Skip to content

build(deps): bump the maven-dependencies group with 15 updates#4838

Open
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/maven/maven-dependencies-7f6264144c
Open

build(deps): bump the maven-dependencies group with 15 updates#4838
dependabot[bot] wants to merge 2 commits into
masterfrom
dependabot/maven/maven-dependencies-7f6264144c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven-dependencies group with 15 updates:

Package From To
com.google.protobuf:protobuf-java 4.35.0 4.35.1
org.springframework.boot:spring-boot 4.0.6 4.1.0
org.springframework.boot:spring-boot-autoconfigure 4.0.6 4.1.0
org.springframework.boot:spring-boot-actuator 4.0.6 4.1.0
org.springframework.boot:spring-boot-test 4.0.6 4.1.0
com.fasterxml.jackson.core:jackson-databind 2.21.3 2.22.0
com.fasterxml.jackson.core:jackson-core 2.21.3 2.22.0
com.fasterxml.jackson.core:jackson-annotations 2.21 2.22
com.squareup.okhttp3:okhttp 5.3.2 5.4.0
com.squareup.okhttp3:logging-interceptor 5.3.2 5.4.0
com.squareup.okhttp3:okhttp-jvm 5.3.2 5.4.0
com.google.auth:google-auth-library-oauth2-http 1.47.0 1.48.0
ch.qos.logback:logback-classic 1.5.32 1.5.37
ch.qos.logback:logback-core 1.5.32 1.5.37
com.diffplug.spotless:spotless-maven-plugin 3.5.1 3.7.0

Updates com.google.protobuf:protobuf-java from 4.35.0 to 4.35.1

Commits

Updates org.springframework.boot:spring-boot from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-autoconfigure from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-actuator from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-actuator's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-test from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-test's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-autoconfigure from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-autoconfigure's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates org.springframework.boot:spring-boot-actuator from 4.0.6 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-actuator's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

  • Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
  • Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

  • MailSender auto-configuration does not enable hostname verification #50747
  • Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
  • Embedded LDAP SSL should not be enabled when its bundle is empty #50700
  • InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
  • NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
  • SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
  • Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
  • Configuration property metadata includes incorrect class references #50632
  • Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
  • RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
  • NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
  • SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
  • Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
  • ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
  • Created StackTracePrinter instances have no access to the Environment #50414
  • MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
  • Buildpack module does not validate long-to-int casts #50410
  • Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
  • GraphQL WebSocket support does not configure allowed origins #50394
  • Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
  • Meter registries are not removed from the global registry when the context is closed #50287
  • DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
  • Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
  • Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
  • EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
  • Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
  • ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
  • NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
  • Missing dependency management for spring-boot-web-server-test #50224
  • Spring Batch support for MongoDB modules are not included in dependency management #50223
  • Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
  • GrpcServerHealthScheduler is not started in servlet environments #50209
  • Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

  • Fix reference to Gradle documentation for module replacement #50647
  • Document SSL reloading with Let's Encrypt #50630
  • Remove the use of Optional from Data Neo4j repository examples #50622
  • Fix typos in documentation #50620

... (truncated)

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.3 to 2.22.0

Commits

Updates com.fasterxml.jackson.core:jackson-core from 2.21.3 to 2.22.0

Commits
  • d763562 [maven-release-plugin] prepare release jackson-core-2.22.0
  • e5c69fe Re-do 2.22.0 release
  • 0ba6a36 Bump version after release
  • b106011 [maven-release-plugin] prepare for next development iteration
  • 18a7fe4 [maven-release-plugin] prepare release jackson-core-2.22.0
  • 503a14f Re-do 2.22.0 release
  • ab95bc0 ...
  • 0a4b8de Post-release dep version bump
  • 719a42f [maven-release-plugin] prepare for next development iteration
  • 9248848 [maven-release-plugin] prepare release jackson-core-2.22.0
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.21 to 2.22

Commits

Updates com.fasterxml.jackson.core:jackson-core from 2.21.3 to 2.22.0

Commits
  • d763562 [maven-release-plugin] prepare release jackson-core-2.22.0
  • e5c69fe Re-do 2.22.0 release
  • 0ba6a36 Bump version after release
  • b106011 [maven-release-plugin] prepare for next development iteration
  • 18a7fe4 [maven-release-plugin] prepare release jackson-core-2.22.0
  • 503a14f Re-do 2.22.0 release
  • ab95bc0 ...
  • 0a4b8de Post-release dep version bump
  • 719a42f [maven-release-plugin] prepare for next development iteration
  • 9248848 [maven-release-plugin] prepare release jackson-core-2.22.0
  • Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp from 5.3.2 to 5.4.0

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.4.0

2026-06-08

  • New: Add superpowers to interceptors. Interceptors can now override anything settable on OkHttpClient.Builder, such as the cache, connection pool, socket factory, and DNS. We expect this will allow most users to use interceptors everywhere, insted of mixing and matching interceptors with custom Call.Factory wrappers.
  • Fix: Limit each HTTP/2 response to 256 KiB of total headers.
  • Upgrade: [kotlinx.coroutines 1.11.0][coroutines_1_11_0]. This is used by the optional okhttp-coroutines artifact.
  • Upgrade: [GraalVM 25.0.3][graalvm_25].
  • Upgrade: [Okio 3.17.0][okio_3_17_0].
Commits

@dependabot
build(deps): bump the maven-dependencies group with 15 updates
06e8515 
Bumps the maven-dependencies group with 15 updates:

| Package | From | To |
| --- | --- | --- |
| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `4.35.0` | `4.35.1` |
| [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-autoconfigure](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-actuator](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [org.springframework.boot:spring-boot-test](https://github.com/spring-projects/spring-boot) | `4.0.6` | `4.1.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.21.3` | `2.22.0` |
| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.21.3` | `2.22.0` |
| [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.21` | `2.22` |
| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| [com.squareup.okhttp3:logging-interceptor](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| [com.squareup.okhttp3:okhttp-jvm](https://github.com/square/okhttp) | `5.3.2` | `5.4.0` |
| com.google.auth:google-auth-library-oauth2-http | `1.47.0` | `1.48.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.37` |
| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.37` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `3.5.1` | `3.7.0` |


Updates `com.google.protobuf:protobuf-java` from 4.35.0 to 4.35.1
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

Updates `org.springframework.boot:spring-boot` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-actuator` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-test` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-autoconfigure` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `org.springframework.boot:spring-boot-actuator` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.3 to 2.22.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.3 to 2.22.0
- [Commits](FasterXML/jackson-core@jackson-core-2.21.3...jackson-core-2.22.0)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.21 to 2.22
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.3 to 2.22.0
- [Commits](FasterXML/jackson-core@jackson-core-2.21.3...jackson-core-2.22.0)

Updates `com.squareup.okhttp3:okhttp` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.squareup.okhttp3:logging-interceptor` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.squareup.okhttp3:okhttp-jvm` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.squareup.okhttp3:logging-interceptor` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `com.google.auth:google-auth-library-oauth2-http` from 1.47.0 to 1.48.0

Updates `com.squareup.okhttp3:okhttp-jvm` from 5.3.2 to 5.4.0
- [Changelog](https://github.com/square/okhttp/blob/master/CHANGELOG.md)
- [Commits](square/okhttp@parent-5.3.2...parent-5.4.0)

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.37)

Updates `ch.qos.logback:logback-core` from 1.5.32 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.37)

Updates `ch.qos.logback:logback-core` from 1.5.32 to 1.5.37
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.37)

Updates `org.springframework.boot:spring-boot-test` from 4.0.6 to 4.1.0
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.6...v4.1.0)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.5.1 to 3.7.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/3.5.1...maven/3.7.0)

---
updated-dependencies:
- dependency-name: com.google.protobuf:protobuf-java
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-actuator
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-autoconfigure
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-actuator
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-version: '2.22'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.squareup.okhttp3:okhttp
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.squareup.okhttp3:logging-interceptor
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.squareup.okhttp3:okhttp-jvm
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.squareup.okhttp3:logging-interceptor
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.google.auth:google-auth-library-oauth2-http
  dependency-version: 1.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.squareup.okhttp3:okhttp-jvm
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.37
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.37
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.37
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.springframework.boot:spring-boot-test
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 26, 2026
@kubernetes-prow

kubernetes-prow Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign brendandburns for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubernetes-prow

kubernetes-prow Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kubernetes-prow kubernetes-prow Bot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 26, 2026
@kubernetes-prow kubernetes-prow Bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 26, 2026
@brendandburns

brendandburns commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brendandburns brendandburns Awaiting requested review from brendandburns
@yue9944882 yue9944882 Awaiting requested review from yue9944882

Assignees

No one assigned

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. dependencies Pull requests that update a dependency file java Pull requests that update Java code needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brendandburns