Update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.ninja-squad:springmockk	4.0.2 → 5.0.1
io.mockk:mockk-jvm (source)	1.14.6 → 1.14.7
io.github.oshai:kotlin-logging-jvm	7.0.13 → 7.0.14
org.springframework.boot:spring-boot-starter-parent (source)	3.5.7 → 4.0.1

---

Release Notes

Ninja-Squad/springmockk (com.ninja-squad:springmockk)

v5.0.1

Compare Source

Minor refactorings and documentation fixes

v5.0.0

Compare Source

Version 5.0.0 is a rewrite, based on the Spring Framework's support for @MockitoBean and @MockitoSpyBean.

To align SpringMockK's annotations and behavior with Spring's mockito annotations and behavior, there are breaking changes.

Read the migration guide for details.

mockk/mockk (io.mockk:mockk-jvm)

v1.14.7

Compare Source

What's Changed

• fix: normalize value class arguments in EqMatcher for consistent comparison by @​edwardmp in #​1440
• Add configurable logging to withArg & withNullableArg by @​OsaSoft in #​1441
• docs(readme): document suppressing superclass calls by @​ch200203 in #​1444
• Fix for issue #​1103. by @​sdetilly in #​1449
• Fix configuration option example for restricted classes by @​TWiStErRob in #​1465
• Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by @​Copilot in #​1457
• Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by @​Copilot in #​1456
• Add optional restricted mock system property by @​nishatoma in #​1454
• Fix StackOverflowError when mocking methods returning ArrayList by @​Copilot in #​1464
• Change JUnit 4/5 dependencies from implementation to compileOnly by @​Copilot in #​1455

New Contributors

• @​edwardmp made their first contribution in #​1440
• @​OsaSoft made their first contribution in #​1441
• @​sdetilly made their first contribution in #​1449
• @​Copilot made their first contribution in #​1457
• @​nishatoma made their first contribution in #​1454

Full Changelog: mockk/mockk@1.14.6...1.14.7

oshai/kotlin-logging (io.github.oshai:kotlin-logging-jvm)

v7.0.14

Compare Source

What's Changed

• Bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in #​559
• Bump actions/setup-java from 4 to 5 by @​dependabot[bot] in #​560
• Upgrade Gradle wrapper to 8.14.3 by @​Copilot in #​563
• Bump com.android.library from 8.12.0 to 8.12.1 by @​dependabot[bot] in #​561
• Bump jackson from 2.19.2 to 2.20.0 by @​dependabot[bot] in #​565
• Bump com.android.library from 8.12.2 to 8.13.0 by @​dependabot[bot] in #​564
• Bump org.graalvm.sdk:nativeimage from 24.2.2 to 25.0.0 by @​dependabot[bot] in #​568
• Bump org.mockito:mockito-core from 5.19.0 to 5.20.0 by @​dependabot[bot] in #​567
• Bump log4j from 2.25.1 to 2.25.2 by @​dependabot[bot] in #​572
• Bump actions/cache from 4.2.4 to 4.3.0 by @​dependabot[bot] in #​571
• Bump com.diffplug.spotless from 7.2.1 to 8.0.0 by @​dependabot[bot] in #​570
• Bump gradle/actions from 4 to 5 by @​dependabot[bot] in #​574
• Bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 by @​dependabot[bot] in #​573
• Change LogbackLogEvent to implement ILoggingEvent by @​oshai in #​583

New Contributors

• @​Copilot made their first contribution in #​563

Full Changelog: oshai/kotlin-logging@7.0.13...7.0.14

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v4.0.1

Compare Source

v4.0.0

Compare Source

v3.5.9

Compare Source

v3.5.8

Compare Source

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #​48196
• Testcontainers integration fails on Docker 29.0.0 #​48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
• Properties bound in the child management context ignore the parent's environment prefix #​48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
• Auto-configured JCacheMetrics cannot be customized #​48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
• Devtools Restarter does not work with a parameterless main method #​47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
• Docker response 407 is not handled correctly resulting in no error message #​47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
• Fix typo in PortInUseException Javadoc #​48133
• Correct section about required setters in "Type-safe Configuration Properties" #​48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
• Document support for configuring servlet context init parameters using properties #​48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
• Use since attribute in configuration properties deprecation consistently #​47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
• Document that Actuator endpoint may have at most one extension of each type #​47873
• Limit Kotlin API documentation to Kotlin-specific APIs #​47859
• Adapt AOTCache documentation to JEP 514 #​47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #​47926
• Upgrade to AspectJ 1.9.25 #​48005
• Upgrade to Caffeine 3.2.3 #​48006
• Upgrade to Cassandra Driver 4.19.2 #​48183
• Upgrade to DB2 JDBC 12.1.3.0 #​48083
• Upgrade to Hibernate 6.6.36.Final #​48148
• Upgrade to Jackson Bom 2.19.4 #​48008
• Upgrade to Jetty 12.0.30 #​48118
• Upgrade to Jetty Reactive HTTPClient 4.0.13 #​48149
• Upgrade to jOOQ 3.19.28 #​48084
• Upgrade to Logback 1.5.21 #​48085
• Upgrade to Micrometer 1.15.6 #​48009
• Upgrade to Micrometer Tracing 1.5.6 #​48010
• Upgrade to MySQL 9.5.0 #​48011
• Upgrade to Neo4j Java Driver 5.28.10 #​48044
• Upgrade to Quartz 2.5.1 #​48012
• Upgrade to R2DBC Postgresql 1.0.9.RELEASE #​48013
• Upgrade to Reactor Bom 2024.0.12 #​48014
• Upgrade to Spring Data Bom 2025.0.6 #​48039
• Upgrade to Spring Framework 6.2.14 #​48166
• Upgrade to Spring Integration 6.5.4 #​48040
• Upgrade to Spring Kafka 3.3.11 #​48041
• Upgrade to Spring Pulsar 1.2.12 #​48042
• Upgrade to Spring Security 6.5.7 #​48043
• Upgrade to Tomcat 10.1.49 #​48086

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

This change is 

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.ninja-squad:springmockk	5.0.1	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 12 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found Binary-Artifacts 🟢 9 binaries present in source code Code-Review ⚠️ 0 Found 0/23 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ -1 no dependencies found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
maven/io.github.oshai:kotlin-logging-jvm	7.0.14	Unknown	Unknown
maven/io.mockk:mockk-jvm	1.14.7	🟢 4.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 4 security policy file detected Code-Review ⚠️ 2 Found 5/17 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 9 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pom.xml