fix(deps): update dependency org.springframework:spring-context to v6.1.14 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-context	6.1.13 -> 6.1.14

GitHub Vulnerability Alerts

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-context)

v6.1.14

⭐ New Features

• Use Locale.ROOT for locale neutral, case insensitive comparisons #​33708
• Improve checks for relative paths in static resource handling #​33689
• CorsUtils.isCorsRequest throws unhandled IllegalArgumentException and returns 500 Internal Server Error on malfomed Origin header #​33682
• Skip processing of Java annotations in QualifierAnnotationAutowireCandidateResolver #​33580
• Include argument name in MethodArgumentTypeMismatchException error message #​33573
• Preserve coroutine context in WebClientExtensions #​33548
• Blocking call detected in ConcurrentReferenceHashMap by BlockHound #​33450
• Warning message about bean post-processing and eager injection may suggest the wrong cause #​33184

🐞 Bug Fixes

• DelegatingFilterProxy Causes Pinned Virtual Threads #​33656
• Potential NPE from MethodParameter.getMethod() check in KotlinDelegate.hasDefaultValue() #​33609
• Missing native image hints for JDK proxies created by JMS connection factories #​33590
• AotTestExecutionListener should not be invoked for a @DisabledInAotMode test class #​33589
• Use encoded resource path instead of input path validation in spring-webflux #​33568
• org.springframework.util.ResourceUtils#toRelativeURL drops custom URLStreamHandler #​33561
• Current observation not in scope during WebClient ExchangeFilterFunction execution #​33559
• ZoneIdEditor throws wrong exception type for TypeConverterSupport #​33545
• MimeMessageHelper addInline with ByteArrayResource fail with null filename #​33527
• @Cacheable throws NullPointerException when RuntimeException is thrown inside annotated code #​33492
• Path variable values missing in RedirectView when PathPattern are used #​33422
• Reactive HttpComponentsClientHttpResponse ignores Expires cookie attribute #​33157

📔 Documentation

• Update fallback.adoc #​33721
• Update scheduling.adoc #​33703
• Fix link in testing/support-jdbc.adoc #​33686
• Adapt Javadoc note about log level of BeanPostProcessorChecker #​33617
• Reference the spring-framework-petclinic repository wich uses AspectJ #​33539

🔨 Dependency Upgrades

• Upgrade to Apache HttpClient 5.4 #​33587
• Upgrade to Apache HttpCore Reactive 5.3 #​33588
• Upgrade to Awaitility 4.2.2 #​33604
• Upgrade to Micrometer 1.12.11 #​33647
• Upgrade to Reactor 2023.0.11 #​33637

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​arey, @​asibross, @​boulce, @​drdpov, @​hosamaly, @​ilya40umov, @​izeye, and @​junhyeongkim2

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.