fix(deps): update dependency org.springframework.boot:spring-boot-starter-web to v4

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.boot:spring-boot-starter-web (source)	3.1.1 -> 4.0.0

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-web)

v4.0.0

v3.5.8

v3.5.7

⭐ New Features

• Add TWENTY_FIVE to JavaVersion enum #​47609

🐞 Bug Fixes

• Signed jar verification fails when nested in an uber war running on an Oracle JVM #​47771
• In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47737
• Homebrew formula for the CLI should use libexec #​47722
• When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #​47717
• ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #​47678
• OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #​47635
• JavaVersion doesn't work reliably in native-image #​47620
• LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #​47346
• Launcher fails to find main method when it is parameterless #​47311
• Package private Main class using Java 25 is not found by build plugins #​47309
• Bitnami legacy images are not automatically detected #​47275
• Maven plugin does not provide an easy way to exclude optional dependencies from uber jar #​25403

📔 Documentation

• Some spring.test.* properties are not documented #​47775
• Dependency management for Maven AntRun Plugin is missing changelog link #​47744
• Developing Your First Spring Boot Application has outdated tools #​47700
• Include deprecated configuration properties in the reference documentation #​47669
• Aggregated Javadoc should link to the proper version of JakartaEE #​47593
• Update javadoc of TestRestTemplate following change to redirect behavior #​47474
• Use non-deprecated syntax to configure sourceCompatibility #​47343
• Fix link to Framework's @Bean annotation #​47330
• Update managed dependency version override examples in documentation #​47306

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.8 #​47767
• Upgrade to Angus Mail 2.0.5 #​47525
• Upgrade to AssertJ 3.27.6 #​47526
• Upgrade to Byte Buddy 1.17.8 #​47527
• Upgrade to Cassandra Driver 4.19.1 #​47768
• Upgrade to Classmate 1.7.1 #​47528
• Upgrade to Elasticsearch Client 8.18.8 #​47671
• Upgrade to Glassfish JAXB 4.0.6 #​47529
• Upgrade to GraphQL Java 24.3 #​47755
• Upgrade to Groovy 4.0.29 #​47713
• Upgrade to Hibernate 6.6.33.Final #​47530
• Upgrade to HttpClient5 5.5.1 #​47531
• Upgrade to HttpCore5 5.3.6 #​47532
• Upgrade to Jakarta Mail 2.1.5 #​47533
• Upgrade to Jakarta XML Bind 4.0.4 #​47242
• Upgrade to Jetty 12.0.29 #​47728
• Upgrade to Jetty Reactive HTTPClient 4.0.12 #​47534
• Upgrade to jOOQ 3.19.27 #​47536
• Upgrade to Logback 1.5.20 #​47714
• Upgrade to Lombok 1.18.42 #​47538
• Upgrade to Maven Compiler Plugin 3.14.1 #​47539
• Upgrade to Micrometer 1.15.5 #​47457
• Upgrade to Micrometer Tracing 1.5.5 #​47458
• Upgrade to MongoDB 5.5.2 #​47648
• Upgrade to MSSQL JDBC 12.10.2.jre11 #​47612
• Upgrade to Netty 4.1.128.Final #​47649
• Upgrade to Postgresql 42.7.8 #​47540
• Upgrade to Pulsar 4.0.7 #​47541
• Upgrade to R2DBC H2 1.0.1.RELEASE #​47729
• Upgrade to R2DBC Postgresql 1.0.8.RELEASE #​47542
• Upgrade to Reactor Bom 2024.0.11 #​47459
• Upgrade to RxJava3 3.1.12 #​47543
• Upgrade to Spring AMQP 3.2.8 #​47614
• Upgrade to Spring Authorization Server 1.5.3 #​47460
• Upgrade to Spring Batch 5.2.4 #​47487
• Upgrade to Spring Data Bom 2025.0.5 #​47461
• Upgrade to Spring Framework 6.2.12 #​47462
• Upgrade to Spring GraphQL 1.4.3 #​47754
• Upgrade to Spring Integration 6.5.3 #​47615
• Upgrade to Spring LDAP 3.3.4 #​47463
• Upgrade to Spring Pulsar 1.2.11 #​47464
• Upgrade to Spring Security 6.5.6 #​47465
• Upgrade to Spring Session 3.5.3 #​47466
• Upgrade to Spring WS 4.1.2 #​47467
• Upgrade to Tomcat 10.1.48 #​47613
• Upgrade to Undertow 2.3.20.Final #​47545
• Upgrade to WebJars Locator Lite 1.1.2 #​47546

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​DKARAGODIN, @​JinhyeokFang, @​Lublanski, @​Pankraz76, @​fhiyo, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, and @​xyraclius

v3.5.6

🐞 Bug Fixes

• Quoted -D arguments break system property resolution on Linux with Spring AOT #​47166
• Groovy Templates fails with an NPE when rendering an auto new line #​47139
• available() does not behave correctly when reading stored entries from a NestedJarFile #​47057
• spring-boot-docker-compose doesn't create service connections when image has registry host but not project #​47019
• Flyway Ignore Migration Patterns setting can't be set to an empty string #​47013

📔 Documentation

• Default value of server.tomcat.resource.cache-ttl is not documented #​47253
• Document Java 25 support #​47245
• Fix links to Flyway reference documentation #​46988
• Clarify Javadoc of Customizer interfaces about overriding behavior #​46942

🔨 Dependency Upgrades

• Upgrade to Ehcache3 3.10.9 #​47106
• Upgrade to Elasticsearch Client 8.18.6 #​47094
• Upgrade to Gson 2.13.2 #​47158
• Upgrade to Hibernate 6.6.29.Final #​47216
• Upgrade to HikariCP 6.3.3 #​47187
• Upgrade to HttpCore5 5.3.5 #​47108
• Upgrade to Infinispan 15.2.6.Final #​47109
• Upgrade to Jakarta Activation 2.1.4 #​47188
• Upgrade to Jakarta Mail 2.1.4 #​47110
• Upgrade to Jaybird 6.0.3 #​47111
• Upgrade to Jetty 12.0.27 #​47159
• Upgrade to jOOQ 3.19.26 #​47160
• Upgrade to Lombok 1.18.40 #​47113
• Upgrade to MariaDB 3.5.6 #​47189
• Upgrade to Maven Failsafe Plugin 3.5.4 #​47190
• Upgrade to Maven Shade Plugin 3.6.1 #​47191
• Upgrade to Maven Surefire Plugin 3.5.4 #​47192
• Upgrade to Micrometer 1.15.4 #​47083
• Upgrade to Micrometer Tracing 1.5.4 #​47084
• Upgrade to Netty 4.1.127.Final #​47127
• Upgrade to R2DBC MSSQL 1.0.3.RELEASE #​47193
• Upgrade to Reactor Bom 2024.0.10 #​47085
• Upgrade to Spring AMQP 3.2.7 #​47086
• Upgrade to Spring Batch 5.2.3 #​47087
• Upgrade to Spring Data Bom 2025.0.4 #​47088
• Upgrade to Spring Framework 6.2.11 #​47089
• Upgrade to Spring GraphQL 1.4.2 #​47090
• Upgrade to Spring Integration 6.5.2 #​47091
• Upgrade to Spring Kafka 3.3.10 #​47092
• Upgrade to Spring Pulsar 1.2.10 #​47093
• Upgrade to Spring Security 6.5.5 #​47257
• Upgrade to Tomcat 10.1.46 #​47194
• Upgrade to Undertow 2.3.19.Final #​47115
• Upgrade to XmlUnit2 2.10.4 #​47243

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chanwon-Seo, @​doljae, @​izeye, and @​quaff

v3.5.5

Compare Source

🐞 Bug Fixes

• Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
• Performance critical tracing code has high overhead due to the use of the Stream API #​46844
• SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
• Race condition in OutputCapture can result in stale data #​46721
• Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
• Default value not detected for a field annoted with @Name #​46666
• Missing metadata when using @Name with a constructor-bound property #​46663
• Missing property for Spring Authorization Server's PAR endpoint #​46641
• Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
• Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
• Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
• Failure to discover default value for a primitive should not lead to document its default value #​46561

📔 Documentation

• Kotlin samples for configuration metadata are in the wrong package #​46857
• Observability examples in the reference guide are missing the Kotlin version #​46798
• Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
• Tracing samples in the reference guide are missing the Kotlin version #​46767
• Improve Virtual Threads section to mention the changes in Java 24 #​46610
• spring.test.webtestclient.timeout is not documented #​46588
• spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
• Adapt deprecation level for management.health.influxdb.enabled #​46580
• spring.test.mockmvc properties are not documented #​46578

🔨 Dependency Upgrades

• Upgrade to Angus Mail 2.0.4 #​46725
• Upgrade to AssertJ 3.27.4 #​46726
• Upgrade to Byte Buddy 1.17.7 #​46883
• Upgrade to Couchbase Client 3.8.3 #​46794
• Upgrade to Elasticsearch Client 8.18.5 #​46830
• Upgrade to Hibernate 6.6.26.Final #​46884
• Upgrade to Hibernate Validator 8.0.3.Final #​46728
• Upgrade to HikariCP 6.3.2 #​46729
• Upgrade to Jersey 3.1.11 #​46730
• Upgrade to Jetty 12.0.25 #​46831
• Upgrade to Jetty Reactive HTTPClient 4.0.11 #​46885
• Upgrade to jOOQ 3.19.25 #​46808
• Upgrade to MariaDB 3.5.5 #​46779
• Upgrade to Maven Javadoc Plugin 3.11.3 #​46886
• Upgrade to Micrometer 1.15.3 #​46701
• Upgrade to Micrometer Tracing 1.5.3 #​46702
• Upgrade to MySQL 9.4.0 #​46732
• Upgrade to Netty 4.1.124.Final #​46832
• Upgrade to Pulsar 4.0.6 #​46733
• Upgrade to Reactor Bom 2024.0.9 #​46703
• Upgrade to REST Assured 5.5.6 #​46849
• Upgrade to Spring Authorization Server 1.5.2 #​46704
• Upgrade to Spring Data Bom 2025.0.3 #​46705
• Upgrade to Spring Framework 6.2.10 #​46706
• Upgrade to Spring Kafka 3.3.9 #​46871
• Upgrade to Spring LDAP 3.3.3 #​46707
• Upgrade to Spring Pulsar 1.2.9 #​46708
• Upgrade to Spring RESTDocs 3.0.5 #​46920
• Upgrade to Spring Security 6.5.3 #​46709
• Upgrade to Spring Session 3.5.2 #​46710
• Upgrade to Tomcat 10.1.44 #​46734

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.5.4

Compare Source

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #​46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #​46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #​46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46205
• Hash calculation for uber archive entries that require unpacking is inefficient #​46203
• Permissions are applied inconsistently when building uber archives with Gradle #​46194
• Environment variables using legacy dash format can no longer be bound #​46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46180
• Executable JAR application class encounters performance issues #​46177
• Executable JAR application class encounters performance issues #​46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46170
• SslInfo does not use its Clock when checking certificate validity #​46011

📔 Documentation

• Fix description of spring.batch.job.enabled #​46247
• Fix broken Kotlin examples in reference documentation #​46168
• Add Logback Access Reactor Netty to community starters #​46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #​46373
• Upgrade to Caffeine 3.2.2 #​46432
• Upgrade to Couchbase Client 3.8.2 #​46460
• Upgrade to GraphQL Java 24.1 #​46395
• Upgrade to Groovy 4.0.28 #​46516
• Upgrade to Hibernate 6.6.22.Final #​46492
• Upgrade to HikariCP 6.3.1 #​46493
• Upgrade to Infinispan 15.2.5.Final #​46461
• Upgrade to Jackson Bom 2.19.2 #​46494
• Upgrade to Jetty 12.0.23 #​46375
• Upgrade to MariaDB 3.5.4 #​46376
• Upgrade to Maven Invoker Plugin 3.9.1 #​46377
• Upgrade to Micrometer 1.15.2 #​46280
• Upgrade to Micrometer Tracing 1.5.2 #​46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #​46378
• Upgrade to MySQL 9.3.0 #​46371
• Upgrade to Neo4j Java Driver 5.28.9 #​46434
• Upgrade to Netty 4.1.123.Final #​46435
• Upgrade to Prometheus Client 1.3.10 #​46379
• Upgrade to Reactor Bom 2024.0.8 #​46282
• Upgrade to RxJava3 3.1.11 #​46380
• Upgrade to Spring AMQP 3.2.6 #​46283
• Upgrade to Spring Data Bom 2025.0.2 #​46284
• Upgrade to Spring Framework 6.2.9 #​46218
• Upgrade to Spring GraphQL 1.4.1 #​46381
• Upgrade to Spring Integration 6.5.1 #​46359
• Upgrade to Spring Kafka 3.3.8 #​46360
• Upgrade to Spring LDAP 3.3.2 #​46285
• Upgrade to Spring Pulsar 1.2.8 #​46286
• Upgrade to Spring Security 6.5.2 #​46477
• Upgrade to Spring WS 4.1.1 #​46362
• Upgrade to Testcontainers 1.21.3 #​46382
• Upgrade to Tomcat 10.1.43 #​46383
• Upgrade to XmlUnit2 2.10.3 #​46384

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.5.3

Compare Source

🐞 Bug Fixes

• Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46040

v3.5.2

Compare Source

🐞 Bug Fixes

• IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #​46032

v3.5.1

Compare Source

⚠️ Noteworthy Changes

• This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

⭐ New Features

• Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #​42932

🐞 Bug Fixes

• Executable JAR application class encounters performance issues when classpath URLs reference a host #​46028
• Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46019
• spring.couchbase.authentication.jks.private-key-password has no effect #​46006
• Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46005
• UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #​45994
• DataSouceBuilder can fail with a NPE when the driver is null #​45992
• JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45980
• ManagementContextAutoConfiguration adds a property source that degrades binding performance #​45968
• ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #​45955
• It is not possible to opt-out of profile validation or use profile names that contain '.' #​45947
• GraphQlProperties.DeprecatedSse is not annotated as deprecated #​45878
• SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #​45857
• Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #​45848
• ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45803
• Binding no longer works with sytem environment properties that are not upper case #​45741
• ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45736
• Default version of Awailitility is not compatible with Kotlin 1.9 baseline #​45673
• Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #​45670
• Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #​45669
• SAML2 autoconfiguration is not imported by @WebMvcTest #​45666
• Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #​45660

📔 Documentation

• Fix Docker security options links in Packaging OCI images sections #​46021
• Improve documentation for configuring Spring Security with '/error' #​46009
• Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45997
• Add SSL response structure to actuator info endpoint documentation #​45921
• Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45915
• Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45863
• Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45844
• Update documentation to reflect changes in TestRestTemplate's default redirect behavior #​45842
• Deprecation replacement for spring.codec.* properties has a typo #​45743
• Gradle Shadow Plugin link in the reference guide is outdated #​45740
• Example of using prometheus-metrics-exporter-pushgateway has wrong artifactId #​45684
• Document use of git-commit-id-maven-plugin consistently #​45683
• Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45656

🔨 Dependency Upgrades

• Upgrade to Build Helper Maven Plugin 3.6.1 #​45827
• Upgrade to Byte Buddy 1.17.6 #​45981
• Upgrade to Caffeine 3.2.1 #​45864
• Upgrade to DB2 JDBC 12.1.2.0 #​45942
• Upgrade to Git Commit ID Maven Plugin 9.0.2 #​45828
• Upgrade to Groovy 4.0.27 #​45829
• Upgrade to Hibernate 6.6.18.Final #​45958
• Upgrade to HttpClient5 5.5 #​46031
• Upgrade to Infinispan 15.2.4.Final #​45943
• Upgrade to Jackson Bom 2.19.1 #​45982
• Upgrade to Jaybird 6.0.2 #​45832
• Upgrade to Jetty 12.0.22 #​45834
• Upgrade to Jetty Reactive HTTPClient 4.0.10 #​45833
• Upgrade to jOOQ 3.19.24 #​45944
• Upgrade to Micrometer 1.15.1 #​45776
• Upgrade to Micrometer Tracing 1.5.1 #​45777
• Upgrade to MongoDB 5.5.1 #​45865
• Upgrade to Netty 4.1.122.Final #​45835
• Upgrade to Postgresql 42.7.7 #​45945
• Upgrade to Prometheus Client 1.3.8 #​45837
• Upgrade to Pulsar 4.0.5 #​45838
• Upgrade to Reactor Bom 2024.0.7 #​45778
• Upgrade to REST Assured 5.5.5 #​45839
• Upgrade to Spring Authorization Server 1.5.1 #​45779
• Upgrade to Spring Data Bom 2025.0.1 #​45780
• Upgrade to Spring Framework 6.2.8 #​45781
• Upgrade to Spring HATEOAS 2.5.1 #​45946
• Upgrade to Spring Kafka 3.3.7 #​45782
• Upgrade to Spring LDAP 3.3.1 #​45783
• Upgrade to Spring Pulsar 1.2.7 #​45784
• Upgrade to Spring RESTDocs 3.0.4 #​45785
• Upgrade to Spring Security 6.5.1 #​45786
• Upgrade to Spring Session 3.5.1 #​45787
• Upgrade to Testcontainers 1.21.2 #​46029
• Upgrade to Tomcat 10.1.42 #​45872
• Upgrade to UnboundID LDAPSDK 7.0.3 #​45983
• Upgrade to XmlUnit2 2.10.2 #​45841
• Upgrade to Zipkin Reporter 3.5.1 #​45826

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Peksa, @​Rutujakolte03, @​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​juliojgd, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, @​tanruian, and @​wonyongg

v3.5.0

Compare Source

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features

• Make heapdump endpoint restricted by default #​45624
• Remove SSL status tag from metrics #​45602
• Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507

🐞 Bug Fixes

• Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
• ValidationAutoConfiguration triggers early initialization of properties binding #​45618
• Micrometer "enable" annotations property does not cover observed aspect #​45617
• spring.graphql.sse.timeout is no longer exposed #​45613
• SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
• IllegalStateException when extracting using layers a module with no code of its own #​45449
• Removed spring.batch.initialize-schema property is still considered #​45380
• ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
• Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
• Custom default units declared on a field are ignored when binding properties in a native image #​45347
• DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
• Various spring.datasource properties are mistakenly marked as ignored #​45342
• JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
• DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
• Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
• CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622

📔 Documentation

• Document the java info contribution #​45634
• Document the process info contribution #​45632
• Document the os info contribution #​45630
• Document typical spring.application.group and name use #​45628
• Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
• Document the way that primary Kotlin constructors are used when binding #​45553
• Improve "profile" reference documentation with additional admonitions #​45551
• Improve setEnvironmentPrefix(...) reference documentation #​45376
• Document all the available Testcontainers integrations #​45367
• Document when a spring.config.import value is relative and when it is fixed #​45363
• Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
• Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299

🔨 Dependency Upgrades

• Prevent upgrade to Prometheus Client 1.3.7 #​45541
• Upgrade to Couchbase Client 3.8.1 #​45539
• Upgrade to Elasticsearch 8.18.1 #​45447
• Upgrade to GraphQL Java 24.0 #​45588
• Upgrade to Hibernate 6.6.15.Final #​45540
• Upgrade to HttpClient5 5.4.4 #​45462
• Upgrade to Jackson Bom 2.18.4 #​45463
• Upgrade to Jackson Bom 2.19.0 #​45542
• Upgrade to Jetty 12.0.21 #​45519
• Upgrade to jOOQ 3.19.23 #​45465
• Upgrade to Kafka 3.9.1 #​45606
• Upgrade to Micrometer 1.15.0 #​45432
• Upgrade to Micrometer Tracing 1.5.0 #​45433
• Upgrade to Neo4j Java Driver 5.28.5 #​45446
• Upgrade to Netty 4.1.121.Final #​45466
• Upgrade to R2DBC Proxy 1.1.6.RELEASE #​45467
• Upgrade to Reactor Bom 2024.0.6 #​45434
• Upgrade to REST Assured 5.5.2 #​45571
• Upgrade to Spring Authorization Server 1.5.0 #​45435
• Upgrade to Spring Data Bom 2025.0.0 #​45436
• Upgrade to Spring Framework 6.2.7 #​45437
• Upgrade to Spring GraphQL 1.4.0 #​45438
• Upgrade to Spring HATEOAS 2.5.0 #​45559
• Upgrade to Spring Integration 6.5.0 #​45439
• Upgrade to Spring Kafka 3.3.6 #​45440
• Upgrade to Spring LDAP 3.3.0 #​45441
• Upgrade to Spring Pulsar 1.2.6 #​45442
• Upgrade to Spring Retry 2.0.12 #​45443
• Upgrade to Spring Security 6.5.0 #​45444
• Upgrade to Spring Session 3.5.0 #​45560
• Upgrade to Spring WS 4.1.0 #​45445
• Upgrade to Tomcat 10.1.41 #​45520
• Upgrade to XmlUnit2 2.10.1 #​45607

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.12

Compare Source

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #​48195
• Testcontainers integration fails on Docker 29.0.0 #​48104
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons [#​48117](https:/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[gemini-code-assist]

Summary of Changes

Hello @renovate-bot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on a critical maintenance task: upgrading the spring-boot-starter-web dependency to its latest major version, 4.0.0. This update is essential for keeping the application current with the Spring Boot ecosystem, ensuring compatibility with newer Java versions, and leveraging the latest features, performance enhancements, and security fixes provided by the framework and its transitive dependencies.

Highlights

• Major Dependency Upgrade: The core org.springframework.boot:spring-boot-starter-web dependency has been updated from version "3.1.1" to "4.0.0". This is a significant major version upgrade for Spring Boot, bringing the project to the latest stable release.
• Spring Boot 4.0.0 Release Contents: The Spring Boot 4.0.0 release includes new features such as the addition of TWENTY_FIVE to the JavaVersion enum, numerous bug fixes addressing issues like signed jar verification and Jetty virtual thread configuration, and various documentation improvements. It also incorporates a substantial number of dependency upgrades for underlying libraries like ActiveMQ, AssertJ, Hibernate, Jetty, Micrometer, Spring Framework, and many others, ensuring the project benefits from the latest improvements and security patches across its ecosystem.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request attempts to upgrade spring-boot-starter-web to version 4.0.0. This is a problematic update because version 4.0.0 of Spring Boot has not been released, which will cause build failures. Furthermore, the project is configured for Java 8, which is incompatible with Spring Boot 3.x and higher (which require Java 17+). I've left a comment suggesting a downgrade to a compatible Spring Boot 2.7.x version to resolve these critical issues.

[gemini-code-assist]

This update to Spring Boot 4.0.0 is problematic for several reasons:

1. Non-existent Version: Spring Boot 4.0.0 is not a released version. This will cause the Maven build to fail as it cannot resolve this dependency.
2. Java Version Incompatibility: This project is configured to use Java 8 (<java.version>1.8</java.version>). Spring Boot 3.x (including the previous version 3.1.1) requires a minimum of Java 17. A future Spring Boot 4.x would require an even newer Java version.
3. Project Context: The project is named kotlin-sb-appengine-standard and is located under appengine-standard-java8, indicating it's targeted for the App Engine Java 8 standard environment. This environment does not support Java 17+.

Given these points, the project should be using a version of Spring Boot compatible with Java 8, such as the 2.7.x line. I suggest downgrading to the latest version in that line to fix the existing incompatibility and make the project buildable.

Suggested change

	<version>4.0.0</version>
	<version>2.7.18</version>