build(deps-dev): Bump org.springframework:spring-context from 7.0.7 to 7.0.8

[dependabot]

Bumps org.springframework:spring-context from 7.0.7 to 7.0.8.

Release notes

Sourced from org.springframework:spring-context's releases.

v7.0.8

⚠️ Security Fixes

This maintenance release fixes a high number of CVEs. You can learn more about this in the "Spring and Security In The Times Of AI" blog post. Here is the full list of 16 CVEs:

• CVE-2026-41838 "Spring Framework Predictable Session ID in WebSocket Module"
• CVE-2026-41839 "Spring Framework Escalation via Session Fixation in WebFlux"
• CVE-2026-41840 "Spring Framework Denial of Service via Multipart Requests in WebFlux"
• CVE-2026-41841 "Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux"
• CVE-2026-41842 "Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux"
• CVE-2026-41843 "Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux"
• CVE-2026-41844 "Spring Framework Open Redirect in Spring MVC and WebFlux"
• CVE-2026-41845 "Spring Framework Cross-site Scripting via JavaScriptUtils"
• CVE-2026-41846 "Spring Framework Cross-site Scripting via JSP Form Tags"
• CVE-2026-41848 "Spring Framework Denial of Service via AntPathMatcher"
• CVE-2026-41850 "Spring Framework Algorithmic Denial of Service via SpEL Expressions"
• CVE-2026-41851 "Spring Framework Denial of Service via Unbounded Cache in SpEL"
• CVE-2026-41852 "Spring Framework Arbitrary Method Invocation in SpEL Expressions"
• CVE-2026-41853 "Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux"
• CVE-2026-41854 "Spring Framework Server-Side Request Forgery via UriComponentsBuilder"
• CVE-2026-41855 "Spring Framework Unsafe Deserialization via Jackson JMS Converters"

⭐ New Features

• Include zone ID in CronTrigger's equals/hashCode implementations #36871
• Expose ClassLoader from DefaultDeserializer #36833
• Use immutable map for SEPARATORS static field in DefaultPathContainer #36821
• Track operations during SpEL expression evaluation #36801
• Ensure getters have non-void return types in SpEL #36800
• Avoid too many character access attempts in AntPathMatcher #36799
• Refine default view name resolution #36793
• Refine Jackson JMS converters #36791
• Improve ABNF rule checks in RfcUriParser #36787
• Restrict SpringVersion.getVersion() to "major.minor.patch" format #36785
• Runtime compatibility with JPA 4.0 M4 and corresponding Hibernate 8.0 snapshots #36784
• Allow specifying the charset to use in ExchangeFilterFunctions#basicAuthentication #36777
• Use CollectionUtils to initialize HashMap in DefaultUriBuilderFactory #36763
• Improve error messages in SpEL #36756
• Improve pattern caching in SpEL #36755
• Avoid ResolvableType#forType contention for implicit cache cleanup #36745
• Switch to JdkIdGenerator for WebSocket Sessions #36740
• Detect custom deserialized NullValue instances in AbstractValueAdaptingCache #36727
• LiteWebJarsResourceResolver does not resolve directories #36726
• Warn against unsafe static resource locations in MVC and WebFlux #36692
• Consistent compatibility with Woodstox as an alternative to Xerces #36682
• Improve principal checks for SockJS session #36681
• Set host header consistently in STOMP relay CONNECT frames #36673
• Support Micrometer context propagation in Kotlin Flow #36667
• Reliable detection of broadcast messages in UserDestinationMessageHandler #36662

... (truncated)

Commits

• 9e8cea3 Release v7.0.8
• 2c18c33 Track operations during SpEL expression evaluation
• 83667f8 Ensure getters have non-void return types in SpEL
• 7a8917b Improve additional error messages in SpEL
• 7baa865 Further improve pattern caching in SpEL
• 12b44f2 Avoid too many character access attempts in AntPathMatcher
• e8f1024 Ensure consistent JSP tag attribute processing
• a1826b7 Refine JavaScriptUtils#javaScriptEscape
• 7add524 Prevent special prefixes in default view name resolution
• 9bec52b Add trusted packages to MappingJackson2MessageConverter
• Additional commits viewable in compare view

[velo]

Required CircleCI remains failing after the allowed three concrete fix attempts, so this cannot be approved or merged. I fixed the outdated Request.create calls in JavaLoggerTest and LoggerRebufferTest, formatted those updates, then fixed Slf4jLoggerTest by adding the missing feign.Util import and updating its Request.create calls. The current failure is now validation/src/test/java/feign/validation/BeanValidationMethodInterceptorTest.java:79: String cannot be converted to Request.Body. Per maintainer policy, I am stopping after three attempts rather than pushing another change.

[velo]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[velo]

@dependabot recreate

[velo]

Superseded by #3413, which combines the spring-web and spring-context bumps into a single spring.version property. Closing.

[velo]

@dependabot close

[dependabot]

Looks like org.springframework:spring-context is up-to-date now, so this is no longer needed.