Skip to content

chore(deps): bump spring-framework.version from 6.2.6 to 6.2.7#111

Merged
lorenzsimon merged 6 commits intomasterfrom
dependabot/maven/spring-framework.version-6.2.7
Jun 2, 2025
Merged

chore(deps): bump spring-framework.version from 6.2.6 to 6.2.7#111
lorenzsimon merged 6 commits intomasterfrom
dependabot/maven/spring-framework.version-6.2.7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 19, 2025

Bumps spring-framework.version from 6.2.6 to 6.2.7.
Updates org.springframework:spring-web from 6.2.6 to 6.2.7

Release notes

Sourced from org.springframework:spring-web's releases.

v6.2.7

⭐ New Features

  • Forward more methods to underlying InputStream in NonClosingInputStream #34893
  • Introduce Spring property for the default property placeholder escape character #34865
  • Close ApplicationContext once AOT processing has completed #34841
  • Fix AbstractJackson2HttpMessageConverter#getObjectMappersForType nullness #34811
  • Add option for case-insensitive match to PatternMatchUtils #34801
  • RestClient @RequestBody parameters lose generic type information when creating HTTP service beans #34793
  • Adds option to set Principal in MockServerWebExchange #34789

🐞 Bug Fixes

  • Beans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock #34902
  • PropertySourcesPlaceholderConfigurer placeholder resolution fails in several scenarios #34861
  • HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34851
  • Fragment.create() requires mutable map - which is unusable when used with Kotlin #34848
  • Duplicate BeanOverrideHandler discovered in @Nested test case with superclass from different class or in interface implemented multiple times #34844
  • Accidental ClassLoader defineClass enforcement after #34677 #34824
  • HttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor #34812
  • AbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar #34796
  • Correctly expand query param with same name from URI variables array #34783
  • R2DBC NamedParameterUtils only expands reused collection parameter once #34768
  • PathMatchingResourcePatternResolver wrongly assumes that target/classes always exists #34764

📔 Documentation

  • Clarify CompositePropertySource behavior for EnumerablePropertySource contract #34886
  • Javadoc and @Nullable annotation for servletContext parameter of ConfigurableWebEnvironment.initPropertySources are contradictory #34845
  • Spring MVC: @EnableAsync needs to be redeclared for each ApplicationContext #34843
  • Provide a working example instead of unclear placeholders #34828

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.14.7 #34889
  • Upgrade to Reactor 2024.0.6 #34898

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​blake-bauman, @​iifawzi, @​kilink, @​quaff, @​whlit, and @​zzoe2346

Commits
  • ba590ac Release v6.2.7
  • ee62701 Make use of PatternMatchUtils ignoreCase option
  • fa168ca Revise FactoryBean locking behavior for strict/lenient consistency
  • 3c228a5 Add missing @​since tags in PatternMatchUtils
  • 9bf6b8c Upgrade to Reactor 2024.0.6
  • 37ecdd1 Forward more methods to underlying InputStream in NonClosingInputStream
  • 73f1c5a Polishing
  • 4d296fb Upgrade to Micrometer 1.14.7
  • 6a94444 Clarify CompositePropertySource behavior for EnumerablePropertySource contract
  • 03ae97b Introduce Spring property for default escape character for placeholders
  • Additional commits viewable in compare view

Updates org.springframework:spring-context from 6.2.6 to 6.2.7

Release notes

Sourced from org.springframework:spring-context's releases.

v6.2.7

⭐ New Features

  • Forward more methods to underlying InputStream in NonClosingInputStream #34893
  • Introduce Spring property for the default property placeholder escape character #34865
  • Close ApplicationContext once AOT processing has completed #34841
  • Fix AbstractJackson2HttpMessageConverter#getObjectMappersForType nullness #34811
  • Add option for case-insensitive match to PatternMatchUtils #34801
  • RestClient @RequestBody parameters lose generic type information when creating HTTP service beans #34793
  • Adds option to set Principal in MockServerWebExchange #34789

🐞 Bug Fixes

  • Beans created by FactoryBean are not considered as autowiring candidates if another thread holds a singletonLock #34902
  • PropertySourcesPlaceholderConfigurer placeholder resolution fails in several scenarios #34861
  • HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34851
  • Fragment.create() requires mutable map - which is unusable when used with Kotlin #34848
  • Duplicate BeanOverrideHandler discovered in @Nested test case with superclass from different class or in interface implemented multiple times #34844
  • Accidental ClassLoader defineClass enforcement after #34677 #34824
  • HttpEntity.EMPTY headers should not be possible to mutate via HttpHeaders constructor #34812
  • AbstractFileResolvingResource.exists incorrectly reports result for resources inside of spring-boot executable jar #34796
  • Correctly expand query param with same name from URI variables array #34783
  • R2DBC NamedParameterUtils only expands reused collection parameter once #34768
  • PathMatchingResourcePatternResolver wrongly assumes that target/classes always exists #34764

📔 Documentation

  • Clarify CompositePropertySource behavior for EnumerablePropertySource contract #34886
  • Javadoc and @Nullable annotation for servletContext parameter of ConfigurableWebEnvironment.initPropertySources are contradictory #34845
  • Spring MVC: @EnableAsync needs to be redeclared for each ApplicationContext #34843
  • Provide a working example instead of unclear placeholders #34828

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.14.7 #34889
  • Upgrade to Reactor 2024.0.6 #34898

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​blake-bauman, @​iifawzi, @​kilink, @​quaff, @​whlit, and @​zzoe2346

Commits
  • ba590ac Release v6.2.7
  • ee62701 Make use of PatternMatchUtils ignoreCase option
  • fa168ca Revise FactoryBean locking behavior for strict/lenient consistency
  • 3c228a5 Add missing @​since tags in PatternMatchUtils
  • 9bf6b8c Upgrade to Reactor 2024.0.6
  • 37ecdd1 Forward more methods to underlying InputStream in NonClosingInputStream
  • 73f1c5a Polishing
  • 4d296fb Upgrade to Micrometer 1.14.7
  • 6a94444 Clarify CompositePropertySource behavior for EnumerablePropertySource contract
  • 03ae97b Introduce Spring property for default escape character for placeholders
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump spring-framework.version from 6.2.6 to 6.2.7
7ce55ea 
Bumps `spring-framework.version` from 6.2.6 to 6.2.7.

Updates `org.springframework:spring-web` from 6.2.6 to 6.2.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.2.6...v6.2.7)

Updates `org.springframework:spring-context` from 6.2.6 to 6.2.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.2.6...v6.2.7)

---
updated-dependencies:
- dependency-name: org.springframework:spring-web
  dependency-version: 6.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework:spring-context
  dependency-version: 6.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 19, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 19, 2025
@coderabbitai
Copy link

coderabbitai bot commented May 19, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@derberg
Copy link
Member

derberg commented May 26, 2025

@lorenzsimon hey you have some pending PRs from dependabot - if the bot is annoying and not helping just disable it

@lorenzsimon
Copy link
Member

lorenzsimon commented May 26, 2025

@lorenzsimon hey you have some pending PRs from dependabot - if the bot is annoying and not helping just disable it

Hi, no it's not annoying. I am just waiting for the new Spring Boot release to match the Spring Framework version.

@lorenzsimon lorenzsimon merged commit 1394f74 into master Jun 2, 2025
11 checks passed
@lorenzsimon lorenzsimon deleted the dependabot/maven/spring-framework.version-6.2.7 branch June 2, 2025 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lorenzsimon lorenzsimon lorenzsimon approved these changes

@asyncapi-bot-eve asyncapi-bot-eve asyncapi-bot-eve approved these changes

@gimlet2 gimlet2 Awaiting requested review from gimlet2 gimlet2 is a code owner

Assignees

No one assigned

Labels

autoapproved autoupdate dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@derberg @lorenzsimon @asyncapi-bot-eve @asyncapi-bot