[4.1.x] Bump org.springframework:spring-webflux from 7.0.7 to 7.0.8

[dependabot]

Bumps org.springframework:spring-webflux from 7.0.7 to 7.0.8.

Release notes

Sourced from org.springframework:spring-webflux's releases.

v7.0.8

⭐ New Features

• Include zone ID in CronTrigger's equals/hashCode implementations #36871
• Expose ClassLoader from DefaultDeserializer #36833
• Use immutable map for SEPARATORS static field in DefaultPathContainer #36821
• Eagerly compute exit descriptors for negative literals #36801
• Revise property accessor algorithms #36800
• Improve path pattern matching #36799
• Refine default view name resolution #36793
• Refine Jackson JMS converters #36791
• Improve ABNF rule checks in RfcUriParser #36787
• Restrict SpringVersion.getVersion() to "major.minor.patch" format #36785
• Runtime compatibility with JPA 4.0 M4 and corresponding Hibernate 8.0 snapshots #36784
• Allow specifying the charset to use in ExchangeFilterFunctions#basicAuthentication #36777
• Use CollectionUtils to initialize HashMap in DefaultUriBuilderFactory #36763
• Improve error messages in SpEL #36756
• Improve pattern caching in SpEL #36755
• Avoid ResolvableType#forType contention for implicit cache cleanup #36745
• Switch to JdkIdGenerator for WebSocket Sessions #36740
• Detect custom deserialized NullValue instances in AbstractValueAdaptingCache #36727
• LiteWebJarsResourceResolver does not resolve directories #36726
• Warn against unsafe static resource locations in MVC and WebFlux #36692
• Consistent compatibility with Woodstox as an alternative to Xerces #36682
• Improve principal checks for SockJS session #36681
• Set host header consistently in STOMP relay CONNECT frames #36673
• Support Micrometer context propagation in Kotlin Flow #36667
• Reliable detection of broadcast messages in UserDestinationMessageHandler #36662

🐞 Bug Fixes

• Concurrency issue against shared cookie field in CookieLocaleResolver#setLocaleContext #36869
• Server Sent Event does not support multi-line comments #36866
• CronExpression skips days on midnight DST gap #36865
• Regression in 6.2.0+: ConfigurationClassParser incorrectly removes component-scanned bean when the same class is also registered under a different name via XML #36835
• Preserve generic type info in awaitEntity() #36834
• Bean Background Bootstrap and Lazy Init #36844
• Back-off for DefaultMessageListenerContainer with OracleAQ has changed and is very short in SpringBoot 4 #36809
• Character outside of permitted range in Content Disposition #36805
• Fix JSP tag processing #36797
• Fix script processing capabilities #36795
• Jaxb2XmlEncoder exclusivity prevents JacksonXmlEncoder usage and hinders POJO serialization #36776
• JacksonXmlEncoder.canEncode incorrectly returns true for String body with application/xml #36775
• Consistently expose map key quotes in PropertyAccessorUtils #36765
• Fix fragment parsing for relative URI in RFC URI parser #36762
• Fix race condition in InMemoryWebSessionStore #36742
• Parsing failure for MIME type with quoted parameter values #36730
• Circular dependency between supplier-created beans is silently ignored on startup #36725
• Data is lost for joined DataBuffer in DataBufferUtils #36714
• Cache collisions in CachingResourceResolver #36713

... (truncated)

Commits

• 9e8cea3 Release v7.0.8
• 2c18c33 Track operations during SpEL expression evaluation
• 83667f8 Ensure getters have non-void return types in SpEL
• 7a8917b Improve additional error messages in SpEL
• 7baa865 Further improve pattern caching in SpEL
• 12b44f2 Avoid too many character access attempts in AntPathMatcher
• e8f1024 Ensure consistent JSP tag attribute processing
• a1826b7 Refine JavaScriptUtils#javaScriptEscape
• 7add524 Prevent special prefixes in default view name resolution
• 9bec52b Add trusted packages to MappingJackson2MessageConverter
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)