Update all patch/minor versions (master)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.junit.jupiter:junit-jupiter-api (source)	6.0.1 → 6.0.2
org.junit.jupiter:junit-jupiter (source)	6.0.1 → 6.0.2
io.sentry:sentry-logback	8.29.0 → 8.30.0
ch.qos.logback:logback-access (source, changelog)	1.5.23 → 1.5.25
ch.qos.logback:logback-classic (source, changelog)	1.5.23 → 1.5.25
org.apache.httpcomponents.client5:httpclient5 (source)	5.4.4 → 5.6
jakarta.persistence:jakarta.persistence-api	3.0.0 → 3.2.0
io.hypersistence:hypersistence-utils-hibernate-63	3.13.2 → 3.14.1
org.postgresql:postgresql (source)	42.7.8 → 42.7.9
org.hibernate:hibernate-core (source)	6.6.38.Final → 6.6.41.Final
org.springframework.security:spring-security-web (source)	7.0.1 → 7.0.2
org.springframework.security:spring-security-config (source)	7.0.1 → 7.0.2
org.springframework:spring-test	7.0.1 → 7.0.3
org.springframework:spring-tx	7.0.1 → 7.0.3
org.springframework:spring-jdbc	7.0.1 → 7.0.3
org.springframework:spring-orm	7.0.1 → 7.0.3
org.springframework:spring-aspects	7.0.1 → 7.0.3
org.springframework:spring-webmvc	7.0.1 → 7.0.3
org.springframework:spring-web	7.0.1 → 7.0.3
org.springframework:spring-core	7.0.1 → 7.0.3
org.springframework:spring-context	7.0.1 → 7.0.3
org.springframework:spring-beans	7.0.1 → 7.0.3

---

Release Notes

getsentry/sentry-java (io.sentry:sentry-logback)

v8.30.0

Compare Source

Fixes

• Fix ANRs when collecting device context (#​4970)
  • IMPORTANT: This disables collecting external storage size (total/free) by default, to enable it back
    use options.isCollectExternalStorageContext = true or <meta-data android:name="io.sentry.external-storage-context" android:value="true" />
• Fix NullPointerException when reading ANR marker (#​4979)
• Report discarded log in batch processor as log_byte (#​4971)

Improvements

• Expose MAX_EVENT_SIZE_BYTES constant in SentryOptions (#​4962)
• Discard envelopes on 4xx and 5xx response (#​4950)
  • This aims to not overwhelm Sentry after an outage or load shedding (including HTTP 429) where too many events are sent at once

Feature

• Add a Tombstone integration that detects native crashes without relying on the NDK integration, but instead using ApplicationExitInfo.REASON_CRASH_NATIVE on Android 12+. (#​4933)
  • Currently exposed via options as an internal API only.
  • If enabled alongside the NDK integration, crashes will be reported as two separate events. Users should enable only one; deduplication between both integrations will be added in a future release.
• Add Sentry Metrics to Java SDK (#​5026)
  • Metrics are enabled by default
  • APIs are namespaced under Sentry.metrics()
  • We offer the following APIs:
    • count: A metric that increments counts
    • gauge: A metric that tracks a value that can go up or down
    • distribution: A metric that tracks the statistical distribution of values
  • For more details, see the Metrics documentation: https://docs.sentry.io/product/explore/metrics/getting-started/

apache/httpcomponents-client (org.apache.httpcomponents.client5:httpclient5)

v5.6

This is the first ALPHA release in the 5.6 release series. It adds several features
such as transport content decompression and content compression for the async transport,
support for Unix sockets, experimental support for SCRAM-SHA-256 authentication scheme,
and Micrometer/OTel observations & metrics.

Commons Compress, Brotli codec, and ZStd codec are optional dependencies and get
wired into the execution pipeline only if present on the classpath.

Notable changes and features included in the 5.6 series:

• Unix domain socket support.

• Support for pluggable content codecs via Commons-Compress in the classic transport.
  (optional).

• Support for transparent content decompression and content compression with deflate,
  gzip, zstd (optional), and brotli (optional) codecs in the async transport.

• Micrometer/OTel observations & metrics (optinal).

• Off-lock connection disposal by the classic pooling connection manager. Experimental.

• SCRAM-SHA-256 authentication scheme (RFC 7804). Experimental.

• Request Priority support (RFC 9218). Experimental.

Compatibility notes:

• As of this version, HttpClient uses BUILTIN HostnameVerificationPolicy by default, delegating
  host verification to JSSE security manager. One must explicitly configure the TLS strategy
  to continue using the hostname verifier shipped with HttpClient.

• Five-second TCP keep-alive is now enabled by default.

v5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5
APIs and adds several experimental features and improvements, such as request multiplexing
over a shared HTTP/2 connection and the Classic API facade acting as a compatibility
bridge between classic I/O client services and the asynchronous message transport used
internally.

Notable changes and features included in the 5.5 series:

• Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

• The connection pool implementation acts as a caching facade in front of a standard
  managed connection pool and shares already leased connections to multiplex message
  exchanges over active HTTP/2 connections. Experimental.

• Extended Auth API and improved authentication protocol logic to support mutual
  authentication.

• The Classic API facade now acts as a compatibility bridge between the classic I/O client
  services (based on the standard InputStream / OutputStream model) and the asynchronous
  message transport used internally. This is experimental.

• HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

• As of this release, HttpClient does not automatically execute redirects if the original
  request manually added headers that are considered sensitive.

vladmihalcea/hypersistence-utils (io.hypersistence:hypersistence-utils-hibernate-63)

v3.14.1

================================================================================

Deprecate all ArrayTypes, with the exception of the EnumArrayType #​823

v3.14.0

================================================================================

The Hibernate SessionFactory cannot be built due to a ClassCastException after upgrading to 3.13.3 #​821

Add support for Hibernate 7.2.0.CR4

v3.13.3

================================================================================

ArrayType causes org.hibernate.tool.schema.spi.SchemaManagementException: Schema-validation: wrong column type encountered in column found (Types#ARRAY), but expecting (Types#OTHER) #​697

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.9

Added

• feat: query timeout property PR #​3705
• feat: Add PEMKeyManager to handle PEM based certs and keys PR #​3700

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value PR #​3847
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation PR #​3906
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only PR #​3897
• fix: make all Calendar instances proleptic Gregorian PR #​3837
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings PR #​3897
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext PR #​3886
• fix: Issue #​3784 pgjdbc can't decode numeric arrays containing special numbers like NaN PR #​3838
• fix: use ssl_is_used() to check for ssl connection PR #​3867
• fix: the classloader is nullable PR #​3907

hibernate/hibernate-orm (org.hibernate:hibernate-core)

v6.6.41.Final

v6.6.40.Final

v6.6.39.Final

spring-projects/spring-security (org.springframework.security:spring-security-web)

v7.0.2

Compare Source

🪲 Bug Fixes

• AuthorizationWebProxyConfiguration should only be active when both spring-security-web and spring-webmvc are on the classpath #​18315

spring-projects/spring-framework (org.springframework:spring-test)

v7.0.3

⭐ New Features

• DisconnectedClientHelper should detect presence of RestClientException and WebClientException separately #​36141
• Deprecate PagedListHolder and PropertyComparator for removal #​36139
• Add DataAccessException and MessagingException to the excluded outermost exceptions in DisconnectedClientHelper #​36134
• Support property placeholders in HTTP service registry #​36126
• Introduce Spring property to disable context pausing for tests #​36117
• Retain original requested bean class for SpringContainedBean #​36116
• Add task rejection support to SyncTaskExecutor's concurrency throttle #​36114
• Precompute PropertyDescriptor array in SimpleBeanInfoFactory #​36112
• Add option for @ConcurrencyLimit to throw rejection exception #​36109
• Support HttpComponents 5.6 #​36100
• Fix double encoding in DefaultApiVersionInserter #​36097
• Optimize single-char wildcard path matching performance #​36095
• Allow WebFlux ApiVersionResolver to return a Mono #​36084
• Configure HttpMessageConverters as a list #​36083
• HTTP Interface with an @RequestBody Object method parameter should use class of actual value #​36078
• Consistently declare @Nullable on parameter in equals() implementations #​36075
• Support listener registration for @Transactional triggered method rollbacks #​36073
• Introduce generalized MethodFailureEvent for use in EventPublicationInterceptor #​36072
• Avoid duplicate flushes in StringHttpMessageConverter #​36065
• When no API version is provided, static resources fail to load #​36059
• When no API version is provided, /error requests also fail. #​36058
• Declare TaskCallback return value as potentially nullable #​36057
• Fix case-insensitive semantics for LinkedCaseInsensitiveMap entrySet #​36056
• Update to NullAway 0.12.15 and fix new warnings #​36054
• Provide alternative to execute(Retryable) which avoids RetryException in favor of rethrowing the last original RuntimeException #​36052
• Avoid unnecessary pausing of application contexts in the TestContext framework #​36044
• Simplify TransactionalOperator.executeAndAwait by removing Optional #​36039
• Deprecated MockMvcClientHttpRequestFactory is required for tests with HTTP service interface proxy #​35989
• Introduce Jackson XML codecs #​35752
• Support listener registration for @Retryable triggered retry executions #​35382

🐞 Bug Fixes

• Fix SmartFactoryBean type matching for ResolvableType.NONE #​36123
• AbstractMessageSendingTemplate ignores headers in convertAndSend() variant #​36120
• JmsClient.sendAndReceive() fails if headers are included #​36118
• PropertyDescriptorUtils does not reliably resolve overloaded write methods #​36113
• Fix context class resolution for nested types in AbstractJacksonHttpMessageConverter #​36111
• DefaultApiVersionInserter encodes already encoded URI #​36080
• ConverterFactory nullness mismatch with Converter #​36063
• WiretapConnector leaks data buffers when response body not consumed #​36050
• CompilationException should not use -1 for line or column numbers when they are unknown #​36041
• org.springframework.core.test.tools.TestCompiler.Errors should handle case where warnings are turned into errors #​36037
• UriComponentsBuilder loses the fragment when it consists of only a single character #​36029
• Parameter names of the handler method are null in HandlerInterceptor::preHandle during first invocation of an endpoint #​36024
• PropertyDescriptorUtils does not reliably resolve read/write methods in type hierarchies with generics #​36019
• Illegal reflection use against Hibernate Validator 9 on module path #​36012

📔 Documentation

• Clarify unversioned handler matching precedence #​36125
• Clarify meaning of maxAttempts in FixedBackOff vs. maxRetries in RetryPolicy #​36119
• Polishing AOT cache documentation #​36108
• Upgrade Antora dependencies #​36105
• Modernize the DispatcherServlet Locale documentation #​36099
• Fix Kotlin example in Multipart Content #​36094
• Remove @EnableWebFlux from documentation code snippets #​36091
• Fix Kotlin example in CORS and Functional Endpoints references #​36089
• Extract remaining WebMVC configuration snippets #​36088
• Remove the "Other Web Frameworks" documentation #​36086
• Fix reference links in Configuration page #​36079
• Document HttpHeaders#toSingleValueMap() case-sensitive behavior #​36070
• Correct encode Javadoc for UriComponents and UriComponentsBuilder #​36040
• Fix typos and grammar #​36022
• Custom @ExceptionHandler silently ignored when spring.mvc.problemdetails.enabled=true without @Order #​35982
• Document how to discard response body with WebTestClient #​35953
• Modernize the view technologies section #​35450
• Remove JavaScript/Kotlin from ScriptEngine documentation #​27919

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.16.2 #​36145
• Upgrade to Reactor 2025.0.2 #​36144

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​JKaplanEmpty-Nes, @​MukjepScarlet, @​TerryTaoYY, @​haydenrear, @​jhan0121, @​jher235, @​marcphilipp, @​mipo256, @​msridhar, @​ngocnhan-tran1996, @​parkhojeong, @​philipbolting, @​playous, @​quaff, @​thelightway24, and @​xyraclius

v7.0.2

⭐ New Features

• Avoid unnecessary list creation and processing in AbstractTestContextBootstrapper #​35995
• AbstractTestContextBootstrapper should resolve ContextLoader only once #​35994
• Log RetryException for @Retryable methods #​35983
• Consistently stop already started Lifecycle beans on cancelled refresh #​35964
• Support timeouts in @Retryable and RetryPolicy #​35963
• Use == instead of instanceof for primitive array type checks #​35962
• Introduce MultiValueMapCollector for use with streams #​35958
• Avoid package cycle caused by use of UriComponentsBuilder in ServletServerHttpRequest #​35952
• Target type in Converter interface should be @Nullable #​35947
• Provide access to attempt count in RetryListener as well as callbacks for the initial attempt #​35940
• DefaultHandshakeHandler should not log client faults on error level #​35930
• Log warning when meta-annotation is ignored due to types not present in classpath #​35927
• Revise ApplicationContext#getId() nullability to non-null #​35925
• Use concurrent set behind reactive TransactionSynchronizationManager#registerSynchronization #​35921
• Refine AbstractKotlinSerializationHttpMessageConverter#canWrite #​35920
• Register bean dependency for Optional injection point as well #​35919
• Change canRead/canWrite overrides to Class ones in AbstractSmartHttpMessageConverter #​35916
• Do not make HttpHeaders read-only in HttpEntity #​35888
• Add WebFlux SSE support with GSON #​35884
• Different ReactorNettyWebSocketSession call getId() may return the same value #​35883
• Refine nullability of Assert#noNullElements #​35868
• Allow configuring default maxIdleTime on InMemoryWebSessionStore. #​35866
• Refine BindingReflectionHintsRegistrar with ObjectToObjectConverter hints #​35847
• Add resetCaches() method to general CacheManager interface #​35845
• Enhance handleTypeMismatch error message in ResponseEntityExceptionHandler #​35837
• Add support for package-private BeanRegistrar in Spring AOT generated code #​35803
• Use ExtendedServletRequestDataBinder/ExtendedWebExchangeDataBinder for functional request binding #​35800
• Expose Collection on FragmentsRendering to facilitate Unit Tests #​35775
• Improve i18n-support for NoResourceFoundException #​35758
• Cache resolved singleton beans in injected Provider instance #​35373

🐞 Bug Fixes

• ContextConfigurationAttributes(Class) constructor incorrectly sets inheritLocations to false #​36000
• NullPointerException thrown from JdkClientHttpRequestFactory for null request header value #​35996
• State inconsistency in LazyConnectionDataSourceProxy when connection settings fail #​35980
• SubscriberInputStream#resume misuses parked thread reference #​35978
• Shared EntityManager returned by AbstractEntityManagerFactoryBean cannot be advised by AspectJ interceptor #​35974
• RestClient cannot make HEAD requests when the response declares gzip Content-Encoding #​35966
• ServerRequestObservationContext(s) miss Propagator.Getter method implementation #​35965
• Jackson used instead of kotlinx.serialization for more complex types #​35960
• Strong locking in ConcurrentReferenceHashMap#computeIfAbsent may cause context initialisation deadlock #​35944
• BridgeMethodResolver change in 6.2.13 breaks Spring Data entity introspection #​35936
• DefaultMessageListenerContainer does not clear Session and MessageConsumer for paused invokers #​35932
• Tighten cacheable decision behind @Lazy injection point #​35917
• AOT-generated bean definition does not consider name of RuntimeBeanReference using name and type #​35913
• Accidental fallback match for Collection-type beans due to @Bean-level qualifier annotation #​35908
• SingletonSupplier should be defensive against singletonInstance/initialized visibility mismatch #​35905
• SortedResourcesFactoryBean does not accept non-existent resources anymore #​35895
• Support reading unresolvable types in AbstractJacksonHttpMessageConverter #​35889
• Refine Kotlin Serialization codec type checks #​35885
• UrlHandlerFilter also removes query parameters and fragment when using HTTP redirect #​35873
• Fix handling of ServerSentEvent with Jackson encoder #​35872
• @EnableResilientMethods does not participate in globally enforced target class proxying #​35863
• RestTestClient can leak HTTP connections when no body expectations are performed #​35784
• Use provided ReactiveAdapterRegistry in BindingContext constructor #​35771
• PathMatchingResourcePatternResolver fails with URI in JAR manifest Class-Path entries #​35682

📔 Documentation

• Correct link to Reactive Libraries in reference docs #​35970
• Document that annotations are ignored if attributes reference types not present in the classpath #​35959
• Remove JUnit 4 based meta-annotation example #​35903
• Refer to "Spring Tools" instead of "Spring Tools for Eclipse" in reference manual #​35901
• Document that SpringExtension requires JUnit Jupiter 6.0 or higher #​35900
• Fix broken Javadoc links to methods #​35899
• Clarify JMS sessionTransacted flag for local versus global transaction #​35897
• Reference docs should not use obsolete "junit5" links #​35892
• Testing chapter references nonexistent Dependency Management documentation #​35890
• Wrong interface in WebFlux Documentation page for API Version #​35887
• Update reference documentation to use Jackson 3 #​35886

🔨 Dependency Upgrades

• Upgrade to json-path 2.10.0 #​35924
• Upgrade to Micrometer 1.16.1 #​35984
• Upgrade to Reactor 2025.0.1 #​35985

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​JohnNiang, @​Pankraz76, @​florianhof, @​ivonaest, @​izeye, @​jnizet, @​ngocnhan-tran1996, @​remeio, and @​zamzterz

---

Configuration

📅 Schedule: Branch creation - "after 5pm on the first day of the month,on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.