fix(deps): update all minor dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
eclipse-temurin	final	patch	25.0.1_8-jre → 25.0.2_10-jre
org.sonarsource.scanner.maven:sonar-maven-plugin (source)	build	minor	5.5.0.6356 → 5.6.0.6792
org.apache.maven.plugins:maven-resources-plugin (source)	build	minor	3.4.0 → 3.5.0
org.apache.maven.plugins:maven-surefire-plugin (source)	build	patch	3.5.4 → 3.5.5
org.apache.maven.plugins:maven-compiler-plugin (source)	build	minor	3.14.0 → 3.15.0
org.apache.logging.log4j:log4j-slf4j2-impl (source)	test	patch	2.25.3 → 2.25.4
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	compile	patch	3.0.1 → 3.0.3
com.sun.xml.bind:jaxb-core (source)	compile	patch	4.0.6 → 4.0.7
org.springframework.boot:spring-boot-starter-parent (source)	parent	patch	4.0.3 → 4.0.5

---

Release Notes

SonarSource/sonar-scanner-maven (org.sonarsource.scanner.maven:sonar-maven-plugin)

v5.6.0.6792

Compare Source

Release notes - Sonar Scanner for Maven - 5.6

Maintenance

SCANMAVEN-318 Update Orchestrator and fix e2e matrix
SCANMAVEN-324 Convert e2e tests to invoker
SCANMAVEN-346 Fix CI failure
SCANMAVEN-347 Automate detection of sonar:sonar shorthand failure
SCANMAVEN-348 Bump org.assertj:assertj-core from 3.26.3 to 3.27.7 in /sonar-maven-plugin
SCANMAVEN-349 Remove Maven 4 e2e tests from promotion requirements
SCANMAVEN-356 Add automated release workflow
SCANMAVEN-357 Licence packaging standard - Maven Scanner
SCANMAVEN-358 Create SonarUpdateCenterRelease.yml
SCANMAVEN-361 Add issue-categories in automated release
SCANMAVEN-363 Fix e2e tests with Maven 4
SCANMAVEN-364 Do not run nightly builds on weekends
SCANMAVEN-365 Set up orchestrator cache
SCANMAVEN-366 Update sonar-scanner-java-library to 4.1.0.1619
SCANMAVEN-367 Update sonar-scanner-java-library to 4.1.1.1633
SCANMAVEN-369 Update parent pom to 87.0.0.3057

Feature

SCANMAVEN-281 Irrelevant encrypted properties are not filtered out in multi-module project with "sonar" in the name

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-ui)

v3.0.3

Compare Source

v3.0.2: springdoc-openapi v3.0.2 released!

Added

• #​3229 – Add support for Spring Framework API Versioning with Functional Endpoints
• #​3208 – Add springdoc.swagger-ui.document-title property

Changed

• Upgrade Spring Boot to version 4.0.3
• Upgrade swagger-core to version 2.2.43
• Upgrade swagger-ui to version 5.32.0
• Upgrade Scalar to version 0.5.55

Fixed

• #​3232 – Gracefully handle springdoc endpoint paths during API version resolution
• #​3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
• #​3226 – Propagate JsonView context when resolving Page<T> schema
• #​3228 – springdoc-openapi-starter 3.x doesn't depend on org.springframework.boot:spring-boot-starter
• #​3220 – Reachability metadata not compatible with GraalVM 25
• #​3195 – Application won't compile when OpenApi and spring-boot-data-rest is present
• #​3193 – OpenApi field in SpringDocConfigProperties does not comply with camel case naming conventions
• #​3215 – Type annotation not considered when Kotlin is not present
• #​3199 – Prevent duplicate _links in allOf child schemas
• #​3198 – Property resolution for parameter default values
• #​3206 – Upgrade swagger-core from version 2.2.41 to 2.2.42

Full Changelog: springdoc/springdoc-openapi@v3.0.1...v3.0.2

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v4.0.5

Compare Source

🐞 Bug Fixes

• Test starter for Spring Integration does not include Spring Integration test module #​49784
• Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #​49782
• WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #​49753
• WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #​49749
• Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #​49738
• Override of property in external 'application.properties' or 'application.yaml' is ignored #​49731
• NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #​49706
• Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #​49695
• @GraphQlTest does not include @ControllerAdvice #​49672

📔 Documentation

• Fix incorrect indefinite articles in Javadoc #​49727
• Add some more Kotlin examples and trivial style fixes #​49714
• Overhaul Spring Session documentation following modularization #​49704

🔨 Dependency Upgrades

• Upgrade to Brave 6.3.1 #​49763
• Upgrade to Jackson 2 Bom 2.21.2 #​49764
• Upgrade to jOOQ 3.19.31 #​49765
• Upgrade to Netty 4.2.12.Final #​49794
• Upgrade to Tomcat 11.0.20 #​49767
• Upgrade to Zipkin Reporter 3.5.3 #​49762

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

v4.0.4

Compare Source

⚠️ Attention Required

• OpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. #​49453
• Jackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. #​49389
• Jackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. #​49383
• The default value for server.tomcat.max-part-count has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. #​49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #​49649
• "/cloudfoundryapplication" web path is not limited to Actuator #​49646
• Fix EndpointRequest.toLinks() when base-path is '/' #​49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #​49596
• RSocket exposes duplicate endpoint for websocket setups #​49593
• Failure analysis for a missing mail sender is misleading #​49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #​49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #​49482
• "spring.main.cloud-platform=none" does not disable cloud features #​49479
• SSL support with Docker Compose does not work as documented #​49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #​49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #​49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #​49343
• RouterFunctions descriptions in Actuator do not support nesting #​49302
• Maven plugin does not set '-parameters' option when processing AOT code #​49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #​49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #​49176
• Missing starter for spring-boot-restdocs #​48289

📔 Documentation

• Document support for Java 26 #​49604
• List all supported colors when describing color-coded log output #​49562
• Improve EndpointRequest matcher documentation #​49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #​49514
• Document security considerations for forwarded headers in cloud deployments #​49507
• Tutorial in the reference guide has outdated instructions #​49429
• Document additional repositories required for shibboleth.net #​49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #​49387
• Example spring-devtools.properties file is shown in the wrong format #​49362
• Clarify inferred relationships between OAuth 2 registrations and providers #​49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #​49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #​49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #​49298
• JDK requirement for the CLI still refers to Java 8 #​49293
• Java and Kotlin samples of an environment post processor are inconsistent #​49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #​49545
• Upgrade to DB2 JDBC 12.1.4.0 #​49546
• Upgrade to Elasticsearch Client 9.2.6 #​49421
• Upgrade to Hibernate 7.2.7.Final #​49608
• Upgrade to Jakarta XML WS 4.0.3 #​49469
• Upgrade to JBoss Logging 3.6.3.Final #​49632
• Upgrade to Jetty 12.1.7 #​49470
• Upgrade to Kafka 4.1.2 #​49627
• Upgrade to Liquibase 5.0.2 #​49471
• Upgrade to Lombok 1.18.44 #​49575
• Upgrade to Maven Failsafe Plugin 3.5.5 #​49472
• Upgrade to Maven Shade Plugin 3.6.2 #​49473
• Upgrade to Maven Surefire Plugin 3.5.5 #​49474
• Upgrade to Micrometer 1.16.4 #​49413
• Upgrade to Micrometer Tracing 1.6.4 #​49414
• Upgrade to MongoDB 5.6.4 #​49422
• Upgrade to Native Build Tools Plugin 0.11.5 #​49475
• Upgrade to Neo4j Java Driver 6.0.3 #​49431
• Upgrade to Pulsar 4.1.3 #​49476
• Upgrade to Reactor Bom 2025.0.4 #​49415
• Upgrade to Spring Batch 6.0.3 #​49416
• Upgrade to Spring Data Bom 2025.1.4 #​49417
• Upgrade to Spring Framework 7.0.6 #​49418
• Upgrade to Spring HATEOAS 3.0.3 #​49587
• Upgrade to Spring Integration 7.0.4 #​49529
• Upgrade to Spring Kafka 4.0.4 #​49419
• Upgrade to Spring Pulsar 2.0.4 #​49420
• Upgrade to Spring Security 7.0.4 #​49530
• Upgrade to Spring WS 5.0.1 #​49531
• Upgrade to Testcontainers 2.0.4 #​49655

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​FBibonne, @​answndud, @​bbbbooo, @​chandanv89, @​giyeon95, @​itsmevichu, @​jayychoi, @​l2yujw, @​ngocnhan-tran1996, @​qnnn, @​quaff, and @​sbrannen

---

Configuration

📅 Schedule: (in timezone Europe/Paris)

• Branch creation
  • "every weekend"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.