Skip to content

feat(deps): update all non-major dependencies#805

Merged
renovate[bot] merged 5 commits into
mainfrom
renovate/all-minor-patch
Sep 24, 2025
Merged

feat(deps): update all non-major dependencies#805
renovate[bot] merged 5 commits into
mainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Sep 21, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
mongo patch 8.0.9 -> 8.0.14 age adoption passing confidence
rabbitmq patch 4.1.0-management-alpine -> 4.1.4-management-alpine age adoption passing confidence
com.diffplug.spotless:spotless-plugin-gradle dependencies minor 7.0.2 -> 7.2.1 age adoption passing confidence
io.mockk:mockk-jvm (source) devDependencies patch 1.14.2 -> 1.14.5 age adoption passing confidence
org.springframework.boot:spring-boot-gradle-plugin (source) dependencies minor 3.3.6 -> 3.5.6 age adoption passing confidence
org.springdoc:springdoc-openapi-starter-webflux-ui (source) dependencies minor 2.6.0 -> 2.8.13 age adoption passing confidence

Release Notes

mockk/mockk (io.mockk:mockk-jvm)

v1.14.5

Compare Source

What's Changed

New Contributors

Full Changelog: mockk/mockk@1.14.4...1.14.5

v1.14.4

Compare Source

This release is functionally equivalent to v1.14.3, I just wanted to try out the new publishing process that uses Maven Central instead of OSSRH.

Full Changelog: mockk/mockk@1.14.3...1.14.4

v1.14.3

Compare Source

What's Changed

New Contributors

Full Changelog: mockk/mockk@1.14.2...1.14.3

spring-projects/spring-boot (org.springframework.boot:spring-boot-gradle-plugin)

v3.5.6

v3.5.5

🐞 Bug Fixes

  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46844
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
  • Race condition in OutputCapture can result in stale data #​46721
  • Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
  • Default value not detected for a field annoted with @Name #​46666
  • Missing metadata when using @Name with a constructor-bound property #​46663
  • Missing property for Spring Authorization Server's PAR endpoint #​46641
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
  • Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
  • Failure to discover default value for a primitive should not lead to document its default value #​46561

📔 Documentation

  • Kotlin samples for configuration metadata are in the wrong package #​46857
  • Observability examples in the reference guide are missing the Kotlin version #​46798
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
  • Tracing samples in the reference guide are missing the Kotlin version #​46767
  • Improve Virtual Threads section to mention the changes in Java 24 #​46610
  • spring.test.webtestclient.timeout is not documented #​46588
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
  • Adapt deprecation level for management.health.influxdb.enabled #​46580
  • spring.test.mockmvc properties are not documented #​46578

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.5.4

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #​46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #​46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46203
  • Permissions are applied inconsistently when building uber archives with Gradle #​46194
  • Environment variables using legacy dash format can no longer be bound #​46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46180
  • Executable JAR application class encounters performance issues #​46177
  • Executable JAR application class encounters performance issues #​46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46170
  • SslInfo does not use its Clock when checking certificate validity #​46011

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46247
  • Fix broken Kotlin examples in reference documentation #​46168
  • Add Logback Access Reactor Netty to community starters #​46060

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.5.3

🐞 Bug Fixes

  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46040

v3.5.2

🐞 Bug Fixes
  • IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #​46032

v3.5.1

⚠️ Noteworthy Changes

  • This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

⭐ New Features

  • Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #​42932

🐞 Bug Fixes

  • Executable JAR application class encounters performance issues when classpath URLs reference a host #​46028
  • Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46019
  • spring.couchbase.authentication.jks.private-key-password has no effect #​46006
  • Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46005
  • UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #​45994
  • DataSouceBuilder can fail with a NPE when the driver is null #​45992
  • JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45980
  • ManagementContextAutoConfiguration adds a property source that degrades binding performance #​45968
  • ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #​45955
  • It is not possible to opt-out of profile validation or use profile names that contain '.' #​45947
  • GraphQlProperties.DeprecatedSse is not annotated as deprecated #​45878
  • SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #​45857
  • Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #​45848
  • ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45803
  • Binding no longer works with sytem environment properties that are not upper case #​45741
  • ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45736
  • Default version of Awailitility is not compatible with Kotlin 1.9 baseline #​45673
  • Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #​45670
  • Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #​45669
  • SAML2 autoconfiguration is not imported by @WebMvcTest #​45666
  • Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #​45660

📔 Documentation

  • Fix Docker security options links in Packaging OCI images sections #​46021
  • Improve documentation for configuring Spring Security with '/error' #​46009
  • Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45997
  • Add SSL response structure to actuator info endpoint documentation #​45921
  • Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45915
  • Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45863
  • Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45844
  • Update documentation to reflect changes in TestRestTemplate's default redirect behavior #​45842
  • Deprecation replacement for spring.codec.* properties has a typo #​45743
  • Gradle Shadow Plugin link in the reference guide is outdated #​45740
  • Example of using prometheus-metrics-exporter-pushgateway has wrong artifactId #​45684
  • Document use of git-commit-id-maven-plugin consistently #​45683
  • Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45656

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Peksa, @​Rutujakolte03, @​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​juliojgd, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, @​tanruian, and @​wonyongg

v3.5.0

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features

  • Make heapdump endpoint restricted by default #​45624
  • Remove SSL status tag from metrics #​45602
  • Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507

🐞 Bug Fixes

  • Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
  • ValidationAutoConfiguration triggers early initialization of properties binding #​45618
  • Micrometer "enable" annotations property does not cover observed aspect #​45617
  • spring.graphql.sse.timeout is no longer exposed #​45613
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
  • IllegalStateException when extracting using layers a module with no code of its own #​45449
  • Removed spring.batch.initialize-schema property is still considered #​45380
  • ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
  • Custom default units declared on a field are ignored when binding properties in a native image #​45347
  • DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
  • Various spring.datasource properties are mistakenly marked as ignored #​45342
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
  • DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
  • Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
  • CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622

📔 Documentation

  • Document the java info contribution #​45634
  • Document the process info contribution #​45632
  • Document the os info contribution #​45630
  • Document typical spring.application.group and name use #​45628
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
  • Document the way that primary Kotlin constructors are used when binding #​45553
  • Improve "profile" reference documentation with additional admonitions #​45551
  • Improve setEnvironmentPrefix(...) reference documentation #​45376
  • Document all the available Testcontainers integrations #​45367
  • Document when a spring.config.import value is relative and when it is fixed #​45363
  • Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.10

v3.4.9

🐞 Bug Fixes
  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46877
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46838
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46752
  • Race condition in OutputCapture can result in stale data #​46685
  • Default value not detected for a field annoted with @Name #​46662
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46630
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46627
  • Missing metadata when using @Name with a constructor-bound property #​46599
  • Failure to discover default value for a primitive should not lead to document its default value #​46551
📔 Documentation
  • Observability examples in the reference guide are missing the Kotlin version #​46775
  • Kotlin samples for configuration metadata are in the wrong package #​46774
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46756
  • Tracing samples in the reference guide are missing the Kotlin version #​46699
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46584
  • spring.test.webtestclient.timeout is not documented #​46577
  • spring.test.mockmvc properties are not documented #​46576
  • Adapt deprecation level for management.health.influxdb.enabled #​46574
  • Improve Virtual Threads section to mention the changes in Java 24 #​46547
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​Pankraz76, @​deejay1, @​ganjisriver, @​izeye, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.4.8

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46472
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46401
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46397
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46214
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46202
  • Permissions are applied inconsistently when building uber archives with Gradle #​46193
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not [#​46178](https://redirect.github.com/spring-projects/spring-boot/i

Configuration

📅 Schedule: Branch creation - Only on Sunday and Saturday ( * * * * 0,6 ) in timezone Europe/Dublin, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from csikb as a code owner September 21, 2025 08:19
@renovate renovate Bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Sep 21, 2025
@renovate renovate Bot enabled auto-merge September 21, 2025 08:19
@renovate renovate Bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code labels Sep 21, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 139fb58 to 512a21c Compare September 23, 2025 22:20
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 512a21c to 26c1199 Compare September 24, 2025 03:24
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Sep 24, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@csikb csikb self-assigned this Sep 24, 2025
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 24, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Sep 24, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (769d810) to head (585604c).

Additional details and impacted files 
@@             Coverage Diff             @@
##                main      #805   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity       239       239           
===========================================
  Files             39        39           
  Lines            435       435           
===========================================
  Hits             435       435
Flag Coverage Δ
unit 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@csikb csikb changed the title fix(deps): update all non-major dependencies feat(deps): update all non-major dependencies Sep 24, 2025
@renovate renovate Bot added this pull request to the merge queue Sep 24, 2025
Merged via the queue into main with commit 988ae2d Sep 24, 2025
13 checks passed
@renovate renovate Bot deleted the renovate/all-minor-patch branch September 24, 2025 08:16
@bsstudio-pr-release
Copy link
Copy Markdown

bsstudio-pr-release Bot commented Sep 24, 2025

🎉 This PR is included in version 1.5.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@csikb csikb Awaiting requested review from csikb csikb is a code owner

Assignees

@csikb csikb

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@codecov-commenter @csikb