Skip to content

build(deps): bump the minor-and-patch group across 1 directory with 6 updates#84

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/maven/services/api-gateway/dev/minor-and-patch-156cae55b8
Open

build(deps): bump the minor-and-patch group across 1 directory with 6 updates#84
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/maven/services/api-gateway/dev/minor-and-patch-156cae55b8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown

Bumps the minor-and-patch group in /services/api-gateway with 6 updates:

Package From To
org.springframework.boot:spring-boot-starter-parent 3.5.11 3.5.16
io.jsonwebtoken:jjwt-api 0.12.6 0.13.0
io.jsonwebtoken:jjwt-impl 0.12.6 0.13.0
io.jsonwebtoken:jjwt-jackson 0.12.6 0.13.0
org.springdoc:springdoc-openapi-starter-webflux-ui 2.8.6 2.8.17
org.springframework.cloud:spring-cloud-dependencies 2025.0.0 2025.0.3

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.11 to 3.5.16

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.16

🔨 Dependency Upgrades

v3.5.15

🐞 Bug Fixes

  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50743
  • MailSender auto-configuration does not enable hostname verification #50742
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50624
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50501
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50451
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50429
  • GraphQL WebSocket support does not configure allowed origins #50391
  • Buildpack module does not validate long-to-int casts #50382
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50373
  • Created StackTracePrinter instances have no access to the Environment #50303
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50301
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50292
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50273
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50254
  • Meter registries are not removed from the global registry when the context is closed #50235
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50225
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50205
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50118
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50095

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50641
  • Remove the use of Optional from Data Neo4j repository examples #50600
  • Fix typos in documentation #50593
  • Document Java 25 requirement for AOT cache #50482
  • Clarify dependency requirement for Bean Validation support #50290
  • Document SSL reloading with Let's Encrypt #50222
  • Polish InvalidConfigurationPropertyValueException constructor javadoc #50212
  • Document known testcontainers lifecycle issues #50210
  • Document configuring multiple connectors with Jetty #50206
  • Fix typo in Spring Security OAuth2 client registration documentation #50193

🔨 Dependency Upgrades

... (truncated)

Commits
  • 0566f69 Release v3.5.16
  • 93edd16 Next development version (v3.5.16-SNAPSHOT)
  • 5bafd0a Upgrade to Spring Integration 6.5.10
  • baf3290 Upgrade to Spring AMQP 3.2.12
  • 2c5964a Upgrade to Spring Data Bom 2025.0.13
  • dbb08aa Upgrade Antora dependencies
  • 9b281d5 Upgrade to actions/checkout 7.0.0
  • a854058 Upgrade to jfrog/setup-jfrog-cli 5.1.0
  • fc236ae Start building against Spring Integration 6.5.10 snapshots
  • 5271da7 Start building against Spring Data Bom 2025.0.13 snapshots
  • Additional commits viewable in compare view

Updates io.jsonwebtoken:jjwt-api from 0.12.6 to 0.13.0

Release notes

Sourced from io.jsonwebtoken:jjwt-api's releases.

0.13.0

This is the last minor JJWT release branch that will support Java 7.

Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

What's Changed

This release contains a single change:

  • The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. Thank you to @​kesrishubham2510 for PR #972. See Issue 914.

Full Changelog: jwtk/jjwt@0.12.7...0.13.0

0.12.7

This patch release:

  • Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.

  • Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

    • Emptying the zip() nested collection disables JWT decompression.
    • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
    • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

    See Issue 996.

  • Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

  • Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

  • Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

    Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

    NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

    See Issue 988.

  • Upgrades the Gson dependency to 2.11.0

  • Upgrades the BouncyCastle dependency to 1.78.1

New Contributors

Full Changelog: jwtk/jjwt@0.12.6...0.12.7

Changelog

Sourced from io.jsonwebtoken:jjwt-api's changelog.

0.13.0

This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

This 0.13.0 minor release has only one change:

  • The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. See Issue 914.

0.12.7

This patch release:

  • Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

  • Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

    • Emptying the zip() nested collection disables JWT decompression.
    • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
    • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

    See Issue 996.

  • Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

  • Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

  • Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

    Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

    NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

    See Issue 988.

  • Upgrades the Gson dependency to 2.11.0

  • Upgrades the BouncyCastle dependency to 1.78.1

Commits

Updates io.jsonwebtoken:jjwt-impl from 0.12.6 to 0.13.0

Release notes

Sourced from io.jsonwebtoken:jjwt-impl's releases.

0.13.0

This is the last minor JJWT release branch that will support Java 7.

Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

What's Changed

This release contains a single change:

  • The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. Thank you to @​kesrishubham2510 for PR #972. See Issue 914.

Full Changelog: jwtk/jjwt@0.12.7...0.13.0

0.12.7

This patch release:

  • Adds a new Maven BOM! This is useful for multi-module projects. See Issue 967.

  • Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

    • Emptying the zip() nested collection disables JWT decompression.
    • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
    • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

    See Issue 996.

  • Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

  • Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

  • Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

    Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

    NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

    See Issue 988.

  • Upgrades the Gson dependency to 2.11.0

  • Upgrades the BouncyCastle dependency to 1.78.1

New Contributors

Full Changelog: jwtk/jjwt@0.12.6...0.12.7

Changelog

Sourced from io.jsonwebtoken:jjwt-impl's changelog.

0.13.0

This is the last minor JJWT release branch that will support Java 7. Any necessary emergency bug fixes will be fixed in subsequent 0.13.x patch releases, but all new development, including Java 8 compatible changes, will be in the next minor (0.14.0) release.

All future JJWT major and minor versions ( 0.14.0 and later) will require Java 8 or later.

This 0.13.0 minor release has only one change:

  • The previously private JacksonDeserializer(ObjectMapper objectMapper, Map<String, Class<?>> claimTypeMap) constructor is now public for those that want register a claims type converter on their own specified ObjectMapper instance. See Issue 914.

0.12.7

This patch release:

  • Adds a new Maven BOM, useful for multi-module projects. See Issue 967.

  • Allows the JwtParserBuilder to have empty nested algorithm collections, effectively disabling the parser's associated feature:

    • Emptying the zip() nested collection disables JWT decompression.
    • Emptying the sig() nested collection disables JWS mac/signature verification (i.e. all JWSs will be unsupported/rejected).
    • Emptying either the enc() or key() nested collections disables JWE decryption (i.e. all JWEs will be unsupported/rejected)

    See Issue 996.

  • Fixes bug 961 where JwtParserBuilder nested collection builders were not correctly replacing algorithms with the same id.

  • Ensures a JwkSet's keys collection is no longer entirely secret/redacted by default. This was an overzealous default that was unnecessarily restrictive; the keys collection itself should always be public, and each individual key within should determine which fields should be redacted when printed. See Issue 976.

  • Improves performance slightly by ensuring all jjwt-api utility methods that create *Builder instances (Jwts.builder(), Jwts.parserBuilder(), Jwks.builder(), etc) no longer use reflection.

    Instead,static factories are created via reflection only once during initial jjwt-api classloading, and then *Builders are created via standard instantiation using the new operator thereafter. This also benefits certain environments that may not have ideal ClassLoader implementations (e.g. Tomcat in some cases).

    NOTE: because this changes which classes are loaded via reflection, any environments that must explicitly reference reflective class names (e.g. GraalVM applications) will need to be updated to reflect the new factory class names.

    See Issue 988.

  • Upgrades the Gson dependency to 2.11.0

  • Upgrades the BouncyCastle dependency to 1.78.1

Commits

Updates io.jsonwebtoken:jjwt-jackson from 0.12.6 to 0.13.0

Updates org.springdoc:springdoc-openapi-starter-webflux-ui from 2.8.6 to 2.8.17

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webflux-ui's releases.

springdoc-openapi v2.8.17 released!

Added

  • Add support for the @Range constraint validation annotation
  • Auto-set nullable: true for Kotlin nullable types in schema properties

Changed

  • Upgrade Spring Boot to version 3.5.13
  • Upgrade swagger-core to version 2.2.47
  • Upgrade swagger-ui to version 5.32.2

Fixed

  • #3259 – Fix an issue with annotated types with generics on parameters
  • #3255 – Handle $ref nullable wrapping and OAS 3.1 support
  • #3245 – Upgrade swagger-core from 2.2.43 to 2.2.45 (fixes schema resolution issues)
  • #3241 – Generic error responses from multiple @ControllerAdvice are still nondeterministic across OS
  • #3236 – Preserve YAML group URLs in Swagger UI
  • Fix PropertyResolverUtils to retain a JsonNode when reading an ExtensionProperty annotation
  • Fix handling of default values for LocalDate

New Contributors

Full Changelog: springdoc/springdoc-openapi@v2.8.16...v2.8.17

springdoc-openapi v2.8.16 released!

Added

  • #3208 - Add support for springdoc.swagger-ui.document-title property to customize the browser tab title

Changed

  • Upgrade Spring Boot to version 3.5.11
  • Upgrade swagger-core to version 2.2.43
  • Upgrade swagger-ui to version 5.32.0
  • Upgrade Scalar to version 0.5.55

Fixed

  • #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
  • #3226 – Propagate @JsonView context when resolving Page<T> schema in PageOpenAPIConverter
  • #3205 – springdoc-ui does not work with native compile GraalVM 25
  • #3219 – Upgrade swagger-core from 2.2.42 to 2.2.43 (fixes schema resolution issues)

... (truncated)

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webflux-ui's changelog.

[2.8.17] - 2026-04-12

Added

  • Add support for the @Range constraint validation annotation
  • Auto-set nullable: true for Kotlin nullable types in schema properties

Changed

  • Upgrade Spring Boot to version 3.5.13
  • Upgrade swagger-core to version 2.2.47
  • Upgrade swagger-ui to version 5.32.2

Fixed

  • #3259 – Fix an issue with annotated types with generics on parameters
  • #3255 – Handle $ref nullable wrapping and OAS 3.1 support
  • #3245 – Upgrade swagger-core from 2.2.43 to 2.2.45 (fixes schema resolution issues)
  • #3241 – Generic error responses from multiple @ControllerAdvice are still nondeterministic across OS
  • #3236 – Preserve YAML group URLs in Swagger UI
  • Fix PropertyResolverUtils to retain a JsonNode when reading an ExtensionProperty annotation
  • Fix handling of default values for LocalDate

[2.8.16] - 2026-02-27

Added

  • Add support for springdoc.swagger-ui.document-title property to customize the browser tab title

Changed

  • Upgrade Spring Boot to version 3.5.11
  • Upgrade swagger-core to version 2.2.43
  • Upgrade swagger-ui to version 5.32.0
  • Upgrade Scalar to version 0.5.55

Fixed

  • #3230 – Scalar source URLs resolve to null/<groupName> on second request when using GroupedOpenApi
  • #3226 – Propagate @JsonView context when resolving Page<T> schema in PageOpenAPIConverter
  • #3205 – springdoc-ui does not work with native compile GraalVM 25
  • #3219 – Upgrade swagger-core from 2.2.42 to 2.2.43 (fixes schema resolution issues)
  • #3193 – OpenApi field in SpringDocConfigProperties does not comply with camelCase naming conventions
  • #3161 – Prevent duplicate _links in allOf child schemas extending RepresentationModel
  • Fix type annotation not considered when Kotlin is not present
  • Fix property resolution for parameter default values

[2.8.15] - 2026-01-01

Added

... (truncated)

Commits
  • 07e7739 [maven-release-plugin] prepare release v2.8.17
  • 2019f83 CHANGELOG.md update
  • 90db507 upgrade swagger-ui to version 5.32.2
  • 5964baa Upgrade swagger-api.version to 2.2.47
  • 7a19bca Fixes tests for #3255
  • 0b0ebab Merge pull request #3259 from mcclellanmj/bug-parameterized-types
  • 6b9b69e Fixes tests for #3255
  • 6462e32 Merge pull request #3256 from thejeff77/feat/kotlin-nullable-schema-properties
  • f634f54 Merge pull request #3255 from sisco70/patch-1
  • 386e459 Merge pull request #3254 from pcalouche/update-spring-boot
  • Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.0.3

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.0.3

What's Included

  • Spring Cloud Bus 4.3.2 (issues)
  • Spring Cloud Openfeign 4.3.3 (issues)
  • Spring Cloud Circuitbreaker 3.3.3 (issues)
  • Spring Cloud Kubernetes 3.3.3 (issues)
  • Spring Cloud Function 4.3.4 (issues)
  • Spring Cloud Task 3.3.2 (issues)
  • Spring Cloud Stream 4.3.3 (issues)
  • Spring Cloud Starter Build 2025.0.3 (issues)
  • Spring Cloud Vault 4.3.3 (issues)
  • Spring Cloud Commons 4.3.3 (issues)
  • Spring Cloud Netflix 4.3.3 (issues)
  • Spring Cloud Consul 4.3.3 (issues)
  • Spring Cloud Gateway 4.3.5 (issues)
  • Spring Cloud Zookeeper 4.3.3 (issues)
  • Spring Cloud Config 4.3.4 (issues)
  • Spring Cloud Build 4.3.4 (issues)
  • Spring Cloud Contract 4.3.4 (issues)

What's Changed

Full Changelog: spring-cloud/spring-cloud-release@v2025.0.2...v2025.0.3

v2025.0.2

What's Changed

Full Changelog: spring-cloud/spring-cloud-release@v2025.0.1...v2025.0.2

Commits
  • 43c1a75 Update SNAPSHOT to 2025.0.3
  • dde5a5b Merge pull request #518 from spring-cloud/dependabot/npm_and_yarn/docs/2025.0...
  • eb93475 Bump @​springio/antora-extensions from 1.14.11 to 1.14.12 in /docs
  • b4f01fe Bumping versions
  • 8543039 Upgrading antora to 3.2.0-alpha.12
  • acabf2c Update spring-cloud-bus and spring-cloud-task versions
  • e797671 Bumping versions
  • 18cb936 Update spring-cloud-config version to 4.3.4-SNAPSHOT
  • 8531a88 Bumping versions
  • 443c71f Update spring-cloud-function version to 4.3.4-SNAPSHOT
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 6, 2026
… updates

---
updated-dependencies:
- dependency-name: io.jsonwebtoken:jjwt-api
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: io.jsonwebtoken:jjwt-impl
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: io.jsonwebtoken:jjwt-jackson
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: org.springdoc:springdoc-openapi-starter-webflux-ui
  dependency-version: 2.8.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: org.springframework.boot:spring-boot-starter-parent
  dependency-version: 3.5.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: org.springframework.cloud:spring-cloud-dependencies
  dependency-version: 2025.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot changed the title build(deps): bump the minor-and-patch group in /services/api-gateway with 6 updates build(deps): bump the minor-and-patch group across 1 directory with 6 updates Jul 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/services/api-gateway/dev/minor-and-patch-156cae55b8 branch from 081c656 to 3d32903 Compare July 12, 2026 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants