fix(deps): update backend non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
org.openapitools:openapi-generator-cli	7.17.0 → 7.19.0
org.testcontainers:junit-jupiter (source)	1.21.3 → 1.21.4
org.testcontainers:postgresql (source)	1.21.3 → 1.21.4
com.yubico:webauthn-server-core (source)	2.7.0 → 2.8.1
org.jgroups:jgroups (source)	5.5.0.Final → 5.5.2.Final
org.apache.commons:commons-lang3 (source)	3.19.0 → 3.20.0
com.bucket4j:bucket4j_jdk17-core (source)	8.15.0 → 8.16.0
org.springdoc:springdoc-openapi-starter-webmvc-api (source)	2.8.14 → 2.8.15
io.sentry:sentry-opentelemetry-core	8.25.0 → 8.30.0
io.sentry:sentry-logback	8.25.0 → 8.30.0
io.sentry:sentry-spring-boot-starter-jakarta	8.25.0 → 8.30.0
io.awspring.cloud:spring-cloud-aws-starter-s3 (source)	3.4.0 → 3.4.2
org.jdbi:jdbi3-bom (source)	3.50.0 → 3.51.0
org.springframework.boot:spring-boot-starter-parent (source)	3.5.7 → 3.5.9

---

Release Notes

openapitools/openapi-generator (org.openapitools:openapi-generator-cli)

v7.19.0: released

Compare Source

v7.19.0 stable release comes with 130+ enhancements, bug fixes. Once again thanks for all the contributions from the community.

Below are the highlights of the changes. For a full list of changes, please refer to the "Pull Request" tab.

General

• Update parser to newer version v2.1.37 #​22729
• Fix DevContainer by switching from moby to docker #​22725
• Resolve vendor extensions on schemas referenced in parameters #​22690
• Better null check in normalizeSchema #​22671
• Add Mill Module #​22652
• [Fix] [Regression] Resolve the discriminator type from a 3.1 sibling #​22634

C#

• [REQ][CSHARP] Make TokenProvider abstract method GetAsync protected for override #​22615

C++

• [cpp] Fix Nested Map & Additional Properties Support #​22639

Crystal

• [CRYSTAL] object_id method should be a reserved words #​22577

Go

• [go] fix default value for array type #​22584

Java

• [Java][Native] Fix request compression #​22688
• fix: [JAVA][SPRING] Nullaways warn with JSpecify => add missing annotation to parameter of method toIndentedString #​22685
• [BUG][JAVA][SPRING] api util must test variable nullity #​22679
• [java][jackson] fix: conditionally add jackson JsonIgnoreProperties for base class polymorphism #​22528

Kotlin

• [kotlin-spring] Revert nested property placeholder in @​RequestMapping that Spring cannot resolve #​22625

Nim

• [Nim] Fix nested map support #​22643

PHP

• [php][php-nextgen] Mark nullable things as nullable in phpdoc #​22650

ProtoBuf

• [Protobuf] Improve oneOf Handling by Unwrapping allOf for Complex Types #​22700

Python

• Update python fastapi urllib3 to newer version #​22644

R

• [R] fix error handling in the R client #​22704
• [R] fix set[object] deserialization #​22697

Rust

• Refresh dependencies in the Rust server generator #​22710
• [Rust] Enum Query Parameter Serialization Fixes #​22683

Swift

• [swift][client] Update CI to use Xcode 26 #​22648
• Fix Swift oneOf discriminator decoding with enumUnknownDefaultCase #​22635
• [Swift6] Remove ParameterConvertible for models #​21150

TypeScript

• fix(typescript-axios): Add missing import in case of separate models and API #​22712
• [typescript-axios] Handle sets as arrays in input parameters #​22642
• feat(typescript-angular): add angular 21 support #​22636

v7.18.0: released

Compare Source

v7.18.0 stable release comes with 130+ enhancements, bug fixes. Once again thanks for all the contributions from the community.

Below are the highlights of the changes. For a full list of changes, please refer to the "Pull Request" tab.

General

• feat: prevent variable resolution when prefixed with $ in server URL templates #​22550
• Fix siblings of $ref using allOf in openapi normalizer #​22364

C++

• fix(cpp-qt): Fix enum query parameter serialization for both inline and referenced enums #​22559
• [cpp-rest] Fixes segfault for nullable strings #​22405
• Add Basic and Bearer Authorization to the CPP Pistache generator #​22337
• Fixes oatpp generator to expose network server on 0.0.0.0 instead of localhost #​22330
• [cpp-rest] Fixing Incorrect Header Name Used #​22298

C#

• [csharp] Patch dependencies with vulnerabilities #​22262

Crystal

• fix(generator): fix java.lang.NullPointerException in constructing example code #​22545
• [crystal] fix Model#to_h method #​22508
• [crystal] Add option to set params_encoder #​22484
• [crystal-lang] Various fixes for Crystal client #​22465

Go

• [GO] Generate imports for UnmarshalJSON func only when it's present #​22524
• fix: missing imports for array of files and date-time parameters #​22390

Java

• [BUG][JAVA][Spring] fix Lombok @​Getter disables validation #​22544
• Fix Spring Framework 7 compatibility in jvm-spring-restclient and jvm-spring-webclient #​22467
• [Java] Support JsonNullable in JaxRS-spec #​22412
• [JAVA][native] Add support for UnaryInterceptors #​22381
• Add support for custom tls server names. #​22372
• [JAVA] [NATIVE] Add gzip capability #​22358
• [Java] Use Fully Qualified Name for java.util.Locale in Generated Classes #​22342
• [JAXRS] Partial revert changing path generation if interface, fixes #​22279 #​22316
• [JAVA jaxrs-spec gen] add option for generating swagger V3 annotations #​22300
• [REQ-22001] Add MCP server support to apiService.mustache #​22197

Kotlin

• fix(kotlin): add JsonCreator/JsonValue to Jackson enums #​22535
• [kotlin][client] Deprecate jvm-volley support #​22521
• [kotlin] fix query parameter encoding #​22512
• [kotlin-client] Vert.x: Fix enum class name template for default operation parameters #​22504
• [kotlin] Make API classes open (non-final) unless nonPublicApi is used #​22461
• [kotlin-spring][server] Feat: Return from controllers without ResponseEntity wrapper #​22377
• Add support for oneOf with discriminator when using kotlinx.serialization #​22373
• Fix Kotlin codegen for enum with int items (issue #​15204) #​22324
• [kotlin-spring][server] Feat: Add Spring Declarative HTTP Interface support for easy client instantiation #​22302

Nim

• [nim] Nim Generator Fixes #​22385

PHP

• [php][php-nextgen] Cleanup api authentication code when using api keys in cookies or supporting multiple authentication methods #​22433
• [php][php-nextgen] fix return type if empty and non-empty responses are mixed #​22322
• [php][php-nextgen] fix array enum query parameters #​22320
• [php] Fix PHP generator validation for nullable required properties #​22292

ProtoBuf

• [Protobuf] Add isEnumSchema check in generateNestedSchema #​22384

Python

• python-fastapi: avoid log message in constructor #​22522
• Make python code compatible with urllib3 v2.6.0+ #​22520
• fix: use httpx in generated configuration.py #​22418
• [python] Fix pyproject (poetry 2.x) for httpx #​22289

Ruby

• [Ruby] Fixes anyOf Support in Responses #​22392

Rust

• [rust-server] feat: Add serde_validate support #​22553
• Update rust-server Cargo.toml to fix client feature compile #​22511
• fix: Rust-server bytes response fixed to not attempt string conversion #​22471
• [Rust-Axum] FIX: do not generate Partial Ord/Ord for Any type #​22469
• [Rust] Implement support for multipart file uploads for reqwest-async and reqwest-trait #​22454
• Ensure rust-server compiles with no-default-features #​22445
• Add support for trait mocking in rust-server generator #​22332
• Fixups for rust-server hyper1 support #​22321
• [Rust-Axum] Fix: incorrect regex pattern validation #​22277

Scala

• Fixed scala-sttp4-jsoniter compilation error: replace .getRight with .orFail #​22536

TypeScript

• [typescript-fetch]: fix logic when stringEnums is explicitly set to false #​22466
• Typescript-Angular: Fix several query parameters serialization issues #​22459
• [typescript-rxjs] Feat: Add @​deprecated JSDoc tag to API operations #​22419
• [typescript-nestjs-server] Fix #​21842 by updating api.module.mustache #​22403
• [typescript-node] Fixes generation when parent contains TypeScript primitive #​22401
• [typescript] replace headers with same case-insensitive key to match http spec #​22393
• [typescript-axios] add support for accept headers #​22318
• fix: Format Date/DateTime Query Parameters in exploded, non-container Parameter #​22268

testcontainers/testcontainers-java (org.testcontainers:junit-jupiter)

v1.21.4

Compare Source

This release makes version 1.21.x works with recent Docker Engine changes.

Yubico/java-webauthn-server (com.yubico:webauthn-server-core)

v2.8.1: Version 2.8.1

Compare Source

Fixes:

• Relaxed Guava dependency version constraint to include major version 33.

Artifacts built with openjdk version "17.0.17" 2025-10-21.

v2.8.0: Version 2.8.0

Compare Source

New features:

• Added JavaDoc to COSEAlgorithmIdentifier constants.
• Added support for Ed448 signatures.
• New constants COSEAlgorithmIdentifier.Ed25519, COSEAlgorithmIdentifier.Ed448 and PublicKeyCredentialParameters.Ed448
• (Experimental) Added a new suite of interfaces, starting with CredentialRepositoryV2. RelyingParty can now be configured with a CredentialRepositoryV2 instance instead of a CredentialRepository instance. This changes the result of the RelyingParty builder to RelyingPartyV2. CredentialRepositoryV2 and RelyingPartyV2 enable a suite of new features:
  • CredentialRepositoryV2 does not assume that the application has usernames, instead username support is modular. In addition to the CredentialRepositoryV2, RelyingPartyV2 can be optionally configured with a UsernameRepository as well. If a UsernameRepository is not set, then RelyingPartyV2.startAssertion(StartAssertionOptions) will fail at runtime if StartAssertionOptions.username is set.
  • CredentialRepositoryV2 uses a new interface CredentialRecord to represent registered credentials, instead of the concrete RegisteredCredential class (although RegisteredCredential also implements CredentialRecord). This provides implementations greater flexibility while also automating the type conversion to PublicKeyCredentialDescriptor needed in startRegistration() and startAssertion().
  • RelyingPartyV2.finishAssertion() returns a new type AssertionResultV2 with a new method getCredential(), which returns the CredentialRecord that was verified. The return type of getCredential() is generic and preserves the concrete type of CredentialRecord returned by the CredentialRepositoryV2 implementation.
  • NOTE: Experimental features may receive breaking changes without a major version increase.
• (Experimental) Added property RegisteredCredential.transports.
  • NOTE: Experimental features may receive breaking changes without a major version increase.

webauthn-server-attestation:

New features:

• Updated SupportedCtapOptions to version 2.2 of CTAP spec.
  • New field perCredMgmtRO

Fixes:

• Fixed parsing logic of tri-valued Boolean SupportedCtapOptions properties. See: #​382

Artifacts built with openjdk 17.0.15 2025-04-15.

Note: Artifacts are signed by a new key. See Yubico Software Signing.

bucket4j/bucket4j (com.bucket4j:bucket4j_jdk17-core)

v8.16.0

Compare Source

What's Changed

• feat: add retry strategy by @​wtrocki in #​560
• feat: add retry max attempts capability for sync and async CAS by @​wtrocki in #​557
• Support for Valkey GLIDE by @​v3rm0n in #​559
• Add OSGi support with bnd-maven-plugin by @​chrisrueger in #​561

New Contributors

• @​wtrocki made their first contribution in #​560
• @​v3rm0n made their first contribution in #​559
• @​chrisrueger made their first contribution in #​561

Full Changelog: bucket4j/bucket4j@8.15.0...8.16.0

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-api)

v2.8.15

Added

• #​3122 – Add log notifications when SpringDocs / Scalar are enabled by default
• #​3123 – Add support for serving static resources
• #​3151 – Add @Order to ApplicationReadyEvent listener
• #​3158 – Add support for API groups in Scalar
• #​3187 – Add Scalar WebMVC and WebFlux support
• #​3185 – Disable creation of blank GitHub issues (GitHub settings & workflow)
• #​3186 – Decouple Web Server APIs following Spring Boot modularization
• #​3131 - Improve warning messages when documentation is explicitly enabled
• #​3183 - Remove unused operations consumer from route builder methods
• #​3141 - Change handling so useReturnTypeSchema is evaluated at HTTP status code level instead of method level

Changed

• Upgrade Spring Boot to version 3.5.9
• Upgrade swagger-core to version 2.2.41
• Upgrade swagger-ui to version 5.31.0
• Upgrade Scalar to version 0.4.3

Fixed

• #​3133 – Fix regression where content type from Swagger @RequestBody did not take precedence
• #​3146 – Fix WebJar resource handler mappings for Swagger UI resources
• #​3168 – Support @Schema annotations on Kotlin value classes
• #​3178 – Fix regression when generating documentation for Kotlin LinkedHashSet
• #​3170 – Fix warnings when setting title and description in application.yml
• #​3187 – Add scalar scalar-webmvc and scalar-webflux support

getsentry/sentry-java (io.sentry:sentry-opentelemetry-core)

v8.30.0

Compare Source

Fixes

• Fix ANRs when collecting device context (#​4970)
  • IMPORTANT: This disables collecting external storage size (total/free) by default, to enable it back
    use options.isCollectExternalStorageContext = true or <meta-data android:name="io.sentry.external-storage-context" android:value="true" />
• Fix NullPointerException when reading ANR marker (#​4979)
• Report discarded log in batch processor as log_byte (#​4971)

Improvements

• Expose MAX_EVENT_SIZE_BYTES constant in SentryOptions (#​4962)
• Discard envelopes on 4xx and 5xx response (#​4950)
  • This aims to not overwhelm Sentry after an outage or load shedding (including HTTP 429) where too many events are sent at once

Feature

• Add a Tombstone integration that detects native crashes without relying on the NDK integration, but instead using ApplicationExitInfo.REASON_CRASH_NATIVE on Android 12+. (#​4933)
  • Currently exposed via options as an internal API only.
  • If enabled alongside the NDK integration, crashes will be reported as two separate events. Users should enable only one; deduplication between both integrations will be added in a future release.
• Add Sentry Metrics to Java SDK (#​5026)
  • Metrics are enabled by default
  • APIs are namespaced under Sentry.metrics()
  • We offer the following APIs:
    • count: A metric that increments counts
    • gauge: A metric that tracks a value that can go up or down
    • distribution: A metric that tracks the statistical distribution of values
  • For more details, see the Metrics documentation: https://docs.sentry.io/product/explore/metrics/getting-started/

v8.29.0

Compare Source

Fixes

• Support serialization of primitive arrays (boolean[], byte[], short[], char[], int[], long[], float[], double[]) (#​4968)
• Session Replay: Improve network body parsing and truncation handling (#​4958)

Internal

• Support metric envelope item type (#​4956)

v8.28.0

Compare Source

Features

• Android: Flush logs when app enters background (#​4951)
• Add option to capture additional OkHttp network request/response details in session replays (#​4919)
  • Depends on SentryOkHttpInterceptor to intercept the request and extract request/response bodies
  • To enable, add url regexes via the io.sentry.session-replay.network-detail-allow-urls metadata tag in AndroidManifest (code sample)
    • Or you can manually specify SentryReplayOptions via SentryAndroid#init:
      (Make sure you disable the auto init via manifest meta-data: io.sentry.auto-init=false)

Kotlin

SentryAndroid.init(
    this,
    options -> {
      // options.dsn = "https://[email protected]/0"
      // options.sessionReplay.sessionSampleRate = 1.0
      // options.sessionReplay.onErrorSampleRate = 1.0
      // ..

      options.sessionReplay.networkDetailAllowUrls = listOf(".*")
      options.sessionReplay.networkDetailDenyUrls = listOf(".*deny.*")
      options.sessionReplay.networkRequestHeaders = listOf("Authorization", "X-Custom-Header", "X-Test-Request")
      options.sessionReplay.networkResponseHeaders = listOf("X-Response-Time", "X-Cache-Status", "X-Test-Response")
    });

Java

SentryAndroid.init(
    this,
    options -> {
        options.getSessionReplay().setNetworkDetailAllowUrls(Arrays.asList(".*"));
        options.getSessionReplay().setNetworkDetailDenyUrls(Arrays.asList(".*deny.*"));
        options.getSessionReplay().setNetworkRequestHeaders(
            Arrays.asList("Authorization", "X-Custom-Header", "X-Test-Request"));
        options.getSessionReplay().setNetworkResponseHeaders(
            Arrays.asList("X-Response-Time", "X-Cache-Status", "X-Test-Response"));
    });

Improvements

• Avoid forking rootScopes for Reactor if current thread has NoOpScopes (#​4793)
  • This reduces the SDKs overhead by avoiding unnecessary scope forks

Fixes

• Fix missing thread stacks for ANRv1 events (#​4918)
• Fix handling of unparseable mime-type on request filter (#​4939)

Internal

• Support span envelope item type (#​4935)

Dependencies

• Bump Native SDK from v0.12.1 to v0.12.2 (#​4944)
  • changelog
  • diff

v8.27.1

Compare Source

Fixes

• Do not log if sentry.properties in rundir has not been found (#​4929)

v8.27.0

Compare Source

Features

• Implement OpenFeature Integration that tracks Feature Flag evaluations (#​4910)
  • To make use of it, add the sentry-openfeature dependency and register the the hook using: openFeatureApiInstance.addHooks(new SentryOpenFeatureHook());
• Implement LaunchDarkly Integrations that track Feature Flag evaluations (#​4917)
  • For Android, please add sentry-launchdarkly-android as a dependency and register the SentryLaunchDarklyAndroidHook
  • For Server / JVM, please add sentry-launchdarkly-server as a dependency and register the SentryLaunchDarklyServerHook
• Detect oversized events and reduce their size (#​4903)
  • You can opt into this new behaviour by setting enableEventSizeLimiting to true (sentry.enable-event-size-limiting=true for Spring Boot application.properties)
  • You may optionally register an onOversizedEvent callback to implement custom logic that is executed in case an oversized event is detected
    • This is executed first and if event size was reduced sufficiently, no further truncation is performed
  • In case we detect an oversized event, we first drop breadcrumbs and if that isn't sufficient we also drop stack frames in order to get an events size down

Improvements

• Do not send manual log origin (#​4897)

Dependencies

• Bump Spring Boot 4 to GA (#​4923)

v8.26.0

Compare Source

Features

• Add feature flags API (#​4812) and (#​4831)
  • You may now keep track of your feature flag evaluations and have them show up in Sentry.
  • Top level API (Sentry.addFeatureFlag("my-feature-flag", true);) writes to scopes and the current span (if there is one)
  • It is also possible to use API on IScope, IScopes, ISpan and ITransaction directly
  • Feature flag evaluations tracked on scope(s) will be added to any errors reported to Sentry.
    • The SDK keeps the latest 100 evaluations from scope(s), replacing old entries as new evaluations are added.
  • For feature flag evaluations tracked on spans:
    • Only 10 evaluations are tracked per span, existing flags are updated but new ones exceeding the limit are ignored
    • Spans do not inherit evaluations from their parent
• Drop log events once buffer hits hard limit (#​4889)
  • If we have 1000 log events queued up, we drop any new logs coming in to prevent OOM
• Remove vendored code and upgrade to async profiler 4.2 (#​4856)
  • This adds support for JDK 23+

Fixes

• Removed SentryExecutorService limit for delayed scheduled tasks (#​4846)
• Fix visual artifacts for the Canvas strategy on some devices (#​4861)
• [Config] Trim whitespace on properties path (#​4880)
• Only set DefaultReplayBreadcrumbConverter if replay is available (#​4888)
• Session Replay: Cache connection status instead of using blocking calls (#​4891)
• Fix log count in client reports (#​4869)
• Fix profilerId propagation (#​4833)
• Fix profiling init for Spring and Spring Boot w Agent auto-init (#​4815)
• Copy active span on scope clone (#​4878)

Improvements

• Fallback to distinct-id as user.id logging attribute when user is not set (#​4847)
• Report Timber.tag() as timber.tag log attribute (#​4845)
• Session Replay: Add screenshot strategy serialization to RRWeb events (#​4851)
• Report discarded log bytes (#​4871)
• Log why a properties file was not loaded (#​4879)

Dependencies

• Bump Native SDK from v0.11.3 to v0.12.1 (#​4859)
  • changelog
  • diff
• Bump Spring Boot 4 to RC2 (#​4886)

awspring/spring-cloud-aws (io.awspring.cloud:spring-cloud-aws-starter-s3)

v3.4.2: 3.4.2

Reference documentation

📗 https://docs.awspring.io/spring-cloud-aws/docs/3.4.2/reference/html/index.html

What's Changed

Core

• StsWebIdentityTokenFileCredentialsProvider is now not configured if correct properties are not passed by @​maciejwalkowiak in #​1528

Full Changelog: awspring/spring-cloud-aws@v3.4.1...3.4.2

v3.4.1: 3.4.1

Reference documentation

📗 https://docs.awspring.io/spring-cloud-aws/docs/3.4.1/reference/html/index.html

What's Changed

SQS

• Support class-level @SqsListener annotations with @SqsHandler on methods by @​joseiedo in #​1377
• Future is cleaned when during polling, exception happens(#​1455) by @​dzmitry-dulko in #​1507
• Consolidate ExponentialErrorHandlers (#​1474) by @​tomazfernandes in #​1508
• Remove invalid and stale queue attributes from cache (#​1491) by @​LeeHyungGeol in #​1510
• Introduce SNS notification to SQS module by @​chomatdam in #​1419
• Add Error Handler Exponential and Linear Strategies by @​brun0-4ugusto in #​1422
• Fix: Visibility Timeout Extension Interceptor which was ignored when observability was used by @​marcotesche in #​1432
• FixmaxMessagesPerPoll validation message in AbstractContainerOptions by @​richardfearn in #​1509

IMDS

• Update main maven module, so IMDS starter is now updated and released @​olbat in #​1501

Dependency Upgrades

• Update AWS version to 2.31.78 and Spring Cloud parent to 4.3.1 by @​MatejNedic in #​1504
• Adjust publication to Maven repository to use central-publishing-maven-plugin by @​maciejwalkowiak in #​1513

New Contributors

• @​chomatdam made their first contribution in #​1419
• @​marcotesche made their first contribution in #​1432

Full Changelog: awspring/spring-cloud-aws@v3.4.0...v3.4.1

jdbi/jdbi (org.jdbi:jdbi3-bom)

v3.51.0

Compare Source

• Add new jackson3 artifact for Jackson 3 ( #​2878 )

• Support configuring log level for SqlLogger (#​2901, thanks @​phinjensen! )

• Update to SLF4J 2, to allow for configurable log levels in SqlLogger (#​2902)

• Deprecate for removal installPlugins plugin discovery. It's too easy to get yourself into trouble.

• Support TYPE_USE @Nullable annotations like JSpecify ( #​2899, thanks @​protocol7 ! )

• Allow @GetGeneratedKeys on @SqlUpdate methods to return multiple results as Lists or arrays (#​2897, original PR by @​aharin, thank you!)

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.5.9

Compare Source

v3.5.8

Compare Source

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #​48196
• Testcontainers integration fails on Docker 29.0.0 #​48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
• Properties bound in the child management context ignore the parent's environment prefix #​48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
• Auto-configured JCacheMetrics cannot be customized #​48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
• Devtools Restarter does not work with a parameterless main method #​47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
• Docker response 407 is not handled correctly resulting in no error message #​47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
• Fix typo in PortInUseException Javadoc #​48133
• Correct section about required setters in "Type-safe Configuration Properties" #​48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
• Document support for configuring servlet context init parameters using properties #​48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
• Use since attribute in configuration properties deprecation consistently #​47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
• Document that Actuator endpoint may have at most one extension of each type #​47873
• Limit Kotlin API documentation to Kotlin-specific APIs #​47859
• Adapt AOTCache documentation to JEP 514 #​47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #​47926
• Upgrade to AspectJ 1.9.25 #​48005
• Upgrade to Caffeine 3.2.3 #​48006
• Upgrade to Cassandra Driver 4.19.2 #​48183
• Upgrade to DB2 JDBC 12.1.3.0 #​48083
• Upgrade to Hibernate 6.6.36.Final #​48148
• Upgrade to Jackson Bom 2.19.4 #​48008
• Upgrade to Jetty 12.0.30 #​48118
• Upgrade to Jetty Reactive HTTPClient 4.0.13 #​48149
• Upgrade to jOOQ 3.19.28 #​48084
• Upgrade to Logback 1.5.21 #​48085
• Upgrade to Micrometer 1.15.6 #​48009
• Upgrade to Micrometer Tracing 1.5.6 #​48010
• Upgrade to MySQL 9.5.0 #​48011
• Upgrade to Neo4j Java Driver 5.28.10 #​48044
• Upgrade to Quartz 2.5.1 #​48012
• Upgrade to R2DBC Postgresql 1.0.9.RELEASE #​48013
• Upgrade to Reactor Bom 2024.0.12 #​48014
• Upgrade to Spring Data Bom 2025.0.6 #​48039
• Upgrade to Spring Framework 6.2.14 #​48166
• Upgrade to Spring Integration 6.5.4 #​48040
• Upgrade to Spring Kafka 3.3.11 #​48041
• Upgrade to Spring Pulsar 1.2.12 #​48042
• Upgrade to Spring Security 6.5.7 #​48043
• Upgrade to Tomcat 10.1.49 #​48086

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai,

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.