Skip to content

fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.7 #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 14, 2025
Merged

fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.7 #93

merged 1 commit into from
Nov 14, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 21, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
org.springframework.boot:spring-boot-starter-parent (source) 3.5.4 -> 3.5.7 age confidence

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.5.7

Compare Source

v3.5.6

Compare Source

🐞 Bug Fixes
  • Quoted -D arguments break system property resolution on Linux with Spring AOT #​47166
  • Groovy Templates fails with an NPE when rendering an auto new line #​47139
  • available() does not behave correctly when reading stored entries from a NestedJarFile #​47057
  • spring-boot-docker-compose doesn't create service connections when image has registry host but not project #​47019
  • Flyway Ignore Migration Patterns setting can't be set to an empty string #​47013
📔 Documentation
  • Default value of server.tomcat.resource.cache-ttl is not documented #​47253
  • Document Java 25 support #​47245
  • Fix links to Flyway reference documentation #​46988
  • Clarify Javadoc of Customizer interfaces about overriding behavior #​46942
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chanwon-Seo, @​doljae, @​izeye, and @​quaff

v3.5.5

Compare Source

🐞 Bug Fixes
  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46844
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
  • Race condition in OutputCapture can result in stale data #​46721
  • Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
  • Default value not detected for a field annoted with @Name #​46666
  • Missing metadata when using @Name with a constructor-bound property #​46663
  • Missing property for Spring Authorization Server's PAR endpoint #​46641
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
  • Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
  • Failure to discover default value for a primitive should not lead to document its default value #​46561
📔 Documentation
  • Kotlin samples for configuration metadata are in the wrong package #​46857
  • Observability examples in the reference guide are missing the Kotlin version #​46798
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
  • Tracing samples in the reference guide are missing the Kotlin version #​46767
  • Improve Virtual Threads section to mention the changes in Java 24 #​46610
  • spring.test.webtestclient.timeout is not documented #​46588
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
  • Adapt deprecation level for management.health.influxdb.enabled #​46580
  • spring.test.mockmvc properties are not documented #​46578
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/spring-boot branch from 9aa2ce0 to a1e18cd Compare September 18, 2025 17:37
@renovate renovate bot changed the title fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.5 fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.6 Sep 18, 2025
@renovate renovate bot changed the title fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.6 fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.5.7 Oct 23, 2025
@renovate renovate bot force-pushed the renovate/spring-boot branch from a1e18cd to 53796c3 Compare October 23, 2025 14:06
@hantsy hantsy merged commit 917f0ae into master Nov 14, 2025
1 check passed
@renovate renovate bot deleted the renovate/spring-boot branch November 14, 2025 02:10
@qodo-merge-pro
Copy link

qodo-merge-pro bot commented Nov 14, 2025

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No new logging: The PR only updates the Spring Boot parent version and does not add or modify any
application code related to auditing or logging of critical actions.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status:
No code changes: This dependency version bump does not introduce or modify identifiers or function names,
so meaningful naming cannot be assessed from the diff.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status:
No error handling: The PR only updates a parent dependency version without changing runtime code, so error
handling and edge cases cannot be evaluated from the diff.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status:
No user errors: No user-facing error handling changes are present; dependency update alone does not show
exposure or protection of error details.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status:
No logging impact: The diff contains only a parent version bump and does not add or modify any logging
statements to assess for sensitive data exposure or structure.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status:
No input handling: There are no application code changes affecting input validation, data handling, or auth;
the dependency update alone cannot be assessed for these concerns.

Referred Code 
<version>3.5.7</version>
<relativePath/> <!-- lookup parent from repository -->

Learn more about managing compliance generic rules or creating your own custom rules
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hantsy