fix(deps): update dependency com.rabbitmq:amqp-client to v5.34.0 (release/5.0.x)#5326
Merged
Merged
Conversation
2ec55bb to
9f96879
Compare
06acbe9 to
79dd6d4
Compare
79dd6d4 to
2f4ce62
Compare
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



This PR contains the following updates:
5.32.0→5.34.0Release Notes
rabbitmq/rabbitmq-java-client (com.rabbitmq:amqp-client)
v5.34.0: 5.34.0Compare Source
Changes between 5.33.1 and 5.34.0
This is a maintenance release with bug fixes and dependency upgrades. It is compatible with 5.33.1. All users are encouraged to upgrade.
Harden connection negotiation phase
GitHub PRs: #2018 #2020
Honor unlimited negotiated frame_max when capping inbound message size
GitHub PR: #2016
Reject negative body size when parsing content headers
GitHub PR: #2014
Bump dependencies
GitHub issue: #2006
Dependency
Maven
Gradle
compile 'com.rabbitmq:amqp-client:5.34.0'v5.33.1: 5.33.1Compare Source
Changes between 5.33.0 and 5.33.1
This is a maintenance release with a bug fix. It is compatible with 5.33.0. All users are encouraged to upgrade.
Harden
ValueReaderGitHub PR: #2008
Dependency
Maven
Gradle
compile 'com.rabbitmq:amqp-client:5.33.1'v5.33.0: 5.33.0Compare Source
Changes between 5.32.0 and 5.33.0
This is a maintenance release with bug fixes and dependency upgrades. It introduces minor breaking changes compared to 5.32.0 (see below for details). All users are encouraged to upgrade.
The RabbitMQ team normally maintain strict backward compatibility in minor versions. However, this release includes exceptional breaking changes that were necessary to patch security gaps and enforce secure-by-default behavior.
Breaking changes:
ConnectionFactory#useSslProtocol()now utilizes the JVM's defaultSSLContext, which validates the server certificate.useSslProtocol()was never intended for production use.ConnectionFactory#useTlsWithNoVerification()method.Harden RPC support classes
GitHub PR: #2002
Enable hostname verification by default
GitHub issue: #2005
Introduce helper for dev/test TLS setup
GitHub PR: #2001
Enforce inbound frame max more strictly
GitHub PRs: #1995 #1998
Bump dependencies
GitHub issue: #1991
Dependency
Maven
Gradle
compile 'com.rabbitmq:amqp-client:5.33.0'Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.