chore(deps): bump the gradle-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the gradle-dependencies group with 8 updates in the /booklore-api directory:

Package	From	To
org.flywaydb:flyway-mysql	12.0.3	12.1.1
org.projectlombok:lombok	1.18.42	1.18.44
org.apache.pdfbox:pdfbox	3.0.6	3.0.7
com.github.RouHim:jaudiotagger	2.0.16	2.0.19
org.glassfish.jaxb:jaxb-runtime	4.0.6	4.0.7
org.springframework.boot	4.0.3	4.0.4
org.hibernate.orm	7.2.6.Final	7.3.0.Final
gradle-wrapper	9.4.0	9.4.1

Updates org.flywaydb:flyway-mysql from 12.0.3 to 12.1.1

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

• FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
• BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
• BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

• 17c78fe [version] pre-release version bump
• 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
• e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
• a54cecd [trivial][changelog]
• 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
• 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
• 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
• d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
• d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
• f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
• Additional commits viewable in compare view

Updates org.apache.pdfbox:pdfbox from 3.0.6 to 3.0.7

Updates org.apache.pdfbox:pdfbox-io from 3.0.6 to 3.0.7

Updates org.apache.pdfbox:xmpbox from 3.0.6 to 3.0.7

Updates com.github.RouHim:jaudiotagger from 2.0.16 to 2.0.19

Updates org.glassfish.jaxb:jaxb-runtime from 4.0.6 to 4.0.7

Updates org.springframework.boot from 4.0.3 to 4.0.4

Release notes

Sourced from org.springframework.boot's releases.

v4.0.4

⚠️ Attention Required

• Provide advance warning of the deprecation and forthcoming removal of OpenTelemetry's ZipkinSpanExporter #49453
• Upgrade to Jackson 2 Bom 2.21.1 #49389
• Upgrade to Jackson Bom 3.1.0 #49383
• Tomcat's default max part count is too low in 4.0.x #49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #49649
• "/cloudfoundryapplication" web path is not limited to Actuator #49646
• Fix EndpointRequest.toLinks() when base-path is '/' #49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
• RSocket exposes duplicate endpoint for websocket setups #49593
• Failure analysis for a missing mail sender is misleading #49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49482
• "spring.main.cloud-platform=none" does not disable cloud features #49479
• SSL support with Docker Compose does not work as documented #49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #49343
• RouterFunctions descriptions in Actuator do not support nesting #49302
• Maven plugin does not set '-parameters' option when processing AOT code #49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #49176
• Missing starter for spring-boot-restdocs #48289

📔 Documentation

• Document support for Java 26 #49604
• List all supported colors when describing color-coded log output #49562
• Improve EndpointRequest matcher documentation #49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49514
• Document security considerations for forwarded headers in cloud deployments #49507
• Tutorial in the reference guide has outdated instructions #49429
• Document additional repositories required for shibboleth.net #49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #49387
• Example spring-devtools.properties file is shown in the wrong format #49362
• Clarify inferred relationships between OAuth 2 registrations and providers #49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49298
• JDK requirement for the CLI still refers to Java 8 #49293
• Java and Kotlin samples of an environment post processor are inconsistent #49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #49545

... (truncated)

Commits

• 8bdd6f8 Release v4.0.4
• 79a3850 Merge branch '3.5.x' into 4.0.x
• 3ebd147 Next development version (v3.5.13-SNAPSHOT)
• 26edf79 Merge branch '3.5.x' into 4.0.x
• 6620dea Polishing
• 7151419 Upgrade to Testcontainers 2.0.4
• cc6bb61 Merge branch '3.5.x' into 4.0.x
• dd54841 Upgrade to Spring Batch 5.2.5
• 2739427 Upgrade to Spring Batch 6.0.3
• a6d8c48 Merge branch '3.5.x' into 4.0.x
• Additional commits viewable in compare view

Updates org.hibernate.orm from 7.2.6.Final to 7.3.0.Final

Updates gradle-wrapper from 9.4.0 to 9.4.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[imajes]

@dependabot rebase

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2415c768-06f4-43cf-8fef-0d34a8a4f7e4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/gradle/booklore-api/gradle-dependencies-053abd2dd7

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[imajes]

@dependabot: rebase please

[github-actions]

Backend Test Results

  470 files    470 suites   2m 36s ⏱️
3 425 tests 3 404 ✅ 15 💤 6 ❌
3 482 runs  3 461 ✅ 15 💤 6 ❌

For more details on these failures, see this check.

Results for commit 7ef9a8a.

♻️ This comment has been updated with latest results.

[github-actions]

Frontend Test Results

419 tests   419 ✅  1s ⏱️
  8 suites    0 💤
  1 files      0 ❌

Results for commit 7ef9a8a.

♻️ This comment has been updated with latest results.

[imajes]

@dependabot rebase