Update dependency org.springframework:spring-beans to v5.3.20 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.springframework:spring-beans	5.3.18 -> 5.3.20

GitHub Vulnerability Alerts

CVE-2022-22970

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

---

Release Notes

spring-projects/spring-framework (org.springframework:spring-beans)

v5.3.20

Compare Source

⭐ New Features

• Refine CachedIntrospectionResults property introspection #​28445
• Improve tests and Javadoc on binding to a property of type javax.servlet.Part #​27830
• WritableResource doesn't have parity with Resource in @Value etc. [SPR-10656] #​15284

🐞 Bug Fixes

• Ignore invalid STOMP frame #​28443
• @ModelAttribute name attribute is not supported in WebFlux #​28423
• Fix BindingResult error when ModelAttribute has custom name in WebFlux #​28422
• Request body deserialization failures are not captured by exception handlers in WebFlux #​28155

📔 Documentation

• Remove Log4J initialization from package-info.java in spring-web #​28420
• Remove Log4J configurer from package-info.java in spring-core #​28411
• Fix github issue reference in RequestMappingHandlerMapping #​28372
• Add Javadoc since tags for GraphQL constants #​28369
• Fix method reference in Kotlin documentation #​28340

🔨 Dependency Upgrades

• Upgrade to ASM 9.3 #​28390
• Upgrade to Reactor 2020.0.19 #​28437

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​izeye
• @​koenpunt
• @​missingdays
• @​zhangmingqi09
• @​binchoo
• @​gorisanson
• @​jprinet
• @​nealshan
• @​bougar

v5.3.19

Compare Source

⭐ New Features

• Remove DNS lookups during websocket connection initiation #​28280
• Add application/graphql+json Media type and MIME type constants #​28271
• Fix debug log for no matching acceptableTypes #​28116
• Provide support for post-processing a LocalValidatorFactoryBean's validator Configuration without requiring sub-classing #​27956

🐞 Bug Fixes

• Improve documentation and matching algorithm in data binders #​28333
• NotWritablePropertyException when attempting to declaratively configure ClassLoader properties #​28269
• BeanPropertyRowMapper's support for direct column name matches is missing in DataClassRowMapper #​28243
• AbstractListenerReadPublisher does not call ServletOutputStream::isReady() when reading chunked data across network packets #​28241
• ResponseEntity objects are accumulated in ConcurrentReferenceHashMap #​28232
• Lambda proxy generation fix causes BeanNotOfRequiredTypeException #​28209
• CodeGenerationException thrown when using AnnotationMBeanExporter on JDK 17 #​28138

🔨 Dependency Upgrades

• Upgrade to Reactor 2020.0.18 #​28329

❤️ Contributors

We'd like to thank all the contributors who worked on this release!

• @​GatinMI

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.