Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates #3084

dependabot · 2025-06-16T10:07:57Z

Bumps the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates:

Package	From	To
org.springframework:spring-web	`6.2.7`	`6.2.8`
com.fasterxml.jackson.core:jackson-core	`2.19.0`	`2.19.1`
com.fasterxml.jackson.core:jackson-annotations	`2.19.0`	`2.19.1`
com.fasterxml.jackson.core:jackson-databind	`2.19.0`	`2.19.1`
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	`2.19.0`	`2.19.1`

Updates org.springframework:spring-web from 6.2.7 to 6.2.8

Release notes

Sourced from org.springframework:spring-web's releases.

v6.2.8

⭐ New Features

Nullability @Contract declaration for CodeFlow.isIntegerForNumericOp() is unnecessary #34985

Serializer hint registration is broken for some Kotlin classes #34979

Clients created using JdkClientHttpRequestFactory set content-length for GET, DELETE and HEAD requests #34971

Support registration of non-public BeanDefinitionReader via @ImportResource #34928

Make max size for pattern cache in PathPatternMatchableHandlerMapping configurable #34918

Add optimized DataBufferInputStream overrides #34799

🐞 Bug Fixes

Encode non-printable character in Content-Disposition parameter #35034

Allow update of existing WebSession after max sessions limit is reached #35013

Fix support for collections in AbstractKotlinSerializationHttpMessageConverter #34992

PathPattern#combine throws StringIndexOutOfBoundsException #34986

Fix AOT code generation for autowired inner class constructor #34974

AbstractFileResolvingResource.exists closes JAR resource input streams with v6.2.7 #34955

Enhanced configuration class fails to call package-visible superclass constructor on WebSphere #34950

Fix REPLY_CHANNEL header check in MessageHeaderAccessor #34949

MockEnvironment does not accept Object property values #34947

PropertySourcesPlaceholderConfigurer no longer uses ConversionService from Environment #34936

@Contract for StreamUtils.drain() incorrectly declares null results in an exception #34933

Inconsistent behavior injecting null @Bean factory parameter #34929

MockHttpServletRequest.addHeader duplicates "Content-Type" header #34913

BeanUtils.getParameterNames fails for Kotlin data classes #34760

JAXB message converters ignore Content-Type charset #34745

Aspect Not Triggered After Restart in Spring Boot 3.4.x (But Works in 3.3.10) #34735

Add caching headers to unmodified static resources #34614

📔 Documentation

Apply gh-34856 to MockClientHttpRequest in testfixture package #35031

Fix ResourceHttpRequestHandler#setHeaders JavaDoc #35004

Remove reference to AspectJ Eclipse Javadoc #35000

Mention CompletableFuture in Spring MVC "Asynchronous Requests" section of reference manual #34991

Fix exception name in ModelAttribute docs #34980

Fix syntax in @SqlGroup example #34972

Update X-Forwarded-Proto doc to say https / http #34959

Update Guidance on Best Practices To Test Code That Uses RestClient and RestTemplate #34892

Add a section for WebAsyncTask in mvc-ann-async.adoc #34885

Clarify what @RestControllerAdvice vs @ControllerAdvice apply to by default #34866

Improve Javadoc for @ExceptionHandler #34554

🔨 Dependency Upgrades

Upgrade to HttpComponents HttpClient 5.5 #34941

Upgrade to Micrometer 1.14.8 #35020

Upgrade to Reactor 2024.0.7 #35021

... (truncated)

Commits

502b31a Release v6.2.8
f0e7b42 Encode non-printable character in Content-Disposition parameter
e86dc9a Apply gh-34856 to MockClientHttpRequest in testfixture package
05c3f56 Rely on default retention in @Contract
dee80ab Upgrade to Reactor 2024.0.7
07fd835 Upgrade to Micrometer 1.14.8
0d6c6eb Use Micrometer BOM for Context Propagation dependency
4d2cc4a Polish contribution
c04902f Allow update of existing WebSession after max sessions limit is reached
3c265e1 Fix InMemoryWebSessionStoreTests.startsSessionImplicitly() test
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.19.0 to 2.19.1

Commits

2272fcf [maven-release-plugin] prepare release jackson-core-2.19.1
6d2236e Prep for 2.19.1
8ce4f66 Merge branch '2.18' into 2.19
f448625 Disable "release" WF
662e818 Merge branch '2.18' into 2.19
b5ed8a2 Back to 2.18.5-SNAPSHOT settings
91dfb78 [maven-release-plugin] prepare for next development iteration
c7a9268 [maven-release-plugin] prepare release jackson-core-2.18.4.1
f69e1ad Try again to publish 2.18.4.1
2911417 [maven-release-plugin] prepare for next development iteration
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.0 to 2.19.1

Commits

See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.0 to 2.19.1

Commits

See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.0 to 2.19.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates: | Package | From | To | | --- | --- | --- | | [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `6.2.7` | `6.2.8` | | [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.19.0` | `2.19.1` | | [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.19.0` | `2.19.1` | | [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.19.0` | `2.19.1` | | com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.19.0` | `2.19.1` | Updates `org.springframework:spring-web` from 6.2.7 to 6.2.8 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v6.2.7...v6.2.8) Updates `com.fasterxml.jackson.core:jackson-core` from 2.19.0 to 2.19.1 - [Commits](FasterXML/jackson-core@jackson-core-2.19.0...jackson-core-2.19.1) Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.19.0 to 2.19.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.19.0 to 2.19.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.19.0 to 2.19.1 --- updated-dependencies: - dependency-name: org.springframework:spring-web dependency-version: 6.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gradle-version-updates ... Signed-off-by: dependabot[bot] <support@github.com>

netlify · 2025-06-16T10:08:01Z

✅ Deploy Preview for docs-securecodebox ready!

Name	Link
🔨 Latest commit	`1c42cd1`
🔍 Latest deploy log	https://app.netlify.com/projects/docs-securecodebox/deploys/684fecff09b105000878fb73
😎 Deploy Preview	https://deploy-preview-3084--docs-securecodebox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

sonarqubecloud · 2025-06-16T10:08:45Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 16, 2025

github-project-automation bot added this to secureCodeBox Jun 16, 2025

github-project-automation bot moved this to Triage in secureCodeBox Jun 16, 2025

J12934 approved these changes Jun 16, 2025

View reviewed changes

github-project-automation bot moved this from Triage to Reviewer Approved in secureCodeBox Jun 16, 2025

J12934 merged commit daaf2ab into main Jun 16, 2025
54 checks passed

J12934 deleted the dependabot/gradle/hooks/persistence-defectdojo/hook/gradle-version-updates-8d98b3a735 branch June 16, 2025 11:08

github-project-automation bot moved this from Reviewer Approved to Done in secureCodeBox Jun 16, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates #3084

Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates #3084

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates #3084

Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 5 updates #3084

Uh oh!

Conversation

v6.2.8

⭐ New Features

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

Uh oh!

Uh oh!

✅ Deploy Preview for docs-securecodebox ready!

Uh oh!

Quality Gate passed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant