Bump org.springframework.boot from 3.2.0 to 4.0.3

[dependabot]

Bumps org.springframework.boot from 3.2.0 to 4.0.3.

Release notes

Sourced from org.springframework.boot's releases.

v4.0.3

⭐ New Features

• Add TWENTY_SIX to JavaVersion enum #49193

🐞 Bug Fixes

• Jackson properties may not be applied correctly to RestClients #49223
• ClassNotFoundException when using Actuator without spring-boot-health #49196
• Using the OTel and Zipkin starters together creates invalid configuration #49183
• Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #49060
• Jackson2HttpMessageConvertersConfiguration uses ConditionOn Jackson3 XMLMapper class #49015
• server.jetty.threads.max is ignored when using virtual threads #48989
• Slice test includes fail to load when using spring-boot-starter-test-classic #48981
• Docker credential helpers with file extensions cannot be executed on Windows #48979
• Java version requirement check for native image is confusing if AOT didn't run #48963
• TestPropertyValues.Pair.fromMapEntry(Entry<String, String>) does not comply with its nullability contract #48948

📔 Documentation

• Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #49212
• Document that use of non idiomatic format for '@Value' still apply for environment variables #49109
• Document naming convention for custom test-scoped starters #49017
• Delay removal of Jackson 2 support until 4.3 at the earliest #49010
• LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #49003
• ApplicationContextAssert documents a non-existent assertion in getFailure() #48977
• Highlight the importance of the preStop hook when configuring Kubernetes probes #48946

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.27.7 #49095
• Upgrade to Elasticsearch Client 9.2.5 #49184
• Upgrade to Groovy 5.0.4 #49097
• Upgrade to Hibernate 7.2.3.Final #49098
• Upgrade to Hibernate 7.2.4.Final #49167
• Upgrade to Jaybird 6.0.4 #49099
• Upgrade to JBoss Logging 3.6.2.Final #49100
• Upgrade to Jersey 4.0.2 #49101
• Upgrade to Jetty 12.1.6 #49102
• Upgrade to jOOQ 3.19.30 #49103
• Upgrade to JUnit Jupiter 6.0.3 #49233
• Upgrade to Logback 1.5.29 #49169
• Upgrade to Logback 1.5.32 #49245
• Upgrade to Micrometer 1.16.3 #49111
• Upgrade to Micrometer Tracing 1.6.3 #49112
• Upgrade to MongoDB 5.6.3 #49105
• Upgrade to MySQL 9.6.0 #49106
• Upgrade to Netty 4.2.10.Final #49107
• Upgrade to Postgresql 42.7.10 #49202
• Upgrade to Reactor Bom 2025.0.3 #49087

... (truncated)

Commits

• 1ab1436 Release v4.0.3
• 5cc488d Merge branch '3.5.x' into 4.0.x
• 9138ae2 Next development version (v3.5.12-SNAPSHOT)
• a7e63a7 Merge branch '3.5.x' into 4.0.x
• 54ab3c5 Align "noteworthy" issues in release notes with Spring Framework
• b3ae5b1 Merge branch '3.5.x' into 4.0.x
• 996664f Temporarily switch Docker to overlay2
• 1ce8743 Revert "Temporarily disable containerd snapshotter"
• 5ba88c6 Temporarily disable containerd snapshotter
• 1f1a88c Revert "Temporarily update system tests to use specific platform"
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

[devin-ai-integration]

Devin Review found 1 potential issue.

View 1 additional finding in Devin Review.

[devin-ai-integration]

🔴 Spring Boot plugin version (4.0.3) mismatched with spring-boot-starter-web dependency (3.2.0)

The PR upgrades the org.springframework.boot Gradle plugin to 4.0.3 on line 4 but leaves the spring-boot-starter-web dependency hardcoded at 3.2.0 on line 15. This version mismatch means the application will attempt to run Spring Boot 3.2.0 libraries under a 4.0.3 plugin toolchain, which will almost certainly cause runtime incompatibilities or build failures. Normally the Spring Boot plugin manages dependency versions via its BOM, but here the explicit 3.2.0 version on the dependency overrides that, pinning it to the old version. The dependency version should either be updated to 4.0.3 to match, or (better) the explicit version should be removed so the plugin's dependency management resolves it automatically.

Prompt for agents

In build.gradle, either:
1. Remove the explicit version from the spring-boot-starter-web dependency (line 15) so the Spring Boot plugin's dependency management picks the correct version automatically:
   implementation 'org.springframework.boot:spring-boot-starter-web'
OR
2. Update the version on line 15 to match the plugin version on line 4 (4.0.3):
   implementation 'org.springframework.boot:spring-boot-starter-web:4.0.3'

Option 1 is preferred as it avoids future version drift.

---

Was this helpful? React with 👍 or 👎 to provide feedback.