Skip to content

Bump the backend-dev group across 1 directory with 3 updates#18

Merged
oharsta merged 1 commit intomainfrom
dependabot/maven/backend-dev-ca01079825
Apr 20, 2026
Merged

Bump the backend-dev group across 1 directory with 3 updates#18
oharsta merged 1 commit intomainfrom
dependabot/maven/backend-dev-ca01079825

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026

Bumps the backend-dev group with 3 updates in the / directory: org.springframework:spring-web, org.jsoup:jsoup and org.apache.maven.plugins:maven-compiler-plugin.

Updates org.springframework:spring-web from 6.2.17 to 6.2.18

Release notes

Sourced from org.springframework:spring-web's releases.

v6.2.18

⭐ New Features

  • Improve SpringValidatorAdapter and MethodValidationAdapter performance #36624
  • Add missing @Deprecated(forRemoval = true) for deleted in 7.0 #36591
  • Deprecate methodIdentification() in CacheAspectSupport for removal #36576
  • Improve error handling in multipart codecs #36564
  • LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #36529
  • MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #36510

🐞 Bug Fixes

  • Handle Kotlin nullable value class param correctly in CoroutineUtils #36643
  • NullPointerException in ServerSentEvent when trying to set id or event properties #36634
  • @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #36630
  • WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #36627
  • Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #36623
  • ContentCachingRequestWrapper does not allow unlimited content caching #36620
  • MergedAnnotation does not use ClassLoader for method or field #36614
  • AnnotationBeanNameGenerator fails when an annotation references a non-existent class #36588
  • FileSystemResource does not strictly follow the Resource#isReadable() contract #36585
  • Query not hidden in DefaultClientResponse checkpoint #36571
  • LazyConnectionDataSourceProxy does not pass on holdability to target Connection #36530
  • DefaultJmsListenerContainer may hang in an endless loop in doShutdown #36511
  • Inconsistent codings resolution in resource resolvers #36508

📔 Documentation

  • Clarify semantics of HttpMethod.valueOf() #36653
  • Document that spring.profiles.active is ignored by @ActiveProfiles #36636
  • Document whitespace semantics in SpEL expressions #36629
  • MergedAnnotation.asAnnotationAttributes() Javadoc incorrectly states that it creates an immutable map #36568
  • Introduce Kotlin examples for Bean Overrides (@MockitoBean, etc.) #36542
  • Fix incorrect cross-reference links in AbstractEnvironment Javadoc #36517

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.15.11 #36661
  • Upgrade to Reactor 2024.0.17 #36660
Commits
  • 6b11724 Release v6.2.18
  • f6671e7 Upgrade to Reactor 2024.0.17 and Micrometer 1.15.11
  • b338fdd Add doOnDiscard in MultipartHttpMessageReader
  • 4e3f264 Add missing tests for WebRequestDataBinder
  • 9e0b83e Polish WebRequestDataBinderTests
  • af4b122 Extract ServletRequestParameterPropertyValuesTests
  • 623ccd1 Revise "Skip binding entirely when field is not allowed"
  • 69068ba Further clarify semantics of HttpMethod.valueOf()
  • f182f9a Clarify semantics of HttpMethod.valueOf()
  • 9d14448 Improve SpEL tests for Elvis and Ternary operators
  • Additional commits viewable in compare view

Updates org.jsoup:jsoup from 1.22.1 to 1.22.2

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.2

jsoup 1.22.2 is out now, with fixes and refinements across the library. It makes editing the DOM during traversal more predictable, refreshes the default HTML tag definitions with newer elements and better text boundaries, and improves reliability in parsing and HTTP transport. The release also fixes a number of edge cases in cleaning, stream parsing, XML doctype handling, and Android packaging.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

  • Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
  • Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
  • Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

  • Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
  • Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
  • Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
  • Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
  • Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
  • If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
  • Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
  • In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

  • Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.2 (2026-Apr-20)

Improvements

  • Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
  • Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
  • Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

  • Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
  • Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
  • Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
  • Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
  • Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
  • If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
  • Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
  • In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

  • Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491
Commits
  • ac28afe [maven-release-plugin] prepare release jsoup-1.22.2
  • 52f2cd3 Improve entity example in changelog
  • cf6ffe0 Add Tag#TextBoundary option; bring TagSet to spec (#2493)
  • 2be739c Bump github/codeql-action from 4 to 4.35.1 (#2492)
  • 45de7cb Migrate integration test server from Jetty to Netty (#2491)
  • 1df14ed Preserve XML doctype internal subset
  • 06fa52d Adding Contribution Guide
  • d4a8941 Simplify the test; doesn't need the buffer
  • 823709f Don't reuse a fully read sniffed doc for StreamParser
  • e1b0df5 NodeFilter javadoc tweak
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
org.springframework:spring-web [>= 7.a0, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the backend-dev group across 1 directory with 3 updates
7449d6f 
Bumps the backend-dev group with 3 updates in the / directory: [org.springframework:spring-web](https://github.com/spring-projects/spring-framework), [org.jsoup:jsoup](https://github.com/jhy/jsoup) and [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin).


Updates `org.springframework:spring-web` from 6.2.17 to 6.2.18
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.2.17...v6.2.18)

Updates `org.jsoup:jsoup` from 1.22.1 to 1.22.2
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](jhy/jsoup@jsoup-1.22.1...jsoup-1.22.2)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.1 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0)

---
updated-dependencies:
- dependency-name: org.springframework:spring-web
  dependency-version: 6.2.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: backend-dev
- dependency-name: org.jsoup:jsoup
  dependency-version: 1.22.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: backend-dev
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: backend-dev
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 20, 2026
@oharsta oharsta merged commit c8d7934 into main Apr 20, 2026
1 check passed
@oharsta oharsta deleted the dependabot/maven/backend-dev-ca01079825 branch April 20, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oharsta