Update all patch/minor versions (master)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
postgres		minor	15.15 → 15.17
org.junit.jupiter:junit-jupiter-api (source)	dependencies	patch	6.0.2 → 6.0.3
org.junit.jupiter:junit-jupiter (source)	dependencies	patch	6.0.2 → 6.0.3
com.twelvemonkeys.imageio:imageio-webp (source)	dependencies	patch	3.13.0 → 3.13.1
io.sentry:sentry-logback	dependencies	minor	8.31.0 → 8.33.0
org.yaml:snakeyaml	dependencies	minor	2.5 → 2.6
ch.qos.logback:logback-access (source, changelog)	dependencies	patch	1.5.27 → 1.5.32
ch.qos.logback:logback-classic (source, changelog)	dependencies	patch	1.5.27 → 1.5.32
io.hypersistence:hypersistence-utils-hibernate-63	dependencies	patch	3.15.1 → 3.15.2
org.postgresql:postgresql (source)	dependencies	patch	42.7.9 → 42.7.10
org.hibernate:hibernate-core (source)	dependencies	patch	6.6.42.Final → 6.6.44.Final
org.springframework.security:spring-security-web (source)	dependencies	patch	7.0.2 → 7.0.3
org.springframework.security:spring-security-config (source)	dependencies	patch	7.0.2 → 7.0.3
org.springframework:spring-test	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-tx	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-jdbc	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-orm	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-aspects	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-webmvc	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-web	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-core	dependencies	patch	7.0.3 → 7.0.5
org.springframework:spring-context	dependencies	patch	7.0.3 → 7.0.5
org.mockito:mockito-core	dependencies	minor	5.21.0 → 5.22.0
org.springframework:spring-beans	dependencies	patch	7.0.3 → 7.0.5

---

Release Notes

getsentry/sentry-java (io.sentry:sentry-logback)

v8.33.0

Compare Source

Features

• Add installGroupsOverride parameter to Build Distribution SDK for programmatic filtering, with support for configuration via properties file using io.sentry.distribution.install-groups-override (#​5066)

Fixes

• When merging tombstones with Native SDK, use the tombstone message if the Native SDK didn't explicitly provide one. (#​5095)
• Fix thread leak caused by eager creation of SentryExecutorService in SentryOptions (#​5093)
  • There were cases where we created options that ended up unused but we failed to clean those up.
• Attach user attributes to logs and metrics regardless of sendDefaultPii (#​5099)
• No longer log a warning if a logging integration cannot initialize Sentry due to missing DSN (#​5075)
  • While this may have been useful to some, it caused lots of confusion.
• Session Replay: Add androidx.camera.view.PreviewView to default maskedViewClasses to mask camera previews by default. (#​5097)

Dependencies

• Bump Native SDK from v0.12.4 to v0.12.7 (#​5071, #​5098)
  • changelog
  • diff

Internal

• Add integration to track session replay custom masking (#​5070)

v8.32.0

Compare Source

Features

• Add installGroups property to Build Distribution SDK (#​5062)
• Update Android targetSdk to API 36 (Android 16) (#​5016)
• Add AndroidManifest support for Spotlight configuration via io.sentry.spotlight.enable and io.sentry.spotlight.url (#​5064)
• Collect database transaction spans (BEGIN, COMMIT, ROLLBACK) (#​5072)
  • To enable creation of these spans, set options.enableDatabaseTransactionTracing to true
  • enable-database-transaction-tracing=true when using sentry.properties
  • For Spring Boot, use sentry.enable-database-transaction-tracing=true in application.properties or in application.yml:

    sentry:
      enable-database-transaction-tracing: true

• Add support for collecting native crashes using Tombstones (#​4933, #​5037)
  • Added Tombstone integration that detects native crashes using ApplicationExitInfo.REASON_CRASH_NATIVE on Android 12+
  • Crashes enriched with Tombstones contain more crash details and detailed thread info
  • Tombstone and NDK integrations are now automatically merged into a single crash event, eliminating duplicate reports
  • To enable it, add the integration in your Sentry initialization:

    SentryAndroid.init(context, options -> {
        options.isTombstoneEnabled = true
    })

    or in the AndroidManifest.xml using:

    <meta-data android:name="io.sentry.tombstone.enable" android:value="true" />

Fixes

• Extract SpotlightIntegration to separate sentry-spotlight module to prevent insecure HTTP URLs from appearing in release APKs (#​5064)
  • Breaking: Users who enable Spotlight must now add the io.sentry:sentry-spotlight dependency:

    dependencies {
        debugImplementation("io.sentry:sentry-spotlight:<version>")
    }

• Fix scroll target detection for Jetpack Compose (#​5017)
• No longer fork Sentry Scopes for reactor-kafka consumer poll Runnable (#​5080)
  • This was causing a memory leak because reactor-kafka's poll event reschedules itself infinitely, and each invocation of SentryScheduleHook created forked scopes with a parent reference, building an unbounded chain that couldn't be garbage collected.
• Fix cold/warm app start type detection for Android devices running API level 34+ (#​4999)

Internal

• Establish new native exception mechanisms to differentiate events generated by sentry-native from ApplicationExitInfo. (#​5052)
• Set write permission for statuses in the changelog preview GHA workflow. (#​5053)

Dependencies

• Bump Native SDK from v0.12.3 to v0.12.4 (#​5061)
  • changelog
  • diff

vladmihalcea/hypersistence-utils (io.hypersistence:hypersistence-utils-hibernate-63)

v3.15.2

================================================================================

ObjectMapperJsonSerializer.clone thows ClassCastException because the MutableType.deepCopy expects a Serializable argument #​836

Improve the non-serializable error message in the ObjectMapperJsonSerializer to indicate the culprit Java class #​833

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.10

Changed

• chore: Migrate to Shadow 9 PR 3931
• style: fix empty line before javadoc for checkstyle compliance PR #​3925
• style: fix lambda argument indentation for checkstyle compliance PR #​3922
• test: add autosave=always|never|conservative and cleanupSavepoints=true|false to the randomized CI jobs PR #​3917

Fixed

• fix: non-standard strings failing test for version 19 PR #​3934
• fix: small issues in ConnectionFactoryImpl PR #​3929
• fix: process pending responses before fastpath to avoid protocol errors PR # 3913
• doc: use.md, fix typos PR #​3911
• doc: datasource.md, fix minor formatting issue PR #​3912
• doc: add the new PGP signing key to the official documentation PR #​3912

Reverted

• Revert "fix: make all Calendar instances proleptic Gregorian (#​3837) (#​3887)" PR #​3932

hibernate/hibernate-orm (org.hibernate:hibernate-core)

v6.6.44.Final

v6.6.43.Final

spring-projects/spring-security (org.springframework.security:spring-security-web)

v7.0.3

Compare Source

⭐ New Features

• Fix Javadoc warnings in spring-security-web #​18473
• Fix/gradle 9 deprecations #​18485
• Fix/gradle 9 deprecations #​18477
• Replace method call with 'Builder.configureMessageConverters()' #​18378
• Replacing use of deprecated 'check' in authorization documentation #​18390
• Use DefaultParameterNameDiscoverer#getSharedInstance #​18481

🪲 Bug Fixes

• Authorization Server fails to start with multiple PasswordEncoder beans #​18645
• BearerTokenAuthenticationEntryPoint uses context path #​18528
• Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #​18594
• Document Client PKCE settings #​18304
• Fix docs typo X-Requested-By -> X-Requested-With #​18123
• Fix Formatting in mfa.adoc #​18134
• Fix typo in documentation #​18344
• Fix typos #​18121

🔨 Dependency Upgrades

• Bump ch.qos.logback:logback-classic from 1.5.22 to 1.5.24 #​18384
• Bump ch.qos.logback:logback-classic from 1.5.24 to 1.5.28 #​18684
• Bump ch.qos.logback:logback-classic from 1.5.28 to 1.5.29 #​18711
• Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.20.2 #​18660
• Bump com.webauthn4j:webauthn4j-core from 0.29.7.RELEASE to 0.31.0.RELEASE #​18687
• Bump gradle-wrapper from 8.14 to 8.14.4 #​18705
• Bump io.mockk:mockk from 1.14.7 to 1.14.9 #​18681
• Bump io.projectreactor:reactor-bom from 2025.0.1 to 2025.0.2 #​18658
• Bump io.projectreactor:reactor-bom from 2025.0.2 to 2025.0.3 #​18717
• Bump io.spring.develocity.conventions from 0.0.24 to 0.0.25 #​18683
• Bump io.spring.gradle:spring-security-release-plugin from 1.0.13 to 1.0.14 #​18725
• Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.4 to 4.0.5 #​18706
• Bump org-apache-maven-resolver from 1.9.24 to 1.9.25 #​18309
• Bump org-aspectj from 1.9.25 to 1.9.25.1 #​18326
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.5.2 #​18346
• Bump org.apache.maven:maven-resolver-provider from 3.9.11 to 3.9.12 #​18327
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 #​18682
• Bump org.junit:junit-bom from 6.0.1 to 6.0.2 #​18385
• Bump org.springframework.data:spring-data-bom from 2025.1.1 to 2025.1.2 #​18655
• Bump org.springframework.ldap:spring-ldap-core from 4.0.0 to 4.0.1 #​18316
• Bump org.springframework.ldap:spring-ldap-core from 4.0.1 to 4.0.2 #​18733
• Bump org.springframework:spring-framework-bom from 7.0.3 to 7.0.4 #​18732
• Bump org.springframework:spring-framework-bom from 7.0.3-SNAPSHOT to 7.0.4-SNAPSHOT #​18657
• Bump spring-io/spring-doc-actions from 0.0.20 to 0.0.22 #​18651
• Bump tools.jackson:jackson-bom from 3.0.3 to 3.0.4 #​18659
• Update Antora UI Spring to v0.4.25 #​18249
• Update to Spring Framework 7.0.3 #​18667
• Update to spring-data-bom 2025.1.3 #​18735

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Been24, @​Fr05ty-hub, @​Kehrlann, @​Rigu1, @​bloomsei, @​martinboulais, @​ngocnhan-tran1996, @​paulvas, @​rwinch, @​therepanic, and @​vincentstradiot

spring-projects/spring-framework (org.springframework:spring-test)

v7.0.5

Compare Source

⚠️ Attention Required

• Optimize request and response header handling in Spring MVC #​36334

⭐ New Features

• Consistent adaptation of HTTP headers on Servlet responses #​36343
• Copy methodAnnotations in MethodParameter copy constructor #​36342
• Improve performance of validation groups determination in WebFlux #​36336
• Reuse AnnotatedMethod annotation cache in derived instances #​36322
• Optimize the addition of a charset to the MediaType in AbstractHttpMessageConverter #​36320
• Optimize MediaType(MediaType, Charset) constructor #​36318
• Detect all common size exceptions from Tomcat and Commons FileUpload 2.x #​36317
• Consistently support @Autowired as a meta-annotation #​36315
• Avoid duplicate required attribute lookup for @Autowired annotations #​36314
• Cache @ResponseBody presence per controller class in RequestResponseBodyMethodProcessor #​36311

🐞 Bug Fixes

• ResolvableType#getGenerics() breaks serialization #​36346
• DefaultHttpMessageConverters not adding provided configurer #​36332
• Restore early MessageConsumer creation for temporary queue #​36321
• Multipart upload leak on client abort (ByteBuf.release() not called) #​36262

📔 Documentation

• Document that SpEL expressions using Optional with null-safe and Elvis operators are not compilable #​36331
• Improve documentation of baseline API version to emphasize version must be supported #​36316
• Stop referring to obsolete ListenableFuture in documentation #​36313
• Stop referring to standard Java features as "Java 8" features in documentation #​36310

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Niravil and @​TAKETODAY

v7.0.4

Compare Source

⭐ New Features

• Cache method annotations in MethodParameter and AnnotatedMethod #​36307
• Consistently support @Lazy as a meta-annotation at arbitrary depths #​36306
• Consistently support @Validated as a meta-annotation at arbitrary depths #​36305
• Let developers disable default registrations in HttpMessageConverters #​36303
• Log which HandlerInterceptor threw the exception #​36281
• Improve performance of hashcode calculations for request mappings #​36279
• Improve performance of HandlerMethod bean lookup #​36278
• Improve performance of version mapping #​36276
• Improve performance of single pattern request mappings #​36275
• Improve performance of validation groups determination #​36274
• Add setPackagesToScan configuration method to LocalEntityManagerFactoryBean #​36270
• Remove outdated GraalVM substitution #​36257
• Introduce beforeRetry callback with RetryState argument #​36245
• Optimize NamedParameterUtils#buildValueArray by lazily fetching SqlParameter #​36230
• Allow customization of the ProxyFactory in HttpServiceProxyFactory used to create HTTP service proxies #​36225
• Consistently close streams through try-with-resources in FileCopyUtils #​36223
• Use Java Files utilities in FileCopyUtils #​36221
• SqlBinaryValue and SqlCharacterValue should support InputStream content with undetermined length #​36219
• Support JtaTransactionManager and SpringBeanContainer configuration on HibernateJpaVendorAdapter #​36216
• Add TaskCallback/Callable/Runnable wrapper for retryable tasks #​36208
• Refine YamlProcessor to allow different empty values #​36207
• Anticipate fixing Kotlin 2.3 compilation warning #​36203
• Allow YAML processors to create a flattened map with nulls included #​36197
• Use Reader.transferTo in FileCopyUtils #​36196
• DataBufferUtils.write() with NettyDataBuffer on JDK 25 hangs indefinitely #​36184
• Make SendToMethodReturnValueHandler and SubscriptionMethodReturnValueHandler customizable, to allow for pass-through of message headers #​36179
• Introduce RestClient.ResponseSpec#requiredBody #​36173
• Make scope fully configurable in BeanRegistry/BeanRegistrar #​36171
• ConcurrencyThrottleSupport and thread interruption #​36167
• Add overloaded sendAndReceive methods to JmsTemplate to use explicit response queue #​36162
• WebClient (Reactor) attributes on Netty channel do not clear after connection release #​36158
• Support HttpEntity on ContentRequestMatchers.multipartData #​36154
• Reintroduce WebLogicJtaTransactionManager in Spring Framework 6.2.x #​36151
• Back-off for DefaultMessageListenerContainer is not applied consistently in case of listener setup failure #​36143
• Early support for JPA 4.0 EntityAgent (autowiring a shared proxy) #​36025
• Early compatibility with JPA 4.0 and Hibernate ORM 8.0 #​35705

🐞 Bug Fixes

• Resolved HttpEntity Controller argument does not reflect mutated HTTP headers #​36298
• Avoid lock congestion in ConcurrentReferenceHashMap #​36293
• AbstractMessageConverter does not support wildcards in supported MIME types #​36285
• Make LocalEntityManagerFactoryBean#setDataSource work on Hibernate as well as EclipseLink #​36271
• StompBrokerRelayMessageHandler fails to restart due to test context pausing #​36266
• Deadlock might occur when calling System.exit on startup (against multiple shutdown hooks) #​36260
• Missing resource hint for BeanRegistrar implementing ImportAware #​36242
• Inconsistent behavior with @Retryable on annotated interfaces #​36233
• Netty4HeadersAdapter.remove returns empty list instead of null for non-existing key #​36226
• Generic type in AsyncTaskExecutor.submit(Callable) should be @Nullable #​36191
• EclipseLinkConnectionHandle can fail against transaction isolation race condition #​36165

📔 Documentation

• Remove obsolete code in Redirecting to a resource section #​36284
• Fix formatting in Web MVC HTTP Message Conversion documentation #​36250
• Remove obsolete doc for spring.context.annotated-bean-reader.create #​36241
• Document @SpringExtensionConfig in the reference manual #​36240
• Fix JSON syntax in STOMP overview documentation #​36229
• Revise documentation on JSR-330 support in the reference manual #​36222
• Fix links to JUnit User Guide #​36217
• Corrected the definition of coroutines #​36209
• Fix LocalContainerEntityManagerFactoryBean#setPersistenceUnitName javadoc #​36205
• Update documentation on trailing slash handling where type-level @GetMapping("/base") is combined with method level @GetMapping("/") #​36198
• Update documentation on the MediaType used for ProblemDetail #​36192
• Extract DispatcherServlet snippets #​36175
• Replace getErrors() with getBindingResult() in examples #​36170
• Refine CORS documentation to match latest changes #​36156

🔨 Dependency Upgrades

• Upgrade to Apache POI 5.5 #​36174
• Upgrade to ASM 9.9.1 and Objenesis 3.5 #​36243
• Upgrade to Micrometer 1.6.3 #​36287
• Upgrade to Reactor 2025.0.3 #​36288

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Ivarz, @​catturtle123, @​chschu, @​deejay1, @​dingqianwen, @​dungdm93, @​furaizi, @​izeye, @​kchung1995, @​kilink, @​msridhar, @​ngocnhan-tran1996, @​pgoslatara, @​philwebb, @​pisek, and @​shub-est

mockito/mockito (org.mockito:mockito-core)

v5.22.0

---

Configuration

📅 Schedule: Branch creation - "after 5pm on the first day of the month,on the first day of the month" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.