Skip to content

Build(deps-dev): Bump the dev-deps group with 2 updates#1985

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/dev-deps-68e12e905c
Closed

Build(deps-dev): Bump the dev-deps group with 2 updates#1985
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/dev-deps-68e12e905c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the dev-deps group with 2 updates: io.github.hakky54:logcaptor and org.springframework:spring-context.

Updates io.github.hakky54:logcaptor from 2.12.2 to 2.12.6

Changelog

Sourced from io.github.hakky54:logcaptor's changelog.

v2.12.6

  • Improved reconfiguring LogCaptor
  • Improved reusing existing ConsoleAppender
  • Improved maintainability of the codebase
  • Bumped dependencies

v2.12.5

  • Prevent duplicate console output when using SpringBootTest with re-enabled ConsoleAppender

v2.12.4

  • Fixed capturing MDC context

v2.12.3

  • Fixed No appenders present in context while using SpringBootTest with disabled ConsoleAppender
  • Bumped dependencies
Commits
  • 001481c [maven-release-plugin] prepare release v2.12.6
  • 250d22b Updated docs
  • 27f8d1c Applied AI recommendation
  • 18244f7 Improved reconfiguring LogCaptor
  • b571076 Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 (#217)
  • 1ad70b4 Bump version.junit from 5.14.2 to 5.14.3 (#218)
  • 2b535cd Bump org.apache.maven.plugins:maven-compiler-plugin (#216)
  • 93563b7 Bump net.bytebuddy:byte-buddy from 1.18.4 to 1.18.5 (#215)
  • 18fd35d Removed redundant console appender config
  • 34e20dd Removed initial console appender
  • Additional commits viewable in compare view

Updates org.springframework:spring-context from 7.0.7 to 7.0.8

Release notes

Sourced from org.springframework:spring-context's releases.

v7.0.8

⚠️ Security Fixes

This maintenance release fixes a high number of CVEs. You can learn more about this in the "Spring and Security In The Times Of AI" blog post. Here is the full list of 16 CVEs:

  • CVE-2026-41838 "Spring Framework Predictable Session ID in WebSocket Module"
  • CVE-2026-41839 "Spring Framework Escalation via Session Fixation in WebFlux"
  • CVE-2026-41840 "Spring Framework Denial of Service via Multipart Requests in WebFlux"
  • CVE-2026-41841 "Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux"
  • CVE-2026-41842 "Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux"
  • CVE-2026-41843 "Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux"
  • CVE-2026-41844 "Spring Framework Open Redirect in Spring MVC and WebFlux"
  • CVE-2026-41845 "Spring Framework Cross-site Scripting via JavaScriptUtils"
  • CVE-2026-41846 "Spring Framework Cross-site Scripting via JSP Form Tags"
  • CVE-2026-41848 "Spring Framework Denial of Service via AntPathMatcher"
  • CVE-2026-41850 "Spring Framework Algorithmic Denial of Service via SpEL Expressions"
  • CVE-2026-41851 "Spring Framework Denial of Service via Unbounded Cache in SpEL"
  • CVE-2026-41852 "Spring Framework Arbitrary Method Invocation in SpEL Expressions"
  • CVE-2026-41853 "Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux"
  • CVE-2026-41854 "Spring Framework Server-Side Request Forgery via UriComponentsBuilder"
  • CVE-2026-41855 "Spring Framework Unsafe Deserialization via Jackson JMS Converters"

⭐ New Features

  • Include zone ID in CronTrigger's equals/hashCode implementations #36871
  • Expose ClassLoader from DefaultDeserializer #36833
  • Use immutable map for SEPARATORS static field in DefaultPathContainer #36821
  • Track operations during SpEL expression evaluation #36801
  • Ensure getters have non-void return types in SpEL #36800
  • Avoid too many character access attempts in AntPathMatcher #36799
  • Refine default view name resolution #36793
  • Refine Jackson JMS converters #36791
  • Improve ABNF rule checks in RfcUriParser #36787
  • Restrict SpringVersion.getVersion() to "major.minor.patch" format #36785
  • Runtime compatibility with JPA 4.0 M4 and corresponding Hibernate 8.0 snapshots #36784
  • Allow specifying the charset to use in ExchangeFilterFunctions#basicAuthentication #36777
  • Use CollectionUtils to initialize HashMap in DefaultUriBuilderFactory #36763
  • Improve error messages in SpEL #36756
  • Improve pattern caching in SpEL #36755
  • Avoid ResolvableType#forType contention for implicit cache cleanup #36745
  • Switch to JdkIdGenerator for WebSocket Sessions #36740
  • Detect custom deserialized NullValue instances in AbstractValueAdaptingCache #36727
  • LiteWebJarsResourceResolver does not resolve directories #36726
  • Warn against unsafe static resource locations in MVC and WebFlux #36692
  • Consistent compatibility with Woodstox as an alternative to Xerces #36682
  • Improve principal checks for SockJS session #36681
  • Set host header consistently in STOMP relay CONNECT frames #36673
  • Support Micrometer context propagation in Kotlin Flow #36667
  • Reliable detection of broadcast messages in UserDestinationMessageHandler #36662

... (truncated)

Commits
  • 9e8cea3 Release v7.0.8
  • 2c18c33 Track operations during SpEL expression evaluation
  • 83667f8 Ensure getters have non-void return types in SpEL
  • 7a8917b Improve additional error messages in SpEL
  • 7baa865 Further improve pattern caching in SpEL
  • 12b44f2 Avoid too many character access attempts in AntPathMatcher
  • e8f1024 Ensure consistent JSP tag attribute processing
  • a1826b7 Refine JavaScriptUtils#javaScriptEscape
  • 7add524 Prevent special prefixes in default view name resolution
  • 9bec52b Add trusted packages to MappingJackson2MessageConverter
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dev-deps group with 2 updates: [io.github.hakky54:logcaptor](https://github.com/Hakky54/log-captor) and [org.springframework:spring-context](https://github.com/spring-projects/spring-framework).


Updates `io.github.hakky54:logcaptor` from 2.12.2 to 2.12.6
- [Changelog](https://github.com/Hakky54/log-captor/blob/master/CHANGELOG.MD)
- [Commits](Hakky54/log-captor@v2.12.2...v2.12.6)

Updates `org.springframework:spring-context` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

---
updated-dependencies:
- dependency-name: io.github.hakky54:logcaptor
  dependency-version: 2.12.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: org.springframework:spring-context
  dependency-version: 7.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 24, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 24, 2026
@dependabot dependabot Bot deleted the dependabot/maven/dev-deps-68e12e905c branch June 24, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants