Skip to content

PR for v1.2.7 #537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

PR for v1.2.7 #537

wants to merge 4 commits into from

Conversation

@ThomasJejkal
Copy link
Contributor

@ThomasJejkal ThomasJejkal commented Oct 24, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Updated Spring Boot to version 3.5.7

renovate bot and others added 4 commits October 23, 2025 18:07
@renovate
Update dependency org.springframework.boot:spring-boot-dependencies t…
3695b58 
…o v3.5.7
@renovate
Update dependency org.springframework.boot:spring-boot-starter-actuat…
80c80bf 
…or to v3.5.7
@ThomasJejkal
Merge pull request #536 from kit-data-manager/renovate/org.springfram…
7aaf314 
…ework.boot-spring-boot-starter-actuator-3.x

Update dependency org.springframework.boot:spring-boot-starter-actuator to v3.5.7
@ThomasJejkal
Merge pull request #535 from kit-data-manager/renovate/springbootversion
56403b5 
Update dependency org.springframework.boot:spring-boot-dependencies to v3.5.7
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 24, 2025
edited
Loading

Walkthrough

Spring Boot runtime and Actuator dependency versions are updated from 3.5.6 to 3.5.7 in the build configuration. The version constant and dependency declaration are synchronized to the new release version.

Changes

Cohort / File(s) Summary
Build configuration
build.gradle		 Updated Spring Boot version constant from 3.5.6 to 3.5.7 and aligned Spring Boot Actuator dependency to match

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A version bump, so small and neat,
From 3.5.6 to 3.5.7—complete!
Spring Boot hops forward, Actuator too,
Synchronized versions, shiny and new! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Title Check ❓ Inconclusive The pull request title is "PR for v1.2.7", which is generic and does not clearly describe the actual changes in the pull request. The changeset contains a specific technical update: bumping Spring Boot from version 3.5.6 to 3.5.7 across two dependency declarations. While the title correctly references the release version (v1.2.7), it lacks specificity and uses non-descriptive phrasing that fails to convey what the primary change is. A teammate reviewing commit history would not understand from this title alone that the PR performs a dependency version update. Consider revising the title to clearly describe the technical change, such as "Update Spring Boot version to 3.5.7" or "Bump Spring Boot dependency from 3.5.6 to 3.5.7". This would provide clarity about the actual changeset while maintaining brevity and specificity that makes the purpose of the PR immediately apparent to reviewers.
✅ Passed checks (1 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch development
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8138ad2 and 56403b5.

📒 Files selected for processing (1)
  • build.gradle (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (12)
  • GitHub Check: build (macOS-latest, 17)
  • GitHub Check: build (windows-latest, 19)
  • GitHub Check: build (ubuntu-latest, 19)
  • GitHub Check: build (windows-latest, 17)
  • GitHub Check: build (ubuntu-latest, 17)
  • GitHub Check: Analyze (java)
  • GitHub Check: build (ubuntu-latest, 19)
  • GitHub Check: build (windows-latest, 19)
  • GitHub Check: build (windows-latest, 17)
  • GitHub Check: build (ubuntu-latest, 17)
  • GitHub Check: build (macOS-latest, 17)
  • GitHub Check: build (macOS-latest, 19)
🔇 Additional comments (1)
build.gradle (1)

35-35: Confirm Spring Boot 3.5.7 patch safety and evaluate known CVEs against your dependencies.

Spring Boot 3.5.7 (released Oct 23, 2025) contains no new security fixes—the patch from 3.5.6 is safe on release grounds. However, two CVEs affect the Spring Boot 3.x family: CVE-2025-22235 (high severity, EndpointRequest.to() matcher issue, Apr 2025) and CVE-2024-38807 (signature-forgery in spring-boot-loader, Aug 2024).

Verify whether your codebase uses Spring Security with EndpointRequest matchers or the spring-boot-loader component. Cross-reference the affected-version lists in the Spring Security Advisories (linked in the search sources) to confirm whether 3.5.7 includes the necessary patches or if a later patch-level version is required.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThomasJejkal