Bump the maven group across 1 directory with 6 updates

[dependabot]

Bumps the maven group with 5 updates in the / directory:

Package	From	To
org.springframework:spring-context	6.0.4	6.1.14
com.graphql-java:graphql-java	19.2	19.11
org.yaml:snakeyaml	1.33	2.0
org.apache.tomcat.embed:tomcat-embed-core	10.1.5	10.1.25
org.json:json	20220924	20231013

Updates org.springframework:spring-context from 6.0.4 to 6.1.14

Release notes

Sourced from org.springframework:spring-context's releases.

v6.1.14

⭐ New Features

• Use Locale.ROOT for locale neutral, case insensitive comparisons #33708
• Improve checks for relative paths in static resource handling #33689
• CorsUtils.isCorsRequest throws unhandled IllegalArgumentException and returns 500 Internal Server Error on malfomed Origin header #33682
• Skip processing of Java annotations in QualifierAnnotationAutowireCandidateResolver #33580
• Include argument name in MethodArgumentTypeMismatchException error message #33573
• Preserve coroutine context in WebClientExtensions #33548
• Blocking call detected in ConcurrentReferenceHashMap by BlockHound #33450
• Warning message about bean post-processing and eager injection may suggest the wrong cause #33184

🐞 Bug Fixes

• DelegatingFilterProxy Causes Pinned Virtual Threads #33656
• Potential NPE from MethodParameter.getMethod() check in KotlinDelegate.hasDefaultValue() #33609
• Missing native image hints for JDK proxies created by JMS connection factories #33590
• AotTestExecutionListener should not be invoked for a @DisabledInAotMode test class #33589
• Use encoded resource path instead of input path validation in spring-webflux #33568
• org.springframework.util.ResourceUtils#toRelativeURL drops custom URLStreamHandler #33561
• Current observation not in scope during WebClient ExchangeFilterFunction execution #33559
• ZoneIdEditor throws wrong exception type for TypeConverterSupport #33545
• MimeMessageHelper addInline with ByteArrayResource fail with null filename #33527
• @Cacheable throws NullPointerException when RuntimeException is thrown inside annotated code #33492
• Path variable values missing in RedirectView when PathPattern are used #33422
• Reactive HttpComponentsClientHttpResponse ignores Expires cookie attribute #33157

📔 Documentation

• Update fallback.adoc #33721
• Update scheduling.adoc #33703
• Fix link in testing/support-jdbc.adoc #33686
• Adapt Javadoc note about log level of BeanPostProcessorChecker #33617
• Reference the spring-framework-petclinic repository wich uses AspectJ #33539

🔨 Dependency Upgrades

• Upgrade to Apache HttpClient 5.4 #33587
• Upgrade to Apache HttpCore Reactive 5.3 #33588
• Upgrade to Awaitility 4.2.2 #33604
• Upgrade to Micrometer 1.12.11 #33647
• Upgrade to Reactor 2023.0.11 #33637

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​arey, @​asibross, @​boulce, @​drdpov, @​hosamaly, @​ilya40umov, @​izeye, and @​junhyeongkim2

v6.1.13

... (truncated)

Commits

• ac5c8ad Release v6.1.14
• fde7116 Consistently skip processing of plain Java annotations
• 0a64591 Add checkstyle rule for toLowerCase/toUpperCase
• 5302e7a Update fallback.adoc
• cad02c1 Update Antora Spring UI to v0.4.17
• c765d03 Use Locale.ROOT consistently for toLower/toUpperCase
• 11d4272 Use Locale.ROOT consistently for toLower/toUpperCase
• 23656ae Use Locale.ROOT consistently for toLower/toUpperCase
• feb6a5f Polishing
• a228eb8 Upgrade to Reactor 2023.0.11
• Additional commits viewable in compare view

Updates org.springframework:spring-webmvc from 6.0.4 to 6.1.14

Release notes

Sourced from org.springframework:spring-webmvc's releases.

v6.1.14

⭐ New Features

• Use Locale.ROOT for locale neutral, case insensitive comparisons #33708
• Improve checks for relative paths in static resource handling #33689
• CorsUtils.isCorsRequest throws unhandled IllegalArgumentException and returns 500 Internal Server Error on malfomed Origin header #33682
• Skip processing of Java annotations in QualifierAnnotationAutowireCandidateResolver #33580
• Include argument name in MethodArgumentTypeMismatchException error message #33573
• Preserve coroutine context in WebClientExtensions #33548
• Blocking call detected in ConcurrentReferenceHashMap by BlockHound #33450
• Warning message about bean post-processing and eager injection may suggest the wrong cause #33184

🐞 Bug Fixes

• DelegatingFilterProxy Causes Pinned Virtual Threads #33656
• Potential NPE from MethodParameter.getMethod() check in KotlinDelegate.hasDefaultValue() #33609
• Missing native image hints for JDK proxies created by JMS connection factories #33590
• AotTestExecutionListener should not be invoked for a @DisabledInAotMode test class #33589
• Use encoded resource path instead of input path validation in spring-webflux #33568
• org.springframework.util.ResourceUtils#toRelativeURL drops custom URLStreamHandler #33561
• Current observation not in scope during WebClient ExchangeFilterFunction execution #33559
• ZoneIdEditor throws wrong exception type for TypeConverterSupport #33545
• MimeMessageHelper addInline with ByteArrayResource fail with null filename #33527
• @Cacheable throws NullPointerException when RuntimeException is thrown inside annotated code #33492
• Path variable values missing in RedirectView when PathPattern are used #33422
• Reactive HttpComponentsClientHttpResponse ignores Expires cookie attribute #33157

📔 Documentation

• Update fallback.adoc #33721
• Update scheduling.adoc #33703
• Fix link in testing/support-jdbc.adoc #33686
• Adapt Javadoc note about log level of BeanPostProcessorChecker #33617
• Reference the spring-framework-petclinic repository wich uses AspectJ #33539

🔨 Dependency Upgrades

• Upgrade to Apache HttpClient 5.4 #33587
• Upgrade to Apache HttpCore Reactive 5.3 #33588
• Upgrade to Awaitility 4.2.2 #33604
• Upgrade to Micrometer 1.12.11 #33647
• Upgrade to Reactor 2023.0.11 #33637

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​arey, @​asibross, @​boulce, @​drdpov, @​hosamaly, @​ilya40umov, @​izeye, and @​junhyeongkim2

v6.1.13

... (truncated)

Commits

• ac5c8ad Release v6.1.14
• fde7116 Consistently skip processing of plain Java annotations
• 0a64591 Add checkstyle rule for toLowerCase/toUpperCase
• 5302e7a Update fallback.adoc
• cad02c1 Update Antora Spring UI to v0.4.17
• c765d03 Use Locale.ROOT consistently for toLower/toUpperCase
• 11d4272 Use Locale.ROOT consistently for toLower/toUpperCase
• 23656ae Use Locale.ROOT consistently for toLower/toUpperCase
• feb6a5f Polishing
• a228eb8 Upgrade to Reactor 2023.0.11
• Additional commits viewable in compare view

Updates com.graphql-java:graphql-java from 19.2 to 19.11

Release notes

Sourced from com.graphql-java:graphql-java's releases.

19.11

This is a special release to add further limits to introspection queries.

This release contains a backport of PR #3539.

What's Changed

• 19.x Backport PR 3539 by @​dondonz in graphql-java/graphql-java#3543

Full Changelog: graphql-java/graphql-java@v19.10...v19.11

19.10

This is a special release to help control introspection queries.

This release adds a default check for introspection queries, to check that they are sensible. This feature is a backport of graphql-java/graphql-java#3526 and graphql-java/graphql-java#3527.

This release also adds an optional maximum result nodes limit, which is a backport of graphql-java/graphql-java#3525.

What's Changed

• 19.x Backport #3526 and PR #3527 by @​dondonz in graphql-java/graphql-java#3532
• 19.x Backport PR 3525 max result nodes by @​dondonz in graphql-java/graphql-java#3537

Full Changelog: graphql-java/graphql-java@v19.9...v19.10

19.9

This is a small bugfix release which includes a backport of PR #3334, which fixes a type unwrapping bug.

What's Changed

• Backport PR #3334 to 19.x by @​dondonz in graphql-java/graphql-java#3356

Full Changelog: graphql-java/graphql-java@v19.8...v19.9

19.8

This version 19.8 release includes a critical Guava fix.

The 19.7 release had a problem where Guava classes were not shaded due to a configuration error. Do not use version 19.7 and please use this version 19.8 instead.

What's Changed

• guava version fix for 19.x by @​bbakerman in graphql-java/graphql-java#3319

Full Changelog: graphql-java/graphql-java@v19.7...v19.8

19.7

Do not use version 19.7. Please use version 19.8 instead.

Version 19.7 contains a problem where Guava files were not shaded due to a configuration error. This is fixed in 19.8.

... (truncated)

Commits

• 16c1591 Merge pull request #3543 from graphql-java/19.x-backport-enf-introspection
• 81d5cb6 Fix typo (backport PR #3544)
• 512827f comment
• 01296ce bring ENOF test up to date with master
• e9cf1b7 remove not needed conditional node decision code
• 592ec17 Backport PR 3539 and bring more files up to v21 for API compatibility
• c0b905c Merge pull request #3537 from graphql-java/19.x-backport-3525-max-result-nodes
• 90c1e51 Adjust tests to take empty GraphQLContext object
• 84d4e39 Merge pull request #3532 from graphql-java/19.x-backport-3526-disable-introsp...
• e5c6bb4 Backport PR 3525 max nodes with minor adjustments
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 1.33 to 2.0

Commits

• c98ffba issue 561: add negative test case
• e2ca740 Use Maven wrapper on github
• 49d91a1 Fix target for github
• 19e331d Disable toolchain for github
• 42c7812 Cobertura plugin does not work
• 03c82b5 Rename GlobalTagRejectionTest to be run by Maven
• 6e8cd89 Remove cobertura
• d9b0f48 Improve Javadoc
• 519791a Run install and site goals under docker
• 82f33d2 Merge branch 'master' into add-module-info
• Additional commits viewable in compare view

Updates org.apache.tomcat.embed:tomcat-embed-core from 10.1.5 to 10.1.25

Updates org.json:json from 20220924 to 20231013

Release notes

Sourced from org.json:json's releases.

20231013

Pull Request	Description
#793	Reverted #761
#792	update the docs for release 20231013
#783	optLong vs getLong inconsistencies
#782	Fix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows
#779	add validity check for JSONObject constructors
#778	Fix XMLTest.testIndentComplicatedJsonObjectWithArrayAndWithConfig() for Windows
#776	Update [JUnit to version 4.13.2
#774	Removing unneeded synchronization
#773	Add optJSONArray method to JSONObject with a default value
#772	Disallow nested objects and arrays as keys in objects
#779	Unit test cleanup
#769	Addressed Java 17 compile warnings
#764	Update CodeQL action version
#761	Add module-info
#759	JSON parsing should detect embedded
#753	Updated new object methods
#752	Fixes possible unit test bug when compiling/testing on Windows

20230618

Pull Request	Description
#749	Prep for release 20230618
#740	Fixed Flaky Tests Caused by JSON permutations
#734	Fixed Flaky Tests Caused by JSON permutations
#733	JSONTokener implemented java.io.Closeable
#731	Removing commented out code in JSONObject optDouble()
#729	Refactor ParserConfiguration class hierarchy

20230227

Pull Request	Description
#723	Protect JSONML from stack overflow exceptions caused by recursion
#720	Limit the XML nesting depth for CVE-2022-45688
#711	Revert pull 707 - interviewbit spam
#704	Move javadoc comments above the interface definition to make it visible
#703	Update Releases.md for JSONObject(Map): Throws NPE if key is null
#696	Update JSONPointerTest for NonDex compatibility
#694	Pretty print XML
#692	Example.md syntax highlight and indentation
#691	Create unit tests for various number formats

Changelog

Sourced from org.json:json's changelog.

20231013 First release with minimum Java version 1.8. Recent commits, including fixes for CVE-2023-5072.

20230618 Final release with Java 1.6 compatibility. Future releases will require Java 1.8 or greater.

20230227 Fix for CVE-2022-45688 and recent commits

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.