Bump javalin.version from 6.3.0 to 6.4.0 #31

dependabot · 2024-12-23T13:58:56Z

Bumps javalin.version from 6.3.0 to 6.4.0.
Updates io.javalin:javalin-bundle from 6.3.0 to 6.4.0

Release notes

Sourced from io.javalin:javalin-bundle's releases.

6.4.0

What's Changed

Update Dependabot to actually group dependency updates by @SentryMan in javalin/javalin#2322

Use removeFirstOrNull instead of removeFirstKt for null safety by @Jerbell in javalin/javalin#2309

added vue 3 support by @unaor in javalin/javalin#2330

[deps]: Bump org.freemarker:freemarker from 2.3.32 to 2.3.33 by @dependabot in javalin/javalin#2311

[deps]: Bump org.java-websocket:Java-WebSocket from 1.5.6 to 1.5.7 by @dependabot in javalin/javalin#2312

[deps]: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.5 by @dependabot in javalin/javalin#2313

[deps]: Bump micrometer.version from 1.13.2 to 1.13.3 by @dependabot in javalin/javalin#2314

[deps]: Bump org.codehaus.mojo:exec-maven-plugin from 3.3.0 to 3.4.1 by @dependabot in javalin/javalin#2315

[deps]: Bump com.aayushatharva.brotli4j:brotli4j from 1.16.0 to 1.17.0 by @dependabot in javalin/javalin#2316

[deps]: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.2 to 3.1.3 by @dependabot in javalin/javalin#2317

[deps]: Bump org.mockito:mockito-core from 5.12.0 to 5.13.0 by @dependabot in javalin/javalin#2319

[deps]: Bump org.seleniumhq.selenium:selenium-chrome-driver from 4.20.0 to 4.24.0 by @dependabot in javalin/javalin#2320

[deps]: Bump junit.version from 5.10.3 to 5.11.0 by @dependabot in javalin/javalin#2318

[deps]: Bump the dependencies group across 1 directory with 3 updates by @dependabot in javalin/javalin#2324

[deps]: Bump the dependencies group with 20 updates by @dependabot in javalin/javalin#2326

[workflow]: Bump codecov/codecov-action from 4.5.0 to 4.6.0 in the dependencies group by @dependabot in javalin/javalin#2328

[cors] Disallow anyHost + allowCredentials by @Playacem in javalin/javalin#2321

[workflow]: Bump s4u/maven-settings-action from 3.0.0 to 3.1.0 in the dependencies group by @dependabot in javalin/javalin#2338

New Contributors

@unaor made their first contribution in javalin/javalin#2330

Full Changelog: javalin/javalin@javalin-parent-6.3.0...javalin-parent-6.4.0

Commits

c231f91 [maven-release-plugin] prepare release javalin-parent-6.4.0
c21c254 [util] Less aggressive with "old version warning"
9d5085b [deps] Downgrade to Dokka 1.9.10
d05b0cc [workflow]: Bump s4u/maven-settings-action in the dependencies group (#2338)
9fb548e [cors] Disallow anyHost + allowCredentials (#2321)
6e53b62 [plugins] Add support for Vue3 to LoadableData
4afc3f7 [workflow]: Bump codecov/codecov-action in the dependencies group (#2328)
c3e87da [deps]: Bump the dependencies group with 20 updates (#2326)
3df9016 [deps]: Bump the dependencies group across 1 directory with 3 updates (#2324)
4be2f85 [github] Update dependabot to actually group dependency updates (#2322)
Additional commits viewable in compare view

Updates io.javalin.community.openapi:javalin-openapi-plugin from 6.3.0 to 6.4.0

Release notes

Sourced from io.javalin.community.openapi:javalin-openapi-plugin's releases.

6.4.0

Changes

javalin/javalin-openapi#230 Cache processed types in properties to avoid infinite recursion when going through createEmbeddedTypeDescription

javalin/javalin-openapi#225 Upgrade versions of redoc and swagger plugins

javalin/javalin-openapi#231 Support fallback to 'default' version when .index file is missing

javalin/javalin-openapi#232 Allow reference to a model from OpenApiContentProperty

javalin/javalin-openapi#234 Kotlin + Maven example

Bump Javalin to 6.4.0

Sponsors Thanks to everyone who supported me this month 💜

Minimal requirements

Java 11+ / Kotlin 1.9+

Javalin 6.4.0

Download

Wiki / Installation

Commits

414aff9 Mark sources as 6.4.1-SNAPSHOT
3923a34 Release 6.4.0
5364296 GH-234 Kotlin + Maven example
350ff9b GH-232 Allow reference to a model from OpenApiContentProperty (#232)
cff4deb GH-231 Support fallback to 'default' version when .index file is missing (Res...
19c1762 GH-225 Upgrade versions of redoc and swagger plugins (#225)
7e1ec6d GH-230 Cache processed types in properties to avoid infinite recursion when g...
3d15957 GH-229 Example usage of OpenApiRequired
See full diff in compare view

Updates io.javalin.community.openapi:javalin-swagger-plugin from 6.3.0 to 6.4.0

Release notes

Sourced from io.javalin.community.openapi:javalin-swagger-plugin's releases.

6.4.0

Changes

javalin/javalin-openapi#230 Cache processed types in properties to avoid infinite recursion when going through createEmbeddedTypeDescription

javalin/javalin-openapi#225 Upgrade versions of redoc and swagger plugins

javalin/javalin-openapi#231 Support fallback to 'default' version when .index file is missing

javalin/javalin-openapi#232 Allow reference to a model from OpenApiContentProperty

javalin/javalin-openapi#234 Kotlin + Maven example

Bump Javalin to 6.4.0

Sponsors Thanks to everyone who supported me this month 💜

Minimal requirements

Java 11+ / Kotlin 1.9+

Javalin 6.4.0

Download

Wiki / Installation

Commits

414aff9 Mark sources as 6.4.1-SNAPSHOT
3923a34 Release 6.4.0
5364296 GH-234 Kotlin + Maven example
350ff9b GH-232 Allow reference to a model from OpenApiContentProperty (#232)
cff4deb GH-231 Support fallback to 'default' version when .index file is missing (Res...
19c1762 GH-225 Upgrade versions of redoc and swagger plugins (#225)
7e1ec6d GH-230 Cache processed types in properties to avoid infinite recursion when g...
3d15957 GH-229 Example usage of OpenApiRequired
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `javalin.version` from 6.3.0 to 6.4.0. Updates `io.javalin:javalin-bundle` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/javalin/javalin/releases) - [Commits](javalin/javalin@javalin-parent-6.3.0...javalin-parent-6.4.0) Updates `io.javalin.community.openapi:javalin-openapi-plugin` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/javalin/javalin-openapi/releases) - [Commits](javalin/javalin-openapi@6.3.0...6.4.0) Updates `io.javalin.community.openapi:javalin-swagger-plugin` from 6.3.0 to 6.4.0 - [Release notes](https://github.com/javalin/javalin-openapi/releases) - [Commits](javalin/javalin-openapi@6.3.0...6.4.0) --- updated-dependencies: - dependency-name: io.javalin:javalin-bundle dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: io.javalin.community.openapi:javalin-openapi-plugin dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: io.javalin.community.openapi:javalin-swagger-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [on-headers](https://github.com/jshttp/on-headers) and [compression](https://github.com/expressjs/compression). These dependencies needed to be updated together. Updates `on-headers` from 1.0.2 to 1.1.0 Release notes *Sourced from [on-headers's releases](https://github.com/jshttp/on-headers/releases).* > 1.1.0 > ----- > > Important > --------- > > * Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](GHSA-76c9-3jph-rj3q)) > > What's Changed > -------------- > > * Migrate CI pipeline to GitHub actions by [`@carpasse`](https://github.com/carpasse) in [jshttp/on-headers#12](https://redirect.github.com/jshttp/on-headers/pull/12) > * fix README.md badges by [`@carpasse`](https://github.com/carpasse) in [jshttp/on-headers#13](https://redirect.github.com/jshttp/on-headers/pull/13) > * add OSSF scorecard action by [`@carpasse`](https://github.com/carpasse) in [jshttp/on-headers#14](https://redirect.github.com/jshttp/on-headers/pull/14) > * fix: use `ubuntu-latest` as ci runner by [`@UlisesGascon`](https://github.com/UlisesGascon) in [jshttp/on-headers#19](https://redirect.github.com/jshttp/on-headers/pull/19) > * ci: apply OSSF Scorecard security best practices by [`@UlisesGascon`](https://github.com/UlisesGascon) in [jshttp/on-headers#20](https://redirect.github.com/jshttp/on-headers/pull/20) > * 👷 add upstream change detection by [`@ctcpip`](https://github.com/ctcpip) in [jshttp/on-headers#31](https://redirect.github.com/jshttp/on-headers/pull/31) > * ✨ add script to update known hashes by [`@ctcpip`](https://github.com/ctcpip) in [jshttp/on-headers#32](https://redirect.github.com/jshttp/on-headers/pull/32) > * 💚 update CI - add newer node versions by [`@ctcpip`](https://github.com/ctcpip) in [jshttp/on-headers#33](https://redirect.github.com/jshttp/on-headers/pull/33) > > New Contributors > ---------------- > > * [`@carpasse`](https://github.com/carpasse) made their first contribution in [jshttp/on-headers#12](https://redirect.github.com/jshttp/on-headers/pull/12) > * [`@UlisesGascon`](https://github.com/UlisesGascon) made their first contribution in [jshttp/on-headers#19](https://redirect.github.com/jshttp/on-headers/pull/19) > * [`@ctcpip`](https://github.com/ctcpip) made their first contribution in [jshttp/on-headers#31](https://redirect.github.com/jshttp/on-headers/pull/31) > > **Full Changelog**: <jshttp/on-headers@v1.0.2...v1.1.0> Changelog *Sourced from [on-headers's changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md).* > 1.1.0 / 2025-07-17 > ================== > > * Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](GHSA-76c9-3jph-rj3q)) Commits * [`4b017af`](jshttp/on-headers@4b017af) 1.1.0 * [`b636f2d`](jshttp/on-headers@b636f2d) ♻️ refactor header array code * [`3e2c2d4`](jshttp/on-headers@3e2c2d4) ✨ ignore falsy header keys, matching node behavior * [`172eb41`](jshttp/on-headers@172eb41) ✨ support duplicate headers * [`c6e3849`](jshttp/on-headers@c6e3849) 🔒️ fix array handling * [`6893518`](jshttp/on-headers@6893518) 💚 update CI - add newer node versions * [`56a345d`](jshttp/on-headers@56a345d) ✨ add script to update known hashes * [`175ab21`](jshttp/on-headers@175ab21) 👷 add upstream change detection ([#31](https://redirect.github.com/jshttp/on-headers/issues/31)) * [`ce0b2c8`](jshttp/on-headers@ce0b2c8) ci: apply OSSF Scorecard security best practices ([#20](https://redirect.github.com/jshttp/on-headers/issues/20)) * [`1a38c54`](jshttp/on-headers@1a38c54) fix: use `ubuntu-latest` as ci runner ([#19](https://redirect.github.com/jshttp/on-headers/issues/19)) * Additional commits viewable in [compare view](jshttp/on-headers@v1.0.2...v1.1.0) Maintainer changes This version was pushed to npm by [ulisesgascon](https://www.npmjs.com/~ulisesgascon), a new releaser for on-headers since your current version. Updates `compression` from 1.8.0 to 1.8.1 Release notes *Sourced from [compression's releases](https://github.com/expressjs/compression/releases).* > v1.8.1 > ------ > > What's Changed > -------------- > > * fix(docs): update multiple links from http to https by [`@Phillip9587`](https://github.com/Phillip9587) in [expressjs/compression#222](https://redirect.github.com/expressjs/compression/pull/222) > * ci: add dependabot for github actions by [`@bjohansebas`](https://github.com/bjohansebas) in [expressjs/compression#207](https://redirect.github.com/expressjs/compression/pull/207) > * build(deps): bump github/codeql-action from 2.23.2 to 3.28.15 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#228](https://redirect.github.com/expressjs/compression/pull/228) > * build(deps): bump ossf/scorecard-action from 2.3.1 to 2.4.1 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#229](https://redirect.github.com/expressjs/compression/pull/229) > * build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#230](https://redirect.github.com/expressjs/compression/pull/230) > * build(deps-dev): bump supertest from 6.2.3 to 6.3.4 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#231](https://redirect.github.com/expressjs/compression/pull/231) > * [StepSecurity] ci: Harden GitHub Actions by [`@step-security-bot`](https://github.com/step-security-bot) in [expressjs/compression#235](https://redirect.github.com/expressjs/compression/pull/235) > * build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#243](https://redirect.github.com/expressjs/compression/pull/243) > * build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#239](https://redirect.github.com/expressjs/compression/pull/239) > * build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#240](https://redirect.github.com/expressjs/compression/pull/240) > * build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#241](https://redirect.github.com/expressjs/compression/pull/241) > * build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [expressjs/compression#244](https://redirect.github.com/expressjs/compression/pull/244) > * deps: on-headers@1.1.0 by [`@UlisesGascon`](https://github.com/UlisesGascon) in [expressjs/compression#246](https://redirect.github.com/expressjs/compression/pull/246) > * Release: 1.8.1 by [`@UlisesGascon`](https://github.com/UlisesGascon) in [expressjs/compression#247](https://redirect.github.com/expressjs/compression/pull/247) > > New Contributors > ---------------- > > * [`@dependabot`](https://github.com/dependabot)[bot] made their first contribution in [expressjs/compression#228](https://redirect.github.com/expressjs/compression/pull/228) > * [`@step-security-bot`](https://github.com/step-security-bot) made their first contribution in [expressjs/compression#235](https://redirect.github.com/expressjs/compression/pull/235) > > **Full Changelog**: <expressjs/compression@1.8.0...v1.8.1> Changelog *Sourced from [compression's changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md).* > 1.8.1 / 2025-07-17 > ================== > > * deps: on-headers@~1.1.0 > + Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](GHSA-76c9-3jph-rj3q)) Commits * [`83a0c45`](expressjs/compression@83a0c45) 1.8.1 * [`ce62713`](expressjs/compression@ce62713) deps: on-headers@1.1.0 ([#246](https://redirect.github.com/expressjs/compression/issues/246)) * [`f4acb23`](expressjs/compression@f4acb23) build(deps-dev): bump eslint-plugin-import from 2.31.0 to 2.32.0 ([#244](https://redirect.github.com/expressjs/compression/issues/244)) * [`6eaebe6`](expressjs/compression@6eaebe6) build(deps): bump actions/checkout from 4.1.1 to 4.2.2 ([#241](https://redirect.github.com/expressjs/compression/issues/241)) * [`37e0623`](expressjs/compression@37e0623) build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 ([#240](https://redirect.github.com/expressjs/compression/issues/240)) * [`bc436b2`](expressjs/compression@bc436b2) build(deps): bump actions/upload-artifact from 4.3.1 to 4.6.2 ([#239](https://redirect.github.com/expressjs/compression/issues/239)) * [`2f9f572`](expressjs/compression@2f9f572) build(deps): bump github/codeql-action from 3.28.15 to 3.29.2 ([#243](https://redirect.github.com/expressjs/compression/issues/243)) * [`5f13b14`](expressjs/compression@5f13b14) [StepSecurity] ci: Harden GitHub Actions ([#235](https://redirect.github.com/expressjs/compression/issues/235)) * [`76e0945`](expressjs/compression@76e0945) build(deps-dev): bump supertest from 6.2.3 to 6.3.4 ([#231](https://redirect.github.com/expressjs/compression/issues/231)) * [`ae6ee80`](expressjs/compression@ae6ee80) build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.31.0 ([#230](https://redirect.github.com/expressjs/compression/issues/230)) * Additional commits viewable in [compare view](expressjs/compression@1.8.0...v1.8.1) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/robfrank/linklift/network/alerts).

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 23, 2024

robfrank approved these changes Dec 25, 2024

View reviewed changes

robfrank added the dependency_approved label Dec 25, 2024

robfrank merged commit 133df85 into main Dec 25, 2024
1 of 4 checks passed

dependabot bot deleted the dependabot/maven/javalin.version-6.4.0 branch December 25, 2024 20:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump javalin.version from 6.3.0 to 6.4.0 #31

Bump javalin.version from 6.3.0 to 6.4.0 #31

Uh oh!

dependabot bot commented on behalf of github Dec 23, 2024

Uh oh!

Uh oh!

Uh oh!

Bump javalin.version from 6.3.0 to 6.4.0 #31

Bump javalin.version from 6.3.0 to 6.4.0 #31

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 23, 2024

6.4.0

What's Changed

New Contributors

6.4.0

6.4.0

Uh oh!

Uh oh!

Uh oh!