fix(deps): update dependency org.springframework:spring-context to v5.3.19 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-context	5.3.15 -> 5.3.19

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2022-22968

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. Versions 5.3.19 and 5.2.21 contain a patch for this issue.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-context)

v5.3.19

Compare Source

⭐ New Features

• Remove DNS lookups during websocket connection initiation #​28280
• Add application/graphql+json Media type and MIME type constants #​28271
• Fix debug log for no matching acceptableTypes #​28116
• Provide support for post-processing a LocalValidatorFactoryBean's validator Configuration without requiring sub-classing #​27956

🐞 Bug Fixes

• Improve documentation and matching algorithm in data binders #​28333
• NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #​28269
• BeanPropertyRowMapper's support for direct column name matches is missing in DataClassRowMapper #​28243
• AbstractListenerReadPublisher does not call ServletOutputStream::isReady() when reading chunked data across network packets #​28241
• ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #​28232
• Lambda proxy generation fix causes BeanNotOfRequiredTypeException #​28209
• CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #​28138

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.18 #​28329

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​GatinMI

v5.3.18

Compare Source

⭐ New Features

• Restrict access to property paths on Class references #​28261
• Introduce cancel(boolean mayInterruptIfRunning) in ScheduledTask #​28233

🐞 Bug Fixes

• Move off deprecated API in SessionTransactionData #​28234

📔 Documentation

• Introduce warnings in documentation of SerializationUtils #​28246
• Update copyright date in reference manual #​28237
• @Transactional test does not execute all JPA lifecycle callback methods #​28228

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​quaff

v5.3.17

Compare Source

⭐ New Features

• Using DataClassRowMapper causes "No property found for column" debug messages in logs #​28179
• Improve diagnostics in SpEL for large array creation #​28145
• Support custom HTTP status in client-side REST testing support #​28105
• AsyncRestTemplate logging too verbose #​28049

🐞 Bug Fixes

• java.lang.NoClassDefFoundError: org/springframework/cglib/beans/BeanMapEmitter #​28110
• CronExpression fails to calculate properly next execution when running on the day of winter daylight saving time #​28095
• Private init/destroy method may be invoked twice #​28083
• MappingJacksonValue and Jackson2CodecSupport#registerObjectMappersForType do not work together #​28045
• SpEL fails to recover from error during MIXED mode compilation #​28043
• When returning a ResponseEntity with a Flux while the function is suspended, it fails to encode the body #​27809

📔 Documentation

• Improve documentation for @EnabledIf and @DisabledIf test support #​28157
• Links to Spring Security are broken in the reference guide #​28135
• Document that transaction rollback rules may result in unintentional matches #​28125
• Improve documentation for TestContext events #​27757
• Clarify behavior for generics support in BeanUtils.copyProperties #​27259

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.17 #​28064

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​gorisanson
• @​danthonywalker
• @​AzZureman

v5.3.16

Compare Source

⭐ New Features

• Deprecate SocketUtils #​28052
• Add convenience factory method for ManagedList, ManagedSet and ManagedMap #​28026
• Synthesized annotation toString() doesn't match non-synthesized annotation on Java 9+ #​28015
• Add support for strict JSON comparison in WebTestClient #​27993
• Improve log message when searching for default executor for async processing #​27983
• Inconsistent behaviour in spring-orm between EntityManagerFactoryUtils.closeEntityManager() and SessionFactoryUtils.closeSession() #​27972
• Spring AOP cannot generate proxy for lambda on Java 16+ #​27971
• RestTemplate reading Json prohibits JDK HttpClient connection reuse (keep-alive) #​27969
• Deprecate AsyncTaskExecutor.execute(Runnable task, long startTimeout) #​27959
• Add CacheErrorHandler implementation that logs exceptions rather than rethrowing them #​27826
• Support for CGLIB BeanMap utility on JDK 17 #​27802
• Avoid message listener recovery in case of persistence exceptions from external transaction manager #​1807

🐞 Bug Fixes

• Fix CronExpression fails to calculate next execution on the day of daylight saving time #​28044
• CronExpression fails to calculate next execution on the day of daylight saving time #​28038
• Using recursive annotations in Kotlin causes stack overflow #​28012
• Add formatting for SockJS close GoAway frame to prevent infinite loop for xhr-polling and xhr-streaming transport #​28000
• Reflective method invocation does not detect interface method when interface is declared in a subclass (e.g. HashMap.HashIterator.hasNext) #​27995
• ReflectionUtils.USER_DECLARED_METHODS does not filter methods declared in java.lang.Object #​27970
• CronExpression doesn't handle Quartz weekday of month expressions correctly #​27966
• ServletServerHttpRequest getHeaders() throws IllegalArgumentException instead of ignoring invalid content type / #​27957
• PropertySourcesPlaceholderConfigurer ignores ignoreUnresolvablePlaceholders flag #​27947
• Fix regression in BeanPropertyRowMapper regarding underscore name #​27941
• WebClient corrupts binary data when trying to upload many files #​27939
• Spring fails to determine XML is XSD-based if DOCTYPE appears in a comment #​27915
• ResourceHttpRequestHandler with PathPatternParser cannot resolve resources with a jsessionid URL #​27913

📔 Documentation

• Improve documentation for uri(URI) method in WebTestClient regarding base URI #​28058
• Polish reference docs (core) #​28004
• Fix ServletUriComponentsBuilder examples in ref docs #​27984
• Improve documentation for implementing AspectJ around advice #​27980
• Fix CaffeineCacheManager configuration in the documentation #​27967
• Fix Javadoc links to JSR 305 annotations #​27904
• Document how to register annotated classes with a GenericWebApplicationContext #​27778

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.16 #​28039

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​wkwkhautbois
• @​arey
• @​izeye
• @​elgleidson
• @​An1s9n
• @​drewtul
• @​Drezir
• @​mgmeiner
• @​vikeychen
• @​zbykovskyi
• @​mdeinum
• @​shirohoo

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codeclimate]

Code Climate has analyzed commit 08ee718 and detected 0 issues on this pull request.

View more on Code Climate.

[coveralls]

coverage: 90.82%. remained the same
when pulling 08ee718 on renovate/maven-org.springframework-spring-context-vulnerability
into be95b5b on master.