Skip to content

fix(deps): bump the prod-deps group across 1 directory with 6 updates #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): bump the prod-deps group across 1 directory with 6 updates #116

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps the prod-deps group with 4 updates in the / directory: org.springframework.boot:spring-boot-starter-parent, org.apache.logging.log4j:log4j-bom, org.springframework.cloud:spring-cloud-starter-openfeign and org.openapitools:jackson-databind-nullable.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.6 to 4.0.1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.1

⚠️ Noteworthy Changes

  • Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
  • spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
  • Using TestRestTemplate now requires a dependency on spring-boot-restclient

🐞 Bug Fixes

  • JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #48564
  • JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #48552
  • @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #48536
  • WebApplicationType does not consider modules when deduced from classpath #48517
  • Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #48493
  • Opentelemetry logging export requires actuator module #48488
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48487
  • Actuator Info class has inconsistent nullability annotations and cannot be built with null value #48480
  • Profiles retained during AOT processing are not configured in a native image #48476
  • Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #48388
  • HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #48387
  • spring.jackson.default-property-inclusion is not applied to content inclusion #48343
  • TestRestTemplate.getRootUri() returns empty string #48330
  • Redis health check reports an error when redis_version is missing from the INFO response #48328
  • Parent's MeterRegistry beans are closed when child context closes #48325
  • HttpMessageConverters picks up converter beans for both client and server #48310
  • Conditions to auto-configure a RestClient are outdated with the modularization #48308
  • A custom JwtTypeValidator that replaces the default can no longer be configured #48301
  • PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #48296
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48275
  • Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #48274
  • Starter for Kotlinx Serialization Json is misnamed #48262
  • ApplicationServletEnvironment is no longer configured in war deployments #48254
  • RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #48253
  • ProblemDetail is rendered to XML incorrectly #48222

📔 Documentation

  • Harmonize Kotlin example for HTTP Service client support #48577
  • Document HttpMessageConverters detection changes in 4.0.1 #48574
  • Improve javadoc for when to use class names rather than class references #48569
  • Documentation has an outdated reference to the Jackson Kotlin Module #48534
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #48532
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48527
  • Review documentation and migration guide about changes in @AutoConfigureCache #48522
  • License header in build samples is displayed in the reference documentation #48478
  • Configuring Two DataSources How-To code sample is inconsistent #48449
  • Fix links to source files on GitHub #48398
  • Documentation contains broken links to GitHub source files #48394
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48360
  • Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #48357
  • Polish TestRestTemplate examples in the reference guide #48336

... (truncated)

Commits
  • b2bc463 Release v4.0.1
  • 252b218 Correct renaming of Kotlinx Serialization JSON starters
  • 2fa73c2 Merge pull request #48577 from jwalter
  • 3e68988 Polish "Harmonize Kotlin example for HTTP Service client support"
  • 423373b Harmonize Kotlin example for HTTP Service client support
  • f61ac29 Document HttpMessageConverters detection changes
  • 2519a5d Merge branch '3.5.x'
  • 4fc3ca3 Next development version (v3.5.10-SNAPSHOT)
  • aaf66f4 Merge branch '3.5.x'
  • 08e2cab Polish javadoc for when to use class names rather than class references
  • Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.25.3

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.3

This patch release addresses issues detailed in the changelog below. In particular, it includes an important fix for the host name verification in SSL/TLS configuration. This is used by Socket Appender.

Changed

  • Optimize DefaultThreadContextMap.getCopy() performance by avoiding megamorphic calls in HashMap constructor (#3935, #3939)

Fixed

  • Fix GraalVM metadata for nested classes to use binary names instead of canonical names (#3871, #3996)
  • Fix failures caused by null SslConfiguration (#3947, #3953)
  • Fix incorrect handling of the host name verification in SSL/TLS configuration, which is used by Socket Appender when SSL/TLS is enabled (#4002)

Removed

  • Remove the com.github.spotbugs:spotbugs-annotations dependency (#3984, #3985)
Commits
  • 028e9fa Update the project.build.outputTimestamp property
  • 5350d10 Fix host name verification in SSLSocketManager (#4002)
  • e2898a0 Fix @Version annotations
  • 041435d Get ready for the 2.25.3 release
  • 73db4fb Fix log message in ApiLogger::setUseParentHandlers (#3943)
  • 6076b16 Fix nullability issues in SslConfiguration (#3953)
  • 8d43a99 Remove the com.github.spotbugs:spotbugs-annotations dependency (#3984, #3985)
  • 78dc01d Use binary names in GraalVmProcessor (#3996)
  • c09b012 Optimize DefaultThreadContextMap.getCopy() performance (#3939)
  • See full diff in compare view

Updates org.springframework:spring-jdbc from 6.2.11 to 7.0.2

Release notes

Sourced from org.springframework:spring-jdbc's releases.

v7.0.2

⭐ New Features

  • Avoid unnecessary list creation and processing in AbstractTestContextBootstrapper #35995
  • AbstractTestContextBootstrapper should resolve ContextLoader only once #35994
  • Log RetryException for @Retryable methods #35983
  • Consistently stop already started Lifecycle beans on cancelled refresh #35964
  • Support timeouts in @Retryable and RetryPolicy #35963
  • Use == instead of instanceof for primitive array type checks #35962
  • Introduce MultiValueMapCollector for use with streams #35958
  • Avoid package cycle caused by use of UriComponentsBuilder in ServletServerHttpRequest #35952
  • Target type in Converter interface should be @Nullable #35947
  • Provide access to attempt count in RetryListener as well as callbacks for the initial attempt #35940
  • DefaultHandshakeHandler should not log client faults on error level #35930
  • Log warning when meta-annotation is ignored due to types not present in classpath #35927
  • Revise ApplicationContext#getId() nullability to non-null #35925
  • Use concurrent set behind reactive TransactionSynchronizationManager#registerSynchronization #35921
  • Refine AbstractKotlinSerializationHttpMessageConverter#canWrite #35920
  • Register bean dependency for Optional injection point as well #35919
  • Change canRead/canWrite overrides to Class ones in AbstractSmartHttpMessageConverter #35916
  • Do not make HttpHeaders read-only in HttpEntity #35888
  • Add WebFlux SSE support with GSON #35884
  • Different ReactorNettyWebSocketSession call getId() may return the same value #35883
  • Refine nullability of Assert#noNullElements #35868
  • Allow configuring default maxIdleTime on InMemoryWebSessionStore. #35866
  • Refine BindingReflectionHintsRegistrar with ObjectToObjectConverter hints #35847
  • Add resetCaches() method to general CacheManager interface #35845
  • Enhance handleTypeMismatch error message in ResponseEntityExceptionHandler #35837
  • Add support for package-private BeanRegistrar in Spring AOT generated code #35803
  • Use ExtendedServletRequestDataBinder/ExtendedWebExchangeDataBinder for functional request binding #35800
  • Expose Collection on FragmentsRendering to facilitate Unit Tests #35775
  • Improve i18n-support for NoResourceFoundException #35758
  • Cache resolved singleton beans in injected Provider instance #35373

🐞 Bug Fixes

  • ContextConfigurationAttributes(Class) constructor incorrectly sets inheritLocations to false #36000
  • NullPointerException thrown from JdkClientHttpRequestFactory for null request header value #35996
  • State inconsistency in LazyConnectionDataSourceProxy when connection settings fail #35980
  • SubscriberInputStream#resume misuses parked thread reference #35978
  • Shared EntityManager returned by AbstractEntityManagerFactoryBean cannot be advised by AspectJ interceptor #35974
  • RestClient cannot make HEAD requests when the response declares gzip Content-Encoding #35966
  • ServerRequestObservationContext(s) miss Propagator.Getter method implementation #35965
  • Jackson used instead of kotlinx.serialization for more complex types #35960
  • Strong locking in ConcurrentReferenceHashMap#computeIfAbsent may cause context initialisation deadlock #35944
  • BridgeMethodResolver change in 6.2.13 breaks Spring Data entity introspection #35936
  • DefaultMessageListenerContainer does not clear Session and MessageConsumer for paused invokers #35932
  • Tighten cacheable decision behind @Lazy injection point #35917
  • AOT-generated bean definition does not consider name of RuntimeBeanReference using name and type #35913
  • Accidental fallback match for Collection-type beans due to @Bean-level qualifier annotation #35908

... (truncated)

Commits
  • 3591f1e Release v7.0.2
  • e2c9dc7 Revert to previous behavior for 7.0.2 (based on Boot/Data impact)
  • 1818161 Ensure bottom-up semantics in resolveDefaultContextConfigurationAttributes()
  • 8916ee9 Set inheritLocations to true in ContextConfigurationAttributes constructor
  • d835fe3 Do not send null HTTP header value in JdkClientHttpRequest
  • 0eefac2 Polishing contribution
  • e99791f Improve i18n-support for NoResourceFoundException.
  • 658775b Avoid unnecessary list creation & processing in AbstractTestContextBootstrapper
  • ea7a1d7 Resolve ContextLoader only once in AbstractTestContextBootstrapper
  • 4ae471d Resolve all default context configuration within @⁠Nested hierarchy
  • Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-starter-openfeign from 4.3.0 to 5.0.0

Release notes

Sourced from org.springframework.cloud:spring-cloud-starter-openfeign's releases.

5.0.0

🐞 Bug Fixes

  • SpringEncoderTests.testBinaryData() broken after jackson 3 upgrade #1269

5.0.0-M4

📔 Documentation

  • Update terminology to HTTP Service Clients. #1267

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​OlgaMaciaszek

5.0.0-M3

No release notes provided.

5.0.0-M1

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​wilkinsona

4.3.1

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

What's Changed

... (truncated)

Commits

Updates org.projectlombok:lombok from 1.18.40 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

  • FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
  • BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.
Commits
  • 2031eb0 [release] pre-release version bump for v1.18.42
  • c95a6c1 Merge branch 'logger-access'
  • 71d85ca #2280 Add delivery of this 'access for logging' to the changelog.
  • 99ba3e3 [trivial] Slightly reworded the javadoc on each @Log annotation's `access()...
  • e9cf11e [trivial][style]
  • a6d5568 [deprecation] Marked AccessLevel.MODULE as deprecated. It was written for a...
  • 492011d Refactored to use Javac/Eclipse utility function
  • c1f7f66 Update copyright in logger files
  • f63f40a Add myself to AUTHORS
  • 9152c34 Fix failing tests
  • Additional commits viewable in compare view

Updates org.openapitools:jackson-databind-nullable from 0.2.7 to 0.2.8

Release notes

Sourced from org.openapitools:jackson-databind-nullable's releases.

v0.2.8 released

What's Changed

New Contributors

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.7...v0.2.8

Commits
  • 108f5bd v0.2.8 release (#92)
  • b2ca809 Update to move away from deprecated methods (#91)
  • 377e8c4 Change the maven compile execution for Java 8 to override the default compile...
  • 5b73076 Fix typos and linguistic errors in documentation (#88)
  • 85e68d4 Bump org.junit:junit-bom from 5.13.4 to 5.14.0 (#87)
  • 9dd4094 Build as multi release jar (#62)
  • 6712288 Ignore semver-major Mockito and JUnit updates until Java 17+ is used for buil...
  • f377eda adding the following methods to JsonNullable, based on methods (#68)
  • 09ee5fc Ignore Hibernate Validator updates until Java 17+ is used for builds (#83)
  • 338ccf8 Update GitHub actions to use commit sha instead of tags to avoid supply chain...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the prod-deps group across 1 directory with 6 updates
bb6266c 
Bumps the prod-deps group with 4 updates in the / directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot), [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2), [org.springframework.cloud:spring-cloud-starter-openfeign](https://github.com/spring-cloud/spring-cloud-openfeign) and [org.openapitools:jackson-databind-nullable](https://github.com/OpenAPITools/jackson-databind-nullable).


Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.6 to 4.0.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.6...v4.0.1)

Updates `org.apache.logging.log4j:log4j-bom` from 2.25.2 to 2.25.3
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](apache/logging-log4j2@rel/2.25.2...rel/2.25.3)

Updates `org.springframework:spring-jdbc` from 6.2.11 to 7.0.2
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.2.11...v7.0.2)

Updates `org.springframework.cloud:spring-cloud-starter-openfeign` from 4.3.0 to 5.0.0
- [Release notes](https://github.com/spring-cloud/spring-cloud-openfeign/releases)
- [Commits](spring-cloud/spring-cloud-openfeign@v4.3.0...v5.0.0)

Updates `org.projectlombok:lombok` from 1.18.40 to 1.18.42
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.40...v1.18.42)

Updates `org.openapitools:jackson-databind-nullable` from 0.2.7 to 0.2.8
- [Release notes](https://github.com/OpenAPITools/jackson-databind-nullable/releases)
- [Commits](OpenAPITools/jackson-databind-nullable@v0.2.7...v0.2.8)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: org.springframework:spring-jdbc
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: org.springframework.cloud:spring-cloud-starter-openfeign
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: org.openapitools:jackson-databind-nullable
  dependency-version: 0.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 19, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 19, 2026 02:59
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant