Skip to content

HTM-2005: Bump org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.0.6#1708

Merged
mprins merged 4 commits into
mainfrom
dependabot/maven/main/org.springframework.boot-spring-boot-starter-parent-4.0.6
Apr 24, 2026
Merged

HTM-2005: Bump org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.0.6#1708
mprins merged 4 commits into
mainfrom
dependabot/maven/main/org.springframework.boot-spring-boot-starter-parent-4.0.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Copy link
Copy Markdown
Contributor

HTM-2005 Powered by Pull Request Badge

Bumps org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.0.6.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #50187
  • ApplicationPidFileWriter does not handle symlinks correctly #50185
  • RandomValuePropertySource is not suitable for secrets #50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #50180
  • ApplicationTemp does not handle symlinks correctly #50178
  • Remote DevTools performs comparison incorrectly #50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50077
  • Classic starters are missing several modules #50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50017
  • Imports on a containing test class are ignored when a nested class has imports #50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #49951
  • 500 response from env endpoint when supplied pattern is invalid #49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #49945
  • HTTP method is lost when configuring excludes in EndpointRequest #49943
  • Honor HttpMethod for reactive additional endpoint paths #49880
  • Docker Compose support doesn't work with apache/artemis image #49869
  • Docker Compose support doesn't work with apache/activemq image #49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #49854
  • API versioning path strategy should be applied path last as it is not meant to yield #49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #50126
  • Link to the observability section of the Lettuce documentation is broken #50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #50019
  • Link to the Kubernetes documentation when discussing startup probes #50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #49873
  • Clarify that configuration property default values are not available through the Environment #49851
  • Document the need for Liquibase and Flyway starters #49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #49826

🔨 Dependency Upgrades

... (truncated)

Commits
  • 8821ad2 Release v4.0.6
  • 9e4048a Merge branch '3.5.x' into 4.0.x
  • 20bb11c Next development version (v3.5.15-SNAPSHOT)
  • 98daa8e Merge branch '3.5.x' into 4.0.x
  • 9dc5aa2 Polish
  • 874f629 Fix default security with actuator but without health
  • e41b3bf Enable hostname verification for SSL connections to Elasticsearch
  • ef8527b Merge branch '3.5.x' into 4.0.x
  • f533a45 Do not follow symlinks when writing PID file
  • 4a7bd33 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependency (automated) dependency update infrastructure build infrastructure (Maven plugins, CI related, ...) labels Apr 23, 2026
@github-actions

github-actions Bot commented Apr 23, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:

  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 90 package(s) with unknown licenses.

View full job summary

@codecov

codecov Bot commented Apr 23, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Impacted file tree graph

@@          Coverage Diff           @@
##             main   #1708   +/-   ##
======================================
  Coverage      78%     78%           
  Complexity    130     130           
======================================
  Files         157     157           
  Lines        7799    7799           
  Branches      715     715           
======================================
  Hits         6009    6009           
  Misses       1377    1377           
  Partials      413     413           
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

github-actions Bot commented Apr 23, 2026

Copy link
Copy Markdown

Test Results

479 tests   477 ✅  5m 18s ⏱️
 54 suites    1 💤
 54 files      1 ❌

For more details on these failures, see this check.

Results for commit 75a2ed5.

♻️ This comment has been updated with latest results.

@mprins mprins changed the title Bump org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.0.6 HTM-2005: Bump org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.0.6 Apr 24, 2026
@mprins mprins force-pushed the dependabot/maven/main/org.springframework.boot-spring-boot-starter-parent-4.0.6 branch from c61bd69 to a9aef15 Compare April 24, 2026 06:12
@mprins mprins enabled auto-merge (squash) April 24, 2026 06:24
dependabot Bot and others added 4 commits April 24, 2026 08:25
Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 4.0.5 to 4.0.6.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.5...v4.0.6)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 4.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@mprins mprins force-pushed the dependabot/maven/main/org.springframework.boot-spring-boot-starter-parent-4.0.6 branch from cd7251f to 75a2ed5 Compare April 24, 2026 06:25
@mprins mprins merged commit 90eb986 into main Apr 24, 2026
29 of 33 checks passed
@mprins mprins deleted the dependabot/maven/main/org.springframework.boot-spring-boot-starter-parent-4.0.6 branch April 24, 2026 09:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependency (automated) dependency update infrastructure build infrastructure (Maven plugins, CI related, ...)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant