Bump org.springframework:spring-core from 4.3.30.RELEASE to 6.0.6

[dependabot]

Bumps org.springframework:spring-core from 4.3.30.RELEASE to 6.0.6.

Release notes

Sourced from org.springframework:spring-core's releases.

v6.0.6

⭐ New Features

• Prefer request hostName and hostPort in ReactorServerHttpRequest #30062
• Use readNBytes in ByteArrayHttpMessageConverter when contentLength is available #30010
• Add missing @Nullable annotations to LogMessage.format methods #30006
• Refine CoroutinesUtils#invokeSuspendingFunction contract #30005
• @SubscribeMapping method not called when built as native image #30002
• Provide method with ContextView instead of Context in ServerWebExchangeContextFilter #29691
• Support @Value for record injection #28774

🐞 Bug Fixes

• WebClient now requires scheme #30053
• Move HttpServiceProxyFactoryExtensions.kt to spring-web module #30042
• AutowireCapableBeanFactory.createBean does not prefer default constructor anymore #30041
• Server request URL with spring-webflux 6.0.5 is in resolved IP6 format #30033
• PathMatchingResourcePatternResolver can no longer handle paths containing spaces and special characters #30031
• Catch defensively exception thrown by validation contraints AOT processing of Kotlin extensions #30037
• Fix proxy hint Kotlin extensions #30025
• WebFlux fails with WebDAV HTTP methods #29981
• NullPointerException if passing an anonymous class to ReflectionsHint#registerType #29774
• Native hints for package private methods on custom @Repository class #29764
• Native version of webflux/r2dbc failed #29582
• Protect JMS connection creation against prepareConnection errors #29116
• SingleConnectionFactory - reconnection problem (AMQ Broker) #29115

📔 Documentation

• Fix "Configuring a Global Date and Time Format" example #30034
• @AspectJ argument name resolution algorithm is outdated in reference manual #30026
• Update comment in Javadoc of ServletRequestPathFilter DispatcherServlet relating to DispatcherServlet #30014
• Revise AspectJ examples in the reference manual #30003
• Revise chomp and fold settings in reference documentation #30001

🔨 Dependency Upgrades

• Upgrade to Reactor 2022.0.4 #30063

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​1004789224, @​1993heqiang, @​AlexElin, @​diguage, @​divcon, @​izeye, @​kilink, @​lenoch7, @​sergiuprdn, @​singhbaljit, and @​violetagg

v6.0.5

⭐ New Features

• Add RFC-8246 "immutable" attribute to CacheControl #29955
• Allow MockRest to match header/queryParam value list with one Matcher #29953

... (truncated)

Commits

• 68537d6 Release v6.0.6
• 57b838d Upgrade to spring-asciidoctor-backends 0.0.5
• 8c78408 Update copyright dates
• c0a1e17 Polishing
• fe29e73 Revise documentation for @​AspectJ argument name resolution algorithm
• 50c3a62 Upgrade to Reactor Netty 2022.0.4
• a936a6a Javadoc-only reference to SubscribeMapping from simp package (-> package depe...
• 8d112b8 Test for explicit URI decoding in convertClassLoaderURL
• f8cb0fa Custom resolution of preferred constructors for createBean(Class)
• c56c16d Polishing contribution
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[pshiner]

@chadlwilson , Is there any progress on the spring upgrade? I read your blog post GoCD project status in 2023 and since I have always been a fan thought I would see if I could address any of the "not-so-good" news regarding EOL packages. Just checking in. Setup my environment and have started looking at the situation and was wondering if anything has already been started down those paths. --Pete

[chadlwilson]

Hi @pshiner - thanks for saying hello! I could probably do a better job in summarising the path/epic for getting Spring upgraded separate to these dependabot PRs which get closed and opened on new point releases all the time (or at least what I know about it).

I have addressed some other blockers to Spring upgrades such as #10577 and some general clean-ups to reduce surface area, however I haven't actually "tried" anything. The relationship with Spring Security and GoCD's custom security filters is also a potential area of challenge with Spring upgrade.

I think that a core blocker that needs to be done first is up upgrade Hibernate to at least v5.x since our current ancient Hibernate version is not supported by even Spring 5, let alone Spring 6. However I haven't validated or dug into how much GoCD relies on Spring to support or mediate its Hibernate integration, so the assumption of a dependency here could be validated better.

If it does turn out to be a blocker, my initial summary of the Hibernate upgrade is at #10262 but I wouldn't say I have "started" anything in this area, and nor do I have any historical background from the team on the blockers in this area, or whether it was attempted at some point.

If you have experience with Hibernate (especially in non-JPA, more legacy hbm.xml mapping style) that might be a place to start experimenting, or at least identifying where the pain is? Or alternatively to even validate whether the current Hibernate 3.6 fails miserably with Spring 5.x :-)

[dependabot]

Superseded by #11416.