agony-forge/agonyforge
1
0
Fork 0
Code Issues 13 Pull requests 3 Projects Releases 11 Packages Wiki Activity Actions

build(deps): bump org.springframework.boot from 4.0.5 to 4.0.6 #499

Open
dependabot[bot] wants to merge 1 commit from dependabot/gradle/org.springframework.boot-4.0.6 into master
pull from: dependabot/gradle/org.springframework.boot-4.0.6
merge into: agony-forge:master
Conversation 0 Commits 1 Files changed 2 +2 -2
dependabot[bot] commented 2026-04-27 02:26:26 -07:00 (Migrated from github.com)
Copy link

Bumps org.springframework.boot from 4.0.5 to 4.0.6.

Release notes

Sourced from org.springframework.boot's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 4.0.5 to 4.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-boot/releases">org.springframework.boot's releases</a>.</em></p> <blockquote> <h2>v4.0.6</h2> <h2>:lady_beetle: Bug Fixes</h2> <ul> <li>Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50188">#50188</a></li> <li>Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50187">#50187</a></li> <li>ApplicationPidFileWriter does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50185">#50185</a></li> <li>RandomValuePropertySource is not suitable for secrets <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50183">#50183</a></li> <li>Cassandra auto-configuration misconfigures CqlSessionBuilder <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50180">#50180</a></li> <li>ApplicationTemp does not handle symlinks correctly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50178">#50178</a></li> <li>Remote DevTools performs comparison incorrectly <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50176">#50176</a></li> <li>spring.rabbitmq.ssl.verify-hostname is applied inconsistently <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50174">#50174</a></li> <li>Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50077">#50077</a></li> <li>Classic starters are missing several modules <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50071">#50071</a></li> <li>Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic <a href="https://redirect.github.com/spring-projects/spring-boot/pull/50069">#50069</a></li> <li>Annotations like <code>@Ssl</code> don't work on <code>@Bean</code> methods when using <code>@ServiceConnection</code> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50064">#50064</a></li> <li>EnversRevisionRepositoriesRegistrar should reuse <code>@EnableEnversRepositories</code> rather than configuring the JPA counterpart <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50039">#50039</a></li> <li>WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50017">#50017</a></li> <li>Imports on a containing test class are ignored when a nested class has imports <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50012">#50012</a></li> <li>With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49951">#49951</a></li> <li>500 response from env endpoint when supplied pattern is invalid <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49946">#49946</a></li> <li>Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49945">#49945</a></li> <li>HTTP method is lost when configuring excludes in EndpointRequest <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49943">#49943</a></li> <li>Honor HttpMethod for reactive additional endpoint paths <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49880">#49880</a></li> <li>Docker Compose support doesn't work with apache/artemis image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49869">#49869</a></li> <li>Docker Compose support doesn't work with apache/activemq image <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49866">#49866</a></li> <li>Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49854">#49854</a></li> <li>API versioning path strategy should be applied path last as it is not meant to yield <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49800">#49800</a></li> </ul> <h2>:notebook_with_decorative_cover: Documentation</h2> <ul> <li>Update docs to encourage Java fundamentals for beginners that prefer to learn that way <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50146">#50146</a></li> <li>HTTP Service Interface Clients still document that API versioning can be configured via properties <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50126">#50126</a></li> <li>Link to the observability section of the Lettuce documentation is broken <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50097">#50097</a></li> <li>Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50085">#50085</a></li> <li>MySamlRelyingPartyConfiguration is missing a Kotlin sample <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50024">#50024</a></li> <li>Incorrect default value for management.httpexchanges.recording.include in configuration metadata <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50019">#50019</a></li> <li>Link to the Kubernetes documentation when discussing startup probes <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50015">#50015</a></li> <li>Typo in JdbcSessionAutoConfiguration Javadoc <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49873">#49873</a></li> <li>Clarify that configuration property default values are not available through the Environment <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49851">#49851</a></li> <li>Document the need for Liquibase and Flyway starters <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49839">#49839</a></li> <li>Kafka documentation refers to deprecated JSON serializer and deserializer classes <a href="https://redirect.github.com/spring-projects/spring-boot/pull/49826">#49826</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Upgrade to Elasticsearch Client 9.2.8 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50027">#50027</a></li> <li>Upgrade to Groovy 5.0.5 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49911">#49911</a></li> <li>Upgrade to Hibernate 7.2.12.Final <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50134">#50134</a></li> <li>Upgrade to Jackson Bom 3.1.2 <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50051">#50051</a></li> <li>Upgrade to <a href="https://github.com/jaxen-xpath/jaxen/releases/tag/v2.0.1">Jaxen 2.0.1</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/50104">#50104</a></li> <li>Upgrade to <a href="https://github.com/FirebirdSQL/jaybird/releases/tag/v6.0.5">Jaybird 6.0.5</a> <a href="https://redirect.github.com/spring-projects/spring-boot/issues/49914">#49914</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-boot/commit/8821ad2cd381bb4b9615a61479e1de7305a8ba39"><code>8821ad2</code></a> Release v4.0.6</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9e4048a03f17adfe78057a3c4d5b4693305c0ae0"><code>9e4048a</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/20bb11c3984802990572ddbeae8b66885a8f2462"><code>20bb11c</code></a> Next development version (v3.5.15-SNAPSHOT)</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/98daa8ea30f39a5b0ca6768b5cbc2dc8698ef4e1"><code>98daa8e</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/9dc5aa2863f598a15d3dfa116f4b89249daba7e7"><code>9dc5aa2</code></a> Polish</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/874f6294b91da18367b8b5ab7b2fad3fa23cfba6"><code>874f629</code></a> Fix default security with actuator but without health</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/e41b3bf731d1134bc18ec1f68ac01e0fe1c54923"><code>e41b3bf</code></a> Enable hostname verification for SSL connections to Elasticsearch</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/ef8527bb0ef8f564f4f9c57a7be99a7aa96c6ab0"><code>ef8527b</code></a> Merge branch '3.5.x' into 4.0.x</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/f533a4549c3999aac30cb5830f07dc304933e93d"><code>f533a45</code></a> Do not follow symlinks when writing PID file</li> <li><a href="https://github.com/spring-projects/spring-boot/commit/4a7bd332b6d19fef1aa4cf28434985f2b03a2e0f"><code>4a7bd33</code></a> Merge branch '3.5.x' into 4.0.x</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-boot/compare/v4.0.5...v4.0.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=4.0.5&new-version=4.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin dependabot/gradle/org.springframework.boot-4.0.6:dependabot/gradle/org.springframework.boot-4.0.6
git switch dependabot/gradle/org.springframework.boot-4.0.6

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master
git merge --no-ff dependabot/gradle/org.springframework.boot-4.0.6
git switch dependabot/gradle/org.springframework.boot-4.0.6
git rebase master
git switch master
git merge --ff-only dependabot/gradle/org.springframework.boot-4.0.6
git switch dependabot/gradle/org.springframework.boot-4.0.6
git rebase master
git switch master
git merge --no-ff dependabot/gradle/org.springframework.boot-4.0.6
git switch master
git merge --squash dependabot/gradle/org.springframework.boot-4.0.6
git switch master
git merge --ff-only dependabot/gradle/org.springframework.boot-4.0.6
git switch master
git merge dependabot/gradle/org.springframework.boot-4.0.6
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
java
Pull requests that update java code

  
question
Further information is requested

  
refactor
Refactor of existing code

  
wontfix
This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
java
question
refactor
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
agony-forge/agonyforge!499
No description provided.