Bump spring-web from 5.1.0.RELEASE to 5.3.1

[dependabot-preview[bot]]

Bumps spring-web from 5.1.0.RELEASE to 5.3.1.

Release notes

Sourced from spring-web's releases.

v5.3.1

:star: New Features

• Expose a public method "isClosed" to indicate whether the connection has been closed in WebSocketSession (WebFlux) #26043
• WebFlux missing programmatic handling of MappingJacksonValue #26035
• Optimize locking in AspectJProxyFactory for concurrent aspect instantiation #26034
• Upgrade SpelCompiler bytecode level to 1.8 and optimize for concurrent access #26033
• MergedAnnotationCollectors.toAnnotationSet() should not create intermediate ArrayList #26031
• SpEL doesn't work nicely with records #26029
• StompSubProtocolHandler logs failed authentication with error stack trace #26026
• Expose toEntityFlux methods in WebClient.ResponseSpec #26023
• Improve AdvisedSupport.getAdvisors() #26017
• Improve URI/query strings sanitization #26012
• DefaultSimpUserRegistry prevents event from being published if original SimpMessageHeaderAccessor cannot be found #26010
• DefaultWebClientBuilder copies references #25992
• Inefficient request handling inside ServletRequestDataBinder #25986
• Avoid multiple volatile reads/writes in a row where only one is enough #25899
• Allows Jackson2 encoders to log Throwable reason for not being able to serialize or deserialize #25892
• Mechanism to access request bound objects in WebClient filter in servlet env #25710

:beetle: Bug Fixes

• Cannot be cast to class Publisher error with non suspending @Transactional functions #26052
• Fix wrong reference in UrlPathHelper.removeSemicolonContentInternal() #26050
• setTaskScheduler in StompBrokerRelayRegistration breaks chaining #26049
• Add FullyQualifiedAnnotationBeanNameGenerator.INSTANCE #26025
• Autowiring does not work reliably in case of dynamically changing prototype bean class #26019
• Order of profiles in tests is not preserved #26004
• @Transactional on suspending function returning a value always rollbacks #25998
• SseEmitter: connection closed after first event #25987
• @Nonnull annotation breaks ServletRequestMethodArgumentResolver for Principal #25981
• Spring MVC's locale resolver can no longer be customized in parent context #25290

:notebook_with_decorative_cover: Documentation

• Fix kotlin example code which does not compile #26016
• Fix a broken Asciidoctor syntax in core-resources.adoc #25999

:heart: Contributors

We'd like to thank all the contributors who worked on this release!

• @izeye
• @aksh1618
• @NaNrailgun
• @Anusien
• @mindhaq
• @evpaassen
• @stsypanov
• @hzmpay

Commits

• 967637d Release v5.3.1
• 2899652 Fix checkstyle violation
• 560a504 Polishing in DefaultWebClient
• 79f79e9 WebClient method to populate the Reactor Context
• bd2640a Strict nullability for field assignment
• 6825287 Polishing
• 737d77a Fix @Transactional support on functions returning Flow
• 1f13516 Fix @Transactional support on suspending function
• 6bb3ad7 Add isOpen to WebSocketSession in WebFlux
• c73cff8 Use RxJava 2/3 fromPublisher() when possible in ReactiveAdapterRegistry
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #174.