Skip to content

build(deps): bump spring.boot.version from 4.0.1 to 4.0.2 #4548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Jan 23, 2026
Merged

build(deps): bump spring.boot.version from 4.0.1 to 4.0.2 #4548

k8s-ci-robot merged 1 commit into from
Jan 23, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 23, 2026

Bumps spring.boot.version from 4.0.1 to 4.0.2.
Updates org.springframework.boot:spring-boot from 4.0.1 to 4.0.2

Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v4.0.2

⚠️ Noteworthy Changes

  • The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

  • No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
  • SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
  • Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
  • Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
  • CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
  • RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
  • SSL metrics are no longer auto-configured #48819
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
  • The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
  • Application JAR created by extract command is not reproductible #48678
  • AOT processing of tests should not be disabled when 'skipTests' is set #48662
  • @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
  • Fix zero-length byte buffer in InspectedContent #48650
  • Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
  • HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
  • spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
  • App fails to start with starter-webmvc and starter-zipkin #48581
  • Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

  • Fix typo in REST client documentation #48907
  • Remove duplicate word #48874
  • Document support for configuring arguments passed to Docker Compose #48806
  • The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
  • Update documentation for Buildpack's AOT Cache support #48769
  • Correct docs to use new location for error handling configuration properties #48767
  • Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
  • Example using excludeDevtools property should document that optional dependencies should be enabled #48641
  • Fix grammar and typos in the reference guide #48601
  • Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48783
  • Upgrade to Elasticsearch Client 9.2.3 #48721
  • Upgrade to Hibernate 7.2.1.Final #48857
  • Upgrade to HttpClient5 5.5.2 #48784
  • Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits
  • fae3545 Release v4.0.2
  • 9fde744 Merge branch '3.5.x' into 4.0.x
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 547bc77 Upgrade to Spring Batch 6.0.2
  • 4387cbb Upgrade to Jackson Bom 3.0.4
  • abec26e Polish
  • f677fba Upgrade to Spring Integration 7.0.2
  • 849c2ee Upgrade to Spring GraphQL 2.0.2
  • facd456 Upgrade to Nullability Plugin 0.0.10
  • e99c08f Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-autoconfigure from 4.0.1 to 4.0.2

Release notes

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.0.2

⚠️ Noteworthy Changes

  • The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

  • No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
  • SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
  • Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
  • Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
  • CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
  • RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
  • SSL metrics are no longer auto-configured #48819
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
  • The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
  • Application JAR created by extract command is not reproductible #48678
  • AOT processing of tests should not be disabled when 'skipTests' is set #48662
  • @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
  • Fix zero-length byte buffer in InspectedContent #48650
  • Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
  • HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
  • spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
  • App fails to start with starter-webmvc and starter-zipkin #48581
  • Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

  • Fix typo in REST client documentation #48907
  • Remove duplicate word #48874
  • Document support for configuring arguments passed to Docker Compose #48806
  • The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
  • Update documentation for Buildpack's AOT Cache support #48769
  • Correct docs to use new location for error handling configuration properties #48767
  • Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
  • Example using excludeDevtools property should document that optional dependencies should be enabled #48641
  • Fix grammar and typos in the reference guide #48601
  • Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48783
  • Upgrade to Elasticsearch Client 9.2.3 #48721
  • Upgrade to Hibernate 7.2.1.Final #48857
  • Upgrade to HttpClient5 5.5.2 #48784
  • Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits
  • fae3545 Release v4.0.2
  • 9fde744 Merge branch '3.5.x' into 4.0.x
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 547bc77 Upgrade to Spring Batch 6.0.2
  • 4387cbb Upgrade to Jackson Bom 3.0.4
  • abec26e Polish
  • f677fba Upgrade to Spring Integration 7.0.2
  • 849c2ee Upgrade to Spring GraphQL 2.0.2
  • facd456 Upgrade to Nullability Plugin 0.0.10
  • e99c08f Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-actuator from 4.0.1 to 4.0.2

Release notes

Sourced from org.springframework.boot:spring-boot-actuator's releases.

v4.0.2

⚠️ Noteworthy Changes

  • The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

  • No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
  • SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
  • Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
  • Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
  • CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
  • RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
  • SSL metrics are no longer auto-configured #48819
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
  • The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
  • Application JAR created by extract command is not reproductible #48678
  • AOT processing of tests should not be disabled when 'skipTests' is set #48662
  • @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
  • Fix zero-length byte buffer in InspectedContent #48650
  • Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
  • HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
  • spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
  • App fails to start with starter-webmvc and starter-zipkin #48581
  • Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

  • Fix typo in REST client documentation #48907
  • Remove duplicate word #48874
  • Document support for configuring arguments passed to Docker Compose #48806
  • The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
  • Update documentation for Buildpack's AOT Cache support #48769
  • Correct docs to use new location for error handling configuration properties #48767
  • Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
  • Example using excludeDevtools property should document that optional dependencies should be enabled #48641
  • Fix grammar and typos in the reference guide #48601
  • Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48783
  • Upgrade to Elasticsearch Client 9.2.3 #48721
  • Upgrade to Hibernate 7.2.1.Final #48857
  • Upgrade to HttpClient5 5.5.2 #48784
  • Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits
  • fae3545 Release v4.0.2
  • 9fde744 Merge branch '3.5.x' into 4.0.x
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 547bc77 Upgrade to Spring Batch 6.0.2
  • 4387cbb Upgrade to Jackson Bom 3.0.4
  • abec26e Polish
  • f677fba Upgrade to Spring Integration 7.0.2
  • 849c2ee Upgrade to Spring GraphQL 2.0.2
  • facd456 Upgrade to Nullability Plugin 0.0.10
  • e99c08f Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-test from 4.0.1 to 4.0.2

Release notes

Sourced from org.springframework.boot:spring-boot-test's releases.

v4.0.2

⚠️ Noteworthy Changes

  • The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #48677

🐞 Bug Fixes

  • No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #48880
  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48840
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48838
  • SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #48830
  • Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #48829
  • Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #48828
  • CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #48826
  • RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #48820
  • SSL metrics are no longer auto-configured #48819
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48812
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48703
  • The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #48685
  • Application JAR created by extract command is not reproductible #48678
  • AOT processing of tests should not be disabled when 'skipTests' is set #48662
  • @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #48653
  • Fix zero-length byte buffer in InspectedContent #48650
  • Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #48635
  • HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #48616
  • spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #48585
  • App fails to start with starter-webmvc and starter-zipkin #48581
  • Micrometer test modules should have an api dependency on micrometer-observation-test #48386

📔 Documentation

  • Fix typo in REST client documentation #48907
  • Remove duplicate word #48874
  • Document support for configuring arguments passed to Docker Compose #48806
  • The documentation related to EnvironmentPostProcessor links to deprecated interface #48803
  • Update documentation for Buildpack's AOT Cache support #48769
  • Correct docs to use new location for error handling configuration properties #48767
  • Document spring-boot-starter-cloudfoundry on Cloud Foundry Support Page #48675
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48659
  • Example using excludeDevtools property should document that optional dependencies should be enabled #48641
  • Fix grammar and typos in the reference guide #48601
  • Update Tracing section for Spring Boot 4's modularity #48576

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48783
  • Upgrade to Elasticsearch Client 9.2.3 #48721
  • Upgrade to Hibernate 7.2.1.Final #48857
  • Upgrade to HttpClient5 5.5.2 #48784
  • Upgrade to Jackson 2 Bom 2.20.2 #48910

... (truncated)

Commits
  • fae3545 Release v4.0.2
  • 9fde744 Merge branch '3.5.x' into 4.0.x
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 547bc77 Upgrade to Spring Batch 6.0.2
  • 4387cbb Upgrade to Jackson Bom 3.0.4
  • abec26e Polish
  • f677fba Upgrade to Spring Integration 7.0.2
  • 849c2ee Upgrade to Spring GraphQL 2.0.2
  • facd456 Upgrade to Nullability Plugin 0.0.10
  • e99c08f Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump spring.boot.version from 4.0.1 to 4.0.2
edce6d3 
Bumps `spring.boot.version` from 4.0.1 to 4.0.2.

Updates `org.springframework.boot:spring-boot` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.1...v4.0.2)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.1...v4.0.2)

Updates `org.springframework.boot:spring-boot-actuator` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.1...v4.0.2)

Updates `org.springframework.boot:spring-boot-test` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.1...v4.0.2)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-actuator
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 23, 2026
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 23, 2026
yue9944882
yue9944882 reviewed Jan 23, 2026
View reviewed changes
Copy link
Member

@yue9944882 yue9944882 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 23, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 23, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], yue9944882

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 23, 2026
@k8s-ci-robot k8s-ci-robot merged commit b51d8ce into master Jan 23, 2026
18 checks passed
@dependabot dependabot bot deleted the dependabot/maven/spring.boot.version-4.0.2 branch January 23, 2026 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yue9944882 yue9944882 yue9944882 left review comments

@brendandburns brendandburns Awaiting requested review from brendandburns

Assignees

@yue9944882 yue9944882

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. dependencies Pull requests that update a dependency file java Pull requests that update Java code lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@k8s-ci-robot @yue9944882