Bump play_2.12 from 2.8.2 to 2.8.16 #190

dependabot · 2022-06-03T22:21:21Z

Bumps play_2.12 from 2.8.2 to 2.8.16.

Release notes

Play 2.8.16

The Play Team is happy to announce the release of Play 2.8.16.

📗 What is new?

The following are the relevant changes of this bugfix release:

Patched a moderate CVE to prevent a denial of service when binding forms to deeply-nested JSON objects. #11301

Patched a minor CVE that can sometimes result in developer mode errors showing in production mode. #11305

Adds support for the 'bundleresource' protocol, when checking URLs. #11108

The following pull requests got merged for this release:

#11305 [2.8.x] Introduce DevHttpErrorHandler by @BillyAutrey, @mkurz

#11301 [2.8.x] add depth limit for JSON form binding by @gmethvin, @mkurz

#11291 [2.8.x] GHA: Also release on publish event + secrets inherit by @mkurz

#11289 [2.8.x] Refactor badges by @mkurz

#11269 [2.8.x] Bump version of sharable workflows to v2 by @ihostage

#11252 [2.8.x] Adding support for checking URL with protocol='bundleresource' existence by @asaelitz, @mkurz

#11265 [2.8.x] Remove play-enhancer from docs, project is dead by @PromanSEW

#11262 [2.8.x] Switch to GitHub actions by @mkurz

#11228 [2.8.x] Make scripts more userfriendly if running outside of CI by @mkurz

For more details see the full list of changes and the 2.8.16 milestone.

❤️ Thanks to our premium sponsors!

If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor. You can also individually sponsor the project by becoming a backer.

🙇 Thanks to our contributors

Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors. Special thanks to all code contributors who helped with this particular release (they are listed below)!

Play 2.8.15

... (truncated)

Commits

296784b Merge pull request #11305 from mkurz/DevHttpErrorHandler
200a86a Revert dependency
2744c6c Use DevHttpErrorHandler to check if play.editor link gets rendered
0fefe5e Update dependencies
a5d8328 Changing Server.getHandlerFor to take a parameterized fallback error handler
3712577 Preserving Server.scala behavior from before
ebe23d8 Formatting
bbd6c7c Removing stray change from first commit
209dcd8 Fixing whitespace/compile errors
b096dc1 Introduced a DevErrorHandler, and made the DefaultHttpErrorHandler not leak d...
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [play_2.12](https://github.com/playframework/playframework) from 2.8.2 to 2.8.16. - [Release notes](https://github.com/playframework/playframework/releases) - [Commits](playframework/playframework@2.8.2...2.8.16) --- updated-dependencies: - dependency-name: com.typesafe.play:play_2.12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2023-03-27T14:12:39Z