Update all dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.ninja-squad:springmockk	4.0.2 → 5.0.1
io.mockk:mockk-jvm (source)	1.14.6 → 1.14.9
io.github.oshai:kotlin-logging-jvm	7.0.13 → 8.0.03
com.github.gantsign.maven:ktlint-maven-plugin	3.5.0 → 3.7.1
org.apache.maven.plugins:maven-surefire-plugin (source)	3.5.4 → 3.5.5
org.codehaus.mojo:properties-maven-plugin (source)	1.2.1 → 1.3.0
org.apache.maven.plugins:maven-enforcer-plugin (source)	3.6.2 → 3.6.3
org.apache.maven.plugins:maven-compiler-plugin (source)	3.14.1 → 3.15.0
org.springframework.boot:spring-boot-starter-parent (source)	3.5.7 → 4.0.6

---

Release Notes

Ninja-Squad/springmockk (com.ninja-squad:springmockk)

v5.0.1

Compare Source

Minor refactorings and documentation fixes

v5.0.0

Compare Source

Version 5.0.0 is a rewrite, based on the Spring Framework's support for @MockitoBean and @MockitoSpyBean.

To align SpringMockK's annotations and behavior with Spring's mockito annotations and behavior, there are breaking changes.

Read the migration guide for details.

mockk/mockk (io.mockk:mockk-jvm)

v1.14.9

Compare Source

What's Changed

• fix: normalize value class arguments in EqMatcher for consistent comparison by @​edwardmp in #​1440
• Add configurable logging to withArg & withNullableArg by @​OsaSoft in #​1441
• docs(readme): document suppressing superclass calls by @​ch200203 in #​1444
• Fix for issue #​1103. by @​sdetilly in #​1449
• Fix configuration option example for restricted classes by @​TWiStErRob in #​1465
• Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by @​Copilot in #​1457
• Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by @​Copilot in #​1456
• Add optional restricted mock system property by @​nishatoma in #​1454
• Fix StackOverflowError when mocking methods returning ArrayList by @​Copilot in #​1464
• Change JUnit 4/5 dependencies from implementation to compileOnly by @​Copilot in #​1455
• bump dependencies, bump dexter by @​jgrnrt in #​1477
• Fix issue 1475: nullable value class verification by @​sdetilly in #​1480
• Migrate build configuration to version catalog by @​jgrnrt in #​1481
• Clean up CI configuration and build artifacts by @​jgrnrt in #​1482
• Add Spotless formatting plugin by @​jgrnrt in #​1483
• Enable ktlint unused-imports rule and clean up code by @​jgrnrt in #​1489
• chore: enable no-wildcard-imports in ktlint by @​jgrnrt in #​1491
• Add List injection support for @​InjectMockKs (#​1356) by @​h2jinee in #​1492
• Unify settings files by prioritizing mockk.properties in MockKSettings by @​snowykte0426 in #​1474
• Fix type matching for any() when parameter is Any (#​1296) by @​chapakook in #​1494
• Upgrade Dokka to 2.1.0 and Refactor Documentation Setup by @​jgrnrt in #​1499
• chore: bump gradle to 9.3.0, add .gitattributes by @​jgrnrt in #​1502
• Fix #​1342: Handle value classes for type parameters and don't unbox value classes returned as interface/supertype by @​ianbrandt in #​1442
• Introduce clearAllStubsFromMemory by @​nishatoma in #​1503
• Bump dokka to 2.2.0-Beta by @​jgrnrt in #​1505
• fix: resolve @​InjectMockKs initialization order based on dependencies by @​neungs-2 in #​1500

New Contributors

• @​edwardmp made their first contribution in #​1440
• @​OsaSoft made their first contribution in #​1441
• @​sdetilly made their first contribution in #​1449
• @​Copilot made their first contribution in #​1457
• @​nishatoma made their first contribution in #​1454
• @​jgrnrt made their first contribution in #​1477
• @​h2jinee made their first contribution in #​1492
• @​snowykte0426 made their first contribution in #​1474
• @​chapakook made their first contribution in #​1494
• @​ianbrandt made their first contribution in #​1442
• @​neungs-2 made their first contribution in #​1500

Full Changelog: mockk/mockk@1.14.6...1.14.9

v1.14.7

Compare Source

What's Changed

• fix: normalize value class arguments in EqMatcher for consistent comparison by @​edwardmp in #​1440
• Add configurable logging to withArg & withNullableArg by @​OsaSoft in #​1441
• docs(readme): document suppressing superclass calls by @​ch200203 in #​1444
• Fix for issue #​1103. by @​sdetilly in #​1449
• Fix configuration option example for restricted classes by @​TWiStErRob in #​1465
• Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by @​Copilot in #​1457
• Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by @​Copilot in #​1456
• Add optional restricted mock system property by @​nishatoma in #​1454
• Fix StackOverflowError when mocking methods returning ArrayList by @​Copilot in #​1464
• Change JUnit 4/5 dependencies from implementation to compileOnly by @​Copilot in #​1455

New Contributors

• @​edwardmp made their first contribution in #​1440
• @​OsaSoft made their first contribution in #​1441
• @​sdetilly made their first contribution in #​1449
• @​Copilot made their first contribution in #​1457
• @​nishatoma made their first contribution in #​1454

Full Changelog: mockk/mockk@1.14.6...1.14.7

oshai/kotlin-logging (io.github.oshai:kotlin-logging-jvm)

v8.0.03

Compare Source

What's Changed

• Fix #​598: Allow external configuration of logStartupMessage via Properties and Env Vars by @​oshai in #​602

Full Changelog: oshai/kotlin-logging@8.0.02...8.0.03

v8.0.02

Compare Source

What's Changed

• Fix GraalVM native build error caused by stale substitution target in v8.x by @​Copilot in #​601

Full Changelog: oshai/kotlin-logging@8.0.01...8.0.02

v8.0.01

Compare Source

What's Changed

• Refactor: Unified Logger Provider Architecture by @​oshai in #​584
• refactor: Refine initialization logic by @​oshai in #​585
• KLogger API Cleanup & Ambiguity Fix by @​oshai in #​586
• fix action by @​oshai in #​593
• feat: add timestamp to KLoggingEvent by @​oshai in #​591
• Fix Darwin historical logs redaction using public format string by @​oshai in #​590
• feat: add configuration to suppress startup message by @​oshai in #​589
• Feature: Add JPMS Support (Issue #​365) by @​oshai in #​592
• Fix Darwin OSLog composition failure in historical logs by @​oshai in #​594

Full Changelog: oshai/kotlin-logging@7.0.14...8.0.01

v7.0.14

Compare Source

What's Changed

• Bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in #​559
• Bump actions/setup-java from 4 to 5 by @​dependabot[bot] in #​560
• Upgrade Gradle wrapper to 8.14.3 by @​Copilot in #​563
• Bump com.android.library from 8.12.0 to 8.12.1 by @​dependabot[bot] in #​561
• Bump jackson from 2.19.2 to 2.20.0 by @​dependabot[bot] in #​565
• Bump com.android.library from 8.12.2 to 8.13.0 by @​dependabot[bot] in #​564
• Bump org.graalvm.sdk:nativeimage from 24.2.2 to 25.0.0 by @​dependabot[bot] in #​568
• Bump org.mockito:mockito-core from 5.19.0 to 5.20.0 by @​dependabot[bot] in #​567
• Bump log4j from 2.25.1 to 2.25.2 by @​dependabot[bot] in #​572
• Bump actions/cache from 4.2.4 to 4.3.0 by @​dependabot[bot] in #​571
• Bump com.diffplug.spotless from 7.2.1 to 8.0.0 by @​dependabot[bot] in #​570
• Bump gradle/actions from 4 to 5 by @​dependabot[bot] in #​574
• Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 by @​dependabot[bot] in #​573
• Change LogbackLogEvent to implement ILoggingEvent by @​oshai in #​583

New Contributors

• @​Copilot made their first contribution in #​563

Full Changelog: oshai/kotlin-logging@7.0.13...7.0.14

gantsign/ktlint-maven-plugin (com.github.gantsign.maven:ktlint-maven-plugin)

v3.7.1

Compare Source

Changes:

• #​718: Fix deploy timeout

v3.7.0

Compare Source

Enhancement:

• #​717: Update ktlint to 1.8.0 and kotlin to 2.2.21

v3.6.0

Compare Source

Enhancement:

• #​681: Update to ktlint 1.7.1 and kotlin 2.2.0
  • Thanks to @​JonathanLennox for the PR

Other changes:

• #​662: Upgraded commons-codec:commons-codec from 1.17.2 to 1.18.0
• #​671: Updated GitHub Actions runner
• #​663: Upgraded commons-logging:commons-logging from 1.3.4 to 1.3.5
• #​664: Upgraded commons-beanutils:commons-beanutils from 1.10.0 to 1.10.1
• #​685: Fix devcontainer
• #​686: Fix devcontainer
• #​687: Migrate deployment to Sonatype Central Portal
• #​688: Fix Maven deploy
• #​688: Fix formatting (fix-deploy)
• #​666: Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• #​669: Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• #​673: Bump commons-beanutils:commons-beanutils from 1.10.1 to 1.11.0
• #​675: Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0
• #​676: Bump commons-io:commons-io from 2.18.0 to 2.20.0
• #​679: Bump actions/setup-java from 4 to 5
• #​680: Bump codecov/codecov-action from 5.3.1 to 5.5.1
• #​682: Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0
• #​683: Bump actions/checkout from 4 to 6
• #​689: Bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3
• #​690: Update Dependabot to allow newer Maven versions
• #​693: Bump org.apache.maven:maven-core from 3.5.4 to 3.8.1
• #​691: Bump codecov/codecov-action from 5.5.1 to 6.0.0
• #​694: Bump org.jetbrains.dokka:dokka-maven-plugin from 2.0.0 to 2.2.0
• #​695: Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.27
• #​696: Bump commons-codec:commons-codec from 1.18.0 to 1.21.0
• #​692: Bump maven.version from 3.8.1 to 3.8.9
• #​698: Add org.dom4j:dom4j dependency to dependabot configuration
• #​703: Bump org.dom4j:dom4j from 2.1.4 to 2.1.5
• #​704: Add org.codehaus.plexus:plexus-xml dependency to dependabot configuration
• #​699: Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29
• #​700: Bump commons-logging:commons-logging from 1.3.5 to 1.3.6
• #​701: Bump org.apache.maven.plugin-tools:maven-plugin-annotations
• #​706: Bump commons-io:commons-io from 2.20.0 to 2.21.0
• #​707: Add maven-reporting-impl dependency to dependabot configuration
• #​708: Add plexus-classworlds dependency to dependabot config
• #​710: Add maven-plugin-testing-harness to dependabot config
• #​711: Add Guice to dependabot config
• #​712: Bump com.google.inject:guice from 4.2.2 to 4.2.3
• #​713: Add doxia-sink-api-ktx to dependabot config
• #​714: Bump doxia-sink-api-ktx version to 1.6.1
• #​715: Update build Maven version to 3.9.14
• #​716: Update Maven Central badge to use img.shields.io

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v4.0.6

v4.0.5

Compare Source

🐞 Bug Fixes

• Test starter for Spring Integration does not include Spring Integration test module #​49784
• Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #​49782
• WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #​49753
• WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #​49749
• Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #​49738
• Override of property in external 'application.properties' or 'application.yaml' is ignored #​49731
• NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #​49706
• Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #​49695
• @GraphQlTest does not include @ControllerAdvice #​49672

📔 Documentation

• Fix incorrect indefinite articles in Javadoc #​49727
• Add some more Kotlin examples and trivial style fixes #​49714
• Overhaul Spring Session documentation following modularization #​49704

🔨 Dependency Upgrades

• Upgrade to Brave 6.3.1 #​49763
• Upgrade to Jackson 2 Bom 2.21.2 #​49764
• Upgrade to jOOQ 3.19.31 #​49765
• Upgrade to Netty 4.2.12.Final #​49794
• Upgrade to Tomcat 11.0.20 #​49767
• Upgrade to Zipkin Reporter 3.5.3 #​49762

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

v4.0.4

Compare Source

⚠️ Attention Required

• OpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. #​49453
• Jackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. #​49389
• Jackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. #​49383
• The default value for server.tomcat.max-part-count has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. #​49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #​49649
• "/cloudfoundryapplication" web path is not limited to Actuator #​49646
• Fix EndpointRequest.toLinks() when base-path is '/' #​49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #​49596
• RSocket exposes duplicate endpoint for websocket setups #​49593
• Failure analysis for a missing mail sender is misleading #​49582
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #​49535
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #​49482
• "spring.main.cloud-platform=none" does not disable cloud features #​49479
• SSL support with Docker Compose does not work as documented #​49385
• Auto-configuration overrides authorization server configuration applied by Customizer beans #​49367
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #​49344
• NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #​49343
• RouterFunctions descriptions in Actuator do not support nesting #​49302
• Maven plugin does not set '-parameters' option when processing AOT code #​49295
• HTTP Service Interface Client doesn't work in a native image due to missing property binding #​49274
• ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #​49176
• Missing starter for spring-boot-restdocs #​48289

📔 Documentation

• Document support for Java 26 #​49604
• List all supported colors when describing color-coded log output #​49562
• Improve EndpointRequest matcher documentation #​49520
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #​49514
• Document security considerations for forwarded headers in cloud deployments #​49507
• Tutorial in the reference guide has outdated instructions #​49429
• Document additional repositories required for shibboleth.net #​49392
• Javadoc of JettyHttpClientBuilder refers to the wrong type #​49387
• Example spring-devtools.properties file is shown in the wrong format #​49362
• Clarify inferred relationships between OAuth 2 registrations and providers #​49327
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #​49321
• Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #​49306
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #​49298
• JDK requirement for the CLI still refers to Java 8 #​49293
• Java and Kotlin samples of an environment post processor are inconsistent #​49287

🔨 Dependency Upgrades

• Upgrade to Commons Logging 1.3.6 #​49545
• Upgrade to DB2 JDBC 12.1.4.0 #​49546
• Upgrade to Elasticsearch Client 9.2.6 #​49421
• Upgrade to Hibernate 7.2.7.Final #​49608
• Upgrade to Jakarta XML WS 4.0.3 #​49469
• Upgrade to JBoss Logging 3.6.3.Final #​49632
• Upgrade to Jetty 12.1.7 #​49470
• Upgrade to Kafka 4.1.2 #​49627
• Upgrade to Liquibase 5.0.2 #​49471
• Upgrade to Lombok 1.18.44 #​49575
• Upgrade to Maven Failsafe Plugin 3.5.5 #​49472
• Upgrade to Maven Shade Plugin 3.6.2 #​49473
• Upgrade to Maven Surefire Plugin 3.5.5 #​49474
• Upgrade to Micrometer 1.16.4 #​49413
• Upgrade to Micrometer Tracing 1.6.4 #​49414
• Upgrade to MongoDB 5.6.4 #​49422
• Upgrade to Native Build Tools Plugin 0.11.5 #​49475
• Upgrade to Neo4j Java Driver 6.0.3 #​49431
• Upgrade to Pulsar 4.1.3 #​49476
• Upgrade to Reactor Bom 2025.0.4 #​49415
• Upgrade to Spring Batch 6.0.3 #​49416
• Upgrade to Spring Data Bom 2025.1.4 #​49417
• Upgrade to Spring Framework 7.0.6 #​49418
• Upgrade to Spring HATEOAS 3.0.3 #​49587
• Upgrade to Spring Integration 7.0.4 #​49529
• Upgrade to Spring Kafka 4.0.4 #​49419
• Upgrade to Spring Pulsar 2.0.4 #​49420
• Upgrade to Spring Security 7.0.4 #​49530
• Upgrade to Spring WS 5.0.1 #​49531
• Upgrade to Testcontainers 2.0.4 #​49655

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​FBibonne, @​answndud, @​bbbbooo, @​chandanv89, @​giyeon95, @​itsmevichu, @​jayychoi, @​l2yujw, @​ngocnhan-tran1996, @​qnnn, @​quaff, and @​sbrannen

v4.0.3

⭐ New Features

• Add TWENTY_SIX to JavaVersion enum #​49193

🐞 Bug Fixes

• Jackson properties may not be applied correctly to RestClients #​49223
• ClassNotFoundException when using Actuator without spring-boot-health #​49196
• Using the OTel and Zipkin starters together creates invalid configuration #​49183
• Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #​49060
• Jackson2HttpMessageConvertersConfiguration uses ConditionOn Jackson3 XMLMapper class #​49015
• server.jetty.threads.max is ignored when using virtual threads #​48989
• Slice test includes fail to load when using spring-boot-starter-test-classic #​48981
• Docker credential helpers with file extensions cannot be executed on Windows #​48979
• Java version requirement check for native image is confusing if AOT didn't run #​48963
• TestPropertyValues.Pair.fromMapEntry(Entry<String, String>) does not comply with its nullability contract #​48948

📔 Documentation

• Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #​49212
• Document that use of non idiomatic format for '@Value' still apply for environment variables #​49109
• Document naming convention for custom test-scoped starters #​49017
• Delay removal of Jackson 2 support until 4.3 at the earliest #​49010
• LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #​49003
• ApplicationContextAssert documents a non-existent assertion in getFailure() #​48977
• Highlight the importance of the preStop hook when configuring Kubernetes probes #​48946

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.27.7 #​49095
• Upgrade to Elasticsearch Client 9.2.5 #​49184
• Upgrade to Groovy 5.0.4 #​49097
• Upgrade to Hibernate 7.2.3.Final #​49098
• Upgrade to Hibernate 7.2.4.Final #​49167
• Upgrade to Jaybird 6.0.4 #​49099
• Upgrade to JBoss Logging 3.6.2.Final #​49100
• Upgrade to Jersey 4.0.2 #​49101
• Upgrade to Jetty 12.1.6 #​49102
• Upgrade to jOOQ 3.19.30 #​49103
• Upgrade to JUnit Jupiter 6.0.3 #​49233
• Upgrade to Logback 1.5.29 #​49169
• Upgrade to Logback 1.5.32 #​49245
• Upgrade to Micrometer 1.16.3 #​49111
• Upgrade to Micrometer Tracing 1.6.3 #​49112
• Upgrade to MongoDB 5.6.3 #​49105
• Upgrade to MySQL 9.6.0 #​49106
• Upgrade to Netty 4.2.10.Final #​49107
• Upgrade to Postgresql 42.7.10 #​49202
• Upgrade to Reactor Bom 2025.0.3 #​49087
• Upgrade to Spring Data Bom 2025.1.3 #​49088
• Upgrade to Spring Framework 7.0.5 #​49216
• Upgrade to Spring Integration 7.0.3 #​49217
• Upgrade to Spring Kafka 4.0.3 #​49090
• Upgrade to Spring LDAP 4.0.2 #​49091
• Upgrade to Spring Pulsar 2.0.3 #​49092
• Upgrade to Spring Security 7.0.3 #​49093
• Upgrade to Spring Session 4.0.2 #​49094
• Upgrade to Tomcat 11.0.18 #​49108

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaetanoCerciello, @​dsyer, @​linkian209, @​nosan, @​quaff, @​scordio, and @​srt

v4.0.2

⚠️ Noteworthy Changes

• The dependency on org.eclipse.jetty.ee11:jetty-ee11-servlets has been removed from spring-boot-jetty as it was unnecessary and unused. If your application code depends on a class from jetty-ee11-servlets, declare a dependency on it in your build configuration. #​48677

🐞 Bug Fixes

• No TransactionAutoConfiguration with spring-boot-starter-kafka for Spring Boot 4 #​48880
• Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #​48840
• When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #​48838
• SessionAutoConfiguration creates a DefaultCookieSerializer with a default SameSite of null instead of Lax #​48830
• Setting graphql schema location to "classpath*:graphql/**/" causes failure due to incorrectly packaged test resource #​48829
• Message interpolation by MVC and WebFlux's Validators does not work correctly in a native image #​48828
• CloudFoundry integration fails in Servlet-based web app without a dependency on spring-boot-starter-restclient #​48826
• RestTestClientAutoConfiguration and TestRestTemplateAutoConfiguration should be package-private #​48820
• SSL metrics are no longer auto-configured #​48819
• Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #​48812
• DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #​48703
• The spring-boot-cloudfoundry module should only have an optional dependency on spring-boot-security #​48685
• Application JAR created by extract command is not reproductible #​48678
• AOT processing of tests should not be disabled when 'skipTests' is set #​48662
• @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) is no longer applied to the management server #​48653
• Fix zero-length byte buffer in InspectedContent #​48650
• Can no longer override JacksonJsonHttpMessageConverter with ServerHttpMessageConvertersCustomizer #​48635
• HttpServiceClientProperties incorrectly uses the @ConfigurationProperties annotation on a LinkedHashMap class #​48616
• spring-boot-micrometer-tracing-opentelemetry fails if spring-boot-opentelemetry isn't there #​48585
• App fails to start with starter-webmvc and starter-zipkin #​48581
• Micrometer test modules should have an api dependency on micrometer-observation-test #​48386

📔 Documentation

• Fix typo in REST client documentation [#​48907](https:/

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 5 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

pom.xml

Package	Version	License	Issue Type
com.github.gantsign.maven:ktlint-maven-plugin	3.7.1	Null	Unknown License
io.github.oshai:kotlin-logging-jvm	8.0.03	Null	Unknown License
org.apache.maven.plugins:maven-enforcer-plugin	3.6.3	Null	Unknown License
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	Null	Unknown License
org.codehaus.mojo:properties-maven-plugin	1.3.0	Null	Unknown License

Allowed Licenses:

CC0-1.0, CC-BY-4.0, Unlicense, WTFPL, 0BSD, MIT, Apache-2.0, ISC, BSD-2-Clause, BSD-3-Clause, Zlib, MPL-1.1, MPL-2.0, CDDL-1.0, EPL-1.0, EPL-2.0, CECILL-2.1, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, EUPL-1.0, EUPL-1.1, EUPL-1.2, AAL, AFL-3.0, Apache-1.1, APL-1.0, APSL-2.0, Artistic-1.0-Perl, Artistic-2.0, BlueOak-1.0.0, BSL-1.0, CATOSL-1.1, CPAL-1.0, CUA-OPL-1.0, ECL-2.0, EFL-2.0, Entessa, EUDatagrid, Fair, LPPL-1.3c, LPL-1.02, MirOS, Motosoto, Multics, NASA-1.3, NCSA, NTP, Naumen, Nokia, PostgreSQL, PSF-2.0, RPSL-1.0, RSCPL, SimPL-2.0, Sleepycat, SPL-1.0, VSL-1.0, W3C, W3C-20150513, Xnet, ZPL-2.0

Excluded from license check:

pkg:githubactions/trufflesecurity/trufflehog, pkg:npm/knex, pkg:npm/mapbox-gl

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.github.gantsign.maven:ktlint-maven-plugin	3.7.1	🟢 4.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/14 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Packaging ⚠️ -1 packaging workflow not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/com.ninja-squad:springmockk	5.0.1	⚠️ 1.9	Details Check Score Reason Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 9 binaries present in source code Packaging ⚠️ -1 packaging workflow not detected Maintained ⚠️ 0 0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 Dangerous-Workflow ⚠️ -1 no workflows found Token-Permissions ⚠️ -1 No tokens found Pinned-Dependencies ⚠️ -1 no dependencies found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/io.github.oshai:kotlin-logging-jvm	8.0.03	Unknown	Unknown
maven/io.mockk:mockk-jvm	1.14.9	🟢 5	Details Check Score Reason Maintained 🟢 10 27 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 9 Found 10/11 approved changesets -- score normalized to 9 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 4 security policy file detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 License 🟢 10 license file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Signed-Releases ⚠️ -1 no releases found SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-compiler-plugin	3.15.0	🟢 4.7	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained ⚠️ 0 1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 15/20 approved changesets -- score normalized to 7 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-enforcer-plugin	3.6.3	🟢 5.7	Details Check Score Reason Code-Review 🟢 6 Found 9/13 approved changesets -- score normalized to 6 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.apache.maven.plugins:maven-surefire-plugin	3.5.5	🟢 5.8	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 20/26 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/org.codehaus.mojo:properties-maven-plugin	1.3.0	🟢 3.3	Details Check Score Reason Code-Review ⚠️ 2 Found 2/8 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 4 5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pom.xml