fix(deps): bump the prod-deps group across 1 directory with 5 updates

[dependabot]

Bumps the prod-deps group with 4 updates in the / directory: org.springframework.boot:spring-boot-starter-parent, org.apache.commons:commons-lang3, org.openapitools:openapi-generator-maven-plugin and org.apache.maven.plugins:maven-release-plugin.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 4.0.1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.1

⚠️ Noteworthy changes

• Hibernate has been upgraded to 7.2.0.Final in response to Hibernate 7.1 moving to limited support
• spring-boot-starter-kotlin-serialization has been renamed to to spring-boot-starter-kotlinx-serialization-json and spring-boot-starter-kotlin-serialization-test has been renamed to spring-boot-starter-kotlinx-serialization-json-test. This change aligns the starters' names with those of their respective modules
• Using TestRestTemplate now requires a dependency on spring-boot-restclient

🐞 Bug Fixes

• JsonMixinModuleEntriesBeanRegistrationAotProcessor does not handle deprecated code #48564
• JdbcSessionAutoConfiguration may not match when using the auto-configured DataSource #48552
• @ServiceConnection for LgtmStackContainer fails when logging endpoint is configured due to multiple OtlpLoggingConnectionDetails beans #48536
• WebApplicationType does not consider modules when deduced from classpath #48517
• Spring Session auto-configuration fails in a war deployment as ServerProperties is not available #48493
• Opentelemetry logging export requires actuator module #48488
• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48487
• Actuator Info class has inconsistent nullability annotations and cannot be built with null value #48480
• Profiles retained during AOT processing are not configured in a native image #48476
• Security matchers and WebServerNamespace resolution can fail with NoClassDefFoundError when used in a traditional WAR deployment #48388
• HealthEndpointGroupMembershipValidator does not consider reactive health indicators causing NoSuchHealthContributorException to be thrown #48387
• spring.jackson.default-property-inclusion is not applied to content inclusion #48343
• TestRestTemplate.getRootUri() returns empty string #48330
• Redis health check reports an error when redis_version is missing from the INFO response #48328
• Parent's MeterRegistry beans are closed when child context closes #48325
• HttpMessageConverters picks up converter beans for both client and server #48310
• Conditions to auto-configure a RestClient are outdated with the modularization #48308
• A custom JwtTypeValidator that replaces the default can no longer be configured #48301
• PropertiesRestClientHttpServiceGroupConfigurer has highest precedence, preventing other configurers from being ordered ahead of it #48296
• SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48275
• Conditions to auto-configure RestClient-based HTTP service clients are outdated with the modularization #48274
• Starter for Kotlinx Serialization Json is misnamed #48262
• ApplicationServletEnvironment is no longer configured in war deployments #48254
• RestClient.Builder bean present in @SpringBootTest due to spring-boot-starter-webmvc-test, but missing at runtime without restclient starter #48253
• ProblemDetail is rendered to XML incorrectly #48222

📔 Documentation

• Harmonize Kotlin example for HTTP Service client support #48577
• Document HttpMessageConverters detection changes in 4.0.1 #48574
• Improve javadoc for when to use class names rather than class references #48569
• Documentation has an outdated reference to the Jackson Kotlin Module #48534
• Caching documentation should clarify how to use a no-op implementation to run a test suite #48532
• Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48527
• Review documentation and migration guide about changes in @AutoConfigureCache #48522
• License header in build samples is displayed in the reference documentation #48478
• Configuring Two DataSources How-To code sample is inconsistent #48449
• Fix links to source files on GitHub #48398
• Documentation contains broken links to GitHub source files #48394
• Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48360
• Correct the annotation in the Kotlin @ConfigurationPropertiesSource example #48357
• Polish TestRestTemplate examples in the reference guide #48336

... (truncated)

Commits

• b2bc463 Release v4.0.1
• 252b218 Correct renaming of Kotlinx Serialization JSON starters
• 2fa73c2 Merge pull request #48577 from jwalter
• 3e68988 Polish "Harmonize Kotlin example for HTTP Service client support"
• 423373b Harmonize Kotlin example for HTTP Service client support
• f61ac29 Document HttpMessageConverters detection changes
• 2519a5d Merge branch '3.5.x'
• 4fc3ca3 Next development version (v3.5.10-SNAPSHOT)
• aaf66f4 Merge branch '3.5.x'
• 08e2cab Polish javadoc for when to use class names rather than class references
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Updates org.hibernate.orm:hibernate-jpamodelgen from 6.6.33.Final to 7.2.0.Final

Release notes

Sourced from org.hibernate.orm:hibernate-jpamodelgen's releases.

Release 7.2.0

Hibernate ORM 7.2.0.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.0.Final.

You can find the full list of 7.2.0.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide
• the API docs

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Release 7.2.0.CR4

Hibernate ORM 7.2.0.CR4 released

Today, we published a new release of Hibernate ORM 7.2: 7.2.0.CR4.

You can find the full list of 7.2.0.CR4 changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

... (truncated)

Changelog

Sourced from org.hibernate.orm:hibernate-jpamodelgen's changelog.

Changes in 7.2.0.Final (December 12, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36806

Changes in 7.2.0.CR4 (December 10, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36476

** Bug * HHH-19980 In JTA after-completion callbacks may get ignored * HHH-19979 processor should handle @​NamedEntityGraph with defaulted name * HHH-19975 Calling entityManager.find(clazz, id) with null id throws NullPointerException * HHH-19972 OptionalTableUpdateOperation can fail on PostgreSQL < 15 and CockroachDB * HHH-19963 Wrong references in entity fields with circular associations * HHH-19958 <generated> tag in orm.xml is not implemented * HHH-19955 Thread-safety issue in EntityEntryContext resulting in NullPointerException for Session.contains() calls. * HHH-19843 Bean Validation may fail on operations with stateless session * HHH-18871 Nested NativeQuery mappings causing 'Could not locate TableGroup' exception after migration * HHH-18217 StatelessSession.upsert() for entity with all-null non-id fields, or no non-id field

** Improvement * HHH-19943 Comparison of generic nested EmbeddedId's fails for JPQL and Criteria API * HHH-19215 Extends Dialect#addQueryHints to support straight_join syntax

Changes in 7.2.0.CR3 (November 25, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36014

** Bug * HHH-19939 broken caching for MERGE and REFRESH load plans * HHH-19937 duplicate version check after refresh * HHH-19936 Parameter casts for by-id lookups don't take column definition into account * HHH-19932 NullPointerException in SqmInterpretationsKey::toString * HHH-19926 NullPointerException when executing JPQL IN clause with null parameter on entity association * HHH-19925 Locking root(s) should be based on select-clause, not from-clause * HHH-19924 Session#find with LockMode.UPGRADE_NOWAIT casues AssetionError when no entity with the provided id exists in the database * HHH-19922 org.hibernate.orm:hibernate-platform:pom:7.1.7.Final is missing * HHH-19918 Avoid reflection when instantiating known FormatMapper * HHH-19910 EntityInitializer#resolveInstance wrongly initializes existing detached instance * HHH-19906 JsonGeneratingVisitor#visit doesn't handle plural types correctly * HHH-19905 Implicit join re-use with nested inner and left joins causes ParsingException * HHH-19895 hibernate-core 6.6.30.Final breaks compatibility on entities with composite keys for multiple variants of DB2 * HHH-19758 HQL parse failure with SLL can lead to wrong parse * HHH-19749 [Oracle] Merge with @​SecondaryTable may generate invalid NUMERIC type casts

... (truncated)

Commits

• 6f77c21 [Jenkins release job] Preparing release 7.2.0.Final
• 6f9e75e [Jenkins release job] changelog.txt updated by release build 7.2.0.Final
• a182a10 Revert "HHH-7287 - Problem in caching proper natural-id-values when obtaining...
• 6a7ba40 Revert "HHH-7287 - Problem in caching proper natural-id-values when obtaining...
• 1c98c9e Revert "HHH-3192 - SchemaValidator column nullability check"
• 5612c9b Revert "Workaround JDK 17 javac bug for switch expression compilation"
• 6e1ae87 Revert "HHH-19976 Don't adopt AdjustableBasicType name to create derived type"
• 4328313 HHH-19976 Don't adopt AdjustableBasicType name to create derived type
• 64a86dc Workaround JDK 17 javac bug for switch expression compilation
• 3b8dc32 HHH-3192 - SchemaValidator column nullability check
• Additional commits viewable in compare view

Updates org.openapitools:openapi-generator-maven-plugin from 7.17.0 to 7.18.0

Updates org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.1

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.3.1

💥 Breaking changes

• Revert inclusion of ci skip in release commit msg (#1445) @​rvesse

🐛 Bug Fixes

• Revert inclusion of ci skip in release commit msg (#1445) @​rvesse

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444) @dependabot[bot]

3.3.0

💥 Breaking changes

• Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @​kwin

🚀 New features and improvements

• Fixed #1426 : Replace archived org.semver:api with custom SemVer implementation (#1430) @​HarshMehta112
• Introduce new SemVer policies (#1424) @​slawekjaranowski
• Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @​kwin

🐛 Bug Fixes

• Check all project parents for SCM information. (#1421) @​slawekjaranowski

👻 Maintenance

• Fix license header in xml files (#1443) @​slawekjaranowski
• Make implementation of new SemVer policies private for project (#1440) @​slawekjaranowski
• Resolve todo that led to pointless asserts (#1442) @​elharo
• Prefer JDK join method (#1434) @​elharo
• Remove old-style plexus annotation (#1432) @​elharo
• Clean up exceptions (#1433) @​elharo
• Replace deprecated classes (#1438) @​elharo
• Simplify code (#1429) @​elharo
• Fix spelling typo (#1431) @​elharo
• Prefer JDK join method (#1428) @​elharo
• Fixed #1410 [DOCS] Update Javadoc return tags in ReleaseDescriptor.java (#1427) @​HarshMehta112
• Remove manual configuration for plugin requirementsHistories (#1425) @​slawekjaranowski
• Correct misleading @​return descriptions in Javadoc (#1413) @​HarshMehta112
• Migrate JUnit 3/4 to JUnit 5 (#1414) @​slawekjaranowski
• Add tag-template to release-drafter configuration (#1415) @​slawekjaranowski
• Fix assertions and cleanups in Mojo Tests (#1412) @​slawekjaranowski
• Fix Javadoc issues per Oracle conventions (#1408) @​elharo
• Migrate JUnit 3/4 to JUnit 5 (#1411) @​slawekjaranowski

... (truncated)

Commits

• 7e8ebac [maven-release-plugin] prepare release maven-release-3.3.1
• f0f28e5 Revert inclusion of ci skip in release commit msg
• 2a82901 Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444)
• c8613d2 [maven-release-plugin] prepare for next development iteration
• 2b8adaa [maven-release-plugin] prepare release maven-release-3.3.0
• 88630f9 Fixed #1426 : Replace archived org.semver:api with custom SemVer implemen...
• 7af8ace Fix license header in xml files
• 8914b84 Make implementation of new SemVer policies private for project
• 7e861f0 Resolve todo that led to pointless asserts (#1442)
• 422f895 Prefer JDK join method (#1434)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions