Skip to content

Build(deps-dev): Bump the dev-deps group across 1 directory with 2 updates#1970

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/dev-deps-68e12e905c
Closed

Build(deps-dev): Bump the dev-deps group across 1 directory with 2 updates#1970
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/dev-deps-68e12e905c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-deps group with 2 updates in the / directory: io.github.hakky54:logcaptor and org.springframework:spring-context.

Updates io.github.hakky54:logcaptor from 2.12.2 to 2.12.6

Changelog

Sourced from io.github.hakky54:logcaptor's changelog.

v2.12.6

  • Improved reconfiguring LogCaptor
  • Improved reusing existing ConsoleAppender
  • Improved maintainability of the codebase
  • Bumped dependencies

v2.12.5

  • Prevent duplicate console output when using SpringBootTest with re-enabled ConsoleAppender

v2.12.4

  • Fixed capturing MDC context

v2.12.3

  • Fixed No appenders present in context while using SpringBootTest with disabled ConsoleAppender
  • Bumped dependencies
Commits
  • 001481c [maven-release-plugin] prepare release v2.12.6
  • 250d22b Updated docs
  • 27f8d1c Applied AI recommendation
  • 18244f7 Improved reconfiguring LogCaptor
  • b571076 Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 (#217)
  • 1ad70b4 Bump version.junit from 5.14.2 to 5.14.3 (#218)
  • 2b535cd Bump org.apache.maven.plugins:maven-compiler-plugin (#216)
  • 93563b7 Bump net.bytebuddy:byte-buddy from 1.18.4 to 1.18.5 (#215)
  • 18fd35d Removed redundant console appender config
  • 34e20dd Removed initial console appender
  • Additional commits viewable in compare view

Updates org.springframework:spring-context from 7.0.7 to 7.0.8

Release notes

Sourced from org.springframework:spring-context's releases.

v7.0.8

⚠️ Security Fixes

This maintenance release fixes a high number of CVEs. You can learn more about this in the "Spring and Security In The Times Of AI" blog post. Here is the full list of 16 CVEs:

  • CVE-2026-41838 "Spring Framework Predictable Session ID in WebSocket Module"
  • CVE-2026-41839 "Spring Framework Escalation via Session Fixation in WebFlux"
  • CVE-2026-41840 "Spring Framework Denial of Service via Multipart Requests in WebFlux"
  • CVE-2026-41841 "Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux"
  • CVE-2026-41842 "Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux"
  • CVE-2026-41843 "Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux"
  • CVE-2026-41844 "Spring Framework Open Redirect in Spring MVC and WebFlux"
  • CVE-2026-41845 "Spring Framework Cross-site Scripting via JavaScriptUtils"
  • CVE-2026-41846 "Spring Framework Cross-site Scripting via JSP Form Tags"
  • CVE-2026-41848 "Spring Framework Denial of Service via AntPathMatcher"
  • CVE-2026-41850 "Spring Framework Algorithmic Denial of Service via SpEL Expressions"
  • CVE-2026-41851 "Spring Framework Denial of Service via Unbounded Cache in SpEL"
  • CVE-2026-41852 "Spring Framework Arbitrary Method Invocation in SpEL Expressions"
  • CVE-2026-41853 "Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux"
  • CVE-2026-41854 "Spring Framework Server-Side Request Forgery via UriComponentsBuilder"
  • CVE-2026-41855 "Spring Framework Unsafe Deserialization via Jackson JMS Converters"

⭐ New Features

  • Include zone ID in CronTrigger's equals/hashCode implementations #36871
  • Expose ClassLoader from DefaultDeserializer #36833
  • Use immutable map for SEPARATORS static field in DefaultPathContainer #36821
  • Track operations during SpEL expression evaluation #36801
  • Ensure getters have non-void return types in SpEL #36800
  • Avoid too many character access attempts in AntPathMatcher #36799
  • Refine default view name resolution #36793
  • Refine Jackson JMS converters #36791
  • Improve ABNF rule checks in RfcUriParser #36787
  • Restrict SpringVersion.getVersion() to "major.minor.patch" format #36785
  • Runtime compatibility with JPA 4.0 M4 and corresponding Hibernate 8.0 snapshots #36784
  • Allow specifying the charset to use in ExchangeFilterFunctions#basicAuthentication #36777
  • Use CollectionUtils to initialize HashMap in DefaultUriBuilderFactory #36763
  • Improve error messages in SpEL #36756
  • Improve pattern caching in SpEL #36755
  • Avoid ResolvableType#forType contention for implicit cache cleanup #36745
  • Switch to JdkIdGenerator for WebSocket Sessions #36740
  • Detect custom deserialized NullValue instances in AbstractValueAdaptingCache #36727
  • LiteWebJarsResourceResolver does not resolve directories #36726
  • Warn against unsafe static resource locations in MVC and WebFlux #36692
  • Consistent compatibility with Woodstox as an alternative to Xerces #36682
  • Improve principal checks for SockJS session #36681
  • Set host header consistently in STOMP relay CONNECT frames #36673
  • Support Micrometer context propagation in Kotlin Flow #36667
  • Reliable detection of broadcast messages in UserDestinationMessageHandler #36662

... (truncated)

Commits
  • 9e8cea3 Release v7.0.8
  • 2c18c33 Track operations during SpEL expression evaluation
  • 83667f8 Ensure getters have non-void return types in SpEL
  • 7a8917b Improve additional error messages in SpEL
  • 7baa865 Further improve pattern caching in SpEL
  • 12b44f2 Avoid too many character access attempts in AntPathMatcher
  • e8f1024 Ensure consistent JSP tag attribute processing
  • a1826b7 Refine JavaScriptUtils#javaScriptEscape
  • 7add524 Prevent special prefixes in default view name resolution
  • 9bec52b Add trusted packages to MappingJackson2MessageConverter
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/dev-deps-68e12e905c branch from 75a53ff to 1e687c5 Compare June 19, 2026 06:02
…dates

Bumps the dev-deps group with 2 updates in the / directory: [io.github.hakky54:logcaptor](https://github.com/Hakky54/log-captor) and [org.springframework:spring-context](https://github.com/spring-projects/spring-framework).


Updates `io.github.hakky54:logcaptor` from 2.12.2 to 2.12.6
- [Changelog](https://github.com/Hakky54/log-captor/blob/master/CHANGELOG.MD)
- [Commits](Hakky54/log-captor@v2.12.2...v2.12.6)

Updates `org.springframework:spring-context` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

---
updated-dependencies:
- dependency-name: io.github.hakky54:logcaptor
  dependency-version: 2.12.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: org.springframework:spring-context
  dependency-version: 7.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/dev-deps-68e12e905c branch from 1e687c5 to f27a892 Compare June 22, 2026 08:11
@NiklasHerrmann21

Copy link
Copy Markdown
Contributor

Superseded by #1984 — these dependency updates are bundled together there for a single review/merge cycle.

@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/maven/dev-deps-68e12e905c branch June 23, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant