Skip to content

fix(deps): bump the prod-deps group with 6 updates#335

Merged
dmtkachenko merged 1 commit into
masterfrom
dependabot/maven/prod-deps-86efb2a3d6
Jun 15, 2026
Merged

fix(deps): bump the prod-deps group with 6 updates#335
dmtkachenko merged 1 commit into
masterfrom
dependabot/maven/prod-deps-86efb2a3d6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod-deps group with 6 updates:

Package From To
org.springframework.boot:spring-boot-starter-parent 4.0.6 4.1.0
com.puppycrawl.tools:checkstyle 13.5.0 13.6.0
org.springframework.boot:spring-boot-configuration-processor 4.0.6 4.1.0
org.apache.maven.plugins:maven-enforcer-plugin 3.6.2 3.6.3
org.openapitools:openapi-generator-maven-plugin 7.22.0 7.23.0
io.swagger.core.v3:swagger-annotations 2.2.50 2.2.51

Updates org.springframework.boot:spring-boot-starter-parent from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates com.puppycrawl.tools:checkstyle from 13.5.0 to 13.6.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.6.0

Checkstyle 13.6.0 - https://checkstyle.org/releasenotes.html#Release_13.6.0

New:

#19813 - ConstructorsDeclarationGroupingCheck: new property required to order constructors according to increasing arity. #20109 - NoLineWrap: false negative for wrapped 'import module' (MODULE_IMPORT) declarations.

Bug fixes:

#20216 - MagicNumberCheck: NullPointerException on compact source files when ignoreFieldDeclaration=true (JEP 512). #20292 - percent-encode double quote in SarifLogger file uri. #19623 - Add checks for OpenJDK Style §3.3 - Import statements. #19926 - Documentation Comments Style Guide - validate Default Constructors. #20206 - Javadoc parser error on openjdk source java/lang/Character.java. #20215 - EmptyLineSeparatorCheck: NullPointerException on compact source files with adjacent top-level members (JEP 512). #20273 - Javadoc parser problems. #19973 - FinalLocalVariableCheck: NullPointerException on compact source files (JEP 512). #20267 - ModifiedControlVariableCheck: NullPointerException on compact source files (JEP 512). #20303 - minor: escape file name in generated suppression files. #20212 - MissingOverrideCheck: NullPointerException on compact source files when javaFiveCompatibility=true (JEP 512). #20214 - MissingOverrideOnRecordAccessorCheck: NullPointerException on compact source files (JEP 512). #20210 - MethodNameCheck: NullPointerException on compact source files (JEP 512). #20213 - UnusedLocalVariableCheck: NullPointerException on compact source files with a top-level field (JEP 512). #19734 - Add checks for OpenJDK Style - Wildcard Imports. #19908 - PackageDeclarationCheck reports false positive on JEP 512 compact source files. #19909 - OuterTypeFilename reports false positive on JEP 512 compact source files. #20111 - EmptyLineSeparator: false negative for 'import module' (MODULE_IMPORT) followed by a type declaration. #15085 - Extend UnusedLocalVariable to support pattern variables. #20108 - Indentation: false negative for 'import module' (MODULE_IMPORT) declarations are never checked. #17810 - JDK 25, JEP 512: Compact Source Files and Instance Main Methods not supported.

... (truncated)

Commits
  • 6c24a73 [maven-release-plugin] prepare release checkstyle-13.6.0
  • cd2c012 doc: release notes for 13.6.0
  • aeb3cde Issue #19935: Mark doc image source location as no validation
  • 6cfbdb0 Issue #20216: Fix NPE in MagicNumberCheck for compact source files
  • 2f1af32 Issue #19764: Move violation comments out of Javadoc in atclauseorder
  • 1c649a1 Pull #20292: percent-encode double quote in SarifLogger file uri
  • 89ffcfc dependency: bump org.eclipse.jgit:org.eclipse.jgit
  • 374c13d Issue #18435: Fix xdocs Examples AST Consistency Test - annotationonsameline
  • 0d6fc8c Issue #18435: Fix xdocs Examples AST Consistency Test - annotationlocation
  • 1f2954c Issue #19623: Adding remaining modules
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-configuration-processor from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-configuration-processor's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

  • Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @​hvoynov
  • Add enforceBytecodeVersion rule based on mojohaus (#968) @​cstamas
  • Improve formatting of deprecated API warning (#951) @​mthmulders

🐛 Bug Fixes

📝 Documentation updates

  • Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @​rpkrajewski

👻 Maintenance

📦 Dependency updates

Commits
  • c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
  • ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
  • 0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
  • 8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
  • fd4b148 Add fix for 21.0.10.0.1 issue (#967)
  • f32d597 Deps: Parent POM 48 and align deps (#979)
  • df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
  • 2da7a68 Add null checks for modelId in PluginWrapper
  • 91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
  • b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
  • Additional commits viewable in compare view

Updates org.openapitools:openapi-generator-maven-plugin from 7.22.0 to 7.23.0

Updates io.swagger.core.v3:swagger-annotations from 2.2.50 to 2.2.51

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the prod-deps group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `13.5.0` | `13.6.0` |
| [org.springframework.boot:spring-boot-configuration-processor](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.6.2` | `3.6.3` |
| org.openapitools:openapi-generator-maven-plugin | `7.22.0` | `7.23.0` |
| io.swagger.core.v3:swagger-annotations | `2.2.50` | `2.2.51` |


Updates `org.springframework.boot:spring-boot-starter-parent` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `com.puppycrawl.tools:checkstyle` from 13.5.0 to 13.6.0
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](checkstyle/checkstyle@checkstyle-13.5.0...checkstyle-13.6.0)

Updates `org.springframework.boot:spring-boot-configuration-processor` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3)

Updates `org.openapitools:openapi-generator-maven-plugin` from 7.22.0 to 7.23.0

Updates `io.swagger.core.v3:swagger-annotations` from 2.2.50 to 2.2.51

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 13.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.springframework.boot:spring-boot-configuration-processor
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
- dependency-name: org.openapitools:openapi-generator-maven-plugin
  dependency-version: 7.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps
- dependency-name: io.swagger.core.v3:swagger-annotations
  dependency-version: 2.2.51
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 15, 2026 06:36
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 15, 2026
@dependabot dependabot Bot added the java Pull requests that update java code label Jun 15, 2026
@sonarqubecloud

Copy link
Copy Markdown

@dmtkachenko dmtkachenko merged commit 9ab5f40 into master Jun 15, 2026
17 checks passed
@dmtkachenko dmtkachenko deleted the dependabot/maven/prod-deps-86efb2a3d6 branch June 15, 2026 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants