Skip to content

fix(deps): bump the prod-deps group across 1 directory with 6 updates #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): bump the prod-deps group across 1 directory with 6 updates #334

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 28, 2025

Bumps the prod-deps group with 6 updates in the / directory:

Package From To
org.springframework.boot:spring-boot-starter-parent 3.5.7 4.0.1
com.puppycrawl.tools:checkstyle 12.1.2 12.3.0
org.codehaus.mojo:versions-maven-plugin 2.19.1 2.20.1
org.openapitools:openapi-generator-maven-plugin 7.17.0 7.18.0
org.apache.maven.plugins:maven-resources-plugin 3.3.1 3.4.0
org.apache.maven.plugins:maven-release-plugin 3.2.0 3.3.1

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 4.0.1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.1

⚠️ Noteworthy changes

  • Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
  • spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
  • Using TestRestTemplate now requires a dependency on spring-boot-restclient

🐞 Bug Fixes

  • JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #48564
  • JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #48552
  • @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #48536
  • WebApplicationType does not consider modules when deduced from classpath #48517
  • Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #48493
  • Opentelemetry logging export requires actuator module #48488
  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48487
  • Actuator Info class has inconsistent nullability annotations and cannot be built with null value #48480
  • Profiles retained during AOT processing are not configured in a native image #48476
  • Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #48388
  • HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #48387
  • spring.jackson.default-property-inclusion is not applied to content inclusion #48343
  • TestRestTemplate.getRootUri() returns empty string #48330
  • Redis health check reports an error when redis_version is missing from the INFO response #48328
  • Parent's MeterRegistry beans are closed when child context closes #48325
  • HttpMessageConverters picks up converter beans for both client and server #48310
  • Conditions to auto-configure a RestClient are outdated with the modularization #48308
  • A custom JwtTypeValidator that replaces the default can no longer be configured #48301
  • PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #48296
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48275
  • Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #48274
  • Starter for Kotlinx Serialization Json is misnamed #48262
  • ApplicationServletEnvironment is no longer configured in war deployments #48254
  • RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #48253
  • ProblemDetail is rendered to XML incorrectly #48222

📔 Documentation

  • Harmonize Kotlin example for HTTP Service client support #48577
  • Document HttpMessageConverters detection changes in 4.0.1 #48574
  • Improve javadoc for when to use class names rather than class references #48569
  • Documentation has an outdated reference to the Jackson Kotlin Module #48534
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #48532
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48527
  • Review documentation and migration guide about changes in @AutoConfigureCache #48522
  • License header in build samples is displayed in the reference documentation #48478
  • Configuring Two DataSources How-To code sample is inconsistent #48449
  • Fix links to source files on GitHub #48398
  • Documentation contains broken links to GitHub source files #48394
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48360
  • Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #48357
  • Polish TestRestTemplate examples in the reference guide #48336

... (truncated)

Commits
  • b2bc463 Release v4.0.1
  • 252b218 Correct renaming of Kotlinx Serialization JSON starters
  • 2fa73c2 Merge pull request #48577 from jwalter
  • 3e68988 Polish "Harmonize Kotlin example for HTTP Service client support"
  • 423373b Harmonize Kotlin example for HTTP Service client support
  • f61ac29 Document HttpMessageConverters detection changes
  • 2519a5d Merge branch '3.5.x'
  • 4fc3ca3 Next development version (v3.5.10-SNAPSHOT)
  • aaf66f4 Merge branch '3.5.x'
  • 08e2cab Polish javadoc for when to use class names rather than class references
  • Additional commits viewable in compare view

Updates com.puppycrawl.tools:checkstyle from 12.1.2 to 12.3.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-12.3.0

Checkstyle 12.3.0 - https://checkstyle.org/releasenotes.html#Release_12.3.0

New:

#18207 - IllegalImport: new property illegalModules to cover module imports #17223 - Google-style: New Check TextBlockGoogleStyleFormattingCheck

Bug fixes:

#18283 - Google style checks should allow _ keyword for anonymous variables

checkstyle-12.2.0

Checkstyle 12.2.0 - https://checkstyle.org/releasenotes.html#Release_12.2.0

New:

#18088 - Include full check name alongside ID in XML violation reports #17919 - Java25's import-module support

Bug fixes:

#18074 - JAR for 12.1.1 is missing org.slf4j package #18171 - RedundantImport does not work with module imports #18132 - PatternVariableAssignment gives error when assigning to field (using this.) with the same name as pattern variable #18104 - Drop support in checks for no-longer-compilable preview feature - Pattern matching for swtich

... (truncated)

Commits
  • 7cd24ce [maven-release-plugin] prepare release checkstyle-12.3.0
  • 66da258 doc: release notes for 12.3.0
  • f5bcfd8 Issue #18283: allow unnamed variables (_) in naming patterns
  • 25322e2 Issue #17882: Update LITERAL_INLINE_TAG AST format
  • 98c66e6 Issue #18272: Clone apache/kafka once KAFKA-19809 is merged
  • 2cca325 dependency: bump actions/upload-artifact from 5 to 6
  • e2c6a48 dependency: bump org.eclipse.jgit:org.eclipse.jgit
  • f264b99 dependency: bump actions/cache from 4 to 5
  • fbbddc0 Issue #17882: Update LEADING_ASTERISK of Javadoc CommentTokenTypes into AST f...
  • 4d23c0b infra: move no-error-trino to no-error-workflow.yml
  • Additional commits viewable in compare view

Updates org.codehaus.mojo:versions-maven-plugin from 2.19.1 to 2.20.1

Release notes

Sourced from org.codehaus.mojo:versions-maven-plugin's releases.

2.20.1

🐛 Bug Fixes

2.20.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

... (truncated)

Commits
  • b296a4f [maven-release-plugin] prepare release 2.20.1
  • b243939 Fixed #1313: Do not show existing version as update (#1315)
  • 773d0f3 [maven-release-plugin] prepare for next development iteration
  • 2467d99 [maven-release-plugin] prepare release 2.20.0
  • 4c240e7 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0
  • 6d64537 Bump byteBuddyVersion from 1.18.0 to 1.18.1
  • 7736ca6 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
  • 37a5330 Bump byteBuddyVersion from 1.17.7 to 1.18.0
  • edeb5e7 Bump commons-codec:commons-codec from 1.19.0 to 1.20.0
  • 88874e0 Bump commons-io:commons-io from 2.20.0 to 2.21.0
  • Additional commits viewable in compare view

Updates org.openapitools:openapi-generator-maven-plugin from 7.17.0 to 7.18.0

Updates org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.4.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • b07d56e [maven-release-plugin] prepare for next development iteration
  • 21e646c [maven-release-plugin] prepare release maven-resources-plugin-3.4.0
  • 61801af Migrate site to Doxia 2
  • 146ebb8 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439)
  • 5013682 Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24
  • d7c4d28 Bump Maven to 3.9.11 while keep prerequisites on 3.6.3
  • e33f1ec Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29
  • ce77f50 Bump m-invoker-p to 3.9.1
  • 726f429 Bump org.apache.maven.plugins:maven-plugins from 43 to 45
  • a747bae PlexusFileUtils Refaster recipes
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.1

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.3.1

💥 Breaking changes

🐛 Bug Fixes

📦 Dependency updates

3.3.0

💥 Breaking changes

  • Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @​kwin

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

... (truncated)

Commits
  • 7e8ebac [maven-release-plugin] prepare release maven-release-3.3.1
  • f0f28e5 Revert inclusion of ci skip in release commit msg
  • 2a82901 Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444)
  • c8613d2 [maven-release-plugin] prepare for next development iteration
  • 2b8adaa [maven-release-plugin] prepare release maven-release-3.3.0
  • 88630f9 Fixed #1426 : Replace archived org.semver:api with custom SemVer implemen...
  • 7af8ace Fix license header in xml files
  • 8914b84 Make implementation of new SemVer policies private for project
  • 7e861f0 Resolve todo that led to pointless asserts (#1442)
  • 422f895 Prefer JDK join method (#1434)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the prod-deps group across 1 directory with 6 updates
75e7e23 
Bumps the prod-deps group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `3.5.7` | `4.0.1` |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `12.1.2` | `12.3.0` |
| [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) | `2.19.1` | `2.20.1` |
| org.openapitools:openapi-generator-maven-plugin | `7.17.0` | `7.18.0` |
| [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) | `3.3.1` | `3.4.0` |
| [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `3.2.0` | `3.3.1` |



Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.7 to 4.0.1
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.7...v4.0.1)

Updates `com.puppycrawl.tools:checkstyle` from 12.1.2 to 12.3.0
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](checkstyle/checkstyle@checkstyle-12.1.2...checkstyle-12.3.0)

Updates `org.codehaus.mojo:versions-maven-plugin` from 2.19.1 to 2.20.1
- [Release notes](https://github.com/mojohaus/versions/releases)
- [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md)
- [Commits](mojohaus/versions@2.19.1...2.20.1)

Updates `org.openapitools:openapi-generator-maven-plugin` from 7.17.0 to 7.18.0

Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.3.1 to 3.4.0
- [Release notes](https://github.com/apache/maven-resources-plugin/releases)
- [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...v3.4.0)

Updates `org.apache.maven.plugins:maven-release-plugin` from 3.2.0 to 3.3.1
- [Release notes](https://github.com/apache/maven-release/releases)
- [Commits](apache/maven-release@maven-release-3.2.0...maven-release-3.3.1)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 12.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.codehaus.mojo:versions-maven-plugin
  dependency-version: 2.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.openapitools:openapi-generator-maven-plugin
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.apache.maven.plugins:maven-resources-plugin
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.apache.maven.plugins:maven-release-plugin
  dependency-version: 3.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Dec 28, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 28, 2025 15:03
@dependabot dependabot bot added the java Pull requests that update java code label Dec 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@psmagin psmagin Awaiting requested review from psmagin psmagin is a code owner automatically assigned from folio-org/spitfire-backend

@viacheslavkol viacheslavkol Awaiting requested review from viacheslavkol viacheslavkol is a code owner automatically assigned from folio-org/spitfire-backend

@SvitlanaKovalova1 SvitlanaKovalova1 Awaiting requested review from SvitlanaKovalova1 SvitlanaKovalova1 is a code owner automatically assigned from folio-org/spitfire-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant