chore(deps): bump the all-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the all-dependencies group with 9 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-web	4.0.0-M3	4.0.0-RC1
org.springframework.boot:spring-boot-starter-validation	4.0.0-M3	4.0.0-RC1
io.swagger.parser.v3:swagger-parser	2.1.34	2.1.35
io.swagger.core.v3:swagger-models	2.2.38	2.2.40
net.logstash.logback:logstash-logback-encoder	8.1	9.0
org.assertj:assertj-core	3.6.1	3.27.6
org.junit:junit-bom	6.0.0	6.0.1
org.openapi.generator	7.16.0	7.17.0
org.cyclonedx.bom	2.4.1	3.0.1

Updates org.springframework.boot:spring-boot-starter-web from 4.0.0-M3 to 4.0.0-RC1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v4.0.0-RC1

⭐ New Features

• Revisit metrics and tracing test properties #47776
• Downgrade to GraphQL Java 24.3 #47752
• Configure devtools to set trace probability to 100% by default #47721
• Remove "public" from referenced configurations from auto-configurations #47715
• Remove support for Spring Pulsar Reactive #47707
• Add Jackson 2 module to ease upgrade effort #47688
• Remove ConcurrentReferenceCachingMetadataReaderFactory #47687
• Remove integration for REST Docs' REST Assured support until REST Assured supports Groovy 5 #47685
• Remove support for embedded jar launch scripts #47666
• Remove support for Spring Session Data MongoDB #47662
• Remove support for Spring Session Hazelcast #47661
• Drop Spock until it supports Groovy 5 #47650
• Provide auto-configuration for Jackson's CBOR data format #47641
• Add support for @ObservationKeyValue #47637
• Rename Jackson-specific Json… annotations and classes to Jackson… #47625
• Use Neo4j Java Driver BOM #47623
• Add TWENTY_FIVE to JavaVersion enum #47616
• Rationalize endpoint packages #47606
• Refactor spring-boot-cloudfoundry package structure #47605
• Rename spring-boot-tx module to spring-boot-transaction #47603
• Use JsonMapper instead of ObjectMapper where feasible #47503
• Automatically detect Jackson 3 modules #47485
• Add AWS ECS to cloud platforms #47482
• Rename SharedObjectMapper to SharedJsonMapper #47471
• Provide a configuration property to auto-configure Jackson 3 for best compatibility with Spring Boot 3's Jackson 2 defaults #47470
• Raise GraalVM baseline to 25 #47433
• Clarify that spring-boot-rsocket does not require spring-web #47409
• Rationalize HTTP client configuration properties #47398
• Disable LiveReload server by default #47387
• Update Neo4j support to require Neo4j Java Driver 6.0.0 #47381
• Remove SQL and Reactor starters as they are only used transitively #47378
• Rationalize SSL bundle configuration in RedisConnectionDetails #47375
• Add support for RestTestClient #47335
• Rename Spring Session properties that depend on Spring Data #47333
• Rename JsonMapper-specific properties to make it clear that they're JSON-specific #47328
• Move spring.jackson.datetime.<feature-name> to spring.jackson.datatype.datetime #47327
• Modularize spring-boot-test-autoconfigure #47322
• Allow jars to be marked as a development-tool to exclude from uber-jar #47320
• Switch Maven plugin to exclude optional dependencies by default #47318
• Provide a configuration property for enabling and disabling Elasticsearch Client's sniffer #47301
• Add @ControllerAdvice support to RSocket messaging auto-configuration #47287
• Reintroduce previous EnvironmentPostProcessor in deprecated form #47272
• Remove Bitnami support #47267
• Improve how Spring AMQP's retry can be configured #47264
• Refine JSpecify annotations #47263
• Add support for configuring HttpClientTransport in JettyClientHttpConnectorBuilder #47251
• Raise the minimum supported version of the CycloneDX Gradle Plugin to 3.0.0 #47250

... (truncated)

Commits

• 62aae6e Release v4.0.0-RC1
• b582f5d Temporarily drop build stage
• 8e6bebe Set ignore-already-exists-error to true
• a22b3d1 Revert "Temporarily set ignore-already-exists-error to true"
• 1fc94ef Temporarily set ignore-already-exists-error to true
• 0624dec Merge branch '3.5.x'
• 88c7198 Merge branch '3.4.x' into 3.5.x
• 8ebb971 Upgrade to spring-io/central-publish-action v0.3.0
• 67d5adc Polish and fix test starter descriptions
• c0c66e2 Update SNI test app to use spring-boot-starter-webmvc
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-validation from 4.0.0-M3 to 4.0.0-RC1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-validation's releases.

v4.0.0-RC1

⭐ New Features

• Revisit metrics and tracing test properties #47776
• Downgrade to GraphQL Java 24.3 #47752
• Configure devtools to set trace probability to 100% by default #47721
• Remove "public" from referenced configurations from auto-configurations #47715
• Remove support for Spring Pulsar Reactive #47707
• Add Jackson 2 module to ease upgrade effort #47688
• Remove ConcurrentReferenceCachingMetadataReaderFactory #47687
• Remove integration for REST Docs' REST Assured support until REST Assured supports Groovy 5 #47685
• Remove support for embedded jar launch scripts #47666
• Remove support for Spring Session Data MongoDB #47662
• Remove support for Spring Session Hazelcast #47661
• Drop Spock until it supports Groovy 5 #47650
• Provide auto-configuration for Jackson's CBOR data format #47641
• Add support for @ObservationKeyValue #47637
• Rename Jackson-specific Json… annotations and classes to Jackson… #47625
• Use Neo4j Java Driver BOM #47623
• Add TWENTY_FIVE to JavaVersion enum #47616
• Rationalize endpoint packages #47606
• Refactor spring-boot-cloudfoundry package structure #47605
• Rename spring-boot-tx module to spring-boot-transaction #47603
• Use JsonMapper instead of ObjectMapper where feasible #47503
• Automatically detect Jackson 3 modules #47485
• Add AWS ECS to cloud platforms #47482
• Rename SharedObjectMapper to SharedJsonMapper #47471
• Provide a configuration property to auto-configure Jackson 3 for best compatibility with Spring Boot 3's Jackson 2 defaults #47470
• Raise GraalVM baseline to 25 #47433
• Clarify that spring-boot-rsocket does not require spring-web #47409
• Rationalize HTTP client configuration properties #47398
• Disable LiveReload server by default #47387
• Update Neo4j support to require Neo4j Java Driver 6.0.0 #47381
• Remove SQL and Reactor starters as they are only used transitively #47378
• Rationalize SSL bundle configuration in RedisConnectionDetails #47375
• Add support for RestTestClient #47335
• Rename Spring Session properties that depend on Spring Data #47333
• Rename JsonMapper-specific properties to make it clear that they're JSON-specific #47328
• Move spring.jackson.datetime.<feature-name> to spring.jackson.datatype.datetime #47327
• Modularize spring-boot-test-autoconfigure #47322
• Allow jars to be marked as a development-tool to exclude from uber-jar #47320
• Switch Maven plugin to exclude optional dependencies by default #47318
• Provide a configuration property for enabling and disabling Elasticsearch Client's sniffer #47301
• Add @ControllerAdvice support to RSocket messaging auto-configuration #47287
• Reintroduce previous EnvironmentPostProcessor in deprecated form #47272
• Remove Bitnami support #47267
• Improve how Spring AMQP's retry can be configured #47264
• Refine JSpecify annotations #47263
• Add support for configuring HttpClientTransport in JettyClientHttpConnectorBuilder #47251
• Raise the minimum supported version of the CycloneDX Gradle Plugin to 3.0.0 #47250

... (truncated)

Commits

• 62aae6e Release v4.0.0-RC1
• b582f5d Temporarily drop build stage
• 8e6bebe Set ignore-already-exists-error to true
• a22b3d1 Revert "Temporarily set ignore-already-exists-error to true"
• 1fc94ef Temporarily set ignore-already-exists-error to true
• 0624dec Merge branch '3.5.x'
• 88c7198 Merge branch '3.4.x' into 3.5.x
• 8ebb971 Upgrade to spring-io/central-publish-action v0.3.0
• 67d5adc Polish and fix test starter descriptions
• c0c66e2 Update SNI test app to use spring-boot-starter-webmvc
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-validation from 4.0.0-M3 to 4.0.0-RC1

Release notes

Sourced from org.springframework.boot:spring-boot-starter-validation's releases.

v4.0.0-RC1

⭐ New Features

• Revisit metrics and tracing test properties #47776
• Downgrade to GraphQL Java 24.3 #47752
• Configure devtools to set trace probability to 100% by default #47721
• Remove "public" from referenced configurations from auto-configurations #47715
• Remove support for Spring Pulsar Reactive #47707
• Add Jackson 2 module to ease upgrade effort #47688
• Remove ConcurrentReferenceCachingMetadataReaderFactory #47687
• Remove integration for REST Docs' REST Assured support until REST Assured supports Groovy 5 #47685
• Remove support for embedded jar launch scripts #47666
• Remove support for Spring Session Data MongoDB #47662
• Remove support for Spring Session Hazelcast #47661
• Drop Spock until it supports Groovy 5 #47650
• Provide auto-configuration for Jackson's CBOR data format #47641
• Add support for @ObservationKeyValue #47637
• Rename Jackson-specific Json… annotations and classes to Jackson… #47625
• Use Neo4j Java Driver BOM #47623
• Add TWENTY_FIVE to JavaVersion enum #47616
• Rationalize endpoint packages #47606
• Refactor spring-boot-cloudfoundry package structure #47605
• Rename spring-boot-tx module to spring-boot-transaction #47603
• Use JsonMapper instead of ObjectMapper where feasible #47503
• Automatically detect Jackson 3 modules #47485
• Add AWS ECS to cloud platforms #47482
• Rename SharedObjectMapper to SharedJsonMapper #47471
• Provide a configuration property to auto-configure Jackson 3 for best compatibility with Spring Boot 3's Jackson 2 defaults #47470
• Raise GraalVM baseline to 25 #47433
• Clarify that spring-boot-rsocket does not require spring-web #47409
• Rationalize HTTP client configuration properties #47398
• Disable LiveReload server by default #47387
• Update Neo4j support to require Neo4j Java Driver 6.0.0 #47381
• Remove SQL and Reactor starters as they are only used transitively #47378
• Rationalize SSL bundle configuration in RedisConnectionDetails #47375
• Add support for RestTestClient #47335
• Rename Spring Session properties that depend on Spring Data #47333
• Rename JsonMapper-specific properties to make it clear that they're JSON-specific #47328
• Move spring.jackson.datetime.<feature-name> to spring.jackson.datatype.datetime #47327
• Modularize spring-boot-test-autoconfigure #47322
• Allow jars to be marked as a development-tool to exclude from uber-jar #47320
• Switch Maven plugin to exclude optional dependencies by default #47318
• Provide a configuration property for enabling and disabling Elasticsearch Client's sniffer #47301
• Add @ControllerAdvice support to RSocket messaging auto-configuration #47287
• Reintroduce previous EnvironmentPostProcessor in deprecated form #47272
• Remove Bitnami support #47267
• Improve how Spring AMQP's retry can be configured #47264
• Refine JSpecify annotations #47263
• Add support for configuring HttpClientTransport in JettyClientHttpConnectorBuilder #47251
• Raise the minimum supported version of the CycloneDX Gradle Plugin to 3.0.0 #47250

... (truncated)

Commits

• 62aae6e Release v4.0.0-RC1
• b582f5d Temporarily drop build stage
• 8e6bebe Set ignore-already-exists-error to true
• a22b3d1 Revert "Temporarily set ignore-already-exists-error to true"
• 1fc94ef Temporarily set ignore-already-exists-error to true
• 0624dec Merge branch '3.5.x'
• 88c7198 Merge branch '3.4.x' into 3.5.x
• 8ebb971 Upgrade to spring-io/central-publish-action v0.3.0
• 67d5adc Polish and fix test starter descriptions
• c0c66e2 Update SNI test app to use spring-boot-starter-webmvc
• Additional commits viewable in compare view

Updates io.swagger.parser.v3:swagger-parser from 2.1.34 to 2.1.35

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.35 released!

• fix: make URI scheme check case-insensitive (#2238)

Commits

• 5eb1acb prepare release 2.1.35 (#2239)
• 1a75015 fix: make URI scheme check case-insensitive (#2238)
• 88709d5 bump snapshot 2.1.35-SNAPSHOT
• See full diff in compare view

Updates io.swagger.core.v3:swagger-models from 2.2.38 to 2.2.40

Updates io.swagger.core.v3:swagger-annotations from 2.2.38 to 2.2.40

Updates net.logstash.logback:logstash-logback-encoder from 8.1 to 9.0

Release notes

Sourced from net.logstash.logback:logstash-logback-encoder's releases.

logstash-logback-encoder-9.0

This major release migrates to Jackson 3, and bumps the minimum Java version to 17.

The migration to Jackson 3 introduced some backwards incompatibilities. See #1095 for upgrade details.

Special thanks to new contributors @​tommyulfsparre, @​patrickjbarry, and @​maxxedev!

What's Changed

⚠️ Update considerations and deprecations

• Bump minimum version of Java to 17 by @​philsttr in logfellow/logstash-logback-encoder#1088
• Migrate to Jackson 3 by @​philsttr in logfellow/logstash-logback-encoder#1095

✨ New features and improvements

• Add ability to suppress messages from stacktrace by @​patrickjbarry in logfellow/logstash-logback-encoder#1104
• Make it possible to pretty print throwables as array of strings. by @​maxxedev in logfellow/logstash-logback-encoder#1043

🐞 Bug fixes

• Allow setting droppedWarnFrequency=0 to disable logging dropped message warnings by @​tommyulfsparre in logfellow/logstash-logback-encoder#1086
• Fix flaky flushWithNullOutputStream test by @​philsttr in logfellow/logstash-logback-encoder#1101

📖 Documentation, Tests and Build

• Migrate artifact publishing to Maven Central Portal by @​philsttr in logfellow/logstash-logback-encoder#1090
• Switch release flow to manual GitHub action trigger by @​philsttr in logfellow/logstash-logback-encoder#1091
• Bump CodeQL action to v3 by @​philsttr in logfellow/logstash-logback-encoder#1102
• Bump maven to 3.9.11 by @​philsttr in logfellow/logstash-logback-encoder#1103
• Document Thread and ThreadLocal cleanup by @​philsttr in logfellow/logstash-logback-encoder#1105

🆙 Dependency Upgrades

• Bump org.junit:junit-bom from 5.12.1 to 6.0.0 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1085
• Bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1066
• Bump mockito.version from 5.16.1 to 5.20.0 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1067
• Bump org.apache.felix:maven-bundle-plugin from 5.1.9 to 6.0.0 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1068
• Upgrade various dependencies and plugins by @​philsttr in logfellow/logstash-logback-encoder#1089
• Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1092
• Bump com.puppycrawl.tools:checkstyle from 12.0.0 to 12.0.1 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1093
• Upgrade lmax disruptor to 4.0.0 by @​philsttr in logfellow/logstash-logback-encoder#1096
• Bump org.codehaus.mojo:xml-maven-plugin from 1.1.0 to 1.2.0 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1098
• Bump com.puppycrawl.tools:checkstyle from 12.0.1 to 12.1.0 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1099
• Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1100
• Bump logback-core.version from 1.5.19 to 1.5.20 by @​dependabot[bot] in logfellow/logstash-logback-encoder#1097

New Contributors

• @​patrickjbarry made their first contribution in logfellow/logstash-logback-encoder#1104
• @​tommyulfsparre made their first contribution in logfellow/logstash-logback-encoder#1086
• @​maxxedev made their first contribution in logfellow/logstash-logback-encoder#1043

Full Changelog: logfellow/logstash-logback-encoder@logstash-logback-encoder-8.1...logstash-logback-encoder-9.0

Commits

• e8a1c8e [maven-release-plugin] prepare release logstash-logback-encoder-9.0
• eecb205 Add link to discussions in contributing.md
• 572543c fix build badge in readme
• c64b998 Use alert at top of readme
• f74c821 Make it possible to pretty print throwables as array of strings. (#1043)
• 358f644 Document Thread and ThreadLocal cleanup (#1105)
• 0d553cf Add ability to suppress messages from stacktrace (#1104)
• c9318cd Bump maven to 3.9.11 (#1103)
• ef58694 Bump codeql action to v3 (#1102)
• 3059741 Bump logback-core.version from 1.5.19 to 1.5.20 (#1097)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.6.1 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.17.7 #3947
• Upgrade to JUnit BOM 5.13.4 #3947

Guava

• Upgrade to Guava 33.4.8-jre #3947

v3.27.4

🚫 Deprecated

Core

• Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
• Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
• Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

• Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

• Migrate to the Central Publisher Portal, enable snapshot publishing #3881

... (truncated)

Commits

• 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
• e189652 Add missing export for org.assertj.core.annotation (#3951)
• 0cb489e Update Maven Central URL
• 7286309 [maven-release-plugin] prepare for next development iteration
• dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
• 1d0defc Add missing permission to release workflow
• 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
• bdd7106 Add CodeQL custom workflow
• a93d7e6 Remove EOL Java 24
• 26ea866 Update production dependencies (#3947)
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 6.0.0 to 6.0.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Updates org.openapi.generator from 7.16.0 to 7.17.0

Updates org.cyclonedx.bom from 2.4.1 to 3.0.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions