chore(deps): Bump the maven-deps group with 4 updates

[dependabot]

Bumps the maven-deps group with 4 updates: org.springframework.boot:spring-boot-starter-parent, org.springframework:spring-webflux, org.springdoc:springdoc-openapi-starter-webmvc-ui and org.xhtmlrenderer:flying-saucer-pdf.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates org.springframework:spring-webflux from 6.2.12 to 7.0.1

Release notes

Sourced from org.springframework:spring-webflux's releases.

v7.0.1

⭐ New Features

• Align RestOperations Kotlin extensions nullability with Java one #35852
• Add resetCaches() method to Caffeine/ConcurrentMapCacheManager #35840
• Fix single-check idiom in UnmodifiableMultiValueMap #35822
• Fix Spliterator characteristics in ConcurrentReferenceHashMap #35817
• RestTestClient does not configure JsonPathAssertions in the same way as WebTestClient #35793

🐞 Bug Fixes

• Fix JdbcOperations Kotlin extensions #35846
• Fix getCacheNames() concurrent access in NoOpCacheManager #35842
• Annotation discovery regression for interfaces extending BeanNameAware and co. #35835
• MissingPathVariableException produces wrong status code in ProblemDetail #35829
• Refine ParameterizedPreparedStatementSetter nullability #35749
• Fix HtmlUtils unescape for supplementary chars #35477

📔 Documentation

• Fix cross-reference links in HtmlUnit sections #35853
• Remove @see Javadoc references to deprecated PropertiesBeanDefinitionReader #35836
• Replace kotlin-issues attribute reference #35820
• Document semantics and behavior of SpringExtension.getApplicationContext() #35764

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​juntae6942, @​kilink, @​ngocnhan-tran1996, and @​quaff

v7.0.0

🍃 Please read the official release notes and upgrade guide

⭐ New Features

• Make SessionHolder publicly accessible for external resource management #35799
• RouterFunctions Builders do not support ServerResponse subtypes #35791
• Configure Jackson CBOR codecs by default if present #35787
• Rename maxAttempts to maxRetries in @Retryable and RetryPolicy #35772
• Prevent Kotlin Serialization side effects #35761
• Add default API version to the list of supported versions #35755
• Improve user check in TransportHandlingSockJsService #35753
• Update ApiVersionDeprecationHandler to provide access to handler #35750
• Use dedicated classes for ApiVersionResolver implementations #35747
• Provide AOT support for @Nested classes in a @ParameterizedClass #35744
• AssertJ support for WebTestClient #35737
• Reject attempt to use @MockitoSpyBean with a scoped proxy #35722
• Provide a way to supply the client builder for an HttpServiceGroup #35707
• Review HttpMessageConverters.Builder to improve readability of code using the API #35704

... (truncated)

Commits

• b038beb Release v7.0.1
• abec289 Stop mentioning non-existent NestedServletException
• 3026f0a Lazily initialize ProblemDetail for picking up actual status code
• 9fe4e77 Fix link to MockMvc test in HtmlUnit section
• d178930 Polishing
• 91d2a51 Fix cross-reference links in HtmlUnit sections
• f456674 Polishing
• 35b8fbf Remove javadoc references to deprecated PropertiesBeanDefinitionReader
• 1d1851f Refine RestOperations Kotlin extensions nullability
• 23f0cfb Fix JdbcOperations Kotlin extensions
• Additional commits viewable in compare view

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.14 to 3.0.0

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.0 released!

Added

• #2975 - Spring Framework 7 - Initial API versioning support
• #3123 - Support static resources for webflux

Changed

• Upgrade to Spring Boot 4.0.0!
• Upgrade to Scalar 0.4.3

Fixed

• #3131 - Warning messages when docs are explicitly enabled
• #3121 - NPE in KotlinDeprecatedPropertyCustomizer - resolvedSchema is null

Full Changelog: springdoc/springdoc-openapi@v3.0.0-RC1...v3.0.0

springdoc-openapi v3.0.0-RC1 released!

Added

• #3095 - Add support for Spring Boot 4.0.0-RC1

Full Changelog: springdoc/springdoc-openapi@v3.0.0-M1...v3.0.0-RC1

springdoc-openapi v3.0.0-M1 released!

Added

• #3062 - Add Spring Boot 4.0.0-M2 support

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Commits

• 6526d7a [maven-release-plugin] prepare release v3.0.0
• 49409a9 Prepare for next release
• aa333b3 moving to 3.0.0-SNAPSHOT
• 44e2f70 Upgrade to spring-boot 4
• 4b95d0e scalar upgrade to version 0.4.3
• 9b3dd90 Remove dependency on the latest spring-framework SNAPSHOT.
• 95c3b87 Warning messages when docs are explicitly enabled. Fixes #3131
• e444dee Changes report: Regression where content type from swagger @​RequestBody does ...
• 007977e feat: static resources for webflux #3123
• 0293459 Spring Framework 7 - API versioning support #2975
• Additional commits viewable in compare view

Updates org.xhtmlrenderer:flying-saucer-pdf from 10.0.3 to 10.0.4

Release notes

Sourced from org.xhtmlrenderer:flying-saucer-pdf's releases.

v10.0.4

What's Changed

• #596 Fix "1. The cell borders are rendered outside the table border" by @​dogbokchif in flyingsaucerproject/flyingsaucer#603

• Minor refactoring of tables by @​asolntsev in flyingsaucerproject/flyingsaucer#604

• Generate Lexer.java on every build by @​asolntsev in flyingsaucerproject/flyingsaucer#601

• Bump error_prone.version from 2.42.0 to 2.43.0 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#590

• Bump actions/upload-artifact from 4 to 5 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#592

• Bump org.junit:junit-bom from 6.0.0 to 6.0.1 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#595

• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#597

• Bump commons-io:commons-io from 2.20.0 to 2.21.0 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#599

• Bump error_prone.version from 2.43.0 to 2.44.0 by @​dependabot[bot] in flyingsaucerproject/flyingsaucer#598

New Contributors

• @​dogbokchif made their first contribution in flyingsaucerproject/flyingsaucer#603

Full Changelog: flyingsaucerproject/flyingsaucer@v10.0.3...v10.0.4

Changelog

Sourced from org.xhtmlrenderer:flying-saucer-pdf's changelog.

10.0.4 (17.10.2025) - see https://github.com/flyingsaucerproject/flyingsaucer/milestone/42?closed=1

• #596 Fix issue "The cell borders are rendered outside the table border" / by Chanhyuk Lee (#603)
• Minor refactoring of tables (#604)
• refactoring: Generate Lexer.java on every build (#601)

Commits

• 13ba75b release FlyingSaucer 10.0.4
• 686f039 enable more IDEA warnings
• df76ea1 slightly shorten code by using "instanceof" variable
• 35ff3e9 slightly extract duplicate code to helper methods
• e8f4c72 For paginate Table, return getContentLimitedBorderEdge()
• 8ec472f ignore ErrorProne error in the generated Lexer.java
• 336a917 generate Lexer.java from Lexer.flex
• 849fd6a remove unneeded braces
• 9f651d7 convert string concatenation to text blocks
• 1e540d4 remove unneeded braces between label and its loop
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions