Skip to content

fix(deps): update spring boot to v3.5.6 #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update spring boot to v3.5.6 #408

wants to merge 1 commit into from
+5 −5

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 19, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
org.springframework.boot:spring-boot-starter-test (source) 3.4.2 -> 3.5.6 age confidence
org.springframework.boot:spring-boot-starter-data-jpa (source) 3.4.2 -> 3.5.6 age confidence
org.springframework.boot:spring-boot-starter-web (source) 3.4.2 -> 3.5.6 age confidence
org.springframework.boot:spring-boot-starter-webflux (source) 3.4.2 -> 3.5.6 age confidence
org.springframework.boot:spring-boot-starter-parent (source) 3.4.2 -> 3.5.6 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-test)

v3.5.6

Compare Source

v3.5.5

Compare Source

🐞 Bug Fixes

  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46844
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
  • Race condition in OutputCapture can result in stale data #​46721
  • Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
  • Default value not detected for a field annoted with @Name #​46666
  • Missing metadata when using @Name with a constructor-bound property #​46663
  • Missing property for Spring Authorization Server's PAR endpoint #​46641
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
  • Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
  • Failure to discover default value for a primitive should not lead to document its default value #​46561

📔 Documentation

  • Kotlin samples for configuration metadata are in the wrong package #​46857
  • Observability examples in the reference guide are missing the Kotlin version #​46798
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
  • Tracing samples in the reference guide are missing the Kotlin version #​46767
  • Improve Virtual Threads section to mention the changes in Java 24 #​46610
  • spring.test.webtestclient.timeout is not documented #​46588
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
  • Adapt deprecation level for management.health.influxdb.enabled #​46580
  • spring.test.mockmvc properties are not documented #​46578

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.5.4

Compare Source

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #​46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #​46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46203
  • Permissions are applied inconsistently when building uber archives with Gradle #​46194
  • Environment variables using legacy dash format can no longer be bound #​46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46180
  • Executable JAR application class encounters performance issues #​46177
  • Executable JAR application class encounters performance issues #​46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46170
  • SslInfo does not use its Clock when checking certificate validity #​46011

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46247
  • Fix broken Kotlin examples in reference documentation #​46168
  • Add Logback Access Reactor Netty to community starters #​46060

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.5.3

Compare Source

🐞 Bug Fixes

  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46040

v3.5.2

Compare Source

🐞 Bug Fixes
  • IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #​46032

v3.5.1

Compare Source

⚠️ Noteworthy Changes

  • This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

⭐ New Features

  • Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #​42932

🐞 Bug Fixes

  • Executable JAR application class encounters performance issues when classpath URLs reference a host #​46028
  • Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46019
  • spring.couchbase.authentication.jks.private-key-password has no effect #​46006
  • Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46005
  • UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #​45994
  • DataSouceBuilder can fail with a NPE when the driver is null #​45992
  • JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45980
  • ManagementContextAutoConfiguration adds a property source that degrades binding performance #​45968
  • ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #​45955
  • It is not possible to opt-out of profile validation or use profile names that contain '.' #​45947
  • GraphQlProperties.DeprecatedSse is not annotated as deprecated #​45878
  • SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #​45857
  • Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #​45848
  • ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45803
  • Binding no longer works with sytem environment properties that are not upper case #​45741
  • ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45736
  • Default version of Awailitility is not compatible with Kotlin 1.9 baseline #​45673
  • Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #​45670
  • Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #​45669
  • SAML2 autoconfiguration is not imported by @WebMvcTest #​45666
  • Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #​45660

📔 Documentation

  • Fix Docker security options links in Packaging OCI images sections #​46021
  • Improve documentation for configuring Spring Security with '/error' #​46009
  • Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45997
  • Add SSL response structure to actuator info endpoint documentation #​45921
  • Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45915
  • Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45863
  • Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45844
  • Update documentation to reflect changes in TestRestTemplate's default redirect behavior #​45842
  • Deprecation replacement for spring.codec.* properties has a typo #​45743
  • Gradle Shadow Plugin link in the reference guide is outdated #​45740
  • Example of using prometheus-metrics-exporter-pushgateway has wrong artifactId #​45684
  • Document use of git-commit-id-maven-plugin consistently #​45683
  • Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45656

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Peksa, @​Rutujakolte03, @​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​juliojgd, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, @​tanruian, and @​wonyongg

v3.5.0

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features

  • Make heapdump endpoint restricted by default #​45624
  • Remove SSL status tag from metrics #​45602
  • Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507

🐞 Bug Fixes

  • Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
  • ValidationAutoConfiguration triggers early initialization of properties binding #​45618
  • Micrometer "enable" annotations property does not cover observed aspect #​45617
  • spring.graphql.sse.timeout is no longer exposed #​45613
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
  • IllegalStateException when extracting using layers a module with no code of its own #​45449
  • Removed spring.batch.initialize-schema property is still considered #​45380
  • ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
  • Custom default units declared on a field are ignored when binding properties in a native image #​45347
  • DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
  • Various spring.datasource properties are mistakenly marked as ignored #​45342
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
  • DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
  • Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
  • CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622

📔 Documentation

  • Document the java info contribution #​45634
  • Document the process info contribution #​45632
  • Document the os info contribution #​45630
  • Document typical spring.application.group and name use #​45628
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
  • Document the way that primary Kotlin constructors are used when binding #​45553
  • Improve "profile" reference documentation with additional admonitions #​45551
  • Improve setEnvironmentPrefix(...) reference documentation #​45376
  • Document all the available Testcontainers integrations #​45367
  • Document when a spring.config.import value is relative and when it is fixed #​45363
  • Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.10

Compare Source

v3.4.9

🐞 Bug Fixes
  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46877
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46838
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46752
  • Race condition in OutputCapture can result in stale data #​46685
  • Default value not detected for a field annoted with @Name #​46662
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46630
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46627
  • Missing metadata when using @Name with a constructor-bound property #​46599
  • Failure to discover default value for a primitive should not lead to document its default value #​46551
📔 Documentation
  • Observability examples in the reference guide are missing the Kotlin version #​46775
  • Kotlin samples for configuration metadata are in the wrong package #​46774
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46756
  • Tracing samples in the reference guide are missing the Kotlin version #​46699
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46584
  • spring.test.webtestclient.timeout is not documented #​46577
  • spring.test.mockmvc properties are not documented #​46576
  • Adapt deprecation level for management.health.influxdb.enabled #​46574
  • Improve Virtual Threads section to mention the changes in Java 24 #​46547
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​Pankraz76, @​deejay1, @​ganjisriver, @​izeye, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.4.8

Compare Source

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46472
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46401
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46397
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46214
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46202
  • Permissions are applied inconsistently when building uber archives with Gradle #​46193
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46178
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46164
  • Executable JAR application class encounters performance issues #​46063
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46043
  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46039
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​45846

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46228
  • Fix broken Kotlin examples in reference documentation #​46064

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​nosan, and @​quaff

v3.4.7

Compare Source

⚠️ Noteworthy Changes

  • This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

🐞 Bug Fixes

  • Executable JAR application class encounters performance issue

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@netlify Netlify
Copy link

netlify bot commented Jun 19, 2025
edited
Loading

Deploy Preview for ree6-backend canceled.

Name Link
🔨 Latest commit c319a8d
🔍 Latest deploy log https://app.netlify.com/projects/ree6-backend/deploys/68cc4af94e0b060008b9c6b8

@renovate renovate bot force-pushed the renovate/spring-boot branch from cab9328 to 24ea12a Compare June 19, 2025 19:55
@renovate renovate bot changed the title fix(deps): update spring boot to v3.5.1 fix(deps): update spring boot to v3.5.2 Jun 19, 2025
@renovate renovate bot force-pushed the renovate/spring-boot branch from 24ea12a to 88339f3 Compare June 20, 2025 07:36
@renovate renovate bot changed the title fix(deps): update spring boot to v3.5.2 fix(deps): update spring boot to v3.5.3 Jun 20, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/spring-boot branch from 88339f3 to d17b712 Compare July 24, 2025 12:50
@renovate renovate bot changed the title fix(deps): update spring boot to v3.5.3 fix(deps): update spring boot to v3.5.4 Jul 24, 2025
@renovate renovate bot force-pushed the renovate/spring-boot branch from d17b712 to 274d81b Compare August 21, 2025 17:46
@renovate renovate bot changed the title fix(deps): update spring boot to v3.5.4 fix(deps): update spring boot to v3.5.5 Aug 21, 2025
@renovate renovate bot force-pushed the renovate/spring-boot branch from 274d81b to c319a8d Compare September 18, 2025 18:09
@renovate renovate bot changed the title fix(deps): update spring boot to v3.5.5 fix(deps): update spring boot to v3.5.6 Sep 18, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants