Bump the spring group across 1 directory with 2 updates

[dependabot]

Bumps the spring group with 2 updates in the / directory: org.springframework.boot and io.spring.dependency-management.

Updates org.springframework.boot from 2.5.2 to 4.0.6

Release notes

Sourced from org.springframework.boot's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates io.spring.dependency-management from 1.0.11.RELEASE to 1.1.7

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.7

🐞 Bug Fixes

• Dependency management report task produces a deprecation warning with Gradle 8.12-rc-1 #400
• ExclusionResolver makes assumptions that won't hold true with Gradle 9 #394

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​octylFractal

v1.1.6

🐞 Bug Fixes

• Applying Maven-style exclusions may cause a deprecation warning with Gradle 8.8 #384

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​quaff

v1.1.5

🐞 Bug Fixes

• When a dependency has been substituted by changing its target, its version is managed based on its original group and artifact IDs #383
• Plugin triggers a deprecation warning for LenientConfiguration#getArtifacts(Spec) with Gradle 8.8 #381
• Exclusions are calculated unnecessarily for non-transitive configurations #372

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​fp7

v1.1.4

🐞 Bug Fixes

• Dependencies declared in a platform are excluded unless applyMavenExclusions is set to false #368
• Invalid pom is produced when using both the dependency management plugin and Gradle's bom support #257

📔 Documentation

• Typo in "Importing a Maven Bom" example #366

v1.1.3

🐞 Bug Fixes

• NullPointerException when Maven-style exclusions are enabled and a dependency has a pom which Maven's Model Builder considers to be invalid #365

... (truncated)

Commits

• 99c6a87 Release v1.1.7
• e870ef7 Address another deprecation warning in report take
• fc43f90 Stop report task from triggering a deprecation warning
• 0d1b43d Merge pull request #394 from octylFractal
• 09853a2 Check for ModuleComponentIdentifier explicitly
• e85cd28 Next development version (v1.1.7-SNAPSHOT)
• caad92a Apply exclusions earlier to avoid deprecation warning
• 68f86ea Merge pull request #387 from quaff
• 4d44a45 Remove stray backtick
• 90d9e1a Rename property to address naming clash
• Additional commits viewable in compare view

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud