Bump org.springframework.boot from 3.5.7 to 4.0.2 #478

Closed
dependabot[bot] wants to merge 1 commit from dependabot/gradle/org.springframework.boot-4.0.2 into master
dependabot[bot] commented 2026-01-26 00:58:38 -08:00 (Migrated from github.com)

Bumps org.springframework.boot from 3.5.7 to 4.0.2.

Release notes

Sourced from org.springframework.boot's releases.

v4.0.2

⚠️ Noteworthy Changes

  • The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

  • No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
  • SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
  • Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
  • Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
  • CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
  • RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
  • SSL metrics are no longer auto-configured #48819
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
  • The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
  • Application JAR created by extract command is not reproductible #48678
  • AOT processing of tests should not be disabled when 'skipTests' is set #48662
  • @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
  • Fix zero-length byte buffer in InspectedContent #48650
  • Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
  • HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
  • spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
  • App fails to start with starter-webmvc and starter-zipkin #48581
  • Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

  • Fix typo in REST client documentation #48907
  • Remove duplicate word #48874
  • Document support for configuring arguments passed to Docker Compose #48806
  • The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
  • Update documentation for Buildpack's AOT Cache support #48769
  • Correct docs to use new location for error handling configuration properties #48767
  • Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
  • Example using excludeDevtools property should document that optional dependencies should be enabled #48641
  • Fix grammar and typos in the reference guide #48601
  • Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48783
  • Upgrade to Elasticsearch Client 9.2.3 #48721
  • Upgrade to Hibernate 7.2.1.Final #48857
  • Upgrade to HttpClient5 5.5.2 #48784
  • Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits
  • fae3545 Release v4.0.2
  • 9fde744 Merge branch '3.5.x' into 4.0.x
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 547bc77 Upgrade to Spring Batch 6.0.2
  • 4387cbb Upgrade to Jackson Bom 3.0.4
  • abec26e Polish
  • f677fba Upgrade to Spring Integration 7.0.2
  • 849c2ee Upgrade to Spring GraphQL 2.0.2
  • facd456 Upgrade to Nullability Plugin 0.0.10
  • e99c08f Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.7 to 4.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v4.0.2</h2> <h2>:warning: Noteworthy Changes</h2> <ul> <li>The dependency on <code>org.eclipse.jetty.ee11:jetty-ee11-servlets</code> has been removed from <code>spring-boot-jetty</code> as it was unnecessary and unused. If your application code depends on a class from <code>jetty-ee11-servlets</code>, declare a dependency on it in your build configuration. <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48677">#48677</a></li> </ul> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48880">#48880</a></li> <li>Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48840">#48840</a></li> <li>When a bean condition references a type that is not present, it appears as ? in the condition evaluation report <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48838">#48838</a></li> <li>SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48830">#48830</a></li> <li>Setting graphql schema location to &quot;classpath*:graphql/**/&quot; causes failure due to incorrectly packaged test resource <a href="https://redirect.github.com/spring-projects/spring-boot/pull/48829">#48829</a></li> <li>Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48828">#48828</a></li> <li>CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48826">#48826</a></li> <li>RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48820">#48820</a></li> <li>SSL metrics are no longer auto-configured <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48819">#48819</a></li> <li>Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48812">#48812</a></li> <li>DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48703">#48703</a></li> <li>The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48685">#48685</a></li> <li>Application JAR created by extract command is not reproductible <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48678">#48678</a></li> <li>AOT processing of tests should not be disabled when 'skipTests' is set <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48662">#48662</a></li> <li><code>@SpringBootTest</code>(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48653">#48653</a></li> <li>Fix zero-length byte buffer in InspectedContent <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48650">#48650</a></li> <li>Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48635">#48635</a></li> <li>HttpServiceClientProperties incorrectly uses the <code>@ConfigurationProperties</code> annotation on a LinkedHashMap class <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48616">#48616</a></li> <li>spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48585">#48585</a></li> <li>App fails to start with starter-webmvc and starter-zipkin <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48581">#48581</a></li> <li>Micrometer test modules should have an api dependency on micrometer-observation-test <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48386">#48386</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Fix typo in REST client documentation <a href="https://redirect.github.com/spring-projects/spring-boot/pull/48907">#48907</a></li> <li>Remove duplicate word <a href="https://redirect.github.com/spring-projects/spring-boot/pull/48874">#48874</a></li> <li>Document support for configuring arguments passed to Docker Compose <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48806">#48806</a></li> <li>The documentation related to EnvironmentPostProcessor links to deprecated interface <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48803">#48803</a></li> <li>Update documentation for Buildpack's AOT Cache support <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48769">#48769</a></li> <li>Correct docs to use new location for error handling configuration properties <a href="https://redirect.github.com/spring-projects/spring-boot/pull/48767">#48767</a></li> <li>Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48675">#48675</a></li> <li>Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48659">#48659</a></li> <li>Example using excludeDevtools property should document that optional dependencies should be enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48641">#48641</a></li> <li>Fix grammar and typos in the reference guide <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48601">#48601</a></li> <li>Update Tracing section for Spring Boot 4's modularity <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48576">#48576</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Upgrade to Classmate 1.7.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48783">#48783</a></li> <li>Upgrade to Elasticsearch Client 9.2.3 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48721">#48721</a></li> <li>Upgrade to Hibernate 7.2.1.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48857">#48857</a></li> <li>Upgrade to HttpClient5 5.5.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48784">#48784</a></li> <li>Upgrade to Jackson 2 Bom 2.20.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/48910">#48910</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/fae35455769a9f6af8911fa9d3e984bff5070542"><code>fae3545</code></a> Release v4.0.2</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9fde74494d3534d350f77d39d0cfb2420b643fbf"><code>9fde744</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/650236d11987cb75dc3ad9f0eef71b1a99f6e1b0"><code>650236d</code></a> Remove breaking and unnecessary Undertow TLS with RSA test</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/547bc773e1f4e928379956e4598564d7205bc4e1"><code>547bc77</code></a> Upgrade to Spring Batch 6.0.2</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4387cbb4a016ec62078d629ab575ce3f1e2cec2b"><code>4387cbb</code></a> Upgrade to Jackson Bom 3.0.4</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/abec26e504fa42774dce0232ff7c41f12afa00cf"><code>abec26e</code></a> Polish</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/f677fbaa489eb62fea743968a8b6ede56fce9d93"><code>f677fba</code></a> Upgrade to Spring Integration 7.0.2</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/849c2eebe993effe6d01f99f363e0e1facf766e4"><code>849c2ee</code></a> Upgrade to Spring GraphQL 2.0.2</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/facd4564b0e48f84843cb2095ef61a9f26c75550"><code>facd456</code></a> Upgrade to Nullability Plugin 0.0.10</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e99c08f0e943a6f77b23d0fd8b81f8fe7ee824ab"><code>e99c08f</code></a> Merge branch '3.5.x' into 4.0.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v3.5.7...v4.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.5.7&new-version=4.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
dependabot[bot] commented 2026-02-23 00:47:15 -08:00 (Migrated from github.com)

Superseded by #486.

Superseded by #486.

Pull request closed

Sign in to join this conversation.
No description provided.