chore: [DevOps] bump the production-minor-patch group with 5 updates

[dependabot]

Bumps the production-minor-patch group with 5 updates:

Package	From	To
org.springframework:spring-framework-bom	6.2.0	6.2.1
io.swagger.core.v3:swagger-models	2.2.26	2.2.27
com.puppycrawl.tools:checkstyle	10.20.2	10.21.0
com.sap.cloud.security:java-bom	3.5.5	3.5.6
io.grpc:grpc-bom	1.68.2	1.69.0

Updates org.springframework:spring-framework-bom from 6.2.0 to 6.2.1

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v6.2.1

⭐ New Features

• Implement toString() in TestBeanOverrideHandler #34072
• Log alias removal in DefaultListableBeanFactory #34070
• Log warning when one Bean Override overrides another Bean Override #34056
• Introduce "unsafeAllocated" flag in TypeHint #34055
• Cannot assert status reason phrase with MockMvcTester #34016
• Improve toString for reactive ScheduledTask #34010
• Optimize sending requests without a body in RestClient and WebClient with Reactor Netty #34003
• Add missing @Contract annotation to ObjectUtils#isEmpty #33984
• OptionalValidatorFactoryBean suppresses Hibernate Validator configuration failures too much #33979
• Support Flux<ServerSentEvent<Fragment>> in WebFlux #33975
• Update in FragmentsRendering to names of static methods #33974
• Honor @Fallback semantics for Test Bean Overrides #33924
• AdvisedSupport.MethodCacheKey should check for logical equality as well as identity #33915
• Fail with full description for XML diff in XmlExpectationsHelper #33827
• MapMethodProcessor should only resolve arguments of type Map or the ModelMap hierarchy #33160

🐞 Bug Fixes

• Support binding from request headers via constructor args #34073
• Unable to configure custom scheduler for @Scheduled annotation #34058
• Identical Bean Overrides are silently allowed #34054
• OOM due to NoTransactionInContextException in reactive pipeline #34048
• Priority header causes binding exception after upgrade to Spring Framework 6.2.0 #34039
• @MockitoBean incorrectly injects supertype into subtype field #34025
• NestedPlaceholder are not recursively resolved if the fallback is a placeholder #34020
• AOT no longer generates BeanInstanceSupplier signature for a CGLIB proxy with its public type #33998
• Nested transaction support via savepoints is broken in Oracle database #33987
• Proxy created with IntroductionInterceptor but without target always throws an exception #33985
• ApplicationListener no longer invoked for generic ApplicationEvent with 6.2.0 #33982
• Error handling override in DefaultResponseErrorHandler ignored after upgrade to 6.2.0 #33980
• BeanCurrentlyInCreationException is thrown when multiple threads simultaneously try to create a FactoryBean #33972
• HandshakeWebSocketService assumes jakarta websocket is present #33970
• @Value cases SpringCGLIB$$0 required a bean of type java.lang.String that could not be found in Native compile when migrating to SB 3.4 #33960
• PathMatchingResourcePatternResolver should not log directory-skip messages at info level #33956
• Avoid infinite recursion in BeanValidationBeanRegistrationAotProcessor with recursive generics #33950
• Skip runtime hint registration for validation constraint with missing dependencies #33949
• Move Kotlin value class unboxing to InvocableHandlerMethod #33943
• MockReset strategy is no longer honored for @MockitoBean and @MockitoSpyBean #33941
• TypeDescriptor with recursive generics triggers infinite recursion in ResolvableType.equals/hashCode #33932
• RestClient does not expose full URI template as attribute #33928
• Bean Overrides like @MockitoBean and @TestBean should not be allowed on static fields #33922
• Regression in duplicate beans with different method names #33920

📔 Documentation

• Fix link to MockMvcBuilders in reference documentation #34031
• Fix a typo in the filters documentation #33959

... (truncated)

Commits

• b4f10d4 Release v6.2.1
• 0aa721c Polishing
• 63af572 Upgrade to Jackson 2.18.2, RxJava 3.1.10, Checkstyle 10.20.2
• 72c2343 Avoid deprecated ListenableFuture name for internal class
• 8aeced9 Support header filtering in web data binding
• 70c326e Support headers in DataBinding via constructor args
• 7b4e19c Make ExtendedServletRequestDataBinder public
• 3b95d2c Support Flux<ServerSentEvent> in WebFlux
• 640e570 Minor refactoring in ServerSentEvent
• 66f33a8 MapMethodProcessor supportsParameter is more specific
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-models from 2.2.26 to 2.2.27

Updates com.puppycrawl.tools:checkstyle from 10.20.2 to 10.21.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-10.21.0

Checkstyle 10.21.0 - https://checkstyle.org/releasenotes.html#Release_10.21.0

New:

#15985 - Expand Default Value of constantWaiverParentToken in MagicNumberCheck with All Operators

Commits

• b505e4c [maven-release-plugin] prepare release checkstyle-10.21.0
• 01047b2 doc: release notes for 10.21.0
• 8d265b3 Issue #13345: Enable examples tests for InterfaceMemberImpliedModifierCheck
• 9398e5e Issue #15955: improve output of run-checkstyle.yml
• 31dbc43 dependency: Update google-java-format.yml to 1.25.2
• 5e136f3 minor: more output to run-checkstyle.yml to improve CLI experience
• ff79d02 Issue #15955: run-checkstyle.yml use filename for download
• 975bb70 minor: Update run-checkstyle.yml to print debug output
• dea0f46 Issue #15955: Update run-checkstyle.yml to remove extra }
• 5b01a7f Issue #15955: Update run-checkstyle.yml to define latest version of checkstyle
• Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 3.5.5 to 3.5.6

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.5.6

• [java-security] Add support for Envoy XFCC header format

Dependency upgrades

• Bump spring.core.version from 6.2.0 to 6.2.1
• Bump io.projectreactor:reactor-core from 3.6.9 to 3.7.1
• Bump io.projectreactor:reactor-test from 3.7.0 to 3.7.1

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.5.6

• [java-security] Add support for Envoy XFCC header format

Dependency upgrades

• Bump spring.core.version from 6.2.0 to 6.2.1
• Bump io.projectreactor:reactor-core from 3.6.9 to 3.7.1
• Bump io.projectreactor:reactor-test from 3.7.0 to 3.7.1

Commits

• See full diff in compare view

Updates io.grpc:grpc-bom from 1.68.2 to 1.69.0

Release notes

Sourced from io.grpc:grpc-bom's releases.

v1.69.0

v1.69.0

New Features

• api: Allow LoadBalancers to specify an authority per-RPC.(#11631) (c167ead85) CallOptions.withAuthority() has higher precedence.
• netty: Add soft Metadata size limit enforcement. (#11603) (735b3f3fe) The soft limit is a lower size limit that fails an increasing percentage of RPCs as the Metadata size approaches the upper limit. This can be used as an “early warning” that the Metadata size is growing too large
• alts: support altsCallCredentials in GoogleDefaultChannelCredentials (#11634) (ba8ab796e)
• xds: Add grpc.xds_client metrics, as documented by OpenTelemetry Metrics (#11661) (20d09cee5). grpc.xds.authority is not yet available

Bug Fixes

• api: When forwarding from Listener onAddresses to Listener2 continue to use onResult (#11666) (dae078c0a). This fixes a 1.68.1 "IllegalStateException: Not called from the SynchronizationContext" regression (#11662) that could be seen in certain custom NameResolvers
• okhttp: If the frame handler thread is null do not schedule it on the executor (ef1fe8737). This fixes a 1.68.1 NullPointerException regression when a custom transportExecutor was provided to the channel and it did not have enough threads to run new tasks

Improvements

• api: Add java.time.Duration overloads to CallOptions, AbstractStub methods that take TimeUnit and a time value (#11562) (766b92379)
• core: Make timestamp usage in Channelz use nanos from Java.time.Instant when available (#11604) (9176b5528). This increases the timestamp precision from milliseconds
• okhttp: Fix for ipv6 link local with scope (#11725) (e98e7445b)
• binder: Let AndroidComponentAddress specify a target UserHandle (#11670) (e58c998a4)
• servlet: Deframe failures should be logged on the server as warnings (#11645) (a5db67d0c)
• s2a: Rename the Bazel target s2av2_credentials to s2a (29dd9bad3). The target s2a had been referenced by IO_GRPC_GRPC_JAVA_OVERRIDE_TARGETS but didn’t previously exist
• services: Make channelz work with proto lite (#11685) (b1703345f). This compatibility is on the source level. There is not a pre-built binary on Maven Central that supports proto lite
• services: Deprecate ProtoReflectionService (#11681) (921f88ae3). The class implements the deprecated v1alpha of the reflection protocol. Prefer ProtoReflectionServiceV1, which implements the v1 version of the reflection protocol

Dependencies

• Upgrade proto-google-common-protos to 2.48.0 (1993e68b0)
• Upgrade google-auth-library to 1.24.1 (1993e68b0)
• Upgrade error_prone_annotations to 2.30.0 (1993e68b0)
• Upgrade Guava to 33.3.1-android (1993e68b0)
• Upgrade opentelemetry-api to 1.43.0 (1993e68b0)
• xds: Remove Bazel dependency on xds v2 (664f1fcf8). This had been done for the Maven Central binaries in 1.63.0, but had been missed for Bazel builds

Documentation

• binder: Update error codes doc for new "Safer Intent" rules. (#11639) (fe350cfd5)
• examples: Use xds-enabled server and xds credentials in example-gcp-csm-observability (#11706) (a79982c7f)

Thanks to
@​niloc132
@​rockspore
@​SreeramdasLavanya
@​vinodhabib

Commits

• 34a7cff Bump version to 1.69.0
• ddc3163 Update README etc to reference 1.69.0
• e98e744 okhttp: Fix for ipv6 link local with scope (#11725) (#11729)
• 29dd9ba change s2av2_credentials to s2a
• a79982c [CSM] Use xds-enabled server and xds credentials in examples (#11706)
• 20d09ce xds: Add counter and gauge metrics (#11661)
• 92de2f3 testing: enabled smallLatency test (#11671)
• 32f4cf4 gae-interop-testing: Upgrade to Java 17
• e58c998 AndroidComponentAddress includes a target UserHandle (#11670)
• 6a92a2a interop-testing: Add concurrency condition to the soak test using existing bl...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions