Bump org.springframework.boot from 3.5.7 to 4.0.4 #490

Merged
dependabot[bot] merged 2 commits from dependabot/gradle/org.springframework.boot-4.0.4 into master 2026-03-27 04:14:23 -07:00
dependabot[bot] commented 2026-03-23 01:35:37 -07:00 (Migrated from github.com)

Bumps org.springframework.boot from 3.5.7 to 4.0.4.

Release notes

Sourced from org.springframework.boot's releases.

v4.0.4

⚠️ Attention Required

  • Provide advance warning of the deprecation and forthcoming removal of OpenTelemetry's ZipkinSpanExporter #49453
  • Upgrade to Jackson 2 Bom 2.21.1 #49389
  • Upgrade to Jackson Bom 3.1.0 #49383
  • Tomcat's default max part count is too low in 4.0.x #49311

🐞 Bug Fixes

  • EndpointRequest request matcher for health groups is too complex #49649
  • "/cloudfoundryapplication" web path is not limited to Actuator #49646
  • Fix EndpointRequest.toLinks() when base-path is '/' #49617
  • Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
  • RSocket exposes duplicate endpoint for websocket setups #49593
  • Failure analysis for a missing mail sender is misleading #49582
  • SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49535
  • Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49482
  • "spring.main.cloud-platform=none" does not disable cloud features #49479
  • SSL support with Docker Compose does not work as documented #49385
  • Auto-configuration overrides authorization server configuration applied by Customizer beans #49367
  • Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49344
  • NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #49343
  • RouterFunctions descriptions in Actuator do not support nesting #49302
  • Maven plugin does not set '-parameters' option when processing AOT code #49295
  • HTTP Service Interface Client doesn't work in a native image due to missing property binding #49274
  • ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #49176
  • Missing starter for spring-boot-restdocs #48289

📔 Documentation

  • Document support for Java 26 #49604
  • List all supported colors when describing color-coded log output #49562
  • Improve EndpointRequest matcher documentation #49520
  • Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49514
  • Document security considerations for forwarded headers in cloud deployments #49507
  • Tutorial in the reference guide has outdated instructions #49429
  • Document additional repositories required for shibboleth.net #49392
  • Javadoc of JettyHttpClientBuilder refers to the wrong type #49387
  • Example spring-devtools.properties file is shown in the wrong format #49362
  • Clarify inferred relationships between OAuth 2 registrations and providers #49327
  • Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49321
  • Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #49306
  • Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49298
  • JDK requirement for the CLI still refers to Java 8 #49293
  • Java and Kotlin samples of an environment post processor are inconsistent #49287

🔨 Dependency Upgrades

  • Upgrade to Commons Logging 1.3.6 #49545

... (truncated)

Commits
  • 8bdd6f8 Release v4.0.4
  • 79a3850 Merge branch '3.5.x' into 4.0.x
  • 3ebd147 Next development version (v3.5.13-SNAPSHOT)
  • 26edf79 Merge branch '3.5.x' into 4.0.x
  • 6620dea Polishing
  • 7151419 Upgrade to Testcontainers 2.0.4
  • cc6bb61 Merge branch '3.5.x' into 4.0.x
  • dd54841 Upgrade to Spring Batch 5.2.5
  • 2739427 Upgrade to Spring Batch 6.0.3
  • a6d8c48 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.7 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v4.0.4</h2> <h2>:warning: Attention Required</h2> <ul> <li>Provide advance warning of the deprecation and forthcoming removal of OpenTelemetry's ZipkinSpanExporter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49453">#49453</a></li> <li>Upgrade to Jackson 2 Bom 2.21.1 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49389">#49389</a></li> <li>Upgrade to Jackson Bom 3.1.0 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49383">#49383</a></li> <li>Tomcat's default max part count is too low in 4.0.x <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49311">#49311</a></li> </ul> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>EndpointRequest request matcher for health groups is too complex <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49649">#49649</a></li> <li>&quot;/cloudfoundryapplication&quot; web path is not limited to Actuator <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49646">#49646</a></li> <li>Fix EndpointRequest.toLinks() when base-path is '/' <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49617">#49617</a></li> <li>Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49596">#49596</a></li> <li>RSocket exposes duplicate endpoint for websocket setups <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49593">#49593</a></li> <li>Failure analysis for a missing mail sender is misleading <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49582">#49582</a></li> <li>SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49535">#49535</a></li> <li>Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49482">#49482</a></li> <li>&quot;spring.main.cloud-platform=none&quot; does not disable cloud features <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49479">#49479</a></li> <li>SSL support with Docker Compose does not work as documented <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49385">#49385</a></li> <li>Auto-configuration overrides authorization server configuration applied by Customizer<!-- raw HTML omitted --> beans <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49367">#49367</a></li> <li>Using <code>@AutoConfigureWebTestClient</code> prevents separate configuration of spring.test.webtestclient.timeout from taking effect <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49344">#49344</a></li> <li>NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49343">#49343</a></li> <li>RouterFunctions descriptions in Actuator do not support nesting <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49302">#49302</a></li> <li>Maven plugin does not set '-parameters' option when processing AOT code <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49295">#49295</a></li> <li>HTTP Service Interface Client doesn't work in a native image due to missing property binding <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49274">#49274</a></li> <li>ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49176">#49176</a></li> <li>Missing starter for spring-boot-restdocs <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48289">#48289</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Document support for Java 26 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49604">#49604</a></li> <li>List all supported colors when describing color-coded log output <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49562">#49562</a></li> <li>Improve EndpointRequest matcher documentation <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49520">#49520</a></li> <li>Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49514">#49514</a></li> <li>Document security considerations for forwarded headers in cloud deployments <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49507">#49507</a></li> <li>Tutorial in the reference guide has outdated instructions <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49429">#49429</a></li> <li>Document additional repositories required for shibboleth.net <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49392">#49392</a></li> <li>Javadoc of JettyHttpClientBuilder refers to the wrong type <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49387">#49387</a></li> <li>Example spring-devtools.properties file is shown in the wrong format <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49362">#49362</a></li> <li>Clarify inferred relationships between OAuth 2 registrations and providers <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49327">#49327</a></li> <li>Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49321">#49321</a></li> <li>Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49306">#49306</a></li> <li>Update CLI's INSTALL.txt to reflect Groovy no longer being bundled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49298">#49298</a></li> <li>JDK requirement for the CLI still refers to Java 8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49293">#49293</a></li> <li>Java and Kotlin samples of an environment post processor are inconsistent <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49287">#49287</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Upgrade to Commons Logging 1.3.6 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49545">#49545</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8bdd6f836a4f6041b34e788dccda45e4653e82a4"><code>8bdd6f8</code></a> Release v4.0.4</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/79a38504ecb634ab47b820c3fd055917720c3ac1"><code>79a3850</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/3ebd1475088cbadf1355cffcbf6e3945af6d8376"><code>3ebd147</code></a> Next development version (v3.5.13-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/26edf790848000e34353bc8c026e897063dcef86"><code>26edf79</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/6620dea347a522d160d725a6a51e4ca3a54e1142"><code>6620dea</code></a> Polishing</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/7151419752494508e15005d95a521c2bf4cbf656"><code>7151419</code></a> Upgrade to Testcontainers 2.0.4</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/cc6bb612409b65b6fdf85b8ef58cd343f8d70bb9"><code>cc6bb61</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/dd54841c4a961efe28f197537ad0afd115027e3a"><code>dd54841</code></a> Upgrade to Spring Batch 5.2.5</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/273942749ccb4a230fc935d20a8d59cba641e027"><code>2739427</code></a> Upgrade to Spring Batch 6.0.3</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/a6d8c48e13cb394a9b1c375abad3572335c95a9a"><code>a6d8c48</code></a> Merge branch '3.5.x' into 4.0.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.7...v4.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.5.7&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Sign in to join this conversation.
No description provided.