Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump portofino from 5.1.4 to 5.3.3 in /04_docker/demo-project #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump portofino from 5.1.4 to 5.3.3 in /04_docker/demo-project #5

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 16, 2022
edited
Loading

Bumps portofino from 5.1.4 to 5.3.3.

Changelog

Sourced from portofino's changelog.

[5.3.3] – 2022-10-22

Added

  • New deployment option: Portofino modules as Spring Boot components, without using Portofino's dispatcher and without setting up Portofino's context hierarchy.

Changed

  • Updated Angular to version 13
  • Replaced moment.js with Luxon

Fixed

  • Wrong links in the war archetype #556
  • Omitting the login.path property results in a malfunctioning application #557
  • Mounted child path not converted to the native OS format #566

[5.3.2] – 2022-05-12

Added

  • Pluggable exporters for CRUD.
  • Configuration abstraction, integrated with Spring's Environment (which includes application.properties in Spring Boot).

Changed

  • Refactored the CRUD's JSON output logic into a separate exporter class. This is a breaking API change for CRUD extensions overriding jsonXYZData methods.
  • In Spring Boot applications, when using Jersey (the default), allow Portofino actions to coexist with Boot services such as actuators.

Fixed

  • Multiple issues with the Spring Boot-based archetypes, including but not limited to:
    • Application generated from Java service archetype searches for action classes in src/main/resources/portofino
    • Unsupported CORS with service archetypes. By default, archetypes will use an embedded Tomcat instead of Undertow for the time being (startup is slower)
    • Misleading Java service archetype SpringConfiguration.java

[5.3.1] – 2022-03-10

Added

  • Support building on Java 17
  • Generic CRUD page upstairs
  • Allow resource-actions to return synthetic resource-actions without any file object
  • Configurable API path with Spring Boot
  • Include sample GitHub action in archetypes
  • AWS S3 blob manager
  • Ability to disable a database connection with an annotation (adapted from Portofino 4 which uses a configuration property instead)

Changed

  • Updated Angular libraries and material icons package
  • Updated several Java libraries to fix vulnerabilities. Note that all the Portofino versions in the last decade (4.x and 5.x) do NOT suffer from log4shell because they don't use Log4j (unless you explicitly replace Logback with Log4j in your project, of course).

Fixed

  • Refreshing the UI's security token when the app is starting

... (truncated)

Commits
  • a42e1e9 Merge remote-tracking branch 'origin/master'
  • 3b37a10 Update Javadoc command in POM
  • 7f2b3f1 Merge pull request #583 from ManyDesigns/snyk-fix-7703bf13a168a2d8601f457a870...
  • 81a5eef Merge pull request #578 from ManyDesigns/snyk-fix-6e34e27bf093b26c23995dda566...
  • e1f60ad Fix loading of Liquibase changelog
  • 53065d6 fix: pom.xml to reduce vulnerabilities
  • 2cc31c9 Update version and changelog
  • 0090552 #566 use URI instead of path
  • f5bda4b #566 login.path not correctly canonicalized
  • 1fd84ec Update UI, versions
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump portofino from 5.1.4 to 5.3.3 in /04_docker/demo-project
acb802e 
Bumps [portofino](https://github.com/ManyDesigns/Portofino) from 5.1.4 to 5.3.3.
- [Release notes](https://github.com/ManyDesigns/Portofino/releases)
- [Changelog](https://github.com/ManyDesigns/Portofino/blob/master/CHANGELOG.md)
- [Commits](ManyDesigns/Portofino@5.1.4...v5.3.3)

---
updated-dependencies:
- dependency-name: com.manydesigns:portofino
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 16, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants