Bump the all group across 2 directories with 7 updates

[dependabot]

Bumps the all group with 4 updates in the / directory: com.google.errorprone:error_prone_annotations, org.springframework.boot:spring-boot-dependencies, org.springframework.boot:spring-boot-maven-plugin and org.springframework.cloud:spring-cloud-dependencies.
Bumps the all group with 3 updates in the /log4j-samples-graalvm directory: ch.qos.logback:logback-classic, net.javacrumbs.json-unit:json-unit-assertj and org.graalvm.buildtools:native-maven-plugin.

Updates com.google.errorprone:error_prone_annotations from 2.44.0 to 2.45.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.45.0

Changes:

• Improved compatibility with latest JDK 26 EA builds.

New checks:

• AssertSameIncompatible: Detect calls to assertSame and similar assertions, where the calls are guaranteed to either succeed or fail.
• FormatStringShouldUsePlaceholders: Suggests using a format string instead of string concatenation operations on format methods

Closed issues: #5335

Full changelog: google/error-prone@v2.44.0...v2.45.0

Commits

• c862815 Release Error Prone 2.45.0
• 7027d9f Add negative test cases for AlwaysThrows with non-literal arguments.
• 8669adb Fix parameter name handling of enum constructor arguments
• 679c4ac Update end position handling
• dc1279e AssertSameIncompatible: flag calls to assertSame/etc where the calls are guar...
• 24387de Internal change
• 5300dc6 Disable an InvalidLink test for a javadoc bug on JDK >= 26
• 75dcd53 Fix the Optional wrapping in the description of NonCanonicalStaticMemberImport.
• 10f5424 FormatStringShouldUsePlaceholders shouldn't rewrite calls with a pass-through...
• 3ef3d79 The verb form of "recursion" is "to recur", not "to recurse". Quoting my CS p...
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.0

Commits

• fad431d Update SNAPSHOT to 2025.1.0
• 922da91 Merge pull request #444 from spring-cloud/dependabot/github_actions/main/acti...
• 56207f4 Bump actions/checkout from 5 to 6
• f9e1a3a Updates GenerateReleaseTrainDocs to use property from bom for boot version.
• 36f42b2 Removes spring-cloud-starter-parent
• 250329c Bumping versions
• ef9f533 Updates boot to 4.0.0
• 3c1ebc0 Bumping versions
• 35cf36e Going back to snapshots
• bd1fc81 Update SNAPSHOT to 2025.1.0-RC1
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.7 to 4.0.0

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v4.0.0

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
• Gradle war task does not exclude starter POMs from lib-provided #48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
• Properties bound in the child management context ignore the parent's environment prefix #48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
• Starter for spring-boot-micrometer-metrics is missing #48161
• Elasticsearch client's sniffer functionality should not be enabled by default #48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
• Custom XML converters should override defaults in HttpMessageConverters #48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
• Auto-configured JCacheMetrics cannot be customized #48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
• Devtools Restarter does not work with a parameterless main method #47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
• Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #48163
• Fix typo in PortInUseException Javadoc #48134
• Correct section about required setters in "Type-safe Configuration Properties" #48131
• Use since attribute in configuration properties deprecation consistently #48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
• Document support for configuring servlet context init parameters using properties #48112
• Some configuration properties are not documented in the appendix #48095

... (truncated)

Commits

• 1c0e08b Release v4.0.0
• 3487928 Merge branch '3.5.x'
• 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
• 88da0dd Merge branch '3.5.x'
• 56feeaa Next development version (v3.5.9-SNAPSHOT)
• 3becdc7 Move server.error properties to spring.web.error
• 2b30632 Merge branch '3.5.x'
• 4f03b44 Merge branch '3.4.x' into 3.5.x
• 3d15c13 Next development version (v3.4.13-SNAPSHOT)
• dc140df Upgrade to Spring Framework 7.0.1
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates net.javacrumbs.json-unit:json-unit-assertj from 5.0.0 to 5.1.0

Changelog

Sourced from net.javacrumbs.json-unit:json-unit-assertj's changelog.

5.1.0 (2025-11-14)

• Added BOM module #994
• Dependency updates (especially Spring 7.0.0)

Commits

• d5bdcd7 [maven-release-plugin] prepare release json-unit-parent-5.1.0
• 88b0fe3 Bump spring.version from 7.0.0-RC3 to 7.0.0 (#1001)
• 5e8d59b Bump ch.qos.logback:logback-classic from 1.5.20 to 1.5.21 (#1000)
• 3b8e02a Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 (#997)
• a03ca89 Bump tools.jackson.core:jackson-databind from 3.0.1 to 3.0.2 (#999)
• e3e136d Refactor removeNullExtraKeysWhereNeeded
• eb34861 #994 Add BOM (#996)
• 5b70f39 Bump com.uber.nullaway:nullaway from 0.12.11 to 0.12.12 (#993)
• e118894 Bump com.jayway.jsonpath:json-path from 2.9.0 to 2.10.0 (#991)
• 77426ca Bump spring.version from 7.0.0-RC2 to 7.0.0-RC3 (#989)
• Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 0.11.2 to 0.11.3

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.11.3

What's Changed

• Create release 0.11.2 by @​graalvmbot in graalvm/native-build-tools#786
• bump version to 0.11.3 SNAPSHOT by @​graalvmbot in graalvm/native-build-tools#789
• Update reachability metadata to 0.3.30 by @​graalvmbot in graalvm/native-build-tools#796

Full Changelog: graalvm/native-build-tools@0.11.2...0.11.3

Commits

• 212108a Release 0.11.3
• 95d4795 Merge pull request #796 from graalvm/update-metadata-to-0.3.30
• 048d00a Update reachability metadata to 0.3.30
• 3ba3c7e Merge pull request #789 from graalvm/bump-version-to-0.11.3-SNAPSHOT
• b37d020 bump version to 0.11.3 SNAPSHOT
• ceffc6e Merge pull request #786 from graalvm/release/0.11.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions