chore: [DevOps] bump the production-minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the production-minor-patch group with 5 updates in the / directory:

Package	From	To
io.projectreactor:reactor-core	3.8.4	3.8.5
io.micrometer:micrometer-core	1.16.4	1.16.5
io.micrometer:micrometer-observation	1.16.4	1.16.5
org.projectlombok:lombok	1.18.44	1.18.46
org.springframework.boot:spring-boot-dependencies	3.5.13	3.5.14

Updates io.projectreactor:reactor-core from 3.8.4 to 3.8.5

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.8.5

Reactor Core 3.8.5 is part of the 2025.0.5 Release Train.

What's Changed

✨ New features and improvements

• Bump ByteBuddy from 1.18.7 to 1.18.8 by @​dependabot[bot] in #4232
• Depend on Micrometer v1.16.5 by @​violetagg in #4238
• Depend on Micrometer Tracing v1.6.5 by @​violetagg in #4238

Full Changelog: reactor/reactor-core@v3.8.4...v3.8.5

Commits

• 35c878d [release] Prepare and release 3.8.5
• f85c7b3 Merge-ignore release 3.7.18 into 3.8.5
• bd7be61 [release] Next development version 3.7.19-SNAPSHOT
• 13a3b3b Depend on Micrometer v1.16.5 (#4238)
• 2ee0aaf [release] Prepare and release 3.7.18
• da92ed3 Merge #4232 into 3.8.5
• 6dc019d Bump byteBuddy from 1.18.7 to 1.18.8 (#4232)
• 2a22bcc [release] Next development version 3.8.5-SNAPSHOT
• See full diff in compare view

Updates io.micrometer:micrometer-core from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-observation from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-observation's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-observation from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-observation's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.13 to 3.5.14

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.14

🐞 Bug Fixes

• ApplicationPidFileWriter does not handle symlinks correctly #50173
• RandomValuePropertySource is not suitable for secrets #50172
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50171
• ApplicationTemp does not handle symlinks correctly #50170
• Remote DevTools performs comparison incorrectly #50169
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50035
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50033
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008
• 500 response from env endpoint when supplied pattern is invalid #49942
• HTTP method is lost when configuring excludes in EndpointRequest #49885
• Docker Compose support doesn't work with apache/artemis image #49865
• Honor HttpMethod for reactive additional endpoint paths #49864
• Docker Compose support doesn't work with apache/activemq image #49863
• Imports on a containing test class are ignored when a nested class has imports #49860

📔 Documentation

• Link to the observability section of the Lettuce documentation is broken #50092
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50083
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50023
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50010
• Link to the Kubernetes documentation when discussing startup probes #50007
• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #49895
• Clarify that configuration property default values are not available through the Environment #49835

🔨 Dependency Upgrades

• Upgrade to Groovy 4.0.31 #49905
• Upgrade to Hibernate 6.6.49.Final #50140
• Upgrade to Jaxen 2.0.1 #50109
• Upgrade to Jaybird 6.0.5 #49907
• Upgrade to Jetty 12.0.34 #49908
• Upgrade to jOOQ 3.19.32 #50110
• Upgrade to Lombok 1.18.46 #50148
• Upgrade to MariaDB 3.5.8 #49909
• Upgrade to Micrometer 1.15.11 #49961
• Upgrade to Micrometer Tracing 1.5.11 #49962
• Upgrade to MySQL 9.7.0 #50161
• Upgrade to Neo4j Java Driver 5.28.13 #50074
• Upgrade to Reactor Bom 2024.0.17 #49963
• Upgrade to Spring AMQP 3.2.10 #49964
• Upgrade to Spring Authorization Server 1.5.7 #49965
• Upgrade to Spring Data Bom 2025.0.11 #49966
• Upgrade to Spring Framework 6.2.18 #49967
• Upgrade to Spring Kafka 3.3.15 #50129

... (truncated)

Commits

• 7d7b3ac Release v3.5.14
• 9dc5aa2 Polish
• f533a45 Do not follow symlinks when writing PID file
• f3b8eb0 Use SecureRandom in RandomValuePropertySource
• e22083a Enable hostname verification for SSL connections to Cassandra
• 5ceb1a2 Improve ApplicationTemp's temporary directory creation
• 4b0862c Use constant-time comparison for remote DevTools secret
• e4febe2 Apply verify-hostname consistently
• 2c2ffe5 Fix Windows test failure
• 0046a44 Protect against corrupt buildpack archives
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions