Bump the prod-deps group across 1 directory with 4 updates

[dependabot]

Bumps the prod-deps group with 3 updates in the / directory: org.springframework.boot:spring-boot-starter-parent, org.springdoc:springdoc-openapi-starter-webmvc-ui and org.springframework.modulith:spring-modulith-bom.

Updates org.springframework.boot:spring-boot-starter-parent from 4.0.1 to 4.0.4

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.4

⚠️ Attention Required

• Provide advance warning of the deprecation and forthcoming removal of OpenTelemetry's ZipkinSpanExporter #49453
• Upgrade to Jackson 2 Bom 2.21.1 #49389
• Upgrade to Jackson Bom 3.1.0 #49383
• Tomcat's default max part count is too low in 4.0.x #49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #49649
• "/cloudfoundryapplication" web path is not limited to Actuator #49646
• Fix EndpointRequest.toLinks() when base-path is '/' #49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
• RSocket exposes duplicate endpoint for websocket setups #49593
• Failure analysis for a missing mail sender is misleading #49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49482
• "spring.main.cloud-platform=none" does not disable cloud features #49479
• SSL support with Docker Compose does not work as documented #49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #49343
• RouterFunctions descriptions in Actuator do not support nesting #49302
• Maven plugin does not set '-parameters' option when processing AOT code #49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #49176
• Missing starter for spring-boot-restdocs #48289

📔 Documentation

• Document support for Java 26 #49604
• List all supported colors when describing color-coded log output #49562
• Improve EndpointRequest matcher documentation #49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49514
• Document security considerations for forwarded headers in cloud deployments #49507
• Tutorial in the reference guide has outdated instructions #49429
• Document additional repositories required for shibboleth.net #49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #49387
• Example spring-devtools.properties file is shown in the wrong format #49362
• Clarify inferred relationships between OAuth 2 registrations and providers #49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49298
• JDK requirement for the CLI still refers to Java 8 #49293
• Java and Kotlin samples of an environment post processor are inconsistent #49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #49545

... (truncated)

Commits

• 8bdd6f8 Release v4.0.4
• 79a3850 Merge branch '3.5.x' into 4.0.x
• 3ebd147 Next development version (v3.5.13-SNAPSHOT)
• 26edf79 Merge branch '3.5.x' into 4.0.x
• 6620dea Polishing
• 7151419 Upgrade to Testcontainers 2.0.4
• cc6bb61 Merge branch '3.5.x' into 4.0.x
• dd54841 Upgrade to Spring Batch 5.2.5
• 2739427 Upgrade to Spring Batch 6.0.3
• a6d8c48 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.0 to 3.0.2

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.2 released!

Added

• #3229 – Add support for Spring Framework API Versioning with Functional Endpoints
• #3208 – Add springdoc.swagger-ui.document-title property

Changed

• Upgrade Spring Boot to version 4.0.3
• Upgrade swagger-core to version 2.2.43
• Upgrade swagger-ui to version 5.32.0
• Upgrade Scalar to version 0.5.55

Fixed

• #3232 – Gracefully handle springdoc endpoint paths during API version resolution
• #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
• #3228 – springdoc-openapi-starter 3.x doesn't depend on org.springframework.boot:spring-boot-starter
• #3220 – Reachability metadata not compatible with GraalVM 25
• #3195 – Application won't compile when OpenApi and spring-boot-data-rest is present
• #3193 – OpenApi field in SpringDocConfigProperties does not comply with camel case naming conventions
• #3215 – Type annotation not considered when Kotlin is not present
• #3199 – Prevent duplicate _links in allOf child schemas
• #3198 – Property resolution for parameter default values
• #3206 – Upgrade swagger-core from version 2.2.41 to 2.2.42

Full Changelog: springdoc/springdoc-openapi@v3.0.1...v3.0.2

springdoc-openapi v3.0.1 released!

Added

• #3122 – Add log notifications when SpringDocs / Scalar are enabled by default
• #3123 – Add support for serving static resources
• #3151 – Add @Order to ApplicationReadyEvent listener
• #3158 – Add support for API groups in Scalar
• #3187 – Add Scalar WebMVC and WebFlux support
• #3185 – Disable creation of blank GitHub issues (GitHub settings & workflow)
• #3186 – Decouple Web Server APIs following Spring Boot modularization
• #3131 – Improve warning messages when documentation is explicitly enabled
• #3183 – Remove unused operations consumer from route builder methods
• #3141 – Change handling so useReturnTypeSchema is evaluated at HTTP status code level instead of method level

Changed

• Upgrade Spring Boot to version 4.0.1
• Upgrade swagger-core to version 2.2.41
• Upgrade swagger-ui to version 5.31.0
• Upgrade Scalar to version 0.4.3

Fixed

... (truncated)

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[3.0.2] - 2026-02-27

Added

• #3229 – Add support for Spring Framework API Versioning with Functional Endpoints
• #3208 – Add springdoc.swagger-ui.document-title property

Changed

• Upgrade Spring Boot to version 4.0.3
• Upgrade swagger-core to version 2.2.43
• Upgrade swagger-ui to version 5.32.0
• Upgrade Scalar to version 0.5.55

Fixed

• #3232 – Gracefully handle springdoc endpoint paths during API version resolution
• #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
• #3226 – Propagate JsonView context when resolving Page<T> schema
• #3228 – springdoc-openapi-starter 3.x doesn't depend on org.springframework.boot:spring-boot-starter
• #3220 – Reachability metadata not compatible with GraalVM 25
• #3195 – Application won't compile when OpenApi and spring-boot-data-rest is present
• #3193 – OpenApi field in SpringDocConfigProperties does not comply with camel case naming conventions
• #3215 – Type annotation not considered when Kotlin is not present
• #3199 – Prevent duplicate _links in allOf child schemas
• #3198 – Property resolution for parameter default values
• #3206 – Upgrade swagger-core from version 2.2.41 to 2.2.42

[3.0.1] - 2026-01-01

Added

• #3122 – Add log notifications when SpringDocs / Scalar are enabled by default
• #3123 – Add support for serving static resources
• #3151 – Add @Order to ApplicationReadyEvent listener
• #3158 – Add support for API groups in Scalar
• #3187 – Add Scalar WebMVC and WebFlux support
• #3185 – Disable creation of blank GitHub issues (GitHub settings & workflow)
• #3186 – Decouple Web Server APIs following Spring Boot modularization
• #3131 – Improve warning messages when documentation is explicitly enabled
• #3183 – Remove unused operations consumer from route builder methods
• #3141 – Change handling so useReturnTypeSchema is evaluated at HTTP status code level instead of method level

Changed

• Upgrade Spring Boot to version 4.0.1
• Upgrade swagger-core to version 2.2.41
• Upgrade swagger-ui to version 5.31.0
• Upgrade Scalar to version 0.4.3

... (truncated)

Commits

• f26cb82 [maven-release-plugin] prepare release v3.0.2
• 865018a Copyright updates
• 354265e code refactoring
• 08b428f Upgrade swagger-ui to version 5.32.0
• 432d332 Fixes DSL using header versioning
• 0922635 code review
• 55fa901 CHANGELOG.md updates
• 7678599 Add sample test with WebMVC.fn - DSL #3229
• 8f410d7 Gracefully handle springdoc endpoint paths during API version resolution. fix...
• 2057ccf enable SNAPSHOTS distribution
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

• FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
• BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
• BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

• 17c78fe [version] pre-release version bump
• 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
• e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
• a54cecd [trivial][changelog]
• 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
• 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
• 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
• d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
• d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
• f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
• Additional commits viewable in compare view

Updates org.springframework.modulith:spring-modulith-bom from 2.0.1 to 2.0.3

Release notes

Sourced from org.springframework.modulith:spring-modulith-bom's releases.

2.0.3

💡 Improvements

• Hibernate schema validation fails with JPA event publication registry #1570
• SpringModulithProcessor fails on Windows with KAPT - StringIndexOutOfBoundsException due to hardcoded forward slashes #1546

🪲 Bugs

• Contributions made ApplicationModuleSourceFactory not fully considered in ApplicationModules #1585
• Architecturally-evident type discovery tries to look up repository metadata for implementation classes #1547

🔨 Dependency Upgrades

• Upgrade to Spring Boot 4.0.3 #1589
• Upgrade to MongoDB 5.6.3 #1581
• Upgrade to Spring Framework 7.0.5 #1580
• Upgrade to Micrometer Tracing 1.6.3 #1579

2.0.2

💡 Improvements

• Fix a typo in the runtime docs #1520

🪲 Bugs

• JpaEventPublicationRepository.markCompleted(event, identifier, completionDate) doesn't update status to COMPLETED #1523
• incompleteEventPublications.resubmitIncompletePublicationsOlderThan(…) throws NPE when last_resubmission_date is null #1519

🔨 Dependency Upgrades

• Upgrade to Spring Boot 4.0.2 #1533
• Upgrade to Spring Framework 7.0.3 #1529
• Upgrade to Micrometer Tracing 1.6.2 #1528

Commits

• c4876f4 GH-1592 - Release version 2.0.3.
• a7fec95 GH-1589 - Upgrade to Spring Boot 4.0.3.
• 80bfac5 GH-1585 - Polishing.
• 4b76199 GH-1585 - Ensure that packages contributed by ApplicationModuleSourceFactory ...
• f80d6e0 GH-1580 - Upgrade to Spring Framework 7.0.5.
• 7f12907 GH-1579 - Upgrade to Micrometer Tracing 1.6.3.
• b45de19 GH-1570 - Align JPA event publication entity with JDBC schema.
• b7a3438 GH-1561 - Update copyright headers.
• 1f4f077 GH-1550 - Remove obsolete Spring Kafka dependency from example.
• 0e017f4 GH-1547 - Skip non-interfaces from Spring Data repository detection.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions