Dependabot: Bump the maven-patch-and-minor group with 4 updates

[dependabot]

Bumps the maven-patch-and-minor group with 4 updates: org.springframework.boot:spring-boot-starter-parent, org.apache.maven.plugins:maven-compiler-plugin, org.jacoco:jacoco-maven-plugin and org.apache.maven.plugins:maven-jar-plugin.

Updates org.springframework.boot:spring-boot-starter-parent from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

• Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
• Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

• MailSender auto-configuration does not enable hostname verification #50747
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
• Embedded LDAP SSL should not be enabled when its bundle is empty #50700
• InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
• Configuration property metadata includes incorrect class references #50632
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
• SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
• Created StackTracePrinter instances have no access to the Environment #50414
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
• Buildpack module does not validate long-to-int casts #50410
• Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
• GraphQL WebSocket support does not configure allowed origins #50394
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
• Meter registries are not removed from the global registry when the context is closed #50287
• DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
• Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
• Missing dependency management for spring-boot-web-server-test #50224
• Spring Batch support for MongoDB modules are not included in dependency management #50223
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
• GrpcServerHealthScheduler is not started in servlet environments #50209
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50647
• Document SSL reloading with Let's Encrypt #50630
• Remove the use of Optional from Data Neo4j repository examples #50622
• Fix typos in documentation #50620

... (truncated)

Commits

• ac2cfe0 Release v4.1.0
• 1a5815c Upgrade to Spring Batch 6.0.4
• a8364ff Merge branch '4.0.x'
• 9755ff2 Upgrade to Spring Batch 6.0.4
• 6a6dedc Upgrade to Spring Integration 7.1.0
• db7b2b9 Merge branch '4.0.x'
• d549d07 Upgrade to Spring Integration 7.0.5
• 4d9e463 Merge branch '3.5.x' into 4.0.x
• b068647 Upgrade to Spring Integration 6.5.9
• 198af99 Merge branch '4.0.x'
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

• JaCoCo now officially supports Java 26 (GitHub #2076).
• Experimental support for Java 27 class files (GitHub #2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

Commits

• 6c5260a Prepare release v0.8.15
• 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
• ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
• 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
• 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
• 85b8ddf Upgrade ASM to 9.10.1 (#2134)
• 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
• 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
• 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
• 3e18f17 Require at least JDK 21 for build (#2128)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.5.0

🚀 New features and improvements

• Add new "attach" configuration parameter (3.x port of #482) (#483) @​hgschmie
• add Java-Version to MANIFEST.MF (#465) @​hboutemy

🐛 Bug Fixes

• Fix detecting java version for toolchains and JDK 1.8 (#500) @​slawekjaranowski
• Ignore stderr when parsing javac version from toolchain (#471) @​jaredstehler

👻 Maintenance

• Update site descriptor to 2.0.0 (#501) @​slawekjaranowski
• chore: remove junit3 references (#494) @​slawekjaranowski
• Migrate component injection to JSR-330 (#492) @​slawekjaranowski
• Add PR Automation to 3.x (#132) @​slawekjaranowski
• Improve release-drafter configuration (#128) @​slawekjaranowski
• Fix for Maven 4.0.0-rc-3 (#130) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#119) @​Bukama

🔧 Build

• Bump m-invoker-p to 3.9.1 for Java 25 (#480) @​hboutemy

📦 Dependency updates

• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#499) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#498) @dependabot[bot]
• Use maven-plugin-testing-harness version 3.4.0 (#491) @​slawekjaranowski
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#488) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#478) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#464) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#452) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.4 (#461) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#456) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]
• Bump org.apache.maven.shared:file-management from 3.1.0 to 3.2.0 (#143) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#140) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#114) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#109) @dependabot[bot]

Commits

• 68d00f1 [maven-release-plugin] prepare release maven-jar-plugin-3.5.0
• 357b9bf Update site descriptor to 2.0.0
• 340249c Fix detecting java version for toolchains and JDK 1.8
• 06a6245 chore: remove junit3 references
• d302b2c Bump commons-io:commons-io from 2.20.0 to 2.21.0
• 6081bdb Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• ef8ed4c Migrate component injection to JSR-330
• 704a35c Ignore stderr when parsing javac version from toolchain (#471)
• 0beb969 Use maven-plugin-testing-harness version 3.4.0
• c2624c8 Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#488)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions