Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump play_2.12 from 2.6.15 to 2.8.16 in /core #967

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2022

Bumps play_2.12 from 2.6.15 to 2.8.16.

Release notes

Sourced from play_2.12's releases.

Play 2.8.16

The Play Team is happy to announce the release of Play 2.8.16.

📗 What is new?

The following are the relevant changes of this bugfix release:

  • Patched a moderate CVE to prevent a denial of service when binding forms to deeply-nested JSON objects. #11301
  • Patched a minor CVE that can sometimes result in developer mode errors showing in production mode. #11305
  • Adds support for the 'bundleresource' protocol, when checking URLs. #11108

The following pull requests got merged for this release:

For more details see the full list of changes and the 2.8.16 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor. You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors. Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.15

... (truncated)

Commits
  • 296784b Merge pull request #11305 from mkurz/DevHttpErrorHandler
  • 200a86a Revert dependency
  • 2744c6c Use DevHttpErrorHandler to check if play.editor link gets rendered
  • 0fefe5e Update dependencies
  • a5d8328 Changing Server.getHandlerFor to take a parameterized fallback error handler
  • 3712577 Preserving Server.scala behavior from before
  • ebe23d8 Formatting
  • bbd6c7c Removing stray change from first commit
  • 209dcd8 Fixing whitespace/compile errors
  • b096dc1 Introduced a DevErrorHandler, and made the DefaultHttpErrorHandler not leak d...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [play_2.12](https://github.com/playframework/playframework) from 2.6.15 to 2.8.16.
- [Release notes](https://github.com/playframework/playframework/releases)
- [Commits](playframework/playframework@2.6.15...2.8.16)

---
updated-dependencies:
- dependency-name: com.typesafe.play:play_2.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants