fix(deps): update all minor dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
aquasecurity/trivy-action	action	minor	0.28.0 -> 0.29.0
org.springframework.boot:spring-boot-starter-parent (source)	parent	minor	3.3.6 -> 3.4.1
io.zonky.test.postgres:embedded-postgres-binaries-bom	import	minor	16.4.0 -> 16.6.0
com.networknt:json-schema-validator	compile	patch	1.5.3 -> 1.5.4
com.google.guava:guava	compile	minor	33.3.1-jre -> 33.4.0-jre
commons-io:commons-io (source)	compile	minor	2.17.0 -> 2.18.0
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	compile	minor	2.6.0 -> 2.8.0
io.zonky.test:embedded-postgres	test	minor	2.0.7 -> 2.1.0
io.zonky.test:embedded-database-spring-test	test	minor	2.5.1 -> 2.6.0

---

Release Notes

aquasecurity/trivy-action (aquasecurity/trivy-action)

v0.29.0

Compare Source

What's Changed

• feat: Allow skipping setup by @​rvesse in https://github.com/aquasecurity/trivy-action/pull/414
• Fix oras command not found in "Update Trivy Cache" action by @​Tiryoh in https://github.com/aquasecurity/trivy-action/pull/413
• Update README.md by @​simar7 in https://github.com/aquasecurity/trivy-action/pull/420
• feat: add token for setup-trivy by @​DmitriyLewen in https://github.com/aquasecurity/trivy-action/pull/421
• fix: bump setup-trivy and add new contrib directory path info by @​DmitriyLewen in https://github.com/aquasecurity/trivy-action/pull/424
• docs: remove ignore-unfixed from IaC scan example by @​nikpivkin in https://github.com/aquasecurity/trivy-action/pull/429
• chore(deps): Bump trivy to v0.57.1 by @​simar7 in https://github.com/aquasecurity/trivy-action/pull/434

New Contributors

• @​rvesse made their first contribution in https://github.com/aquasecurity/trivy-action/pull/414
• @​Tiryoh made their first contribution in https://github.com/aquasecurity/trivy-action/pull/413

Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.4.1

Compare Source

v3.4.0

Compare Source

⭐ New Features

• Add withDefaultRequestConfigCustomizer method to HttpComponentsClientHttpRequestFactoryBuilder #​43139
• Fail JsonWriter if duplicate names are detected #​43041
• Add JsonObjectDeserializer.nullSafeValue method that accepts a mapper Function #​42972
• Support timeout property for GraphQL over SSE #​42966
• Improve performance of ConfigurationPropertiesBinder by storing bind handlers on first access #​42950
• Improve performance of ConcurrentReferenceCachingMetadataReaderFactory #​42949
• Log warning in HikariCheckpointRestoreLifecycle if pool suspension isn't configured #​42937
• Remove spring-boot-starter-aop dependency from spring-boot-starter-data-jpa and spring-boot-starter-integration #​42934

🐞 Bug Fixes

• Jersey body handling is inconsistent with Spring Webflux and Spring MVC #​43209
• Classes are accidentally named "structure logging" instead of "structured logging" #​43203
• StructuredLoggingJsonProperties customizer should be a Class reference rather than a String #​43202
• Cannot package OCI image when 'docker.io/paketobuildpacks/new-relic' is provided as a buildpack #​43171
• Incorrect Type for 'management.endpoints.access.default' defined in additional-spring-configuration-metadata.json #​43154
• WebServerPortFileWriter fails when using a portfile without extension #​43117
• SslOptions.isSpecified() only returns true if ciphers and enabled protocols are set #​43084
• SslHealthIndicator throws NullPointerException when using SslBundle with SslStoreBundle.NONE #​43078
• JdkClientHttpRequestFactoryBuilder and JettyClientHttpRequestFactoryBuilder do not set Ciphers or Enabled Protocols #​43077
• Root cause of errors is hidden when loading images from archive #​43070
• mvn spring-boot:run fails on Windows with "Could Not Find or Load Main Class" when path contains non-ASCII characters #​43062
• A @SpyBean on the output of a FactoryBean is not reset #​43053
• Logback logging system does not process URLs with paths not ending in .xml #​42990
• Bean-based conditions do not consider factory beans correctly when determining if they are a candidate #​42970
• NPE in bootBuildImage when setting DOCKER_CONTEXT=default #​42960
• Warning due to duplicate MockResolver extensions #​42957
• HttpHostConnectException is thrown when using buildpacks with Gradle or Maven on Windows #​42952
• build-info doesn't support seconds since the epoch from project.build.outputTimestamp #​42936
• NPE in OnClassCondition.resolveOutcomesThreaded following thread interruption because firstHalf is null #​42926
• Default WebSocketMessageBrokerConfigurer is always overriding custom channel executor #​42924
• X-Registry-Auth header sent to Docker Engine API contains field "authHeader" #​42915
• ApplicationContextRunner has inconsistent behaviour with duplicate auto-configuration class names #​17963

📔 Documentation

• Migrate class references to full javadoc links #​43239
• Documentation for 'spring.datasource.type' is misleading #​43199
• Update "Upgrading From" section to use "2.x" #​43160
• Include spring-boot-loader in API documentation #​43153
• Document how and where to add custom GraalVM configuration files #​43074
• Rework DataSource configuration examples to separate defining an additional DataSource and defining a DataSource of a different type #​43059
• Location of the layers schema is incorrect in the Maven Plugin's examples #​43033
• Link to Eclipse setup instructions #​42954
• Fix link to Checkpoint and Restore status page #​42939

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.4 #​43128
• Upgrade to Byte Buddy 1.15.10 #​43097
• Upgrade to Couchbase Client 3.7.5 #​43098
• Upgrade to Elasticsearch Client 8.15.4 #​43129
• Upgrade to Flyway 10.20.1 #​43130
• Upgrade to Groovy 4.0.24 #​43099
• Upgrade to Hibernate 6.6.2.Final #​43100
• Upgrade to HttpClient5 5.4.1 #​43102
• Upgrade to Infinispan 15.0.11.Final #​43131
• Upgrade to Jackson Bom 2.18.1 #​43103
• Upgrade to Jetty 12.0.15 #​43104
• Upgrade to jOOQ 3.19.15 #​43105
• Upgrade to Kafka 3.8.1 #​43106
• Upgrade to Lettuce 6.4.1.RELEASE #​43185
• Upgrade to Logback 1.5.12 #​43107
• Upgrade to Lombok 1.18.36 #​43186
• Upgrade to Maven Dependency Plugin 3.8.1 #​43108
• Upgrade to Maven Failsafe Plugin 3.5.2 #​43109
• Upgrade to Maven Surefire Plugin 3.5.2 #​43110
• Upgrade to Micrometer 1.14.1 #​43187
• Upgrade to Micrometer Tracing 1.4.0 #​43120
• Upgrade to MongoDB 5.2.1 #​43111
• Upgrade to Netty 4.1.115.Final #​43133
• Upgrade to Prometheus Client 1.3.3 #​43112
• Upgrade to Pulsar Reactive 0.5.9 #​43188
• Upgrade to Reactor Bom 2024.0.0 #​43015
• Upgrade to Spring AMQP 3.2.0 #​43016
• Upgrade to Spring Authorization Server 1.4.0 #​43017
• Upgrade to Spring Batch 5.2.0 #​43018
• Upgrade to Spring Data Bom 2024.1.0 #​43019
• Upgrade to Spring Framework 6.2.0 #​43020
• Upgrade to Spring HATEOAS 2.4.0 #​43021
• Upgrade to Spring Integration 6.4.0 #​43022
• Upgrade to Spring Kafka 3.3.0 #​43023
• Upgrade to Spring LDAP 3.2.8 #​43189
• Upgrade to Spring Pulsar 1.2.0 #​43024
• Upgrade to Spring RESTDocs 3.0.3 #​43025
• Upgrade to Spring Security 6.4.1 #​43232
• Upgrade to Spring Session 3.4.0 #​43027
• Upgrade to Testcontainers 1.20.4 #​43243
• Upgrade to Tomcat 10.1.33 #​43134
• Upgrade to Undertow 2.3.18.Final #​43166
• Upgrade to WebJars Locator Lite 1.0.1 #​43135

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahoehma, @​deki, @​izeye, @​ngocnhan-tran1996, @​nosan, @​quaff, and @​wickdynex

v3.3.7

Compare Source

networknt/json-schema-validator (com.networknt:json-schema-validator)

v1.5.4

Compare Source

Added

Changed

• Fix nullable issue (#​1134) Thanks @​justin-tay
• fixes #​1131 pom.xml scm url URI is invalid (#​1132)
• Remove warning for exclusiveMinimum and exclusiveMaximum for Draft 4 (#​1127) Thanks @​justin-tay
• Clean up code (#​1130) Thanks @​jkosternl
• Test Code Cleanup (#​1128) Thanks @​jkosternl

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-ui)

v2.8.0

Compare Source

Added

• #​2790 - Moving to OpenAPI 3.1 as the default implementation for springdoc-openapi
• #​2817 - Obey annotations when flattening ParameterObject fields
• #​2826 - Make it possible to mark parameters with @​RequestParam annotation to be sent in form instead of query.
• #​2822 - Support returning null in ParameterCustomizer
• #​2830 - Add support for deprecated fields.
• #​2780 - Add Security Schema by AutoConfigure

Changed

• Upgrade spring-boot to 3.4.1
• Upgrade spring-cloud-function to 4.2.0
• Upgrade swagger-core to 2.2.27

Fixed

• #​2804 - Stable release 2.7.0 depends on Spring Cloud Milestone 4.2.0-M1
• #​2828 - Required a bean of type 'org.springframework.data.rest.webmvc.mapping.Associations' that could not be found.
• #​2823 - Capturing pattern in identical paths only renders the path element of one method
• #​2817 - Automatically add required if a field is @​notNull or @​NotBlank.
• #​2814 - An unresolvable circular reference with management.endpoint.gateway.enabled=true.
• #​2798 - Object schema generated for Unit Kotlin type.
• #​2797 - Removing operationId via customizer does not work anymore.
• #​2833 - Resolve infinite recursion and add example test with OpenAPI v3.1
• #​2827 - Ignoring @​Parameter(required = false)

v2.7.0

Compare Source

Added

• #​2777 - Add SortAsQueryParam annotation
• #​2786 - No static resource swagger-ui/index.html error after migration to 2.7.0-RC1

Changed

• Upgrade spring-boot to 3.4.0
• Upgrade swagger-ui to 5.18.2
• Upgrade spring-security-oauth2-authorization-server to 1.4.0

zonkyio/embedded-postgres (io.zonky.test:embedded-postgres)

v2.1.0

Compare Source

Changes:

• Fixed dependency conflicts with commons-io and commons-compress libraries (#​133)
• Removed unnecessary try-catch handling when extracting PostgreSQL binaries (#​136)
• Upgraded dependencies: (#​135 #​142 #​140 #​130 #​128)
  • Flyway to 9.22.3
  • Liquibase to 4.30.0
  • PostgreSQL JDBC Driver to 42.7.4
  • Embedded Postgres Binaries to 14.15.0
  • Apache Commons Compress to 1.26.2
  • Apache Commons IO to 2.16.1
  • Apache Commons Codec to 1.17.1
  • Apache Commons Lang to 3.15.0
  • Tukaani XZ to 1.10

zonkyio/embedded-database-spring-test (io.zonky.test:embedded-database-spring-test)

v2.6.0

Compare Source

Changes:

• Added support for Flyway 11 (#​284)
• Fixed EmbeddedDatabaseTestExecutionListener affecting non-annotated tests (#​277)
• Fixed potential performance issue with Flyway bean initialization and database caching (#​276)

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud