From 8ba7cfe92178aa59906759ff09acd466bb6b2293 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Jul 2025 12:36:21 +0100 Subject: [PATCH] Bump com.unboundid.product.scim2:scim2-sdk-client from 2.3.5 to 4.0.0 (#3736) Bumps [com.unboundid.product.scim2:scim2-sdk-client](https://github.com/pingidentity/scim2) from 2.3.5 to 4.0.0.
Changelog

Sourced from com.unboundid.product.scim2:scim2-sdk-client's changelog.

v4.0.0 - 2025-Jun-10

Removed support for Java 11. The UnboundID SCIM 2 SDK now requires Java 17 or a later release.

Updated the following dependencies:

Updated the default behavior for ADD patch requests with value filters (e.g., emails[type eq "work"].display). The SCIM SDK will now target existing values within the multi-valued attribute. For more background on this type of patch request, see the release notes for the 3.2.0 release where this was introduced (but not made the default). To restore the old behavior, set the following property in your application:

PatchOperation.APPEND_NEW_PATCH_VALUES_PROPERTY = true;

Updated SearchRequestBuilder to be more permissive of ListResponses with non-standard attribute casing (e.g., if a response includes a "resources" array instead of "Resources").

Updated the class-level documentation of SearchRequest to provide more background about how searches are performed in the SCIM standard.

Added a new property that allows ignoring unknown fields when converting JSON text to Java objects that inherit from BaseScimResource. This behaves similarly to the FAIL_ON_UNKNOWN_PROPERTIES setting from the Jackson library, and allows for easier integration with SCIM service providers that include additional non-standard data in their responses. To enable this setting, set the following property in your application code:

BaseScimResource.IGNORE_UNKNOWN_FIELDS = true;

Fixed an issue with methods that interface with schema extensions such as BaseScimResource.getExtensionValues(String). These accepted paths as a string, but previously performed updates to the extension data incorrectly.

Simplified the implementation of the StaticUtils#toLowerCase method. This had an optimization for Java versions before JDK 9 that was especially beneficial for the most common case of handling ASCII characters. Since JDK 9, however, the String class has been updated so that the class is backed by a byte array as opposed to a character array, so it is more optimal to use the JDK's implementation directly while handling null values.

Previous releases of the SCIM SDK set many classes as final to encourage applications to follow strict compliance to the SCIM standard. However, this also makes it difficult to integrate with services that violate the standard. An example of this is a SCIM error response that contains extra fields in the JSON body. To help accommodate these integrations, the SCIM SDK has been updated so that several model classes are no longer final, allowing applications to extend them if needed. The following classes were updated:

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.unboundid.product.scim2:scim2-sdk-client&package-manager=gradle&previous-version=2.3.5&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- proprietary/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proprietary/build.gradle b/proprietary/build.gradle index 1912eefcb..2a72f8a65 100644 --- a/proprietary/build.gradle +++ b/proprietary/build.gradle @@ -37,7 +37,7 @@ dependencies { implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5:3.1.3.RELEASE' api 'io.micrometer:micrometer-registry-prometheus' - implementation 'com.unboundid.product.scim2:scim2-sdk-client:2.3.5' + implementation 'com.unboundid.product.scim2:scim2-sdk-client:4.0.0' runtimeOnly 'com.h2database:h2:2.3.232' // Don't upgrade h2database runtimeOnly 'org.postgresql:postgresql:42.7.7' constraints {