Update dependency org.springframework.boot:spring-boot to v3

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot (source)	compile	major	2.7.5 -> 3.0.0

By merging this PR, the issue #6 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Medium	6.5	CVE-2023-20861
Medium	6.5	CVE-2023-20863

---

Release Notes

spring-projects/spring-boot

v3.0.0

Compare Source

See the Release notes for 3.0 for upgrade instructions and details of new features.

⭐ New Features

• Provide a configuration property for the observation patterns of Spring Integration components #​33099

🐞 Bug Fixes

• io.micrometer.tracing.Tracer on the classpath breaks AOT processing for tests #​33298
• Tracer library HTTP instrumentation is auto-configured unnecessarily #​33287
• Auto-configuration ignores user-provided ObservationConventions #​33285
• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33284
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33263
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33250
• Wavefront MeterRegistryCustomizer is not applying application tags from application.properties #​33244
• Actuator responses no longer format timestamps as ISO-8601 #​33236
• Configuration property is not bound in a native image when property has get, set, and is methods #​33232
• Configuration property binding does not deal with bridge methods #​33212
• Contribute missing resource hints for GraphQL schema files and GraphiQL HTML page #​33208
• Hints for ClientHttpRequestFactory should only be generated for matching methods #​33203
• Native profile should configure execution in pluginManagement #​33184
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33169
• JBoss logging does not route directly to SLF4J when using Logback #​33155
• Test with UseMainMethod.Always do not work with Kotlin main functions #​33114
• Maven process-aot does not specify source and target release when compiling generated sources #​33112
• Some Actuator beans are ineligible for post-processing #​33110
• AOT-generated source fails to compile when Actuator is enabled on a WebFlux project #​33106
• @ContextHierarchy should never be used with main method #​33078
• Maven process-aot fails when compiler plugin has been configured with --enable-preview #​33012
• Wavefront application tags differ from those used in a Spring Boot 2.x application #​32844
• Maven goal spring-boot:build-image runs package phase twice #​26455

📔 Documentation

• Document observation for R2DBC #​33335
• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33333
• Actuator document is misleading about k8s startup probe #​33327
• Update documented for @Timed to reflect narrower support #​33282
• Update reference documentation to replace mentions of tags providers and contributors with their Observation-based equivalents #​33281
• Link to Micrometer's @Timed documentation #​33266
• Clarify use of the spring.cache.type property with Hazelcast #​33258
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33256
• Update Spring Security filter dispatcher types docs to reflect change in default value #​33252
• Documentation for nested configuration properties in a native image uses @NestedConfigurationProperty too widely #​33239
• Document that the jar task should not be disabled when building a native image #​33238
• Document nesting configuration properties using records or Kotlin data classes and how and when to use @NestedConfigurationProperty #​33235
• Links to Features describes sections that have moved elsewhere #​33214
• Fix broken links in docs #​33209
• Document the need for compilation with -parameters when targeting a native image #​33182
• Remove outdated native image documentation #​33109
• Mention @RegisterReflectionForBinding in the docs #​32903

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33302
• Upgrade to Caffeine 3.1.2 #​33339
• Upgrade to Dropwizard Metrics 4.2.13 #​33303
• Upgrade to Ehcache3 3.10.8 #​33304
• Upgrade to Elasticsearch Client 8.5.1 #​33225
• Upgrade to Glassfish JSTL 3.0.1 #​33305
• Upgrade to Hazelcast 5.1.5 #​33187
• Upgrade to HttpClient5 5.1.4 #​33306
• Upgrade to HttpCore5 5.1.5 #​33188
• Upgrade to Jackson 2.14.1 #​33289
• Upgrade to Jackson Bom 2.14.0 #​33189
• Upgrade to Janino 3.1.9 #​33307
• Upgrade to Jaybird 4.0.7.java11 #​33190
• Upgrade to Kotlin 1.7.21 #​33191
• Upgrade to Logback 1.4.5 #​33308
• Upgrade to MariaDB 3.0.9 #​33192
• Upgrade to Micrometer 1.10.2 #​33334
• Upgrade to MongoDB 4.8.0 #​33193
• Upgrade to Native Build Tools 0.9.18 #​33301
• Upgrade to Netty 4.1.85.Final #​33194
• Upgrade to Postgresql 42.5.1 #​33340
• Upgrade to R2DBC H2 1.0.0.RELEASE #​33195
• Upgrade to R2DBC Pool 1.0.0.RELEASE #​33196
• Upgrade to R2DBC Postgresql 1.0.0.RELEASE #​33197
• Upgrade to R2DBC Proxy 1.0.1.RELEASE #​33309
• Upgrade to REST Assured 5.2.1 #​33310
• Upgrade to SLF4J 2.0.4 #​33311
• Upgrade to Spring AMQP 3.0.0 #​33141
• Upgrade to Spring Batch 5.0.0 #​33148
• Upgrade to Spring Data 2022.0.0 #​33140
• Upgrade to Spring Framework 6.0.0 #​33136
• Upgrade to Spring Framework 6.0.2 #​33286
• Upgrade to Spring GraphQL 1.1.0 #​33145
• Upgrade to Spring HATEOAS 2.0.0 #​33137
• Upgrade to Spring Integration 6.0.0 #​33146
• Upgrade to Spring Kafka 3.0.0 #​33142
• Upgrade to Spring LDAP 3.0.0 #​33138
• Upgrade to Spring REST Docs 3.0.0 #​33143
• Upgrade to Spring Retry 2.0.0 #​33149
• Upgrade to Spring Security 6.0.0 #​33144
• Upgrade to Spring Session 3.0.0 #​33147
• Upgrade to Spring WS 4.0.0 #​33139
• Upgrade to SQLite JDBC 3.39.4.1 #​33312
• Upgrade to Thymeleaf 3.1.0.RELEASE #​33313
• Upgrade to Thymeleaf Extras SpringSecurity 3.1.0.RELEASE #​33314
• Upgrade to Yasson 3.0.2 #​33201

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​artembilan, @​dreis2211, @​hpoettker, @​izeye, @​jonatan-ivanov, @​oppegard, @​sdeleuze, @​ttddyy, @​tumit, and @​vpavic

v2.7.11

Compare Source

🐞 Bug Fixes

• CloudFoundry integration does not use endpoint path mappings #​35085
• Gradle Spring Boot plugin with Kotlin DSL does not support includeProjectDependencies in bootJar > layered > dependencies configuration #​35033
• Banner placeholders use default values too soon #​34764
• Cassandra default configuration substitutions don't resolve against configuration derived from spring.data.cassandra properties #​34643
• ApplicationAvailability bean is auto-configured even if a custom one is already present #​34347
• Nested test classes don't inherit properties from slice test annotations on enclosing class #​33317

📔 Documentation

• Use current Neo4j version in Testcontainers-based examples #​34775
• Clarify servlet container compatibility #​34697
• Document that optional dependencies are included by default in fat jars built with Maven #​34636

🔨 Dependency Upgrades

• Upgrade to DB2 JDBC 11.5.8.0 #​34906
• Upgrade to GraphQL Java 18.5 #​34995
• Upgrade to Groovy 3.0.17 #​34907
• Upgrade to Logback 1.2.12 #​34908
• Upgrade to Micrometer 1.9.10 #​34855
• Upgrade to MySQL 8.0.33 #​35057
• Upgrade to Netty 4.1.91.Final #​34909
• Upgrade to Reactor Bom 2020.0.31 #​34856
• Upgrade to Spring AMQP 2.4.12 #​34947
• Upgrade to Spring Data Bom 2021.2.11 #​34902
• Upgrade to Spring Framework 5.3.27 #​34857
• Upgrade to Spring Security 5.7.8 #​34948
• Upgrade to Spring WS 3.1.6 #​34949
• Upgrade to Tomcat 9.0.74 #​35058
• Upgrade to Undertow 2.2.24.Final #​34910

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​SeasonPanPan, @​acktsap, @​dreis2211, @​jgslima, @​krzyk, and @​meistermeier

v2.7.10

Compare Source

🐞 Bug Fixes

• Some of the deprecated spring.security.saml2.relyingparty.registration.*.identityprovider.* properties are ignored #​34525
• Maven plugin uses timezone-local timestamps when outputTimestamp is used #​34424
• Loading application.yml fails with NoSuchMethodError when using SnakeYAML 2.0 #​34405
• EmbeddedWebServerFactoryCustomizerAutoConfiguration should not run when embedded web server is not configured #​34332
• Image builds with podman fail when image buildpacks are configured #​34324
• org.springframework.boot.web.embedded.jetty.GracefulShutdown uses the wrong class to create its logger #​34220
• StandardConfigDataResource can import the same file twice if the classpath includes '.' #​34212

📔 Documentation

• Document support for Java 20 #​34642
• Update two references to old APIs #​34567
• Clarify conventions for custom error pages in WebFlux #​34534
• Add documentation tip showing how to configure publishRegistry Maven properties from the command line #​34517
• Document support for Gradle 8 #​34458
• Document how to get socket location for image building configuration with podman #​34435
• Fix typo in Encrypting Properties #​34386
• Use plugins DSL consistently in Spring Boot Gradle Plugin docs #​34048
• Add link to Failover starter #​32943

🔨 Dependency Upgrades

• Upgrade to Dropwizard Metrics 4.2.18 #​34648
• Upgrade to GraphQL Java 18.4 #​34717
• Upgrade to Groovy 3.0.16 #​34649
• Upgrade to Jetty 9.4.51.v20230217 #​34651
• Upgrade to Jetty Reactive HTTPClient 1.1.14 #​34650
• Upgrade to Json-smart 2.4.10 #​34652
• Upgrade to Micrometer 1.9.9 #​34528
• Upgrade to Netty 4.1.90.Final #​34653
• Upgrade to Reactor Bom 2020.0.30 #​34529
• Upgrade to Spring AMQP 2.4.11 #​34607
• Upgrade to Spring Data Bom 2021.2.10 #​34530
• Upgrade to Spring Framework 5.3.26 #​34531
• Upgrade to Spring GraphQL 1.0.4 #​34532
• Upgrade to Spring HATEOAS 1.5.4 #​34654
• Upgrade to Spring Integration 5.5.17 #​34722
• Upgrade to Spring Session Bom 2021.2.1 #​34533
• Upgrade to Tomcat 9.0.73 #​34655
• Upgrade to UnboundID LDAPSDK 6.0.8 #​34656

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​1993heqiang, @​anandmnair, @​anthonydahanne, @​dsyer, @​izeye, @​jongwooo, and @​terminux

v2.7.9

Compare Source

🐞 Bug Fixes

• Maven Plugin's PropertiesMergingResourceTransformer closes InputStream when it should not do so #​34063
• Actuator Health web endpoint broken with Gson and Java 17 #​34030
• Dependency management for Mongo's Java Driver is incomplete #​33941
• Using devtools with Reactive application results in slower restarts #​33855
• Spies are not reset after test execution when using @SpyBean #​33830
• Properties Migrator does not detect properties of Map type that are marked as deprecated #​27854

📔 Documentation

• Updated documentation for @ConfigurationProperties bean naming rules #​34029
• Restore "Use Jedis Instead of Lettuce" how-to documentation #​33994
• Add Redis application properties example #​33965
• Use Maven Central for release downloads in CLI installation documentation #​33962
• Actuator section is missing from documentation overview #​33932
• Add Javadoc since to OperationParameter.getAnnotation() #​33914
• Document additional configuration that is required for spring.mvc.throw-exception-if-no-handler-found=true to be effective #​31660

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.16.6 #​34238
• Upgrade to Byte Buddy 1.12.23 #​34239
• Upgrade to Dropwizard Metrics 4.2.16 #​34240
• Upgrade to Elasticsearch 7.17.9 #​34241
• Upgrade to Glassfish JAXB 2.3.8 #​34242
• Upgrade to Groovy 3.0.15 #​34243
• Upgrade to Hibernate 5.6.15.Final #​34244
• Upgrade to Jackson Bom 2.13.5 #​34245
• Upgrade to Jaybird 4.0.9.java8 #​34246
• Upgrade to Lombok 1.18.26 #​34247
• Upgrade to Micrometer 1.9.8 #​34141
• Upgrade to Netty 4.1.89.Final #​34248
• Upgrade to Reactor Bom 2020.0.28 #​34142
• Upgrade to Spring AMQP 2.4.10 #​34321
• Upgrade to Spring Batch 4.3.8 #​34143
• Upgrade to Spring Data Bom 2021.2.8 #​34144
• Upgrade to Spring HATEOAS 1.5.3 #​34249
• Upgrade to Spring Security 5.7.7 #​34145
• Upgrade to Undertow 2.2.23.Final #​34250

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Anubhav-2000, @​enimiste, @​izeye, @​jprinet, @​marcel-wollschlaeger, @​mhalbritter, @​michaldo, and @​sannanansari

v2.7.8

Compare Source

⭐ Noteworthy

• The coordinates of the MySQL JDBC driver have changed from mysql:mysql-connector-java to com.mysql:mysql-connector-j.

🐞 Bug Fixes

• Devtools sets non-existent property spring.reactor.debug #​33858
• Failing calls to reactive health indicators are not logged #​33774
• Failure analysis of NoUniqueBeanDefinitionException reports "defined in null" when bean definition has no resource description #​33765
• NPE in RabbitProperties when user is given, but password not #​33752
• SDKMAN should not use repo.spring.io for releases #​33708
• Homebrew and Scoop should not use repo.spring.io for releases #​33702
• EndpointRequestMatcher should have a toString method #​33690
• It is not possible to provide a custom TransactionProvider bean for JOOQ #​32899
• SpringBootMockResolver causes AopTestUtils.getUltimateTargetObject to recurse until the stack overflows when it calls it with Spring Security's authentication manager bean #​32632
• Inconsistent discovery of parameter names for selectors in custom actuator endpoints #​31240
• @DeprecatedConfigurationProperty has no effect when declared on a record component's accessor method #​29526
• Headless mode is forced when banner.* file is present. #​28803
• Diagnostics are poor when the JMX port used by the Maven start goal is in use #​24044

📔 Documentation

• Replace "via" in documentation and use "over" or "through" instead #​33878
• Fix typo in kotlin getting started documentation #​33867
• Update com.gorylenko.gradle-git-properties version to 2.4.1 in doc #​33838
• Fix 'the the' typos #​33736
• Fix typo in javadoc of org.springframework.boot.web.server.LocalServerPort #​33683
• Fix a typo in the ExitCodeGenerator documentation #​33658
• Fix typo in External Configuration documentation #​33630
• Update getting started documentation to use @SpringBootApplication #​32795
• Description of spring-boot-starter-websocket does not make it clear that it's Servlet-specific #​32493

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.22 #​33887
• Upgrade to Dropwizard Metrics 4.2.15 #​33779
• Upgrade to FreeMarker 2.3.32 #​33888
• Upgrade to Groovy 3.0.14 #​33780
• Upgrade to Infinispan 13.0.15.Final #​33781
• Upgrade to Jolokia 1.7.2 #​33782
• Upgrade to MariaDB 3.0.10 #​33783
• Upgrade to Micrometer 1.9.7 #​33784
• Upgrade to MSSQL JDBC 10.2.3.jre8 #​33889
• Upgrade to MySQL 8.0.32 #​33890
• Upgrade to Netty 4.1.87.Final #​33891
• Upgrade to Reactor Bom 2020.0.27 #​33785
• Upgrade to Spring AMQP 2.4.9 #​33790
• Upgrade to Spring Data 2021.2.7 #​33788
• Upgrade to Spring Framework 5.3.25 #​33786
• Upgrade to Spring WS 3.1.5 #​33789
• Upgrade to Tomcat 9.0.71 #​33892
• Upgrade to XmlUnit2 2.9.1 #​33787

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​BartR96, @​devrishal, @​dreis2211, @​izeye, @​josephlane, @​kvmw, @​mhalbritter, @​sannanansari, @​sdeleuze, @​yyjstudy, and @​zhangyanyue

v2.7.7

Compare Source

🐞 Bug Fixes

• Fix typo in LocalDevToolsAutoConfiguration logging #​33569
• Web server fails to start due to "Resource location must not be null" when attempting to use a PKCS 11 KeyStore #​32179

📔 Documentation

• Improve gradle plugin tags documentation #​33614
• Improve maven plugin tags documentation #​33609
• Fix typo in tomcat accesslog checkExists doc #​33460
• Document that the shutdown endpoint is not intended for use when deploying a war to a servlet container #​17398

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.20 #​33570
• Upgrade to Dropwizard Metrics 4.2.14 #​33571
• Upgrade to Elasticsearch 7.17.8 #​33572
• Upgrade to HttpClient 4.5.14 #​33573
• Upgrade to HttpCore 4.4.16 #​33574
• Upgrade to Infinispan 13.0.14.Final #​33575
• Upgrade to Jaybird 4.0.8.java8 #​33576
• Upgrade to Jetty 9.4.50.v20221201 #​33577
• Upgrade to MSSQL JDBC 10.2.2.jre8 #​33578
• Upgrade to Neo4j Java Driver 4.4.11 #​33579
• Upgrade to Netty 4.1.86.Final #​33580
• Upgrade to Reactor 2020.0.26 #​33543
• Upgrade to Spring Integration 5.5.16 #​33581
• Upgrade to Spring Security 5.7.6 #​33544
• Upgrade to Thymeleaf Extras SpringSecurity 3.0.5.RELEASE #​33582
• Upgrade to Tomcat 9.0.70 #​33583
• Upgrade to UnboundID LDAPSDK 6.0.7 #​33584
• Upgrade to Undertow 2.2.22.Final #​33585

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Artur-, @​aksh1618, @​cdanger, @​currenjin, @​jprinet, and @​shekharAggarwal

v2.7.6

Compare Source

🐞 Bug Fixes

• ScheduledBeanLazyInitializationExcludeFilter is auto-configured even when annotation-based scheduled has not been enabled #​33283
• SpringBootContextLoader prints banner twice when using a @ContextHierarchy #​33262
• Properties migrator causes an application to fail to start if it tries to map a property whose metadata data entry contains an invalid configuration property name #​33249
• Configuration property binding does not deal with bridge methods #​33211
• Configuring management.server.port via a config tree results in a ConverterNotFoundException when the management context is refreshed #​33168
• Dependency management for XMLUnit is incomplete #​32999
• Spring Boot's Lettuce metrics enable histrograms by default and it's hard to switch them off #​32989
• Dependency management for Selenium is incomplete #​32861
• NumberFormatException when configuring spring.redis.sentinel.nodes with an IPv6 address #​32836

📔 Documentation

• Align Tomcat multiple connectors example with recommendation to configure SSL declaratively #​33331
• ConditionalOnClass not working for Bean methods on Java 8 #​33328
• Actuator document is misleading about k8s startup probe #​33326
• Link to Micrometer's @Timed documentation #​33265
• Clarify use of the spring.cache.type property with Hazelcast #​33257
• Example git.commit.time in the Actuator API documentation is thousands of years in the future #​33255
• Links to Features describes sections that have moved elsewhere #​33213
• Fix kafka streams auto start description typo in reference docs #​33101
• OAuth 2 configuration example uses unrecognized value for authorization grant type #​33068
• Fix typos in logging.adoc #​32820
• Harmonize code sample in the "Type-safe Configuration Properties" section #​32818

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.12.19 #​33272
• Upgrade to Dropwizard Metrics 4.2.13 #​33321
• Upgrade to Ehcache3 3.10.8 #​33322
• Upgrade to Elasticsearch 7.17.7 #​33171
• Upgrade to Hazelcast 5.1.5 #​33172
• Upgrade to Hibernate 5.6.14.Final #​33173
• Upgrade to HttpClient5 5.1.4 #​33323
• Upgrade to HttpCore5 5.1.5 #​33174
• Upgrade to Janino 3.1.9 #​33274
• Upgrade to Jaybird 4.0.7.java8 #​33175
• Upgrade to MariaDB 3.0.9 #​33176
• Upgrade to Micrometer 1.9.6 #​33129
• Upgrade to Netty 4.1.85.Final #​33177
• Upgrade to Postgresql 42.3.8 #​33338
• Upgrade to Reactor 2020.0.25 #​33130
• Upgrade to Spring AMQP 2.4.8 #​33223
• Upgrade to Spring Data 2021.2.6 #​33132
• Upgrade to Spring Framework 5.3.24 #​33131
• Upgrade to Spring GraphQL 1.0.3 #​33150
• Upgrade to Spring Kafka 2.8.11 #​33133
• Upgrade to Spring REST Docs 2.0.7.RELEASE #​33134
• Upgrade to Spring Security 5.7.5 #​33178
• Upgrade to Spring WS 3.1.4 #​33179
• Upgrade to Tomcat 9.0.69 #​33180

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EricGao888, @​biergit, @​dreis2211, @​eurythmia, @​hpoettker, @​iamgd67, @​izeye, @​jamessoun93, and @​sdeleuze

---

• If you want to rebase/retry this PR, check this box