fix(deps): update spring core

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-web	6.1.11 -> 6.2.1
org.springframework:spring-web	5.3.30 -> 5.3.39

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-web)

v6.2.1

⭐ New Features

• Implement toString() in TestBeanOverrideHandler #​34072
• Log alias removal in DefaultListableBeanFactory #​34070
• Log warning when one Bean Override overrides another Bean Override #​34056
• Introduce "unsafeAllocated" flag in TypeHint #​34055
• Cannot assert status reason phrase with MockMvcTester #​34016
• Improve toString for reactive ScheduledTask #​34010
• Optimize sending requests without a body in RestClient and WebClient with Reactor Netty #​34003
• Add missing @Contract annotation to ObjectUtils#isEmpty #​33984
• OptionalValidatorFactoryBean suppresses Hibernate Validator configuration failures too much #​33979
• Support Flux<ServerSentEvent<Fragment>> in WebFlux #​33975
• Update in FragmentsRendering to names of static methods #​33974
• Honor @Fallback semantics for Test Bean Overrides #​33924
• AdvisedSupport.MethodCacheKey should check for logical equality as well as identity #​33915
• Fail with full description for XML diff in XmlExpectationsHelper #​33827
• MapMethodProcessor should only resolve arguments of type Map or the ModelMap hierarchy #​33160

🐞 Bug Fixes

• Support binding from request headers via constructor args #​34073
• Unable to configure custom scheduler for @Scheduled annotation #​34058
• Identical Bean Overrides are silently allowed #​34054
• OOM due to NoTransactionInContextException in reactive pipeline #​34048
• Priority header causes binding exception after upgrade to Spring Framework 6.2.0 #​34039
• @MockitoBean incorrectly injects supertype into subtype field #​34025
• NestedPlaceholder are not recursively resolved if the fallback is a placeholder #​34020
• AOT no longer generates BeanInstanceSupplier signature for a CGLIB proxy with its public type #​33998
• Nested transaction support via savepoints is broken in Oracle database #​33987
• Proxy created with IntroductionInterceptor but without target always throws an exception #​33985
• ApplicationListener no longer invoked for generic ApplicationEvent with 6.2.0 #​33982
• Error handling override in DefaultResponseErrorHandler ignored after upgrade to 6.2.0 #​33980
• BeanCurrentlyInCreationException is thrown when multiple threads simultaneously try to create a FactoryBean #​33972
• HandshakeWebSocketService assumes jakarta websocket is present #​33970
• @Value cases SpringCGLIB$$0 required a bean of type java.lang.String that could not be found in Native compile when migrating to SB 3.4 #​33960
• PathMatchingResourcePatternResolver should not log directory-skip messages at info level #​33956
• Avoid infinite recursion in BeanValidationBeanRegistrationAotProcessor with recursive generics #​33950
• Skip runtime hint registration for validation constraint with missing dependencies #​33949
• Move Kotlin value class unboxing to InvocableHandlerMethod #​33943
• MockReset strategy is no longer honored for @MockitoBean and @MockitoSpyBean #​33941
• TypeDescriptor with recursive generics triggers infinite recursion in ResolvableType.equals/hashCode #​33932
• RestClient does not expose full URI template as attribute #​33928
• Bean Overrides like @MockitoBean and @TestBean should not be allowed on static fields #​33922
• Regression in duplicate beans with different method names #​33920

📔 Documentation

• Fix link to MockMvcBuilders in reference documentation #​34031
• Fix a typo in the filters documentation #​33959
• Document visibility requirements for Bean Overrides #​33923
• Fix typos and link in Observability documentation #​33910
• SpEL documentation contains syntax errors #​33907
• Improve explanation of AOP advice classes that should implement MethodInterceptor #​33901
• Reflect well-known HttpHeaders intent in Javadoc #​33886
• Reflect well-known MediaTypes intent in Javadoc #​33754
• Document support for varargs invocations in SpEL #​33332

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.2 #​34050
• Upgrade to Reactor 2024.0.1 #​34051

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Boiarshinov, @​CHOICORE, @​KNU-K, @​izeye, @​ngocnhan-tran1996, @​scordio, @​sonallux, and @​youabledev

v6.2.0

⭐ New Features

• Update UndertowHttpHandlerAdapter to dispatch #​33885
• Refine @Contract Javadoc to mention this and new return values #​33849
• AOT processing for bean validation does not consider cascaded and container element constraints #​33842
• Avoid repeated resolving of singleton beans through @Lazy proxy #​33841
• Regiser runtime hints for @TestBean fully-qualified method names #​33836
• Introduce support for custom reason in @DisabledInAotMode #​33833
• Use optimistic locking where possible in ResponseBodyEmitter #​33831
• Revise cookies support with Apache HTTP Components in WebClient and WebTestClient #​33822
• Remove the pure attribute from @Contract #​33820
• Introduce @CheckReturnValue annotation #​33818
• ResourceHttpRequestHandler throwing IllegalArgumentException if resource doesn't end with slash breaks some third-party libraris #​33815
• Provide first-class virtual thread option on ThreadPoolTaskExecutor/ThreadPoolTaskScheduler #​33807
• HttpServiceProxyFactory should omit optional @RequestParam if converted from null to empty string #​33794
• Reactor Netty response should not buffer the full response #​33781
• Relax the visibility of MockMVC DSL constructors #​33778
• Support Publisher to InputStream conversion #​31677

🐞 Bug Fixes

• MockReset should be honored without @Mockito[Spy]Bean fields #​33829
• Test Bean Overrides do not honor @Primary semantics #​33819
• Bean Overrides cannot reliably override beans created by a FactoryBean with generics #​33811
• Bean Overrides for certain FactoryBean use cases no longer work #​33800
• @MockitoBean, @MockitoSpyBean, & @TestBean do not work with @DirtiesContext "before method" modes #​33783
• Deprecate exchangeTimeout and refactor readTimeout in ReactorClientHttpRequestFactory #​33782

📔 Documentation

• Revise documentation for SpEL PropertyAccessor and IndexAccessor APIs regarding ordering #​33862
• Document UrlHandler Servlet and reactive filters #​33784
• Improve documentation for SpelCompilerMode #​33223

🔨 Dependency Upgrades

• Upgrade to ASM 9.7.1 (for early Java 24 support) #​33821
• Upgrade to Micrometer 1.14.0 #​33876
• Upgrade to Reactor 2024.0.0 #​33878

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Hejow, @​OlegDokuka, and @​lucky8987

v6.1.16

⭐ New Features

• Log alias removal in DefaultListableBeanFactory #​34071
• OptionalValidatorFactoryBean suppresses Hibernate Validator configuration failures too much #​34041
• Update UndertowHttpHandlerAdapter to dispatch #​33969

🐞 Bug Fixes

• HandshakeWebSocketService assumes jakarta websocket is present #​34023

📔 Documentation

• Fix a typo in the filters documentation #​33971
• SpEL documentation contains syntax errors #​33908

🔨 Dependency Upgrades

• Upgrade to Reactor 2023.0.13 #​34049
• Upgrade to Undertow 2.3.18.Final #​33976

v6.1.15

⭐ New Features

• Use UriUtils to process static resource paths #​33859
• Prefer modified resources over the originals in TestCompiler #​33850
• Improve iteration methods in native headers to MultiValueMap adapters #​33823
• Deregister empty Cache from CacheManager #​33813
• Rename aopAvailable constants in TransactionSynchronizationUtils for better GraalVM native image support #​33796
• Load-time weaving support for WildFly 24+ #​33728

🐞 Bug Fixes

• DefaultClientRequestObservationConvention generates wrong uri tag when missing path #​33867
• HttpComponentsClientHttpRequestFactory setReadTimeout not working with httpclient 5.4 #​33806
• HttpHeaders.writeableHttpHeaders(new HttpHeaders(readOnlyHttpHeaders)) is not writeable #​33789
• RestClient exchange methods are not nullable #​33779
• Throw SpelParseException for unsupported character in SpelExpressionParser #​33767
• DefaultMessageListenerContainer reports incorrect jms.process.message count #​33758
• Autowiring fails if multiple non-highest @Priority beans exist with same priority #​33733
• Jackson2Decoder leaks on WebClient timeout #​33731
• DefaultServerRequestObservationConvention throws when response status is zero #​33725
• Aspect executed twice - @AfterThrowing #​33704
• parts w/o filename in Content-Disposition header are not cleaned from temp folder (skipped by StandardServletMultipartResolver) #​33511

📔 Documentation

• Resources link points to wrong section of reference guide #​33882
• Remove mentions of Joda-Time support #​33881
• SimpleAsyncTaskExecutor blocks calling thread when concurrencyLimit set #​33873
• Fix formatting issue in validation section of reference guide #​33871
• Fix typo in reference documentation #​33865
• Fix XML bean reference example in reference manual #​33855
• Fix a typo in documentation #​33846
• Numerous warnings when injecting dependencies into configuration that implements CachingConfigurer #​33834
• @Async documentation should not suggest deprecated classes #​33805
• Document that circular dependencies should be avoided in AOT mode #​33786
• Inconsistent Lifecycle Management with Virtual Threads in Spring Boot Async Configuration #​33780
• Fix incorrect regex rendering in MVC controller documentation #​33766
• Improve documentation for allowEagerInit parameter in getBeanNamesForType() #​33740
• Fix Javadoc in ReactorNetty2ResourceFactory #​33735
• Document options for handling Date/Time parsing and formatting issues with JDK 20+ #​33151

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.12.12 #​33877
• Upgrade to Reactor 2023.0.12 #​33879

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Torres-09, @​ZLATAN628, @​hosamaly, @​izeye, @​kunaljani1100, @​ngocnhan-tran1996, and @​wilkinsona

v6.1.14

⭐ New Features

• Use Locale.ROOT for locale neutral, case insensitive comparisons #​33708
• Improve checks for relative paths in static resource handling #​33689
• CorsUtils.isCorsRequest throws unhandled IllegalArgumentException and returns 500 Internal Server Error on malfomed Origin header #​33682
• Skip processing of Java annotations in QualifierAnnotationAutowireCandidateResolver #​33580
• Include argument name in MethodArgumentTypeMismatchException error message #​33573
• Preserve coroutine context in WebClientExtensions #​33548
• Blocking call detected in ConcurrentReferenceHashMap by BlockHound #​33450
• Warning message about bean post-processing and eager injection may suggest the wrong cause #​33184

🐞 Bug Fixes

• DelegatingFilterProxy Causes Pinned Virtual Threads #​33656
• Potential NPE from MethodParameter.getMethod() check in KotlinDelegate.hasDefaultValue() #​33609
• Missing native image hints for JDK proxies created by JMS connection factories #​33590
• AotTestExecutionListener should not be invoked for a @DisabledInAotMode test class #​33589
• Use encoded resource path instead of input path validation in spring-webflux #​33568
• org.springframework.util.ResourceUtils#toRelativeURL drops custom URLStreamHandler #​33561
• Current observation not in scope during WebClient ExchangeFilterFunction execution #​33559
• ZoneIdEditor throws wrong exception type for TypeConverterSupport #​33545
• MimeMessageHelper addInline with ByteArrayResource fail with null filename #​33527
• @Cacheable throws NullPointerException when RuntimeException is thrown inside annotated code #​33492
• Path variable values missing in RedirectView when PathPattern are used #​33422
• Reactive HttpComponentsClientHttpResponse ignores Expires cookie attribute #​33157

📔 Documentation

• Update fallback.adoc #​33721
• Update scheduling.adoc #​33703
• Fix link in testing/support-jdbc.adoc #​33686
• Adapt Javadoc note about log level of BeanPostProcessorChecker #​33617
• Reference the spring-framework-petclinic repository wich uses AspectJ #​33539

🔨 Dependency Upgrades

• Upgrade to Apache HttpClient 5.4 #​33587
• Upgrade to Apache HttpCore Reactive 5.3 #​33588
• Upgrade to Awaitility 4.2.2 #​33604
• Upgrade to Micrometer 1.12.11 #​33647
• Upgrade to Reactor 2023.0.11 #​33637

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​arey, @​asibross, @​boulce, @​drdpov, @​hosamaly, @​ilya40umov, @​izeye, and @​junhyeongkim2

v6.1.13

⭐ New Features

• Errors thrown from SmartLifeycle#stop results in (unnecessary) waiting for the shutdown timeout #​33442
• Updates to resource handling for functional endpoints #​33434
• Stop logging result in WebAsyncManager #​33406
• spring native not support method handler with kotlin default value #​33384

🐞 Bug Fixes

• BindingReflectionHintsRegistrar do not take into account the boxed type Boolean #​33380
• Ensure use of specified status code on redirect with Rendering #​33498
• Inconsistent handling of X-Forwarded-Prefix in servlet and reactive stack #​33465
• ServerHttpObservationFilter does not register against new async operations #​33451
• Revert removal of deprecated rawStatusCode methods #​33440
• PathMatchingResourcePatternResolver no longer follows symlinks #​33424
• Deadlock between SseEmitter and StandardServletAsyncWebRequest when clients disconnect #​33421
• RestClient doesn't open a scope for the processing of the request #​33397
• WebTestClient leaks when ParameterizedTypeReference is used #​33389

📔 Documentation

• Document fixed rate scheduling with CRaC #​33490
• Update information in SpEL Evaluation chapter in reference manual #​33456
• Stop documenting use of -debug compiler flag in reference manual #​33453
• Use discrete headings instead of titled blocks in reference manual #​33447
• Fix example for @ImportResource in the reference manual #​33446
• Fix a typo in the CDS documentation #​33437
• Fix link to chapter introduction #​33417
• Improve documentation on reading form data via Servlet request parameters vs @RequestBody #​33409

🔨 Dependency Upgrades

• Upgrade to Kotlin 1.9.25 #​33471
• Upgrade to Micrometer 1.12.10 #​33518
• Upgrade to Objenesis 3.4 #​33526
• Upgrade to Reactor 2023.0.10 #​33519

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dancer1325, @​izeye, and @​yfoel

v6.1.12

⭐ New Features

• Efficient handling of conditional HTTP requests #​33372
• LocaleEditor cannot parse language tag with script like zh-Hans #​33348
• Reinstate qualifier support for legacy JSR-330 @javax.inject.Named annotation #​33345
• SimpleAsyncTaskScheduler stops accepting new tasks when isShutdown #​33336

🐞 Bug Fixes

• Fix incorrect weak ETag validation #​33374
• Avoid CacheAspectSupport#findInCaches falling through to the reactiveCachingHandler #​33371
• ScheduledAnnotationReactiveSupport starts the observation before it is opened #​33349
• RestClient observation flags error for UnknownContentTypeException twice #​33347
• RestClient instrumentation unnecessarily calls stop on a closed observation #​33346
• SimpleEvaluationContext does not enforce read-only semantics #​33319
• SpEL wraps primitive array in Object[] when invoking varargs method #​33317
• SpEL no longer supports lists for varargs invocations #​33315
• SpEL Indexer silently ignores failure to set property as index #​33310
• AOT-generated code produces deprecation warnings when using a deprecated class for autowiring #​33295
• @Scheduled method in test class not supported anymore #​33286
• AOT-generated code produces deprecation warnings when referencing a nested class of a deprecated class #​33273
• Jaxb2XmlEncoder does not support JAXBElement subtypes #​33258
• ShallowEtagHeaderFilter throws a NumberFormatException for responses bigger than 2Gb #​33256
• RequestPredicates fail with UnsupportedOperationException with a custom servlet path #​33251
• Missing observation for @JmsListener response messages #​33221
• ConversionService cannot convert primitive array to Object[] #​33212
• Spring coroutines AOP is not compatible with @Cacheable #​33210
• PathMatchingResourcePatternResolver#convertClassLoaderURL drops URLStreamHandler in version 6.1.x #​33199
• SpEL cannot invoke varargs MethodHandle function with a primitive array #​33198
• Trim last allowed origin when parsing comma-delimited string #​33181
• Multipart files not deleted after upload is finished with async request #​33161
• JaxbContextContainer does not define the ClassLoader to use to retrieve the JAXBContext to use #​33158
• Memory Leak in WebFlux application handling HTTP Multipart #​33094
• Support invoking bridged suspending functions in AopUtils #​33045

📔 Documentation

• Fix typo in the bean validation section of the reference manual #​33354
• Fix syntax error in RestClient documentation #​33350
• Add Kotlin example for expectAll() #​33341
• Javadoc of ReactorResourceFactory#setConnectionProviderSupplier wrongly states it can be ignored #​33338
• Improve EnableCaching & CachingConfigurer Javadoc #​33288
• Code sample has wrong reference to configurePathMatching #​33277
• Document that NoOpResponseErrorHandler is to be used with the RestTemplate #​33276
• Stop referring to Oracle STRUCT and ARRAY as they are deprecated #​33248
• Update links in reference manual #​33245

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.12.9 #​33325
• Upgrade to Reactor 2023.0.9 #​33326

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GoncaloPT, @​crusherd, @​genuss, @​kashike, @​ngocnhan-tran1996, @​olbinski, @​pcvolkmer, @​sheip9, @​tafjwr, and @​underbell

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The recent updates in the inventory-service project involve upgrading the spring-web dependency from version 5.3.30 to 5.3.39 in the pom.xml file. This enhancement is expected to bring bug fixes, performance optimizations, and potentially introduce new features, thereby improving the overall interaction of the application with web components in the Spring framework.

Changes

Files	Change Summary
inventory-service/pom.xml	Updated spring-web dependency version from 5.3.30 to 5.3.39.

Poem

In a patch of code so bright,
A rabbit danced with pure delight.
Spring’s web now upgraded high,
Bugs and flaws are waving bye!
With every hop and every cheer,
Performance shines, the path is clear! 🐇✨

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2ed986c and 9b83f0d.

Files selected for processing (1)

• inventory-service/pom.xml (1 hunks)

Additional comments not posted (1)

inventory-service/pom.xml (1)

98-98: Verify compatibility and impact of the version update.

The spring-web dependency has been updated from version 5.3.30 to 5.3.38. Ensure that this update does not introduce any breaking changes and that it is compatible with other dependencies in the project. Review the release notes for any changes that might affect your application.

Verification successful

---

Version Update Verified Successfully

The update to spring-web version 5.3.38 does not introduce any breaking changes according to the release notes. The extensive usage of org.springframework.web across the project appears to be compatible with this version update. Ensure thorough testing to confirm no runtime issues arise.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify compatibility and impact of the spring-web version update.

# Test: Check for potential breaking changes or compatibility issues by reviewing release notes.
# Note: This script assumes that the release notes are available online and can be accessed via the given URL.

# Fetch release notes for the updated version
curl -s https://github.com/spring-projects/spring-framework/releases/tag/v5.3.38 | grep -i "breaking changes"

# Check for any issues in the project files due to the update
rg --type java 'org.springframework.web' -A 5

Length of output: 89377

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 9b83f0d and ee2eba9.

Files selected for processing (1)

• inventory-service/pom.xml (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• inventory-service/pom.xml