Skip to content

build(deps): bump org.springframework.boot from 3.2.5 to 4.0.6 in /docker/host-app#48

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/docker/host-app/org.springframework.boot-4.0.6
Closed

build(deps): bump org.springframework.boot from 3.2.5 to 4.0.6 in /docker/host-app#48
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/docker/host-app/org.springframework.boot-4.0.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026
edited
Loading

Bumps org.springframework.boot from 3.2.5 to 4.0.6.

Release notes

Sourced from org.springframework.boot's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 1, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
build(deps): bump org.springframework.boot in /docker/host-app
a03d50e 
Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.2.5 to 4.0.6.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.2.5...v4.0.6)

---
updated-dependencies:
- dependency-name: org.springframework.boot
  dependency-version: 4.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/docker/host-app/org.springframework.boot-4.0.6 branch from b243a24 to a03d50e Compare May 1, 2026 14:07
@mpge mpge mentioned this pull request May 2, 2026
Merged
3 tasks
mpge added a commit that referenced this pull request May 2, 2026
@mpge
chore(deps): bump Spring Boot to 4.0.6 (#57)
337c63b 
Bundles dependabot PRs #54 and #48. Requires Gradle 9 (#55, already merged).

Boot 4 migration:
- @EntityScan moved from o.s.boot.autoconfigure.domain to
  o.s.boot.persistence.autoconfigure
- @WebMvcTest / @AutoConfigureMockMvc moved from
  o.s.boot.test.autoconfigure.web.servlet to
  o.s.boot.webmvc.test.autoconfigure (now requires the new
  spring-boot-starter-webmvc-test test starter)
- @MockBean removed; replaced with Spring Framework 7's @MockitoBean
- Drop unused dev.samstevens.totp:totp-spring-boot-starter:1.7.1
  (TwoFactorService implements TOTP from scratch with javax.crypto;
  the starter pinned spring-boot-autoconfigure 2.2.5 which conflicts
  with Boot 4 dependency management)
@mpge
Copy link
Copy Markdown
Member

mpge commented May 2, 2026

Superseded by #57.

@mpge mpge closed this May 2, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 2, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/gradle/docker/host-app/org.springframework.boot-4.0.6 branch May 2, 2026 00:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mpge