Bump the gradle group across 1 directory with 2 updates

[dependabot]

Bumps the gradle group with 2 updates in the / directory: org.springframework:spring-webmvc and io.undertow:undertow-core.

Updates org.springframework:spring-webmvc from 6.2.17 to 6.2.18

Release notes

Sourced from org.springframework:spring-webmvc's releases.

v6.2.18

⭐ New Features

• Improve SpringValidatorAdapter and MethodValidationAdapter performance #36624
• Add missing @Deprecated(forRemoval = true) for deleted in 7.0 #36591
• Deprecate methodIdentification() in CacheAspectSupport for removal #36576
• Improve error handling in multipart codecs #36564
• LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #36529
• MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #36510

🐞 Bug Fixes

• Handle Kotlin nullable value class param correctly in CoroutineUtils #36643
• NullPointerException in ServerSentEvent when trying to set id or event properties #36634
• @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #36630
• WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #36627
• Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #36623
• ContentCachingRequestWrapper does not allow unlimited content caching #36620
• MergedAnnotation does not use ClassLoader for method or field #36614
• AnnotationBeanNameGenerator fails when an annotation references a non-existent class #36588
• FileSystemResource does not strictly follow the Resource#isReadable() contract #36585
• Query not hidden in DefaultClientResponse checkpoint #36571
• LazyConnectionDataSourceProxy does not pass on holdability to target Connection #36530
• DefaultJmsListenerContainer may hang in an endless loop in doShutdown #36511
• Inconsistent codings resolution in resource resolvers #36508

📔 Documentation

• Clarify semantics of HttpMethod.valueOf() #36653
• Document that spring.profiles.active is ignored by @ActiveProfiles #36636
• Document whitespace semantics in SpEL expressions #36629
• MergedAnnotation.asAnnotationAttributes() Javadoc incorrectly states that it creates an immutable map #36568
• Introduce Kotlin examples for Bean Overrides (@MockitoBean, etc.) #36542
• Fix incorrect cross-reference links in AbstractEnvironment Javadoc #36517

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.15.11 #36661
• Upgrade to Reactor 2024.0.17 #36660

Commits

• 6b11724 Release v6.2.18
• f6671e7 Upgrade to Reactor 2024.0.17 and Micrometer 1.15.11
• b338fdd Add doOnDiscard in MultipartHttpMessageReader
• 4e3f264 Add missing tests for WebRequestDataBinder
• 9e0b83e Polish WebRequestDataBinderTests
• af4b122 Extract ServletRequestParameterPropertyValuesTests
• 623ccd1 Revise "Skip binding entirely when field is not allowed"
• 69068ba Further clarify semantics of HttpMethod.valueOf()
• f182f9a Clarify semantics of HttpMethod.valueOf()
• 9d14448 Improve SpEL tests for Elvis and Ternary operators
• Additional commits viewable in compare view

Updates io.undertow:undertow-core from 2.3.21.Final to 2.4.0.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v.2.4.0.Beta1

Release 2.4.0.Beta1 Fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.4.0.Beta1

... (truncated)

Commits

• e2ae24e Prepare 2.4.0.Final
• 3ece0bf Merge pull request #1947 from fl4via/UNDERTOW-2594_2.4.x
• 4d35436 Merge pull request #3 from ropalka/UNDERTOW-1875_2.4.x
• 0431672 [UNDERTOW-1875] Fix matrix parameters processing with comma
• 335d198 [UNDERTOW-2594][UNDERTOW-2595][UNDERTOW-2596] At RequestParser, make sure the...
• 14072a2 [UNDERTOW-2594][UNDERTOW-2595][UNDERTOW-2596] CVE-2026-28368 CVE-2026-28369 C...
• 2e643b8 Next is 2.4.0.RC5
• 15fc158 Prepare 2.4.0.RC4
• 569361c Merge pull request #1942 from fl4via/UNDERTOW-2743
• 6166aa9 [UNDERTOW-2743] At Cookies.parseCookie, remove the quotes from the cookie val...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.