Bump the all group across 2 directories with 25 updates

[dependabot]

Bumps the all group with 18 updates in the / directory:

Package	From	To
com.google.errorprone:error_prone_annotations	2.44.0	2.49.0
com.google.guava:guava	33.5.0-jre	33.6.0-jre
joda-time:joda-time	2.14.0	2.14.2
org.yaml:snakeyaml	2.5	2.6
org.jetbrains.kotlin:kotlin-bom	2.2.21	2.3.21
com.fasterxml.jackson:jackson-bom	2.20.1	2.21.3
org.apache.logging.log4j:log4j-bom	0.0.0-SNAPSHOT	2.26.0
org.apache.logging.log4j:log4j-core	2.25.2	2.26.0
org.slf4j:slf4j-bom	2.0.17	2.0.18
org.springframework.boot:spring-boot-dependencies	3.5.7	4.0.6
org.springframework.boot:spring-boot-maven-plugin	3.5.7	4.0.6
org.springframework.cloud:spring-cloud-dependencies	2025.0.0	2025.1.1
org.aspectj:aspectjweaver	1.9.25	1.9.25.1
org.aspectj:aspectjrt	1.9.25	1.9.25.1
org.aspectj:aspectjtools	1.9.25	1.9.25.1
org.codehaus.mojo:aspectj-maven-plugin	1.15.0	1.16.0
org.apache.maven.plugins:maven-jlink-plugin	3.2.0	3.3.0
io.fabric8:kubernetes-client-bom	7.4.0	7.7.0

Bumps the all group with 9 updates in the /log4j-samples-graalvm directory:

Package	From	To
org.apache.logging.log4j:log4j-bom	2.25.2	2.26.0
org.slf4j:slf4j-bom	2.0.17	2.0.18
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3
org.assertj:assertj-bom	3.27.6	3.27.7
org.junit:junit-bom	6.0.1	6.0.3
ch.qos.logback:logback-classic	1.5.20	1.5.32
org.json:json	20250517	20251224
net.javacrumbs.json-unit:json-unit-assertj	5.0.0	5.1.1
org.graalvm.buildtools:native-maven-plugin	0.11.2	1.1.0

Updates com.google.errorprone:error_prone_annotations from 2.44.0 to 2.49.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

• Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
• Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
• Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
• New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

• AssertThrowsBlockToExpression: Discourage unnecessary block lambdas in assertThrows.
• AssertThrowsMinimizer: Suggest minimizing the amount of logic in assertThrows.
• MemorySegmentReferenceEquality: Discourage using reference equality for MemorySegments.
• PreferThrowsTag: Recommends using @throws instead of the legacy @exception javadoc tag.
• RecordAccessorInCompactConstructor: detect record accessors inside the compact canonical ctors, which read uninitialized fields.

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (google/error-prone@8e84edf)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Error Prone 2.47.0

New checks:

• InterruptedInCatchBlock: Detect accidental calls to Thread.interrupted() inside of catch(InterruptedException e) blocks.
• RefactorSwitch: Refactorings to simplify arrow switches
• UnnamedVariable: Rename unused variables to _

Closed issues: #1811, #4168, #5459, #5460

Full changelog: google/error-prone@v2.46.0...v2.47.0

Error Prone 2.46.0

Changes:

• The javac flag -XDaddTypeAnnotationsToSymbol=true is now required for Error Prone invocations on JDK 21, to enable the javac fix for JDK-8225377: type annotations are not visible to javac plugins across compilation boundaries. See google/error-prone#5426 for details.
• Remove deprecated value attribute from @IncompatibleModifiers and @RequiredModifiers (google/error-prone#2122)

... (truncated)

Commits

• 89d75c1 Release Error Prone 2.49.0
• 0b7b03b Fix up some javadoc on `ModifySourceCollectionInStream.isStreamApiInvocationO...
• fe5a7b1 Remove old FieldMatchers API
• d54a1d1 Fix up some Finally javadocs.
• d93b319 [RefactorSwitch] bugfix comment handling
• ff59782 [IfChainToSwitch] cleanup redundant conditions in ternary. No functional cha...
• 43b6df6 Generalise DuplicateAssertion to handle check* methods.
• 2c4346f Fix a bug in BooleanLiteral: it currently suggests replacing `Boolean.FALSE...
• 559039b [IfChainToSwitch] doc-only change. fix typo in code comments.
• 393c61c [IfChainToSwitch] enhance code generation to emit unnamed variables, when sup...
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates joda-time:joda-time from 2.14.0 to 2.14.2

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.14.2

See the change notes for more information.

What's Changed

• Update time zone data to 2026bgtz by @​jodastephen in JodaOrg/joda-time#831

Full Changelog: JodaOrg/joda-time@v2.14.1...v2.14.2

Release v2.14.1

See the change notes for more information.

What's Changed

• Fix build by @​jodastephen in JodaOrg/joda-time#811
• fix: correct typo in README (appropriate) by @​nabilshafi in JodaOrg/joda-time#818
• Auto-merge tzdb updates by @​jodastephen in JodaOrg/joda-time#819
• Update deployment from OSSRH by @​jodastephen in JodaOrg/joda-time#820
• Update time zone data to 2025cgtz by @​jodastephen in JodaOrg/joda-time#826
• Fix time zone name key by @​jodastephen in JodaOrg/joda-time#827
• Update time zone data to 2026agtz by @​jodastephen in JodaOrg/joda-time#829

New Contributors

• @​nabilshafi made their first contribution in JodaOrg/joda-time#818

Full Changelog: JodaOrg/joda-time@v2.14.0...v2.14.1

Commits

• d6ba4f0 Release v2.14.2
• 43ea40b Update time zone data to 2026bgtz (#831)
• c377753 Release v2.14.1
• 3fd08d4 Update time zone data to 2026agtz (#829)
• c4bf877 Fix name key (#827)
• 8b11cfa Update time zone data to 2025cgtz (#826)
• 7088d77 Update deployment from OSSRH (#820)
• 3418119 Auto-merge tzdb updates (#819)
• 6c95155 Fix website commit message
• c1d7f97 Fix typo in README (#818)
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Updates org.jetbrains.kotlin:kotlin-bom from 2.2.21 to 2.3.21

Release notes

Sourced from org.jetbrains.kotlin:kotlin-bom's releases.

Kotlin 2.3.21

Changelog

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin:kotlin-bom's changelog.

2.3.21

Backend. Wasm

• KT-84610 [Wasm] Failed to compile klibs in IC mode

Compiler

• KT-84566 Prevent launching Default dispatcher threads from IJ SDK in kotlin compiler
• KT-85358 Native: roll back the workaround for KT-84678 once MapLibre has been properly fixed
• KT-85626 @JvmRecord in commonMain breaks compileCommonMainKotlinMetadata with "Cannot access 'java.lang.Record'"
• KT-85405 Postpone/Revert DontIgnoreUpperBoundViolatedOnImplicitArguments
• KT-84678 K/N: Undefined symbol from SPM-added ObjC frameworks when linking iOS target
• KT-85021 False positive SUBCLASS_CANT_CALL_COMPANION_PROTECTED_NON_STATIC error in multi-module project

JavaScript

• KT-82395 Support top-level declarations from compiler plugins in JS incremental compilation
• KT-84475 K/JS: false-positive exportability warnings in multi-module project
• KT-84633 Kotlin/JS: "Serializer for class not found" error when IR output granularity is whole-program
• KT-85047 Kotlin/JS: @JsStatic on suspend fun of class companion generates incorrect d.ts
• KT-84517 K/JS: bad mappings data in outputted Kotlin stdlib source map

Libraries

• KT-71848 Kotlinx.metadata: Add CompilerPluginData into Km API

Native. C and ObjC Import

• KT-85399 Kotlin/Native: TypeCastException when casting ObjC Protocol MetaClass with genericSafeCasts enabled
• KT-85508 K/N: TypeCastException when using nw_parameters_create_secure_tcp block parameter on 2.3.20

Tools. Gradle

• KT-84729 Update Gradle plugin-publish version to enable configuration cache badge on Gradle plugins portal

Tools. Gradle. Compiler plugins

• KT-85257 AGP/Compose: MergeMappingFileTask clears R8 artifacts due to @OutputDirectory annotation on AGP 9.1+

Tools. Scripts

• KT-85105 Scripts: JVM backend internal error (IR lowering) when scratch file contains anonymous object
• KT-85103 Exception while generating code when explain destructuring decls
• KT-84842 scriptCompilationClasspathFromContext behavior changed from 2.3.10 to 2.3.20
• KT-85029 Kotlin Scripting: ScriptDiagnostic reports "at null" instead of error location

Tools. Statistics (FUS)

• KT-85628 KGP: composite build FUS metrics fail on access of 'configurationTimeMetrics'

... (truncated)

Commits

• fea1ad8 Add ChangeLog for 2.3.21-RC2
• 09c341e disable swift export execution tests in order to update macos
• 67a0868 Avoid accessing KotlinNativeLink taskProvider when task was not executed
• f89e5db [K/N] Disable TSAN in runtime tests
• 45d6c85 [K/N] Don't generate generic safe casts for Objective-C types
• 9261a6f [K/N][tests] Add a reproducer for KT-85508
• c9ab9db [K/N][tests] Add a reproducer for KT-85399
• 502e844 Explain: fix for destructuring declarations
• 0c26485 Explain: fix for object literals
• 68a9e3f [minor] fix testdata name in explain test
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.3

Commits

• 374fbd0 [maven-release-plugin] prepare release jackson-bom-2.21.3
• 7059df7 Prep for 2.21.3 release
• 2fd60bd Merge branch '2.20' into 2.21
• b82a364 Merge branch '2.19' into 2.20
• ef4e013 Merge branch '2.18' into 2.19
• 536ae51 Post-release dep version bump
• 536c533 [maven-release-plugin] prepare for next development iteration
• 426b778 [maven-release-plugin] prepare release jackson-bom-2.18.7
• a73cda9 Prep for 2.18.7 release
• 76b4a05 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 0.0.0-SNAPSHOT to 2.26.0

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.26.0

This minor release delivers all the fixes in the [2.25.0, 2.25.4] version range, plus some new fixes, and several other improvements and features.

Added

• Add a new ConfigurationFactory::getConfiguration method accepting multiple URIs (#3775, #3921)
• Add and export org.apache.logging.log4j.core.pattern.NamedInstantPattern enabling users to programmatically access named date & time patterns supported by Pattern Layout (#3789)
• Add log4j.plugin.processor.minAllowedMessageKind annotation processor option to PluginProcessor to filter diagnostic messages by severity. This allows builds that treat compiler notes as errors (e.g. Maven with -Werror) to suppress informational notes emitted during normal plugin processing. (apache/logging-log4j2#3380, #4063)
• Add missing setters to Rfc5424LayoutBuilder

Changed

• Ensure scripts in the global Scripts element have explicit names by throwing a ConfigurationException for unnamed ones. (#3176)
• Simplify file manager registry factory methods (#3968)

Deprecated

• Deprecated withers in builder classes in favor of setters. This change improves API consistency with Log4j Core 3 and helps users adapt to the upcoming changes. (#3750)

Fixed

• Fix script resolution failure when the Scripts element is placed after a ScriptRef in the configuration. (#3336)
• Fix ArrayIndexOutOfBoundsException thrown by ThrowableStackTraceRenderer when the stack trace is modified concurrently (#3940, #3955)
• Fix SLF4JLogger.atFatal() returning atLevel(Level.TRACE) instead of atLevel(Level.FATAL). This was causing FATAL-level log events to be silently discarded when using the fluent API through the log4j-to-slf4j bridge. (#4068, #4089)
• Fix Javadoc references across module boundaries (i.e., cross-references) (#4099, #4100)
• Fix header write in RollingRandomAccessFileManager that was being incorrectly skipped if append=true and the file didn't exist before
• Fix a properties file configuration regression caused by not referenced loggers, appenders, and filters (#4036, #4069)

Removed

• Remove the jvmrunargs lookup. (#3874)

Updated

• Update org.junit:junit-bom to version 5.13.4 (#3850)
• Update org.mongodb:bson to version 5.6.1 (#3961)
• Update org.xerial.snappy:snappy-java to version 1.1.10.8 (#3841)

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

• Restores alignment between documented and actual configuration attributes.
• Fixes formatting and sanitization issues in XML and RFC5424 layouts.
• Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

• Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.2 to 2.26.0

Updates org.slf4j:slf4j-bom from 2.0.17 to 2.0.18

Release notes

Sourced from org.slf4j:slf4j-bom's releases.

SLF4J 2.0.18

2026-05-12 - Release of SLF4J 2.0.18

• In the logViaLocationAwareLoggerAPI() method of slf4j-api/DefaultLoggingEventBuilder the first marker from the markerList is now passed to locationAwareLogger.log() instead of null.

• The renderLevel() method in slf4j-simple/SimpleLogger now uses CONFIG_PARAMS.warnLevelString for WARN instead of hardcoded "WARN". This issue was reported in issues/471.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 58b66c2c7e840f525c07db4509534ea53ef95b82 associated with the tag v_2.0.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 58b66c2 update central-publishing-maven-plugin
• be4841c prepare release 2.0.18
• d2073be minor refactoring, javadoc changes
• 32a9854 add a trivial test for CONFIG_PARAMS.warnLevelString
• 77936c6 CONFIG_PARAMS.warnLevelString should be taken into account
• 34c9d30 extract first marker when caller locationAwareLogger
• 902b463 remove cruft
• b3c2f16 security manager is no longer supported in later JDKs
• 9468c7a remove unneccessary and unused files
• 183aaa5 start work on 2.0.18-SNAPSHOT
• See full diff in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.6

🐞 Bug Fixes

• Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
• Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
• ApplicationPidFileWriter does not handle symlinks correctly #50185
• RandomValuePropertySource is not suitable for secrets #50183
• Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
• ApplicationTemp does not handle symlinks correctly #50178
• Remote DevTools performs comparison incorrectly #50176
• spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
• Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
• Classic starters are missing several modules #50071
• Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
• Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
• EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
• WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
• Imports on a containing test class are ignored when a nested class has imports #50012
• With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
• 500 response from env endpoint when supplied pattern is invalid #49946
• Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
• HTTP method is lost when configuring excludes in EndpointRequest #49943
• Honor HttpMethod for reactive additional endpoint paths #49880
• Docker Compose support doesn't work with apache/artemis image #49869
• Docker Compose support doesn't work with apache/activemq image #49866
• Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
• API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

• Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
• HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
• Link to the observability section of the Lettuce documentation is broken #50097
• Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
• MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
• Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
• Link to the Kubernetes documentation when discussing startup probes #50015
• Typo in JdbcSessionAutoConfiguration Javadoc #49873
• Clarify that configuration property default values are not available through the Environment #49851
• Document the need for Liquibase and Flyway starters #49839
• Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

• Upgrade to Elasticsearch Client 9.2.8 #50027
• Upgrade to Groovy 5.0.5 #49911
• Upgrade to Hibernate 7.2.12.Final #50134
• Upgrade to Jackson Bom 3.1.2 #50051
• Upgrade to Jaxen 2.0.1 #50104
• Upgrade to Jaybird 6.0.5 #49914

... (truncated)

Commits

• 8821ad2 Release v4.0.6
• 9e4048a Merge branch '3.5.x' into 4.0.x
• 20bb11c Next development version (v3.5.15-SNAPSHOT)
• 98daa8e Merge branch '3.5.x' into 4.0.x
• 9dc5aa2 Polish
• 874f629 Fix default security with actuator but without health
• e41b3bf Enable hostname verification for SSL connections to Elasticsearch
• ef8527b Merge branch '3.5.x' into 4.0.x
• f533a45 Do not follow symlinks when writing PID file
• 4a7bd33 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.1

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.1.1

What's Changed

• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs by @​dependabot[bot] in spring-cloud/spring-cloud-release#447
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#454
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#453
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in spring-cloud/spring-cloud-release#456
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#461
• Bump org.apache.maven:maven-model from 3.9.11 to ...

  Description has been truncated