build(deps): bump org.springframework.cloud:spring-cloud-dependencies from 2022.0.4 to 2025.0.0 in /java #1508
Conversation
AssigneesThe following users could not be added as assignees: Please fix the above issues or remove invalid values from |
dependabot
bot
added
dependencies
|
@dependabot rebase |
Bumps [org.springframework.cloud:spring-cloud-dependencies](https://github.com/spring-cloud/spring-cloud-release) from 2022.0.4 to 2025.0.0. - [Release notes](https://github.com/spring-cloud/spring-cloud-release/releases) - [Commits](spring-cloud/spring-cloud-release@v2022.0.4...v2025.0.0) --- updated-dependencies: - dependency-name: org.springframework.cloud:spring-cloud-dependencies dependency-version: 2025.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/maven/java/org.springframework.cloud-spring-cloud-dependencies-2025.0.0
branch
from
df0198d to
af7d93a
Compare
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the Spring Cloud dependencies from version 2022.0.4 to 2025.0.0, representing a major version bump that introduces significant breaking changes including module renames, property prefix changes, and security-related configuration updates.
- Updates Spring Cloud dependencies version property from 2022.0.4 to 2025.0.0
- Introduces breaking changes requiring migration of deprecated artifacts and property prefixes
- Implements security changes that disable X-Forwarded-* headers by default
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
| <aspectjweaver.version>1.9.9.1</aspectjweaver.version> | ||
| <exec-maven-plugin.version>3.5.1</exec-maven-plugin.version> | ||
| <spring.cloud.dependencies.version>2022.0.4</spring.cloud.dependencies.version> | ||
| <spring.cloud.dependencies.version>2025.0.0</spring.cloud.dependencies.version> |
There was a problem hiding this comment.
This major version upgrade from 2022.0.4 to 2025.0.0 introduces breaking changes that require code updates. The Spring Cloud Gateway modules have been renamed (e.g., spring-cloud-starter-gateway-server → spring-cloud-starter-gateway-server-webflux), property prefixes have changed (e.g., spring.cloud.gateway.* → spring.cloud.gateway.server.webflux.), and X-Forwarded- headers are now disabled by default. Ensure that all affected modules, configurations, and property files are updated accordingly.
There was a problem hiding this comment.
@RichardSlater Double check but we might actually use some of the forwarded headers due to how nginx --> spring happens
There was a problem hiding this comment.
@RichardSlater nginx.ingress.kubernetes.io/x-forwarded-prefix: "${k8s_app_path}" in /deploy/k8s/app/base_api-deploy.yml
Bumps org.springframework.cloud:spring-cloud-dependencies from 2022.0.4 to 2025.0.0.
Release notes
Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.
... (truncated)
Commits
1fb147cUpdate SNAPSHOT to 2025.0.022ac7d8Bumping dependency versions after release3d46501Bumping versions to 2025.0.1-SNAPSHOT after releasebf966cdGoing back to snapshotsfd4fc1fUpdate SNAPSHOT to 2025.0.068b15ebBumping versions4d19a8eUpdates boot version to 3.5.0943bf02Bumping versions3087b08Updates boot version to 3.5.0-SNAPSHOTeb88060Going back to snapshotsYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)