Skip to content

Bump the spring group across 1 directory with 30 updates#8920

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/spring-5bcd24a12e
Open

Bump the spring group across 1 directory with 30 updates#8920
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/spring-5bcd24a12e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 1, 2025
edited
Loading

Bumps the spring group with 30 updates in the / directory:

Package From To
org.springframework.boot 3.1.4 4.0.6
org.apache.tomcat.embed:tomcat-embed-core 10.1.13 11.0.21
org.apache.tomcat:tomcat-coyote 10.1.13 11.0.21
org.springframework.boot:spring-boot-autoconfigure 3.1.4 4.0.6
org.springframework.boot:spring-boot 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-web 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-validation 3.1.4 4.0.6
org.springframework.boot:spring-boot-test 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-test 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-security 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-data-redis 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-actuator 3.1.4 4.0.6
org.springframework.boot:spring-boot-starter-oauth2-resource-server 3.1.4 4.0.6
org.springframework.data:spring-data-commons 3.0.3 4.0.5
org.springframework.security:spring-security-config 6.1.4 7.0.5
org.springframework.security:spring-security-core 6.1.4 7.0.5
org.springframework.security:spring-security-ldap 6.1.4 7.0.5
org.springframework.security:spring-security-web 6.1.4 7.0.5
org.springframework.security:spring-security-oauth2-jose 6.1.4 7.0.5
org.springframework:spring-aop 6.0.6 7.0.7
org.springframework:spring-beans 6.0.6 7.0.7
org.springframework:spring-context 6.0.6 7.0.7
org.springframework:spring-expression 6.0.6 7.0.7
org.springframework:spring-test 6.0.6 7.0.7
org.springframework:spring-jdbc 6.0.6 7.0.7
org.springframework:spring-web 6.0.6 7.0.7
org.springframework:spring-webmvc 6.0.6 7.0.7
org.springframework:spring-tx 6.0.6 7.0.7
org.springframework:spring-core 6.0.6 7.0.7
org.springdoc:springdoc-openapi-starter-webmvc-ui 2.2.0 3.0.3

Updates org.springframework.boot from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.apache.tomcat.embed:tomcat-embed-core from 10.1.13 to 11.0.21

Updates org.apache.tomcat:tomcat-coyote from 10.1.13 to 11.0.21

Updates org.apache.tomcat:tomcat-coyote from 10.1.13 to 11.0.21

Updates org.springframework.boot:spring-boot-autoconfigure from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-web from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-validation from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-starter-validation's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-test from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-test's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-test from 3.1.4 to 4.0.6

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 1, 2025
@dependabot dependabot Bot requested a review from mandy-chessell as a code owner December 1, 2025 03:03
@dependabot dependabot Bot added java Pull requests that update Java code dependencies Pull requests that update a dependency file labels Dec 1, 2025
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from bde9720 to d14e4b9 Compare December 9, 2025 17:15
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from d14e4b9 to bae291b Compare December 20, 2025 14:26
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch 4 times, most recently from 547b3f2 to 6ca4cad Compare January 1, 2026 03:03
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from 6ca4cad to 38b521d Compare February 1, 2026 03:05
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from 38b521d to aa55791 Compare March 1, 2026 03:04
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from aa55791 to 9e6316e Compare April 1, 2026 03:05
@dependabot
Bump the spring group across 1 directory with 30 updates
38c3c3f 
Bumps the spring group with 30 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| org.apache.tomcat.embed:tomcat-embed-core | `10.1.13` | `11.0.21` |
| org.apache.tomcat:tomcat-coyote | `10.1.13` | `11.0.21` |
| [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-validation](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-security](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-actuator](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.boot:spring-boot-starter-oauth2-resource-server](https://github.com/spring-projects/spring-boot) | `3.1.4` | `4.0.6` |
| [org.springframework.data:spring-data-commons](https://github.com/spring-projects/spring-data-commons) | `3.0.3` | `4.0.5` |
| [org.springframework.security:spring-security-config](https://github.com/spring-projects/spring-security) | `6.1.4` | `7.0.5` |
| [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `6.1.4` | `7.0.5` |
| [org.springframework.security:spring-security-ldap](https://github.com/spring-projects/spring-security) | `6.1.4` | `7.0.5` |
| [org.springframework.security:spring-security-web](https://github.com/spring-projects/spring-security) | `6.1.4` | `7.0.5` |
| [org.springframework.security:spring-security-oauth2-jose](https://github.com/spring-projects/spring-security) | `6.1.4` | `7.0.5` |
| [org.springframework:spring-aop](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-beans](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-context](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-expression](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-test](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-jdbc](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-webmvc](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-tx](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) | `6.0.6` | `7.0.7` |
| [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) | `2.2.0` | `3.0.3` |



Updates `org.springframework.boot` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.apache.tomcat.embed:tomcat-embed-core` from 10.1.13 to 11.0.21

Updates `org.apache.tomcat:tomcat-coyote` from 10.1.13 to 11.0.21

Updates `org.apache.tomcat:tomcat-coyote` from 10.1.13 to 11.0.21

Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-web` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-validation` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-test` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-test` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-security` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-web` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-validation` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.data:spring-data-commons` from 3.0.3 to 4.0.5
- [Release notes](https://github.com/spring-projects/spring-data-commons/releases)
- [Commits](spring-projects/spring-data-commons@3.0.3...4.0.5)

Updates `org.springframework.boot:spring-boot-test` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-test` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-security` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-data-redis` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.boot:spring-boot-starter-oauth2-resource-server` from 3.1.4 to 4.0.6
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.1.4...v4.0.6)

Updates `org.springframework.security:spring-security-config` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-core` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-ldap` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-web` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-oauth2-jose` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-core` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-ldap` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-web` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework.security:spring-security-oauth2-jose` from 6.1.4 to 7.0.5
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@6.1.4...7.0.5)

Updates `org.springframework:spring-aop` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-beans` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-context` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-expression` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-test` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-jdbc` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-web` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-webmvc` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-tx` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-core` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-beans` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-context` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-expression` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-test` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-jdbc` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-web` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-webmvc` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-tx` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springframework:spring-core` from 6.0.6 to 7.0.7
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.0.6...v7.0.7)

Updates `org.springdoc:springdoc-openapi-starter-webmvc-ui` from 2.2.0 to 3.0.3
- [Release notes](https://github.com/springdoc/springdoc-openapi/releases)
- [Changelog](https://github.com/springdoc/springdoc-openapi/blob/v3.0.3/CHANGELOG.md)
- [Commits](springdoc/springdoc-openapi@v2.2.0...v3.0.3)

---
updated-dependencies:
- dependency-name: org.apache.tomcat.embed:tomcat-embed-core
  dependency-version: 11.0.14
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.apache.tomcat:tomcat-coyote
  dependency-version: 11.0.14
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.apache.tomcat:tomcat-coyote
  dependency-version: 11.0.14
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-actuator
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-actuator
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-data-redis
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-data-redis
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-oauth2-resource-server
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-security
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-security
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-validation
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-validation
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-web
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-starter-web
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.data:spring-data-commons
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-config
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-ldap
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-ldap
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-oauth2-jose
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-oauth2-jose
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-web
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework.security:spring-security-web
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-aop
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-context
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-context
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-core
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-core
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-expression
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-expression
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-jdbc
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-jdbc
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-test
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-test
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-tx
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-tx
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-webmvc
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
- dependency-name: org.springframework:spring-webmvc
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: spring
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/spring-5bcd24a12e branch from 9e6316e to 38c3c3f Compare May 1, 2026 03:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mandy-chessell mandy-chessell Awaiting requested review from mandy-chessell mandy-chessell is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants