copy or archiving operations
• Possible local text file exfiltration by XML External entity injection

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Ahmed Ehab,
Andrei Rybak,
Baptiste Decroix,
Björn Kautler,
Cesar de la Vega,
Ganavi Jayaram,
Gaurav Padam,
hwanseok,
J.T. McQuigg,
Jakub Chrzanowski,
Jendrik Johannes,
kackey0-1,
Konstantin Gribov,
Pratik Haldankar,
Qinglin,
Sebastian Schuberth,
Thad House,
valery1707,
Vladimir Sitnikov,
wuyangnju,
Yanming Zhou,
Yanshun Li,
Yusuke Uehara,
zeners

Upgrade instructions

Switch your build to use Gradle 8.4 by updating your wrapper:

./gradlew wrapper --gradle-version=8.4

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.3: 8.3

Compare Source

The Gradle team is excited to announce Gradle 8.3.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
Ahmed Ehab,
Aurimas,
Baptiste Decroix,
Björn Kautler,
Borewit,
Korov,
Mohammed Thavaf,
Patrick Brückner,
Philip Wedemann,
Róbert Papp,
Shi Chen,
Tony Robalik

Upgrade instructions

Switch your build to use Gradle 8.3 by updating your wrapper:

./gradlew wrapper --gradle-version=8.3

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.2.1

Compare Source

v8.2: 8.2

Compare Source

The Gradle team is excited to announce Gradle 8.2.

Amongst other improvements, this release addresses two security vulnerabilities:

• Dependency cache path traversal
• Path traversal vulnerabilities in handling of Tar archives

Read the Release Notes

We would like to thank the following community contributors for their contributions to this release of Gradle:

Bruno Didot,
Eric Vantillard,
esfomeado,
Jendrik Johannes,
Jonathan Leitschuh,
Lee Euije,
Stefan Oehme,
Todor Dinev,
Yanshun Li

Upgrade instructions

Switch your build to use Gradle 8.2 by updating your wrapper:

./gradlew wrapper --gradle-version=8.2

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

ben-manes/caffeine (com.github.ben-manes.caffeine:caffeine)

v3.1.8: 3.1.8

• Added a workaround for a possible JDK concurrency bug with method handles (#​1111)

v3.1.7: 3.1.7

Cache

• Improved builder construction time (#​905)

JCache

• Fixed deadlock when a cache listener writes to another cache (#​1065)
• Added jakarta.inject support, dropping javax.inject (#​1009)

detekt/detekt (io.gitlab.arturbosch.detekt)

v1.23.1

1.23.1 - 2023-07-30

This is a point release for Detekt 1.23.0, where we added support for Kotlin 1.9.0 and fixed several bugs that
got reported by the community.

Notable Changes

• Bumped Kotlin to v1.9.0 - #​6258
• Bumped KtLint to v0.50.0 - #​6239
• Updated CLI to reflect Java 20 support - #​6277

Changelog

• Add missing jdkHome and languageVersion properties to DetektCreateBaselineTask - #​6284
• Make InvalidRange aware of rangeUntil operator - #​6264
• MaxChainedCallsOnSameLine: don't count class references as chained calls - #​6224
• CanBeNonNullable: Fix false positive when property is defined after assignment - #​6210
• Add ..< and rangeTo in the ForEachOnRange rule - #​6197
• Don't report UseDataClass if class contains non-property parameters - #​6173
• Allow documenting public fun name when same private variable is present - #​6165
• Find range call using recursion - #​6164
• StringShouldBeRawString: Ignore replaceIndent and prependIndent - #​6154
• UnusedPrivateProperty: Fix false postive by ignoring data classes - #​6151
• PropertyUsedBeforeDeclaration: fix false positive in nested/inner class - #​6139

Dependency Updates

• Update dependency gradle to v8.2.1 - #​6274
• Switch to SLF4J 2.x - #​6266
• Update kotlin monorepo to v1.8.22 - #​6192

Contributors

We would like to thank the following contributors that made this release possible: @​3flex, @​Goooler, @​Hexcles, @​PoisonedYouth, @​TWiStErRob, @​VirtualParticle, @​atulgpt, @​cortinico, @​dzirbel, @​eygraber, @​marschwar, @​rmarquis, @​segunfamisa, @​severn-everett, @​t-kameyama

See all commit history here

Netflix/dgs-framework (com.netflix.graphql.dgs:graphql-dgs-platform-dependencies)

v8.0.0

Compare Source

This release updates the graphql-java version to 21.2. The main breaking change affects the usage of the already deprecated DefaultExceptionHandler::onException method. If you have defined your own custom exception handlers, you will need to switch to using handleException instead of onException.

What’s Changed

• Update to graphql-java 21.2 (#​1667) @​srinivasankavitha
• fix: in an input object a nested scalar is not mapped (#​1660) @​gilteplitsky
• set kotlin.daemon.jvmargs (#​1675) @​paulbakker
• chore: Update kotlin to 1.9.10 (#​1668) @​rahulsom
• feat: Add @​Language("graphql") to all method params that accept graphql (#​1670) @​rahulsom

v7.6.0: 7.6.0

What’s Changed

• Fix completablefuture wrapping (#​1666) @​paulbakker
• Add configuration to disable/enable resolver and query metrics. (#​1665) @​srinivasankavitha
• Fix issue #​1262 (#​1663) @​paulbakker
• (Experimental) Added support for automatically running data fetchers on virtual threads (#​1662) @​paulbakker

v7.5.4

What’s Changed

• Enable metrics for completable futures. (#​1658) @​srinivasankavitha
• Detect and throw exception for dataloaders with same name (#​1652) @​srinivasankavitha
• missing dfe fields (#​1653) @​kailyak
• #​1577 bug: Ignore unknown json properties when parsing request object into … (#​1650) @​congotej
• Add tests for validating queryExecutor.executeAndExtractJsonPath with headers (#​1646) @​srinivasankavitha

v7.5.3

What’s Changed

• Disable org.gradle.parallel to help with publish setup hanging. (#​1641) @​srinivasankavitha
• Check get mutation (#​1638) @​srinivasankavitha

v7.5.2

What’s Changed

• nebula-publish.yml: move from release events to push tags (#​1637) @​rpalcolea
• Update graphql java to 20.6 (#​1636) @​srinivasankavitha

v7.5.1

What’s Changed

• Revert "Fix entity error path (#​1605)" (#​1621) @​srinivasankavitha
• Vfs changes (#​1620) @​rpalcolea
• Bump jvm memory to 2G for publishing. (#​1617) @​srinivasankavitha
• Add property to disable query complexity metrics (#​1614) (#​1615) @​DanielThomas
• Replace usages of io.micrometer.core.instrument.Tags with Iterable (#​1612) @​DanielThomas
• Avoid DataLoaderRegistry.getKeys when calling getDataLoader (#​1613) @​DanielThomas
• Fix entity error path (#​1605) @​srinivasankavitha
• Map unknown fields to additionalInformation in GraphQLErrorDebugInfo … (#​1609) @​bradmeintjes
• Fix for #​1528, setup ObjectMapper configuration for DgsWebSocketAutoC… (#​1602) @​clayembry
• Revert gradle wrapper to 7.6.1 so we can get dep updates working. (#​1603) @​srinivasankavitha
• Bump actions/checkout from 3.5.2 to 3.5.3 (#​1549) @​dependabot
• Update Gradle Wrapper from 8.2 to 8.2.1 (#​1579) @​github-actions
• Avoid lazy property in DefaultDataFetcherExceptionHandler (#​1592) @​kilink
• Fix some deprecation warnings (#​1591) @​kilink

v7.3.6

What’s Changed

• Revert change in path sanitization for error metrics (#​1588) @​kilink
• Fix breakage when extracting "data" as the path in GraphQLResponse (#​1587) @​kilink

v7.3.4

What's Changed

• Fix the inference of the data. path in the response by @​berngp in https://github.com/Netflix/dgs-framework/pull/1581
• Improve IntelliJ language detection for the graphql string. by @​berngp in https://github.com/Netflix/dgs-framework/pull/1582

Full Changelog: Netflix/dgs-framework@v7.3.2...v7.3.4

v7.3.2

What’s Changed

• Update memory used by gradle daemon. (#​1578) @​srinivasankavitha

v7.3.0

What’s Changed

• Add workaround for newline handling in MultiSourceReader (#​1574) @​kilink
• Disable filesystem watching for CI check task (#​1575) @​kilink
• Validate at schema build time that @​DgsData and @​InputArgument match actual schema elements (#​1565) @​tinnou
• Remove Stream.toList import, clean up (#​1571) @​kilink
• Update to Spring Boot 3.0.8 (#​1570) @​kilink
• DgsContext: Fix getRequestData with BatchLoaderEnvironment (#​1548) @​Yrwein
• Add nullability annotations to DgsQueryExecutor (#​1567) @​kilink
• Allow null variable input in graphql requests. (#​1564) @​srinivasankavitha
• Get rid of usage of deprecated SimpleInstrumentation class (#​1559) @​kilink
• Use ApplicationContext to load resources in DgsSchemaProvider (#​1552) @​kilink

ktorio/ktor (io.ktor:ktor-serialization-kotlinx-xml)

v2.3.5

Compare Source

Published 5 October 2023

Bugfixes

• 300+ ktor-client-java threads eat up lots of memory (KTOR-6292)
• Apache5 engine limits concurrent requests to individual route to 5 (KTOR-6221)
• DarwinClientEngine WebSocket rejects all received pongs (KTOR-5540)

v2.3.4

Compare Source

Published 31 August 2023

Bugfixes

• The "charset=UTF-8" part is automatically added to the application/json Content-Type (KTOR-6183)
• MicrometerMetricsConfig default registry leaks coroutine (KTOR-6178)
• Darwin: App hangs when sending a huge MultiPart request without access to network (KTOR-6147)
• NPE in JavaClientEngine body() call (KTOR-6190)
• Digest Auth: algorithm isn't specified in the Authorization header (KTOR-3391)
• Confusing NoTransformationFoundException (KTOR-6064)
• Cookie name-value pairs should be separated by a semicolon instead of a comma (KTOR-5868)

v2.3.3

Compare Source

Published 1 August 2023

Bugfixes

• java.util.zip.DataFormatException after enabling permessage-deflate (KTOR-5979)
• DelegatingTestingClientEngine fails when ContentNegotiation with protobuf is installed and empty body (KTOR-6125)
• KtorServlet does not support yaml configuration (KTOR-6108)
• CIO ConnectionFactory leaks on cancellation (KTOR-6127)
• staticFiles responds twice if both index and defaultPath are set (KTOR-6120)
• Uncaught Kotlin exception: kotlin.IllegalArgumentException: Failed to open iconv for charset UTF-8 with error code 22 (KTOR-5980)
• Not compatible with kotlinx-html 0.9.1 (KTOR-6124)
• "Test engine is already completed" error while establishing Websockets connection (KTOR-6057)
• s-maxage is not used, even if HttpCache.Config.isShared is true (KTOR-6087)
• Cache returns null when vary header set different ways whatever it has same values (KTOR-6081)
• DefaultRequest: a cookie appears twice in the request header when sending a request with another cookie (KTOR-5619)

Improvements

• Drop linuxArm64 publication from ktor-client-curl (KTOR-6154)
• Client: Target linuxArm64 (KTOR-872)
• Server: Target linuxArm64 (KTOR-5753)
• Add system property to disable automatic installation of runtime shutdown hook (KTOR-6070)

spring-gradle-plugins/dependency-management-plugin (io.spring.dependency-management)

v1.1.3

🐞 Bug Fixes

• NullPointerException when Maven-style exclusions are enabled and a dependency has a pom which Maven's Model Builder considers to be invalid #​365

v1.1.2

🐞 Bug Fixes

• Resolution fails when a dependency with Gradle module metadata relies on constraints from a platform dependency #​360

v1.1.1

🐞 Bug Fixes

• Pom customization has unwanted side-effect of reversing bom import ordering #​355
• Build fails with an ArrayIndexOutOfBoundsException when a dependency has a pom with more than 8192 characters #​350
• Enabling configuration on demand causes build failure in multi module project with different group name #​321
• Transitive platform dependencies may prevent exclusions from being applied #​310

📔 Documentation

• Update Javadoc to link to Java 8 #​359
• Document support for Gradle 8 #​356
• Update the reference documentation to use more up-to-date examples #​354

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​rupertwaldron

spring-projects/spring-boot (org.springframework.boot)

v3.1.5

⚠️ Noteworthy Changes

• The behavior of spring.jms.listener.concurrency has been corrected to match the documentation (#​37180). If you were setting spring.jms.listener.concurrency without also setting spring.jms.listener.max-concurrency, please review your configuration when upgrading.

🐞 Bug Fixes

• Constructor binding with a custom collection type does not work #​37941
• @Order does not work on (CommandLine|Application)Runner @Bean methods #​37938
• @ComponentScan on a test class is processed when creating a test context but is not included in the context's cache key #​37924
• Restarter creates memory leak in tests #​37920
• AOT processing fails when a @WebServlet found by scanning is annotated with @MultipartConfig #​37883
• Gradle plugin uses to-be-deprecated API for getting and setting file permissions #​37881
• Task executor metrics are not registered when using lazy initialization #​37838
• Gradle AOT processing tasks do not use project's Java toolchain #​37826
• @ServiceConnection is not found when used in an interface implemented by a test class #​37671
• Image building can fail when using GraalVM compilation and a remote Docker daemon #​37665
• NPE from Jetty's WebSocketUpgradeFilter when testing with @SpringBootTest, @AutoConfigureMockMvc, and MockMvc #​37663
• @WebListener does not work in a native image without additional reflection hints #​37635
• AspectJ transaction management with compile-time weaving does not work with spring.main.lazy-initialization=true #​37632
• IPv6 IP addresses cannot be used with RabbitMQ #​37619
• Unwanted Logback status messages are sometimes logged during startup #​37600
• Managed types for Neo4j are not used in Neo4j Data auto configuration #​37594
• fileMode and dirMode are not applied to all entries in an archive produced by BootJar #​37588
• Application fails to start when an optional config import cannot be resolved #​37570
• Contrary to the documentation, setting spring.jms.listener.concurrency alone configures the maximum concurrency #​37553
• Dependency management for kafka-server-common with a test classifier is missing #​37542
• RepackageMojo doesn't support 1 digit numerical values for project.build.outputTimestamp #​37535

📔 Documentation

• Document that 'spring.docker.compose.file' can be used to share Docker Compose configuration between applications #​37886
• Remove link to LiveReload website due to timeout #​37691
• Refer to ActiveMQ as ActiveMQ "Classic" #​37615
• Removal of spring.webflux.multipart.streaming is not documented #​37609
• Default value of spring.jmx.registration-policy is not documented #​37596
• Update documentation to align with Mockito 5 using the inline mock maker by default #​37561
• Add Javadoc since for AbstractAotMojo.getSession() #​37547
• Document support for Java 21 #​37532
• Use more idiomatic Kotlin in example for "Map Health Indicators to Micrometer Metrics" #​37510

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.9 #​37853
• Upgrade to Couchbase Client 3.4.11 #​37759
• Upgrade to Dropwizard Metrics 4.2.21 #​37897
• Upgrade to Hibernate 6.2.13.Final #​37854
• Upgrade to HttpCore5 5.2.3 #​37762
• Upgrade to Infinispan 14.0.19.Final #​37855
• Upgrade to Jackson Bom 2.15.3 #​37898
• Upgrade to Jetty 11.0.17 #​37856
• Upgrade to Jetty Reactive HTTPClient 3.0.9 #​37932
• Upgrade to jOOQ 3.18.7 #​37857
• Upgrade to Micrometer 1.11.5 #​37693
• Upgrade to Micrometer Tracing 1.1.6 #​37694
• Upgrade to Neo4j Java Driver 5.13.0 #​37793
• Upgrade to Netty 4.1.100.Final #​37858
• Upgrade to Pooled JMS 3.1.4 #​37764
• Upgrade to R2DBC MySQL 1.0.5 #​37859
• Upgrade to Reactor Bom 2022.0.12 #​37695
• Upgrade to RxJava3 3.1.8 #​37766
• Upgrade to Spring AMQP 3.0.10 #​37696
• Upgrade to Spring Authorization Server 1.1.3 #​37697
• Upgrade to Spring Data Bom 2023.0.5 #​37698
• Upgrade to Spring Framework 6.0.13 #​37816
• Upgrade to Spring Integration 6.1.4 #​37914
• Upgrade to Spring Kafka 3.0.12 #​37797
• Upgrade to Spring LDAP 3.1.2 #​37699
• Upgrade to Spring Retry 2.0.4 #​37700
• Upgrade to Spring Security 6.1.5 #​37701
• Upgrade to Spring Session 3.1.3 #​37702
• Upgrade to Tomcat 10.1.15 #​37902
• Upgrade to UnboundID LDAPSDK 6.0.10 #​37767
• Upgrade to Undertow 2.3.10.Final #​37933

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​JinseongHwang, @​bottlerocketjonny, @​dependabot[bot], @​erichaagdev, @​esperar, @​izeye, @​jbertram, @​jonasfugedi, @​michael-simons, @​nielsbasjes, @​onobc, @​sushant1987, @​ttddyy, and @​vpavic

v3.1.4

⭐ New Features

• Add TWENTY_ONE to JavaVersion enum #​37364

🐞 Bug Fixes

• When SLF4J and Logback are initialized on multiple threads in parallel, startup may fail due to SubstituteLoggerFactory being considered to be a competing LoggerFactory implementation #​37484
• Saml2RelyingPartyAutoConfiguration ignores sign-request when metadata-url is used #​37482
• Leaking file descriptor / socket within DomainSocket tooling #​37460
• Invalid Accept header produces HTTP 500 in WelcomePageHandlerMapping #​37457
• PrivateKeyParser doesn't support ed448, XDH and RSA-PSS keys #​37422
• "languageVersion is final and cannot be changed" when using Gradle 8.3 and configuring the Java toolchain's language version #​37380
• AOT processing fails when a @ConfigurationProperties-annotated record has multiple constructors #​37336
• Spring Boot dependency management not working for ehcache when using Gradle and the dependency management plugin #​37270
• SslStoreBundle implementations aren't immutable #​37222
• Parsing OCI image names that are invalid due to the use of upper case letters is very slow #​37183
• Producing and consuming different tracing propagation formats doesn't work #​37178
• Using https with elliptic curves other than secp384r1 fails #​37169
• In 3.0.x and later, Spring Security cannot be used to secure a WebSocket upgrade request when using Jetty #​37158
• Local baggage is propagated when using Brave and W3C #​37156
• ServiceConnectionContextCustomizer can trigger docker usage during AOT processing #​37097
• java.lang.OutOfMemoryError: Metaspace when repeatedly deploying and undeploying a Spring Boot web application multiple times in Tomcat #​37096
• Property 'logging.threshold.console' not working #​36741

📔 Documentation

• Document that PKCS8 PEM files should be used whenever possible #​37443
• Add reference to Oracle Spring Boot Starters #​37411
• Correct the description of spring.artemis.broker-url #​37309
• Add default value metadata for management.metrics.export.signalfx.published-histogram-type #​37253
• Polish javadoc #​37143

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.8 #​37419
• Upgrade to Couchbase Client 3.4.10 #​37297
• Upgrade to Groovy 4.0.15 #​37386
• Upgrade to Hibernate 6.2.9.Final #​37465
• Upgrade to Infinispan 14.0.17.Final #​37299
• Upgrade to Jakarta XML Bind 4.0.1 #​37387
• Upgrade to Jetty 11.0.16 #​37300
• Upgrade to Lombok 1.18.30 #​37488
• Upgrade to Micrometer 1.11.4 #​37261
• Upgrade to Micrometer Tracing 1.1.5 #​37262
• Upgrade to Native Build Tools Plugin 0.9.27 #​37420
• Upgrade to Neo4j Java Driver 5.12.0 #​37353
• Upgrade to Pooled JMS 3.1.3 #​37421
• Upgrade to R2DBC MySQL 1.0.3 #​37466
• Upgrade to Reactor Bom 2022.0.11 #​37263
• Upgrade to REST Assured 5.3.2 #​37303
• Upgrade to SLF4J 2.0.9 #​37304
• Upgrade to Spring AMQP 3.0.9 #​37264
• Upgrade to Spring Data Bom 2023.0.4 #​37350
• Upgrade to Spring Framework 6.0.12 #​37265
• Upgrade to Spring GraphQL 1.2.3 #​37266
• Upgrade to Spring Integration 6.1.3 #​37267
• Upgrade to Spring Kafka 3.0.11 [#​37305](https://togithub

---

Configuration

📅 Schedule: Branch creation - "on Saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.