Skip to content

Bump the maven group across 2 directories with 9 updates#4

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/samples/server/petstore/spring-mvc/maven-bc38e95875
Open

Bump the maven group across 2 directories with 9 updates#4
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/samples/server/petstore/spring-mvc/maven-bc38e95875

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Nov 29, 2025

Bumps the maven group with 2 updates in the /samples/server/petstore/spring-mvc directory: org.springframework:spring-webmvc and junit:junit.
Bumps the maven group with 6 updates in the /samples/server/petstore/undertow directory:

Package From To
junit:junit 4.12 4.13.1
com.fasterxml.jackson.core:jackson-databind 2.8.2 2.12.7.1
com.jayway.jsonpath:json-path 2.2.0 2.9.0
ch.qos.logback:logback-classic 1.1.7 1.2.13
io.undertow:undertow-core 1.4.0.Final 2.3.20.Final
org.apache.httpcomponents:httpclient 4.5.2 4.5.13

Updates org.springframework:spring-webmvc from 4.2.5.RELEASE to 6.2.10

Release notes

Sourced from org.springframework:spring-webmvc's releases.

v6.2.10

⭐ New Features

  • Optimize NIO path resolution in PathEditor #35304
  • Make type in ProblemDetail nullable #35294
  • Refine UriUtils#decode and StringUtils#uriDecode implementation and documentation #35253
  • Provide configurable useCaches option for URLConnection usage in UrlResource (avoiding jar file leak) #35218

🐞 Bug Fixes

  • @Scheduled tasks running in SimpleAsyncTaskScheduler are interrupted immediately on context close #35254
  • ScriptUtils.executeSqlScript() does not support multiple results per statement #35248
  • Successful Autowiring Dependent on Configuration ordering and Primary Bean flag #35239
  • Locale parameter in MessageSource#getMessage methods should be nullable #35230
  • Allow any @Transactional propagation for @TransactionalEventListener with BEFORE_COMMIT phase #35150
  • Catalog name should be handled with the provided case #35064
  • Accept support for generated keys column name array on HSQLDB and Derby as well #34790
  • Handle direct CanncelationException on timeout in JdkClientHttpRequest #34721

📔 Documentation

  • Add documentation of RequestMapping about SpEL #35232
  • Document SqlBinaryValue behaviour with PostgreSQL #34786

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.14.10 #35313
  • Upgrade to Reactor 2024.0.9 #35312

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Allan-QLB, @​carsago, @​cw-dimedis, and @​giampa91

v6.2.9

⭐ New Features

  • OncePerRequestFilter cannot be CGLib-proxied #35198
  • Consistently catch InaccessibleObjectException next to IllegalAccessException #35190
  • Introduce Date-to-Instant and Instant-to-Date converters #35175
  • Consistent nullability and exception declarations in AbstractMessagingTemplate hierarchy #35159
  • Register runtime hints for Instant-to-Timestamp conversion #35156
  • Improve handling of ResponseEntity<?> in Spring MVC #35153
  • Support @CacheConfig("myCacheName") declarations for simplified configuration #35152
  • Declare messageSelector parameters in JmsOperations as @Nullable #35151
  • Add getter for OverflowStrategy in ConcurrentWebSocketSessionDecorator #35132
  • Use preset Content-Type for streaming and reactive responses in Spring MVC #35130
  • Leniently tolerate null @Aspect bean #35074
  • DataAccessResourceFailureException thrown when transaction times out on PostgreSQL #35073

... (truncated)

Commits
  • 8f64480 Release v6.2.10
  • edda473 Build against Java 24
  • 9fa2d7d Upgrade to Jackson 2.18.4.1
  • c30427f Upgrade to Netty 4.1.124.Final
  • 1d908f1 Upgrade to Reactor 2024.0.9 and Micrometer 1.14.10
  • 37b076b Support multiple result sets in ScriptUtils.executeSqlScript()
  • a9453a5 Polishing
  • 3781ba2 Optimize NIO path resolution in PathEditor
  • f11a1e6 Polish tests
  • ffc7854 Fix checkstyle error
  • Additional commits viewable in compare view

Updates org.springframework:spring-web from 4.2.5.RELEASE to 6.2.10

Release notes

Sourced from org.springframework:spring-web's releases.

v6.2.10

⭐ New Features

  • Optimize NIO path resolution in PathEditor #35304
  • Make type in ProblemDetail nullable #35294
  • Refine UriUtils#decode and StringUtils#uriDecode implementation and documentation #35253
  • Provide configurable useCaches option for URLConnection usage in UrlResource (avoiding jar file leak) #35218

🐞 Bug Fixes

  • @Scheduled tasks running in SimpleAsyncTaskScheduler are interrupted immediately on context close #35254
  • ScriptUtils.executeSqlScript() does not support multiple results per statement #35248
  • Successful Autowiring Dependent on Configuration ordering and Primary Bean flag #35239
  • Locale parameter in MessageSource#getMessage methods should be nullable #35230
  • Allow any @Transactional propagation for @TransactionalEventListener with BEFORE_COMMIT phase #35150
  • Catalog name should be handled with the provided case #35064
  • Accept support for generated keys column name array on HSQLDB and Derby as well #34790
  • Handle direct CanncelationException on timeout in JdkClientHttpRequest #34721

📔 Documentation

  • Add documentation of RequestMapping about SpEL #35232
  • Document SqlBinaryValue behaviour with PostgreSQL #34786

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.14.10 #35313
  • Upgrade to Reactor 2024.0.9 #35312

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Allan-QLB, @​carsago, @​cw-dimedis, and @​giampa91

v6.2.9

⭐ New Features

  • OncePerRequestFilter cannot be CGLib-proxied #35198
  • Consistently catch InaccessibleObjectException next to IllegalAccessException #35190
  • Introduce Date-to-Instant and Instant-to-Date converters #35175
  • Consistent nullability and exception declarations in AbstractMessagingTemplate hierarchy #35159
  • Register runtime hints for Instant-to-Timestamp conversion #35156
  • Improve handling of ResponseEntity<?> in Spring MVC #35153
  • Support @CacheConfig("myCacheName") declarations for simplified configuration #35152
  • Declare messageSelector parameters in JmsOperations as @Nullable #35151
  • Add getter for OverflowStrategy in ConcurrentWebSocketSessionDecorator #35132
  • Use preset Content-Type for streaming and reactive responses in Spring MVC #35130
  • Leniently tolerate null @Aspect bean #35074
  • DataAccessResourceFailureException thrown when transaction times out on PostgreSQL #35073

... (truncated)

Commits
  • 8f64480 Release v6.2.10
  • edda473 Build against Java 24
  • 9fa2d7d Upgrade to Jackson 2.18.4.1
  • c30427f Upgrade to Netty 4.1.124.Final
  • 1d908f1 Upgrade to Reactor 2024.0.9 and Micrometer 1.14.10
  • 37b076b Support multiple result sets in ScriptUtils.executeSqlScript()
  • a9453a5 Polishing
  • 3781ba2 Optimize NIO path resolution in PathEditor
  • f11a1e6 Polish tests
  • ffc7854 Fix checkstyle error
  • Additional commits viewable in compare view

Updates junit:junit from 4.12 to 4.13.1

Release notes

Sourced from junit:junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

Commits

Updates junit:junit from 4.12 to 4.13.1

Release notes

Sourced from junit:junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.8.2 to 2.12.7.1

Commits

Updates com.fasterxml.jackson.core:jackson-core from 2.8.2 to 2.12.7.1

Updates com.jayway.jsonpath:json-path from 2.2.0 to 2.9.0

Release notes

Sourced from com.jayway.jsonpath:json-path's releases.

json-path-2.9.0

What's Changed

New Contributors

Full Changelog: json-path/JsonPath@json-path-2.8.0...json-path-2.9.0

json-path-2.8.0

Upgrade json-smart to fix https://www.cve.org/CVERecord?id=CVE-2023-1370

json-path-2.7.0

No release notes provided.

json-path-2.6.0

No release notes provided.

json-path-2.5.0

No release notes provided.

json-path-2.4.0

No release notes provided.

json-path-2.3.0

Bugfixes and improvements

Commits

Updates ch.qos.logback:logback-classic from 1.1.7 to 1.2.13

Commits

Updates io.undertow:undertow-core from 1.4.0.Final to 2.3.20.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.20.Final

Release 2.3.20.Final fixes CVE-2025-9784 Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.20.Final

v.2.3.19.Final

Release 2.3.19.Final fixes CVE-2024-4109 Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.19.Final

... (truncated)

Commits
  • 5e6c73d Prepare 2.3.20.Final
  • 967ec02 Merge pull request #1803 from fl4via/backport-fixes_2.3.x
  • 2448f7a [UNDERTOW-2598] Replace the delayed cleaning algorithm in DirectByteBufferDea...
  • e7c28ac Merge pull request #1802 from fl4via/backport-fixes_2.3.x
  • 39fcfbe [UNDERTOW-2598] CVE-2025-9784 At AbstractFramedStreamSinkChannel, safeguard a...
  • 1d013b2 [UNDERTOW-2598] CVE-2025-9784 Add a delay in the actual direct byte buffer de...
  • afbd244 [UNDERTOW-2598] CVE-2025-9784 Prevent the dispatch of an exchange if the conn...
  • 4610806 [UNDERTOW-2598] CVE-2025-9784 Prevent a MadeYouReset HTTP2 attack by sending ...
  • c5a9817 [UNDERTOW-2235] Properly handle non servlet methods dispatched as error into ...
  • 5756047 [UNDERTOW-2604] fix potential NPE from alternate ctor
  • Additional commits viewable in compare view

Updates org.apache.httpcomponents:httpclient from 4.5.2 to 4.5.13

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the maven group across 2 directories with 9 updates
2af0dd0 
Bumps the maven group with 2 updates in the /samples/server/petstore/spring-mvc directory: [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework) and [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 6 updates in the /samples/server/petstore/undertow directory:

| Package | From | To |
| --- | --- | --- |
| [junit:junit](https://github.com/junit-team/junit4) | `4.12` | `4.13.1` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.8.2` | `2.12.7.1` |
| [com.jayway.jsonpath:json-path](https://github.com/jayway/JsonPath) | `2.2.0` | `2.9.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.1.7` | `1.2.13` |
| [io.undertow:undertow-core](https://github.com/undertow-io/undertow) | `1.4.0.Final` | `2.3.20.Final` |
| org.apache.httpcomponents:httpclient | `4.5.2` | `4.5.13` |



Updates `org.springframework:spring-webmvc` from 4.2.5.RELEASE to 6.2.10
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v4.2.5.RELEASE...v6.2.10)

Updates `org.springframework:spring-web` from 4.2.5.RELEASE to 6.2.10
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v4.2.5.RELEASE...v6.2.10)

Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](junit-team/junit4@r4.12...r4.13.1)

Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](junit-team/junit4@r4.12...r4.13.1)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.8.2 to 2.12.7.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.8.2 to 2.12.7.1

Updates `com.jayway.jsonpath:json-path` from 2.2.0 to 2.9.0
- [Release notes](https://github.com/jayway/JsonPath/releases)
- [Changelog](https://github.com/json-path/JsonPath/blob/master/changelog.md)
- [Commits](json-path/JsonPath@2.2.0...json-path-2.9.0)

Updates `ch.qos.logback:logback-classic` from 1.1.7 to 1.2.13
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.1.7...v_1.2.13)

Updates `io.undertow:undertow-core` from 1.4.0.Final to 2.3.20.Final
- [Release notes](https://github.com/undertow-io/undertow/releases)
- [Commits](undertow-io/undertow@1.4.0.Final...2.3.20.Final)

Updates `org.apache.httpcomponents:httpclient` from 4.5.2 to 4.5.13

---
updated-dependencies:
- dependency-name: org.springframework:spring-webmvc
  dependency-version: 6.2.10
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.springframework:spring-web
  dependency-version: 6.2.10
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.12.7.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.12.7.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.jayway.jsonpath:json-path
  dependency-version: 2.9.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.2.13
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: io.undertow:undertow-core
  dependency-version: 2.3.20.Final
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.httpcomponents:httpclient
  dependency-version: 4.5.13
  dependency-type: direct:development
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Nov 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants