Bump spring-boot-starter-web from 2.1.8.RELEASE to 2.2.5.RELEASE

[dependabot-preview[bot]]

Bumps spring-boot-starter-web from 2.1.8.RELEASE to 2.2.5.RELEASE.

Release notes

Sourced from spring-boot-starter-web's releases.

v2.2.5.RELEASE

:star: New Features

• Perform URI sanitisation for properties named address, addresses, and uris #19999

:beetle: Bug Fixes

• Binding to collection fails with unbound elements error if collection overridden in another property source with smaller number of elements #20306
• Metrics are not recorded for nested requests made with RestTemplate #20231
• DataSource url property is ignored when there is no connection pool #20217
• BuildInfo task not run in Gradle project when project's version number changes #20183
• Caching of ProducesRequestCondition in EndpointHandlerMapping may break custom HandlerMapping or ContentTypeResolver arrangements #20150
• No error message when server.ssl.keyAlias doesn't match an entry #20132
• JSON keys containing a dot from CF environment are not handled as a single path segment #20129
• Spring Webflux ignores message of custom exception when annotated with @ResponseStatus #20028
• Unlike all other Maven properties, spring-boot.run.arguments on the command line takes precedence over the pom #20024
• Requests are auto-timed when autotime.enabled is set to false #19981
• Health group with composite contributor results in 404 #19974
• Jetty logs a custom context path incorrectly when compression is enabled #19970
• Conditions evaluation report mistakenly prints '@ConditionalOnBean' for negative matches #19948
• TomcatMetrics does not clean up properly when the application context is closed #19903
• Auto-configured JMS ConnectionFactory should be named jmsConnectionFactory for compatibility with Spring Integration #19565

:notebook_with_decorative_cover: Documentation

• Fix typos in how to section of reference documentation #20313
• Document missing reference to DataSourceHealthIndicator #20216
• Document sanitized keys and uri sanitization behavior #20169
• Structure your code link in section 25.3.25 of multi-page HTML documentation is broken #20145
• Document how to register a blocking health contributor with the reactive registry #20123
• Fix link to Spring Integration Graph documentation #20023
• Polish two code samples in the reference documentation #20004
• Document spring-boot.run.arguments behaviour with multiple arguments #19998
• Fix Gradle plugin documentation links #19965
• Fix typo in configuration metadata appendix #19957
• Update documentation on excluding an auto-configuration to recommend exclude on SpringBootApplication #19872

:hammer: Dependency Upgrades

• Upgrade to Neo4j Ogm 3.2.9 #20330
• Upgrade to Liquibase 3.8.7 #20328
• Upgrade to Rxjava2 2.2.18 #20327
• Upgrade to Dropwizard Metrics 4.1.3 #20326
• Upgrade to Okhttp3 3.14.7 #20325
• Upgrade to Maven Shade Plugin 3.2.2 #20288
• Upgrade to Spring Session Bom Corn-SR1 #20287
• Upgrade to Spring Security 5.2.2.RELEASE #20286
• Upgrade to Lombok 1.18.12 #20285
• Upgrade to Postgresql 42.2.10 #20284
• Upgrade to Jooq 3.12.4 #20281

... (truncated)

Commits

• 5bb8035 Release v2.2.5.RELEASE
• a7b3ed0 Merge branch '2.1.x' into 2.2.x
• 3df4462 Next development version (v2.1.14.BUILD-SNAPSHOT)
• ea8f2a7 Fix tests following changes to EndpointRequest
• cdae79d Cache management port type in EndpointRequestMatcher
• 421fe77 Upgrade to Neo4j Ogm 3.2.9
• ef67ad7 Upgrade to Liquibase 3.8.7
• fa6f8f8 Upgrade to Rxjava2 2.2.18
• a838537 Upgrade to Dropwizard Metrics 4.1.3
• 398e683 Upgrade to Okhttp3 3.14.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #50.