Skip to content

Build(deps): Bump the prod-deps-ver group across 1 directory with 25 updates#1978

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/prod-deps-ver-2631f4ab47
Closed

Build(deps): Bump the prod-deps-ver group across 1 directory with 25 updates#1978
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/prod-deps-ver-2631f4ab47

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-deps-ver group with 25 updates in the / directory:

Package From To
org.eclipse.jetty:jetty-bom 12.1.9 12.1.10
org.eclipse.jetty.ee10:jetty-ee10-servlet 12.1.9 12.1.10
org.eclipse.jetty.ee10:jetty-ee10-webapp 12.1.9 12.1.10
org.springframework.security:spring-security-bom 7.0.5 7.1.0
org.springframework.security:spring-security-core 7.0.5 7.1.0
org.springframework.boot:spring-boot-dependencies 4.0.6 4.1.0
org.springframework.boot:spring-boot-starter-test 4.0.6 4.1.0
org.springframework.boot:spring-boot-autoconfigure 4.0.6 4.1.0
org.springframework.boot:spring-boot-starter-tomcat 4.0.6 4.1.0
org.springframework:spring-core 7.0.7 7.0.8
org.springframework:spring-web 7.0.7 7.0.8
org.springframework:spring-aop 7.0.7 7.0.8
org.springframework:spring-beans 7.0.7 7.0.8
org.springframework.security:spring-security-oauth2-client 7.0.5 7.1.0
com.github.spotbugs:spotbugs-annotations 4.9.8 4.10.2
io.projectreactor:reactor-core 3.8.2 3.8.6
org.junit:junit-bom 6.0.3 6.1.0
org.junit.jupiter:junit-jupiter-engine 6.0.3 6.1.0
org.junit.jupiter:junit-jupiter-params 6.0.3 6.1.0
org.junit.jupiter:junit-jupiter-api 6.0.3 6.1.0
io.projectreactor:reactor-test 3.8.2 3.8.6
org.apache.maven.plugins:maven-surefire-plugin 3.5.5 3.5.6
org.jacoco:jacoco-maven-plugin 0.8.14 0.8.15
com.github.spotbugs:spotbugs-maven-plugin 4.9.8.3 4.10.2.0
org.sonatype.central:central-publishing-maven-plugin 0.10.0 0.11.0

Updates org.eclipse.jetty:jetty-bom from 12.1.9 to 12.1.10

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.1.10

Changelog

  • #15180 - Upgrade to Quiche version 0.29.1
  • #15161 - Reduce memory footprint for persistent HttpConnections
  • #15136 - Refresh Digest authentication implementation
  • #15118 - Upgrade to Quiche version 0.29.0
  • #15094 - Jetty 12.1 Regression: Deferred Authentication provides Callback.NOT_CALLED leading to errors
  • #15074 - HTTP/2 extended connect responses contain Content-Length: 0
  • #15031 - IOResources#toRetainableByteBuffer data loss when using resources without path
  • #15021 - Resource handling regression in 12.1.9
  • #15011 - PathResource.resolve() fails on Microsoft Windows due to Illegal char <:>
  • #15009 - Make processing of RST_STREAM more lenient
  • #14984 - XmlConfiguration emits "Deprecated method ... setMaxThreads" WARN from shipped jetty-threadpool-virtual.xml
  • #14745 - NPE in HttpChannelState.completeStream() when _request is null during multipart cleanup
  • #14528 - BinaryStreamTest.testMoreThanLargestMessageOneByteAtATime() is flaky
  • #14522 - Bundle org.eclipse.jetty.websocket.server OSGI metadata exports internal instead of public package
  • #14006 - How to handle "Warning Logs in org.eclipse.jetty.ee8.nested.HttpChannelState and org.eclipse.jetty.server.internal.HttpChannelState"
  • #9799 - Declare EncodingException for HPACK/QPACK encoders and decoders
Commits
  • 9860245 Updating to version 12.1.10
  • 6d62879 IteratingCallback concurrent abort() may not notify abort event. (#15185)
  • 962f73f Fixes #15009 - Make processing of RST_STREAM more lenient. (#15087)
  • 6324c65 #15180 upgrade quiche to version 0.29.1
  • d0bb829 Fixes #15136 - Refresh Digest authentication implementation.
  • ac73ac1 Issue #14522 Bundle org.eclipse.jetty.websocket.server OSGI metadata should e...
  • 206c2e6 Merge pull request #15179 from jetty/fix/jetty-12.1.x/14745-MultiPartCleanup
  • 8d86494 Merge pull request #15163 from jetty/fix/jetty-12.1.x/15161-HttpConnectionOpt...
  • 437e617 Merge pull request #15178 from jetty/fix/jetty-12.1.x/14006-ReadPendingWarnings
  • 577d932 Issue #14745 - fix race for double call of HttpChannelState.completeStream (1...
  • Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.9 to 12.1.10

Updates org.eclipse.jetty.ee10:jetty-ee10-webapp from 12.1.9 to 12.1.10

Updates org.springframework.security:spring-security-bom from 7.0.5 to 7.1.0

Release notes

Sourced from org.springframework.security:spring-security-bom's releases.

7.1.0

🪲 Bug Fixes

  • Opaque token introspectors should not allow empty credentials #19201

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.11 to 1.14.12 in /docs #19235
  • Bump actions/checkout from 6.0.2 to 6.0.3 #19271
  • Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #19181
  • Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 #19228
  • Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 #19268
  • Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 #19133
  • Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0 #19246
  • Bump com.google.code.gson:gson from 2.13.2 to 2.14.0 #19125
  • Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.1 #19157
  • Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.2 #19195
  • Bump com.webauthn4j:webauthn4j-core from 0.31.3.RELEASE to 0.31.5.RELEASE #19148
  • Bump com.webauthn4j:webauthn4j-core from 0.31.5.RELEASE to 0.31.6.RELEASE #19263
  • Bump gradle-wrapper from 9.4.1 to 9.5.0 #19135
  • Bump gradle-wrapper from 9.5.0 to 9.5.1 #19171
  • Bump io-micrometer from 1.16.5 to 1.17.0 #19287
  • Bump io.mockk:mockk from 1.14.9 to 1.14.11 #19244
  • Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #19296
  • Bump org-jetbrains-kotlin from 2.3.20 to 2.3.21 #19126
  • Bump org-jetbrains-kotlin from 2.3.21 to 2.4.0 #19264
  • Bump org-opensaml5 from 5.2.1 to 5.2.2 #19176
  • Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #19190
  • Bump org.apereo.cas.client:cas-client-core from 4.1.0 to 4.1.1 #19200
  • Bump org.hibernate.orm:hibernate-core from 7.3.1.Final to 7.3.2.Final #19119
  • Bump org.hibernate.orm:hibernate-core from 7.3.2.Final to 7.3.3.Final #19149
  • Bump org.hibernate.orm:hibernate-core from 7.3.3.Final to 7.3.4.Final #19165
  • Bump org.hibernate.orm:hibernate-core from 7.3.4.Final to 7.3.5.Final #19191
  • Bump org.hibernate.orm:hibernate-core from 7.3.5.Final to 7.3.6.Final #19211
  • Bump org.hibernate.orm:hibernate-core from 7.3.6.Final to 7.4.0.Final #19226
  • Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.2 to 1.11.0 #19166
  • Bump org.junit:junit-bom from 6.0.3 to 6.1.0 #19197
  • Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #19169
  • Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #19290
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.3 to 4.1.0 #19291
  • Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #19285
  • Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #19179
  • Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 #19147
  • Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 #19245
  • Bump tools.jackson:jackson-bom from 3.1.4 to 3.2.0 #19286
  • Update to spring-data-bom 2026.0.0 #19303

🔩 Build Updates

... (truncated)

Commits

Updates org.springframework.security:spring-security-core from 7.0.5 to 7.1.0

Release notes

Sourced from org.springframework.security:spring-security-core's releases.

7.1.0

🪲 Bug Fixes

  • Opaque token introspectors should not allow empty credentials #19201

🔨 Dependency Upgrades

  • Bump @springio/antora-extensions from 1.14.11 to 1.14.12 in /docs #19235
  • Bump actions/checkout from 6.0.2 to 6.0.3 #19271
  • Bump antora from 3.2.0-alpha.11 to 3.2.0-alpha.12 in /docs #19181
  • Bump ch.qos.logback:logback-classic from 1.5.32 to 1.5.33 #19228
  • Bump ch.qos.logback:logback-classic from 1.5.33 to 1.5.34 #19268
  • Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 #19133
  • Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0 #19246
  • Bump com.google.code.gson:gson from 2.13.2 to 2.14.0 #19125
  • Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.1 #19157
  • Bump com.nimbusds:oauth2-oidc-sdk from 11.37 to 11.37.2 #19195
  • Bump com.webauthn4j:webauthn4j-core from 0.31.3.RELEASE to 0.31.5.RELEASE #19148
  • Bump com.webauthn4j:webauthn4j-core from 0.31.5.RELEASE to 0.31.6.RELEASE #19263
  • Bump gradle-wrapper from 9.4.1 to 9.5.0 #19135
  • Bump gradle-wrapper from 9.5.0 to 9.5.1 #19171
  • Bump io-micrometer from 1.16.5 to 1.17.0 #19287
  • Bump io.mockk:mockk from 1.14.9 to 1.14.11 #19244
  • Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #19296
  • Bump org-jetbrains-kotlin from 2.3.20 to 2.3.21 #19126
  • Bump org-jetbrains-kotlin from 2.3.21 to 2.4.0 #19264
  • Bump org-opensaml5 from 5.2.1 to 5.2.2 #19176
  • Bump org.apache.maven:maven-resolver-provider from 3.9.15 to 3.9.16 #19190
  • Bump org.apereo.cas.client:cas-client-core from 4.1.0 to 4.1.1 #19200
  • Bump org.hibernate.orm:hibernate-core from 7.3.1.Final to 7.3.2.Final #19119
  • Bump org.hibernate.orm:hibernate-core from 7.3.2.Final to 7.3.3.Final #19149
  • Bump org.hibernate.orm:hibernate-core from 7.3.3.Final to 7.3.4.Final #19165
  • Bump org.hibernate.orm:hibernate-core from 7.3.4.Final to 7.3.5.Final #19191
  • Bump org.hibernate.orm:hibernate-core from 7.3.5.Final to 7.3.6.Final #19211
  • Bump org.hibernate.orm:hibernate-core from 7.3.6.Final to 7.4.0.Final #19226
  • Bump org.jetbrains.kotlinx:kotlinx-coroutines-bom from 1.10.2 to 1.11.0 #19166
  • Bump org.junit:junit-bom from 6.0.3 to 6.1.0 #19197
  • Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #19169
  • Bump org.springframework.data:spring-data-bom from 2025.1.5 to 2025.1.6 #19290
  • Bump org.springframework.ldap:spring-ldap-core from 4.0.3 to 4.1.0 #19291
  • Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #19285
  • Bump spring-io/spring-release-actions from 0.0.4 to 0.0.5 #19179
  • Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 #19147
  • Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 #19245
  • Bump tools.jackson:jackson-bom from 3.1.4 to 3.2.0 #19286
  • Update to spring-data-bom 2026.0.0 #19303

🔩 Build Updates

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-dependencies from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-starter-test from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-autoconfigure from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-starter-tomcat from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-tomcat's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework:spring-core from 7.0.7 to 7.0.8

Release notes

Sourced from org.springframework:spring-core's releases.

v7.0.8

⚠️ Security Fixes

This maintenance release fixes a high number of CVEs. You can learn more abo...

Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/prod-deps-ver-2631f4ab47 branch from b856329 to e4abf72 Compare June 19, 2026 06:04
…updates

Bumps the prod-deps-ver group with 25 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.eclipse.jetty:jetty-bom](https://github.com/jetty/jetty.project) | `12.1.9` | `12.1.10` |
| org.eclipse.jetty.ee10:jetty-ee10-servlet | `12.1.9` | `12.1.10` |
| org.eclipse.jetty.ee10:jetty-ee10-webapp | `12.1.9` | `12.1.10` |
| [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-starter-tomcat](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-aop](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-beans](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework.security:spring-security-oauth2-client](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) | `4.9.8` | `4.10.2` |
| [io.projectreactor:reactor-core](https://github.com/reactor/reactor-core) | `3.8.2` | `3.8.6` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [io.projectreactor:reactor-test](https://github.com/reactor/reactor-core) | `3.8.2` | `3.8.6` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.14` | `0.8.15` |
| [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.8.3` | `4.10.2.0` |
| [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) | `0.10.0` | `0.11.0` |



Updates `org.eclipse.jetty:jetty-bom` from 12.1.9 to 12.1.10
- [Release notes](https://github.com/jetty/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-12.1.9...jetty-12.1.10)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.9 to 12.1.10

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.9 to 12.1.10

Updates `org.springframework.security:spring-security-bom` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.security:spring-security-core` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.boot:spring-boot-dependencies` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-test` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-tomcat` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework:spring-core` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-web` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-aop` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-beans` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-web` from 6.2.18 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-aop` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-beans` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework.security:spring-security-oauth2-client` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `com.github.spotbugs:spotbugs-annotations` from 4.9.8 to 4.10.2
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.8...4.10.2)

Updates `io.projectreactor:reactor-core` from 3.8.2 to 3.8.6
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.8.2...v3.8.6)

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `io.projectreactor:reactor-test` from 3.8.2 to 3.8.6
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.8.2...v3.8.6)

Updates `org.springframework.boot:spring-boot-starter-test` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.8.3 to 4.10.2.0
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.3...spotbugs-maven-plugin-4.10.2.0)

Updates `org.sonatype.central:central-publishing-maven-plugin` from 0.10.0 to 0.11.0
- [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.springframework.security:spring-security-core` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-tomcat` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.9 to 12.1.10

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.9 to 12.1.10

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-version: 4.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-core
  dependency-version: 3.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-test
  dependency-version: 3.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty:jetty-bom
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.sonatype.central:central-publishing-maven-plugin
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-tomcat
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-tomcat
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-oauth2-client
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-aop
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-aop
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-core
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/prod-deps-ver-2631f4ab47 branch from e4abf72 to 94e70a3 Compare June 22, 2026 08:13
@NiklasHerrmann21

Copy link
Copy Markdown
Contributor

Superseded by #1984 — these dependency updates are bundled together there for a single review/merge cycle.

@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/maven/prod-deps-ver-2631f4ab47 branch June 23, 2026 14:22
NiklasHerrmann21 added a commit that referenced this pull request Jun 24, 2026
* Bump org.assertj:assertj-core in /samples/java-security-usage-ias

Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.24.2 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.24.2...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump org.assertj:assertj-core in /samples/java-security-usage

Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.24.2 to 3.27.7.
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.24.2...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* Build(deps): Bump org.json:json from 20251224 to 20260522

Bumps [org.json:json](https://github.com/douglascrockford/JSON-java) from 20251224 to 20260522.
- [Release notes](https://github.com/douglascrockford/JSON-java/releases)
- [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md)
- [Commits](stleary/JSON-java@2025122...2026052)

---
updated-dependencies:
- dependency-name: org.json:json
  dependency-version: '20260522'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Build(deps-dev): Bump the dev-deps group across 1 directory with 2 updates

Bumps the dev-deps group with 2 updates in the / directory: [io.github.hakky54:logcaptor](https://github.com/Hakky54/log-captor) and [org.springframework:spring-context](https://github.com/spring-projects/spring-framework).


Updates `io.github.hakky54:logcaptor` from 2.12.2 to 2.12.6
- [Changelog](https://github.com/Hakky54/log-captor/blob/master/CHANGELOG.MD)
- [Commits](Hakky54/log-captor@v2.12.2...v2.12.6)

Updates `org.springframework:spring-context` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

---
updated-dependencies:
- dependency-name: io.github.hakky54:logcaptor
  dependency-version: 2.12.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
- dependency-name: org.springframework:spring-context
  dependency-version: 7.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-deps
...

Signed-off-by: dependabot[bot] <support@github.com>

* Build(deps): Bump the prod-deps-ver group across 1 directory with 25 updates

Bumps the prod-deps-ver group with 25 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.eclipse.jetty:jetty-bom](https://github.com/jetty/jetty.project) | `12.1.9` | `12.1.10` |
| org.eclipse.jetty.ee10:jetty-ee10-servlet | `12.1.9` | `12.1.10` |
| org.eclipse.jetty.ee10:jetty-ee10-webapp | `12.1.9` | `12.1.10` |
| [org.springframework.security:spring-security-bom](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-starter-test](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-starter-tomcat](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-web](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-aop](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework:spring-beans](https://github.com/spring-projects/spring-framework) | `7.0.7` | `7.0.8` |
| [org.springframework.security:spring-security-oauth2-client](https://github.com/spring-projects/spring-security) | `7.0.5` | `7.1.0` |
| [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) | `4.9.8` | `4.10.2` |
| [io.projectreactor:reactor-core](https://github.com/reactor/reactor-core) | `3.8.2` | `3.8.6` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-params](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.jupiter:junit-jupiter-api](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [io.projectreactor:reactor-test](https://github.com/reactor/reactor-core) | `3.8.2` | `3.8.6` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.14` | `0.8.15` |
| [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.8.3` | `4.10.2.0` |
| [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) | `0.10.0` | `0.11.0` |



Updates `org.eclipse.jetty:jetty-bom` from 12.1.9 to 12.1.10
- [Release notes](https://github.com/jetty/jetty.project/releases)
- [Commits](jetty/jetty.project@jetty-12.1.9...jetty-12.1.10)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.9 to 12.1.10

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.9 to 12.1.10

Updates `org.springframework.security:spring-security-bom` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.security:spring-security-core` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.boot:spring-boot-dependencies` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-test` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-tomcat` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework:spring-core` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-web` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-aop` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-beans` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-web` from 6.2.18 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-aop` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework:spring-beans` from 7.0.7 to 7.0.8
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v7.0.7...v7.0.8)

Updates `org.springframework.security:spring-security-oauth2-client` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `com.github.spotbugs:spotbugs-annotations` from 4.9.8 to 4.10.2
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.8...4.10.2)

Updates `io.projectreactor:reactor-core` from 3.8.2 to 3.8.6
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.8.2...v3.8.6)

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `io.projectreactor:reactor-test` from 3.8.2 to 3.8.6
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.8.2...v3.8.6)

Updates `org.springframework.boot:spring-boot-starter-test` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.8.3 to 4.10.2.0
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.3...spotbugs-maven-plugin-4.10.2.0)

Updates `org.sonatype.central:central-publishing-maven-plugin` from 0.10.0 to 0.11.0
- [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits)

Updates `org.junit.jupiter:junit-jupiter-engine` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.jupiter:junit-jupiter-params` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.springframework.security:spring-security-core` from 7.0.5 to 7.1.0
- [Release notes](https://github.com/spring-projects/spring-security/releases)
- [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc)
- [Commits](spring-projects/spring-security@7.0.5...7.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-starter-tomcat` from 3.5.14 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.junit.jupiter:junit-jupiter-api` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.9 to 12.1.10

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.1.9 to 12.1.10

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-version: 4.10.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.10.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-core
  dependency-version: 3.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-test
  dependency-version: 3.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty:jetty-bom
  dependency-version: 12.1.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.sonatype.central:central-publishing-maven-plugin
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-tomcat
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.boot:spring-boot-starter-tomcat
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-bom
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework.security:spring-security-oauth2-client
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-aop
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-aop
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-beans
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-core
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps-ver
- dependency-name: org.springframework:spring-web
  dependency-version: 7.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: Restore legacy-3 version indirections and fix junit-bom import

The prod-deps-ver Dependabot bundle (#1978) textually replaced four legacy-3
version indirections with hardcoded 4.x values:
- spring-security-3/pom.xml: spring.boot.version, spring.security.oauth2.version, reactor.version
- spring-security-3-starter/pom.xml: spring.boot.version, spring.security.oauth2.version
- token-client-spring-3/pom.xml: spring.core.version
Restore the ${legacy3.*} property references so the Spring Boot 3.x
compatibility modules build against Spring 6.x as intended.

Also fix the junit-bom import in the root pom: it lacked
<type>pom</type><scope>import</scope>, so junit-platform/jupiter versions
were silently provided by spring-boot-dependencies. Aligning the junit-bom
import (and moving it ahead of spring-boot-dependencies) keeps all JUnit 6
artifacts on the same version after the 6.0.3 -> 6.1.0 bump.

* docs: Add 4.1.0 CHANGELOG entry for dependency bundle

Summarise the dependency updates pulled in from the bundled Dependabot
PRs (prod-deps, dev-deps, org.json, assertj samples) and the junit-bom
import fix in the root pom.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant