build(deps): bump the java-dependencies group in /api with 7 updates

[dependabot]

Bumps the java-dependencies group in /api with 7 updates:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	4.0.3	4.0.4
com.bucket4j:bucket4j_jdk17-core	8.15.0	8.17.0
io.jsonwebtoken:jjwt-api	0.12.6	0.13.0
io.jsonwebtoken:jjwt-impl	0.12.6	0.13.0
io.jsonwebtoken:jjwt-jackson	0.12.6	0.13.0
org.springdoc:springdoc-openapi-starter-webmvc-ui	3.0.1	3.0.2
com.diffplug.spotless:spotless-maven-plugin	3.3.0	3.4.0

Updates org.springframework.boot:spring-boot-starter-parent from 4.0.3 to 4.0.4

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.4

⚠️ Attention Required

• Provide advance warning of the deprecation and forthcoming removal of OpenTelemetry's ZipkinSpanExporter #49453
• Upgrade to Jackson 2 Bom 2.21.1 #49389
• Upgrade to Jackson Bom 3.1.0 #49383
• Tomcat's default max part count is too low in 4.0.x #49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #49649
• "/cloudfoundryapplication" web path is not limited to Actuator #49646
• Fix EndpointRequest.toLinks() when base-path is '/' #49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
• RSocket exposes duplicate endpoint for websocket setups #49593
• Failure analysis for a missing mail sender is misleading #49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49482
• "spring.main.cloud-platform=none" does not disable cloud features #49479
• SSL support with Docker Compose does not work as documented #49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #49343
• RouterFunctions descriptions in Actuator do not support nesting #49302
• Maven plugin does not set '-parameters' option when processing AOT code #49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #49176
• Missing starter for spring-boot-restdocs #48289

📔 Documentation

• Document support for Java 26 #49604
• List all supported colors when describing color-coded log output #49562
• Improve EndpointRequest matcher documentation #49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49514
• Document security considerations for forwarded headers in cloud deployments #49507
• Tutorial in the reference guide has outdated instructions #49429
• Document additional repositories required for shibboleth.net #49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #49387
• Example spring-devtools.properties file is shown in the wrong format #49362
• Clarify inferred relationships between OAuth 2 registrations and providers #49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49298
• JDK requirement for the CLI still refers to Java 8 #49293
• Java and Kotlin samples of an environment post processor are inconsistent #49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #49545

... (truncated)

Commits

• 8bdd6f8 Release v4.0.4
• 79a3850 Merge branch '3.5.x' into 4.0.x
• 3ebd147 Next development version (v3.5.13-SNAPSHOT)
• 26edf79 Merge branch '3.5.x' into 4.0.x
• 6620dea Polishing
• 7151419 Upgrade to Testcontainers 2.0.4
• cc6bb61 Merge branch '3.5.x' into 4.0.x
• dd54841 Upgrade to Spring Batch 5.2.5
• 2739427 Upgrade to Spring Batch 6.0.3
• a6d8c48 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates com.bucket4j:bucket4j_jdk17-core from 8.15.0 to 8.17.0

Release notes

Sourced from com.bucket4j:bucket4j_jdk17-core's releases.

8.17.0

What's Changed

• fix(docs): Bucket4j-Glide Anchor by @​NersesAM in bucket4j/bucket4j#570
• fix(readme): documentation links by @​NersesAM in bucket4j/bucket4j#573
• docs: Add Micrometer integration example by @​vorburger in bucket4j/bucket4j#576
• Support for Vertx Redis by @​re-thc in bucket4j/bucket4j#574

New Contributors

• @​NersesAM made their first contribution in bucket4j/bucket4j#570
• @​vorburger made their first contribution in bucket4j/bucket4j#576
• @​re-thc made their first contribution in bucket4j/bucket4j#574

8.16.1

Full Changelog: bucket4j/bucket4j@8.16.0...8.16.1

8.16.0

What's Changed

• feat: add retry strategy by @​wtrocki in bucket4j/bucket4j#560
• feat: add retry max attempts capability for sync and async CAS by @​wtrocki in bucket4j/bucket4j#557
• Support for Valkey GLIDE by @​v3rm0n in bucket4j/bucket4j#559
• Add OSGi support with bnd-maven-plugin by @​chrisrueger in bucket4j/bucket4j#561

New Contributors

• @​wtrocki made their first contribution in bucket4j/bucket4j#560
• @​v3rm0n made their first contribution in bucket4j/bucket4j#559
• @​chrisrueger made their first contribution in bucket4j/bucket4j#561

Full Changelog: bucket4j/bucket4j@8.15.0...8.16.0

Commits

• 8ab3c62 prepare 8.17.0 documentation
• 8f72e6c prepare 8.17.0 artifacts
• 5278eda prepare 8.17.0 artifacts
• a0a665c #575 fix for removal of not-existed key for Infinispan
• e8e0eb3 vertx-redis-client-integration (#574)
• 6249fe0 docs: Add Micrometer integration example (#576)
• f518bfa Merge branch 'master' into 8.16
• 6a2af98 fix(readme): documentation links
• 6da5bd8 #569 fix duplication of profile section
• 46daaa4 Merge pull request #573 from NersesAM/patch-2
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.12.6 to 0.13.0

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.13.0

This is the last minor JJWT release branch that will support Java 7.

Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

What's Changed

This release contains a single change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. Thank you to @​kesrishubham2510 for PR #972. See Issue 914.

Full Changelog: jwtk/jjwt@0.12.7...0.13.0

0.12.7

This patch release:

• Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

New Contributors

• @​sigpwned made their first contribution in jwtk/jjwt#968
• @​TheMrMilchmann made their first contribution in jwtk/jjwt#979
• @​atanasg made their first contribution in jwtk/jjwt#974

Full Changelog: jwtk/jjwt@0.12.6...0.12.7

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.13.0

This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

This 0.13.0 minor release has only one change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. See Issue 914.

0.12.7

This patch release:

• Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

Commits

• a757add [maven-release-plugin] prepare release 0.13.0
• e357463 Preparing for the 0.13.0 release.
• b6f8cb8 Made constructor public to allow users their own objectMapper instance (#972)
• 03f088a Bumping development version to 0.13.0-SNAPSHOT (#1014)
• 3f2697f Release 0.12.7 (#1012)
• efed1cf Updated 0.12.7 change list
• ca27b12 Resolves #1010 (#1011)
• 55c7b9a Resolves #771 (#1009)
• 6e9c6a5 Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (#1008)
• 7ec7dd1 Enable JwtParser empty nested algorithm collections. (#1007)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-impl from 0.12.6 to 0.13.0

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.13.0

This is the last minor JJWT release branch that will support Java 7.

Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

What's Changed

This release contains a single change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. Thank you to @​kesrishubham2510 for PR #972. See Issue 914.

Full Changelog: jwtk/jjwt@0.12.7...0.13.0

0.12.7

This patch release:

• Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

New Contributors

• @​sigpwned made their first contribution in jwtk/jjwt#968
• @​TheMrMilchmann made their first contribution in jwtk/jjwt#979
• @​atanasg made their first contribution in jwtk/jjwt#974

Full Changelog: jwtk/jjwt@0.12.6...0.12.7

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.13.0

This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

This 0.13.0 minor release has only one change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. See Issue 914.

0.12.7

This patch release:

• Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

Commits

• a757add [maven-release-plugin] prepare release 0.13.0
• e357463 Preparing for the 0.13.0 release.
• b6f8cb8 Made constructor public to allow users their own objectMapper instance (#972)
• 03f088a Bumping development version to 0.13.0-SNAPSHOT (#1014)
• 3f2697f Release 0.12.7 (#1012)
• efed1cf Updated 0.12.7 change list
• ca27b12 Resolves #1010 (#1011)
• 55c7b9a Resolves #771 (#1009)
• 6e9c6a5 Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (#1008)
• 7ec7dd1 Enable JwtParser empty nested algorithm collections. (#1007)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.12.6 to 0.13.0

Updates io.jsonwebtoken:jjwt-impl from 0.12.6 to 0.13.0

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.13.0

This is the last minor JJWT release branch that will support Java 7.

Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

What's Changed

This release contains a single change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. Thank you to @​kesrishubham2510 for PR #972. See Issue 914.

Full Changelog: jwtk/jjwt@0.12.7...0.13.0

0.12.7

This patch release:

• Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

New Contributors

• @​sigpwned made their first contribution in jwtk/jjwt#968
• @​TheMrMilchmann made their first contribution in jwtk/jjwt#979
• @​atanasg made their first contribution in jwtk/jjwt#974

Full Changelog: jwtk/jjwt@0.12.6...0.12.7

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.13.0

This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

This 0.13.0 minor release has only one change:

• The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. See Issue 914.

0.12.7

This patch release:

• Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

• Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

  • Emptying the zip() nested collection disables JWT decompression.
  • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
  • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

  See Issue 996.

• Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

• Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

• Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

  Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

  NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

  See Issue 988.

• Upgrades the Gson dependency to 2.11.0

• Upgrades the BouncyCastle dependency to 1.78.1

Commits

• a757add [maven-release-plugin] prepare release 0.13.0
• e357463 Preparing for the 0.13.0 release.
• b6f8cb8 Made constructor public to allow users their own objectMapper instance (#972)
• 03f088a Bumping development version to 0.13.0-SNAPSHOT (#1014)
• 3f2697f Release 0.12.7 (#1012)
• efed1cf Updated 0.12.7 change list
• ca27b12 Resolves #1010 (#1011)
• 55c7b9a Resolves #771 (#1009)
• 6e9c6a5 Bump org.bouncycastle:bcpkix-jdk18on from 1.78 to 1.78.1 (#1008)
• 7ec7dd1 Enable JwtParser empty nested algorithm collections. (#1007)
• Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-jackson from 0.12.6 to 0.13.0

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.1 to 3.0.2

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.2 released!

Added

• #3229 – Add support for Spring Framework API Versioning with Functional Endpoints
• #3208 – Add springdoc.swagger-ui.document-title property

Changed

• Upgrade Spring Boot to version 4.0.3
• Upgrade swagger-core to version 2.2.43
• Upgrade swagger-ui to version 5.32.0
• Upgrade Scalar to version 0.5.55

Fixed

• #3232 – Gracefully handle springdoc endpoint paths during API version resolution
• #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
• #3228 – springdoc-openapi-starter 3.x doesn't depend on org.springframework.boot:spring-boot-starter
• #3220 – Reachability metadata not compatible with GraalVM 25
• #3195 – Application won't compile when OpenApi and spring-boot-data-rest is present
• #3193 – OpenApi field in SpringDocConfigProperties does not comply with camel case naming conventions
• #3215 – Type annotation not considered when Kotlin is not present
• #3199 – Prevent duplicate _links in allOf child schemas
• #3198 – Property resolution for parameter default values
• #3206 – Upgrade swagger-core from version 2.2.41 to 2.2.42

Full Changelog: springdoc/springdoc-openapi@v3.0.1...v3.0.2

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[3.0.2] - 2026-02-27

Added

• #3229 – Add support for Spring Framework API Versioning with Functional Endpoints
• #3208 – Add springdoc.swagger-ui.document-title property

Changed

• Upgrade Spring Boot to version 4.0.3
• Upgrade swagger-core to version 2.2.43
• Upgrade swagger-ui to version 5.32.0
• Upgrade Scalar to version 0.5.55

Fixed

• #3232 – Gracefully handle springdoc endpoint paths during API version resolution
• #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
• #3226 – Propagate JsonView context when resolving Page<T> schema
• #3228 – springdoc-openapi-starter 3.x doesn't depend on org.springframework.boot:spring-boot-starter
• #3220 – Reachability metadata not compatible with GraalVM 25
• #3195 – Application won't compile when OpenApi and spring-boot-data-rest is present
• #3193 – OpenApi field in SpringDocConfigProperties does not comply with camel case naming conventions
• #3215 – Type annotation not considered when Kotlin is not present
• #3199 – Prevent duplicate _links in allOf child schemas
• #3198 – Property resolution for parameter default values
• #3206 – Upgrade swagger-core from version 2.2.41 to 2.2.42

Commits

• f26cb82 [maven-release-plugin] prepare release v3.0.2
• 865018a Copyright updates
• 354265e code refactoring
• 08b428f Upgrade swagger-ui to version 5.32.0
• 432d332 Fixes DSL using header versioning
• 0922635 code review
• 55fa901 CHANGELOG.md updates
• 7678599 Add sample test with WebMVC.fn - DSL #3229
• 8f410d7 Gracefully handle springdoc endpoint paths during API version resolution. fix...
• 2057ccf enable SNAPSHOTS distribution
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.3.0 to 3.4.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.4.0

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Lib v3.3.1

Fixed

• GitPrePushHookInstaller didn't work on windows, now fixed. (#2562)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.5.0] - 2026-03-18

Added

• Add tableTest format type for standalone .table files. (#2880)

Changes

• Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

[4.4.0] - 2026-03-02

Added

• Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

• Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
• [fix] ConcurrentModificationException in expandWildcardImports (#2830)

[4.3.0] - 2026-01-27

Added

• Add P2Provisioner interface in lib-extra to enable build-tool-specific caching strategies for Eclipse P2 dependencies, fixing OutOfMemoryError in large multi-project builds. (#2788)

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

[4.2.0] - 2026-01-22

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Fixed

• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)
• Git ratchet no longer throws an error with Git worktrees. (#2779)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

[4.1.0] - 2025-11-18

Changes

• Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
• Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
• Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)

... (truncated)

Commits

• 708a1b0 Published maven/3.4.0
• 1cc0163 Published gradle/8.4.0
• a4cd808 Published lib/4.5.0
• 9066bf6 Add links to the changelog.
• db8dc1c Fix for illegal mutation issue with predeclareDeps (#2892)
• 0eb98a9 chore: Updated gradle plugin change
• 3f7f12e chore: Removes check for predeclare as it's not needed anymore
• 55c0c5c fix: IsolatedProjectTest.predeclaredIsUnsupported() is now actually supported...
• 47489af fix: avoid IllegalMutationException when root project uses predeclareDeps() w...
• 4010e8b test: Introduce a test harnessing predeclared deps
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of t...

Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.