Skip to content

build(deps-dev): bump org.springframework:spring-core from 6.0.2 to 7.0.7#869

Closed
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/maven/org.springframework-spring-core-7.0.7
Closed

build(deps-dev): bump org.springframework:spring-core from 6.0.2 to 7.0.7#869
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/maven/org.springframework-spring-core-7.0.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps org.springframework:spring-core from 6.0.2 to 7.0.7.

Release notes

Sourced from org.springframework:spring-core's releases.

v7.0.7

⭐ New Features

  • Improve SpringValidatorAdapter and MethodValidationAdapter performance #36621
  • Support JSON array decoding to Flux in KotlinSerializationJsonDecoder #36597
  • Deprecate methodIdentification() in CacheAspectSupport for removal #36575
  • Add MockRestServiceServer#createServer variant for RestClient #36572
  • Create RestClientXhrTransport variant replacing RestTemplateXhrTransport #36566
  • Improve error handling in multipart codecs #36563
  • Make ApplicationListenerMethodAdapter#getTargetMethod() public #36558
  • ApiVersionConfigurer.setSupportedVersionPredicate() returns void instead of ApiVersionConfigurer #36551
  • LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #36527
  • Add registerManagedResource variant with bean key argument to MBeanExporter #36520
  • Handle blank Accept-Language header in AcceptHeaderLocaleResolver #36513
  • Make AbstractStreamingClientHttpRequest and AbstractBufferingClientHttpRequest public #36501
  • MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #36499
  • Add PreFlightRequestFilter #36482
  • Support configuration of extension context scope for SpringExtension via Spring or JUnit properties #36460
  • Lower log level of "Cache miss for REQUEST dispatch" in HandlerMappingIntrospector #36309

🐞 Bug Fixes

  • WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #36625
  • Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #36609
  • MergedAnnotation does not use ClassLoader for method or field #36606
  • @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #36611
  • AnnotatedTypeMetadata no longer retains source declaration order on Java 24+ #36598
  • MergedAnnotation.asMap() fails when an attribute references a non-existent class #36586
  • FileSystemResource does not strictly follow the Resource#isReadable() contract #36584
  • Converter overrides in HttpMessageConverters only apply when defaults are registered #36579
  • Invalid method return type metadata for ClassFile variant on JDK 24+ #36577
  • Fix Writer lifecycle for AbstractJsonHttpMessageConverter.writeInternal(Object, Type, Writer) #36565
  • Flushing-related regression in SseServerResponse #36537
  • LazyConnectionDataSourceProxy does not pass on holdability to target Connection #36528
  • AnnotationBeanNameGenerator fails when an annotation references a non-existent class #36524
  • Perserve default API version in RestClientAdapter #36514
  • Inconsistent codings resolution in resource resolvers #36507
  • DefaultJmsListenerContainer may hang in an endless loop in doShutdown #36506
  • Query not hidden in DefaultClientResponse checkpoint #36502
  • RestClient closes stream for ResponseEntity responses #36492
  • IllegalStateException when using websocket handshake headers with Tomcat #36486
  • Invalid nullness information for ParameterizedTypeReference #36477
  • WebTestClient cannot assert null list elements #36476
  • Handle Kotlin nullable value class param correctly in CoroutineUtils #36449
  • Remove RFC 2047 encoding from Content-Disposition filename #36328

📔 Documentation

  • Clarify semantics of HttpMethod.valueOf() #36652
  • Document whitespace semantics in SpEL expressions #36628

... (truncated)

Commits
  • c997d40 Release v7.0.7
  • 9185254 Upgrade to Reactor 2025.0.5 and Micrometer 1.16.5
  • 802fa4d Refine RetryListener example
  • 7052da4 Add doOnDiscard in MultipartHttpMessageReader
  • 63817ce Add missing tests for WebRequestDataBinder
  • 61bd790 Polish WebRequestDataBinderTests
  • ab6637c Completely extract ServletRequestParameterPropertyValuesTests
  • c9b88b4 Extract ServletRequestParameterPropertyValuesTests
  • 68c575a Revise "Skip binding entirely when field is not allowed"
  • cb32046 Further clarify semantics of HttpMethod.valueOf()
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/org.springframework-spring-core-7.0.7 branch 7 times, most recently from 6829f45 to 94bdcdb Compare June 4, 2026 20:42
@dependabot
build(deps-dev): bump org.springframework:spring-core
d8594a4 
Bumps [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) from 6.0.2 to 7.0.7.
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.2...v7.0.7)

---
updated-dependencies:
- dependency-name: org.springframework:spring-core
  dependency-version: 7.0.7
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/org.springframework-spring-core-7.0.7 branch from 94bdcdb to d8594a4 Compare June 4, 2026 20:49
@ismisepaul ismisepaul mentioned this pull request Jun 4, 2026
Open
12 tasks
@ismisepaul

ismisepaul commented Jun 4, 2026

Copy link
Copy Markdown
Member

Holding this until the Jakarta namespace migration (#861) lands. That migration deliberately targets Spring 6.1.x... Spring 7 raises the baseline to Jakarta EE 11 / Servlet 6.1 / Tomcat 11, so it belongs as a clean follow-up after #861. Will revisit once the migration is merged.

@ismisepaul ismisepaul mentioned this pull request Jun 4, 2026
Merged
ismisepaul added a commit that referenced this pull request Jun 5, 2026
@ismisepaul
build: jakarta-ready dependencies (PR 1 of jakarta migration #861) (#877
a105fcb 
)

* build: jakarta-ready dependencies (PR 1 of jakarta migration #861)

Build-config-only step of the javax -> jakarta migration. Does not
compile on its own (source still imports javax.*); the mechanical
import rename follows in the next sub-PR.

- jakarta.servlet:jakarta.servlet-api:6.0.0 (was javax.servlet:javax.servlet-api:4.0.1)
- jakarta JSTL 3.0 api + glassfish impl (was jstl:jstl:1.2)
- org.eclipse.angus:angus-mail:2.0.3 (was com.sun.mail:javax.mail:1.6.2)
- remove javax:javaee-api:8.0.1 (pulls the legacy javax namespace back in)
- align Spring to 6.1.21 (spring-test 5.3.31, spring-core 6.0.2,
  spring-context 5.3.31 were inconsistent)
- remove spring-mock:2.0.8 (Spring 6 spring-test provides the Jakarta mocks)
- remove fongo (unused; tests @disabled, rescue tracked in #876)
- .env Tomcat base image 9.0 -> 10.1 (first Jakarta-namespace Tomcat)

Refs #861. Targets Spring 6.1.x (not 7) per discussion on #869.

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@ismisepaul ismisepaul mentioned this pull request Jun 5, 2026
Open
@dependabot @github

dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #892.

@dependabot dependabot Bot closed this Jun 10, 2026
@dependabot dependabot Bot deleted the dependabot/maven/org.springframework-spring-core-7.0.7 branch June 10, 2026 00:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

Security Shepherd
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ismisepaul