dependabot[bot] opened a new pull request, #192: URL: https://github.com/apache/skywalking-java/pull/192
Bumps [play_2.12](https://github.com/playframework/playframework) from 2.7.3 to 2.8.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/playframework/playframework/releases";>play_2.12's releases</a>.</em></p> <blockquote> <h2>Play 2.8.16</h2> <p>The Play Team is happy to announce the release of Play 2.8.16.</p> <h2>:green_book: What is new?</h2> <p>The following are the relevant changes of this bugfix release:</p> <ul> <li>Patched a <a href="https://github.com/playframework/playframework/security/advisories/GHSA-v8x6-59g4-5g3w";>moderate CVE</a> to prevent a denial of service when binding forms to deeply-nested JSON objects. <a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11301";>#11301</a></li> <li>Patched a <a href="https://github.com/playframework/playframework/security/advisories/GHSA-p9p4-97g9-wcrh";>minor CVE</a> that can sometimes result in developer mode errors showing in production mode. <a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11305";>#11305</a></li> <li>Adds support for the <code>'bundleresource'</code> protocol, when checking URLs. <a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11108";>#11108</a></li> </ul> <p>The following pull requests got merged for this release:</p> <ul> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11305";>#11305</a> [2.8.x] Introduce DevHttpErrorHandler by <a href="https://github.com/BillyAutrey";><code>@BillyAutrey</code></a>, <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11301";>#11301</a> [2.8.x] add depth limit for JSON form binding by <a href="https://github.com/gmethvin";><code>@gmethvin</code></a>, <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11291";>#11291</a> [2.8.x] GHA: Also release on publish event + secrets inherit by <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11289";>#11289</a> [2.8.x] Refactor badges by <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11269";>#11269</a> [2.8.x] Bump version of sharable workflows to <code>v2</code> by <a href="https://github.com/ihostage";><code>@ihostage</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11252";>#11252</a> [2.8.x] Adding support for checking URL with protocol='bundleresource' existence by <a href="https://github.com/asaelitz";><code>@asaelitz</code></a>, <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11265";>#11265</a> [2.8.x] Remove play-enhancer from docs, project is dead by <a href="https://github.com/PromanSEW";><code>@PromanSEW</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11262";>#11262</a> [2.8.x] Switch to GitHub actions by <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> <li><a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11228";>#11228</a> [2.8.x] Make scripts more userfriendly if running outside of CI by <a href="https://github.com/mkurz";><code>@mkurz</code></a></li> </ul> <p>For more details see the <a href="https://github.com/playframework/playframework/compare/2.8.15...2.8.16/";>full list of changes</a> and the <a href="https://github.com/playframework/playframework/issues?page=1&q=milestone%3A%222.8.16%22";>2.8.16 milestone</a>.</p> <h2>:heart: Thanks to our premium sponsors!</h2> <!-- raw HTML omitted --> <p>If you find this OSS project useful for work, please consider asking your company to support it by <!-- raw HTML omitted -->becoming a sponsor<!-- raw HTML omitted -->. You can also individually sponsor the project by <!-- raw HTML omitted -->becoming a backer<!-- raw HTML omitted -->.</p> <!-- raw HTML omitted --> <h2>:bow: Thanks to our contributors</h2> <p>Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors. Special thanks to all code contributors who helped with this particular release (they are listed below)!</p> <h2>Play 2.8.15</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/playframework/playframework/commit/296784bbbc28277f47ca8b91b366bda5f6f0fd04";><code>296784b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/playframework/playframework/issues/11305";>#11305</a> from mkurz/DevHttpErrorHandler</li> <li><a href="https://github.com/playframework/playframework/commit/200a86af8b4d904a62a0b2e1b0f7d34d79f602a2";><code>200a86a</code></a> Revert dependency</li> <li><a href="https://github.com/playframework/playframework/commit/2744c6c0b8600e742f4d22f2cf413f334dc5e051";><code>2744c6c</code></a> Use DevHttpErrorHandler to check if play.editor link gets rendered</li> <li><a href="https://github.com/playframework/playframework/commit/0fefe5e0b6f3fc58b43b93e085bc354bb312e2e7";><code>0fefe5e</code></a> Update dependencies</li> <li><a href="https://github.com/playframework/playframework/commit/a5d83283669dd69dbdba1407d231113aee3a02e5";><code>a5d8328</code></a> Changing Server.getHandlerFor to take a parameterized fallback error handler</li> <li><a href="https://github.com/playframework/playframework/commit/37125771538a7e5d2b9e7a00ea39f7b804010e06";><code>3712577</code></a> Preserving Server.scala behavior from before</li> <li><a href="https://github.com/playframework/playframework/commit/ebe23d8931d57cfa793a6f2cbe0e93d2f7184647";><code>ebe23d8</code></a> Formatting</li> <li><a href="https://github.com/playframework/playframework/commit/bbd6c7cab5fd92a99f5e88bf287dc1ef57376222";><code>bbd6c7c</code></a> Removing stray change from first commit</li> <li><a href="https://github.com/playframework/playframework/commit/209dcd8be28ccd628f37dd729a89b9f9795af792";><code>209dcd8</code></a> Fixing whitespace/compile errors</li> <li><a href="https://github.com/playframework/playframework/commit/b096dc1354f5aed9f499081918f9ce636217bd2f";><code>b096dc1</code></a> Introduced a DevErrorHandler, and made the DefaultHttpErrorHandler not leak d...</li> <li>Additional commits viewable in <a href="https://github.com/playframework/playframework/compare/2.7.3...2.8.16";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/skywalking-java/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
