Skip to content

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 28, 2025

Bumps org.springframework.boot:spring-boot-starter-web from 3.4.5 to 3.5.4.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v3.5.4

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #46203
  • Permissions are applied inconsistently when building uber archives with Gradle #46194
  • Environment variables using legacy dash format can no longer be bound #46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
  • Executable JAR application class encounters performance issues #46177
  • Executable JAR application class encounters performance issues #46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
  • SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

  • Fix description of spring.batch.job.enabled #46247
  • Fix broken Kotlin examples in reference documentation #46168
  • Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

  • Upgrade to ActiveMQ 6.1.7 #46373
  • Upgrade to Caffeine 3.2.2 #46432
  • Upgrade to Couchbase Client 3.8.2 #46460
  • Upgrade to GraphQL Java 24.1 #46395
  • Upgrade to Groovy 4.0.28 #46516
  • Upgrade to Hibernate 6.6.22.Final #46492
  • Upgrade to HikariCP 6.3.1 #46493
  • Upgrade to Infinispan 15.2.5.Final #46461
  • Upgrade to Jackson Bom 2.19.2 #46494
  • Upgrade to Jetty 12.0.23 #46375
  • Upgrade to MariaDB 3.5.4 #46376
  • Upgrade to Maven Invoker Plugin 3.9.1 #46377
  • Upgrade to Micrometer 1.15.2 #46280
  • Upgrade to Micrometer Tracing 1.5.2 #46281
  • Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
  • Upgrade to MySQL 9.3.0 #46371
  • Upgrade to Neo4j Java Driver 5.28.9 #46434
  • Upgrade to Netty 4.1.123.Final #46435
  • Upgrade to Prometheus Client 1.3.10 #46379
  • Upgrade to Reactor Bom 2024.0.8 #46282
  • Upgrade to RxJava3 3.1.11 #46380
  • Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits
  • 925f9bc Release v3.5.4
  • d82fb35 Merge branch '3.4.x' into 3.5.x
  • 4b6064f Next development version (v3.4.9-SNAPSHOT)
  • a39c8f0 Merge branch '3.4.x' into 3.5.x
  • 99d53de Upgrade to Spring Integration 6.5.1
  • 1b4aad5 Upgrade to Groovy 4.0.28
  • 3f0f79b Upgrade to Spring Integration 6.4.6
  • ff8443c Upgrade to Groovy 4.0.28
  • aed8550 Merge branch '3.4.x' into 3.5.x
  • 5406976 Apply commercial input consistently
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [org.springframework.boot:spring-boot-starter-web](https://github.com/spring-projects/spring-boot) from 3.4.5 to 3.5.4.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.4.5...v3.5.4)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-web
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 28, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 25, 2025

Superseded by #1519.

@dependabot dependabot bot closed this Aug 25, 2025
@dependabot dependabot bot deleted the dependabot/gradle/samples/springboot3/alt-pet-store/org.springframework.boot-spring-boot-starter-web-3.5.4 branch August 25, 2025 07:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants