chore(deps): bump org.quartz-scheduler:quartz from 2.3.2 to 2.5.0 in /jans-casa #10206
Conversation
DryRun Security SummaryThe pull request updates the Quartz Scheduler library from version 2.3.2 to 2.5.0 across three different Expand for full summarySummary: The code changes in this pull request primarily focus on updating the version of the Quartz Scheduler library from 2.3.2 to 2.5.0 in the From an application security perspective, these changes are generally not concerning. The Quartz Scheduler is a widely-used library for scheduling background tasks, and upgrading to the latest version can provide security and stability improvements. However, it's important to thoroughly test any dependency updates to ensure that they do not introduce any regressions or unexpected behavior in the application. Additionally, reviewing the release notes and changelog of the new Quartz version is recommended to understand any significant changes or security-related fixes that have been included. Overall, these code changes appear to be routine dependency updates, and there are no immediate security concerns that stand out. The application security engineer should still review the rest of the pull request to ensure that there are no other changes that could introduce security vulnerabilities. Files Changed:
Code AnalysisWe ran
|
00f7ae7 to
ec9dbd7
Compare
ec9dbd7 to
c75abed
Compare
Bumps [org.quartz-scheduler:quartz](https://github.com/quartz-scheduler/quartz) from 2.3.2 to 2.5.0. - [Release notes](https://github.com/quartz-scheduler/quartz/releases) - [Changelog](https://github.com/quartz-scheduler/quartz/blob/main/docs/changelog.adoc) - [Commits](quartz-scheduler/quartz@v2.3.2...v2.5.0) --- updated-dependencies: - dependency-name: org.quartz-scheduler:quartz dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
c75abed to
bdce924
Compare
bdce924 to
f3a5efe
Compare
5126af2 to
aa1b2ed
Compare
f3a5efe to
0945a83
Compare
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
|
|
|
|
|
|
|
|
|
|
|
Bumps org.quartz-scheduler:quartz from 2.3.2 to 2.5.0.
Release notes
Sourced from org.quartz-scheduler:quartz's releases.
Commits
05a497eSet quartzVersion to 2.5.0d0403eeMerge pull request #1262 from jhouserizer/fix_javadoc_in_jepea7393a3Fix javadoc errors in JobExecutionProcessExceptioncbe23a1Merge pull request #1260 from ohksj77/handle-misfired-trigger-exception84204e6Merge pull request #1257 from bcode2/quartz-2.5x-remove-redundant-initialization6ca2800Merge pull request #1252 from konopka/fix_tomorrowat_returning_wrong_date_whe...f31d0c8Handle exceptions thrown while retrieving the misfired trigger6b474d6refactor: remove-redundant-initialization33ef506Merge pull request #1254 from konopka/fix_setrepeatinterval_accepts_invalid_v...94c890fMerge pull request #1253 from amergey/mainYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)