Bump the all-maven-dependencies group across 2 directories with 3 updates

[dependabot]

Bumps the all-maven-dependencies group with 3 updates in the / directory: org.springframework.boot:spring-boot-starter-parent, com.sap.cloud.sdk:sdk-modules-bom and com.diffplug.spotless:spotless-maven-plugin.
Bumps the all-maven-dependencies group with 3 updates in the /srv directory: org.springframework.boot:spring-boot-starter-parent, com.sap.cloud.sdk:sdk-modules-bom and com.diffplug.spotless:spotless-maven-plugin.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.14 to 3.5.15

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.15

🐞 Bug Fixes

• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50743
• MailSender auto-configuration does not enable hostname verification #50742
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50624
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50501
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50451
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50429
• GraphQL WebSocket support does not configure allowed origins #50391
• Buildpack module does not validate long-to-int casts #50382
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50373
• Created StackTracePrinter instances have no access to the Environment #50303
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50301
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50292
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50273
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50254
• Meter registries are not removed from the global registry when the context is closed #50235
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50225
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50205
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50118
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50095

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50641
• Remove the use of Optional from Data Neo4j repository examples #50600
• Fix typos in documentation #50593
• Document Java 25 requirement for AOT cache #50482
• Clarify dependency requirement for Bean Validation support #50290
• Document SSL reloading with Let's Encrypt #50222
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50212
• Document known testcontainers lifecycle issues #50210
• Document configuring multiple connectors with Jetty #50206
• Fix typo in Spring Security OAuth2 client registration documentation #50193

🔨 Dependency Upgrades

• Upgrade to Caffeine 3.2.4 #50308
• Upgrade to Cassandra Driver 4.19.3 #50670
• Upgrade to Glassfish JAXB 4.0.9 #50671
• Upgrade to Groovy 4.0.32 #50310
• Upgrade to Hibernate 6.6.53.Final #50721
• Upgrade to Jackson Bom 2.21.4 #50673
• Upgrade to Jakarta Json Bind 3.0.2 #50674
• Upgrade to Jakarta XML Bind 4.0.5 #50313
• Upgrade to Jaxen 2.0.6 #50722
• Upgrade to Jetty 12.0.36 #50676
• Upgrade to Jetty Reactive HTTPClient 4.0.14 #50723
• Upgrade to jOOQ 3.19.35 #50724

... (truncated)

Commits

• c069bce Release v3.5.15
• b068647 Upgrade to Spring Integration 6.5.9
• 327bef3 Enable hostname verification by default in Mail auto-config
• 4218bd7 Fix predictable temp directory in Artemis embedded configuration
• b2a67be Upgrade to Spring GraphQL 1.4.6
• 54ef8d3 Upgrade to Spring Batch 5.2.6
• d3f60fe Upgrade to Spring WS 4.1.4
• 28d4ae8 Upgrade to Spring Session 3.5.7
• 190c452 Upgrade to Spring Security 6.5.11
• 34e7b58 Upgrade to Spring Pulsar 1.2.18
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.30.0 to 5.31.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.31.0

5.31.0 - June 10, 2026

All Release Changes

✨ New Functionality

• OAuth token requests to IAS now attempt to dynamically resolve the IAS tenant host, if not given. When the current tenant does not contain a subdomain, and the IAS service binding contains the property btp-tenant-api, then an HTTP call to that URL is performed to obtain the IAS tenant host.

📈 Improvements

• (Generic OData Client) Allow for parameters in OData v4 expand sub-queries.

What's Changed

• chore: Update netty versions by @​Jonas-Isr in SAP/cloud-sdk-java#1171
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1176
• chore: [DevOps] bump the production-minor-patch group with 10 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1175
• [IAS] Dynamically Resolve IAS Host On-Demand by @​MatKuhr in SAP/cloud-sdk-java#1177
• fix: [OData Generic] Enable query params on odatav4 expand by @​newtork in SAP/cloud-sdk-java#1181
• chore: Set permissions for GH workflows explicitly by @​Jonas-Isr in SAP/cloud-sdk-java#1182
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1193
• chore: [DevOps] bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1192
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1189
• fix: [OpenAPI] Api client method with oneOf primitive param stays simplified in OpenAPI generator 7.22.0 by @​CharlesDuboisSAP in SAP/cloud-sdk-java#1179
• chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1194
• chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the production-major group by @​dependabot[bot] in SAP/cloud-sdk-java#1191
• chore: [DevOps] Update Jackson to 2.22.0 by @​rpanackal in SAP/cloud-sdk-java#1195
• chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the test group by @​dependabot[bot] in SAP/cloud-sdk-java#1200
• chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1199
• chore: [DevOps] bump the production-minor-patch group with 2 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1198
• fix: [Connectivity] Change (almost) all JKS usage to PKCS12 by @​rpanackal in SAP/cloud-sdk-java#1185

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.31.0

Commits

• e92c7cb Update to version 5.31.0
• 59ff59f fix: [Connectivity] Change (almost) all JKS usage to PKCS12 (#1185)
• 1f54450 chore: [DevOps] bump the production-minor-patch group with 2 updates (#1198)
• ce2edb0 chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in ...
• a568465 chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the t...
• 65c23fe chore: [DevOps] Update Jackson to 2.22.0 (#1195)
• 0691c51 chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the productio...
• f5480c9 chore: [DevOps] bump the production-minor-patch group across 1 directory with...
• 11c7bcd fix: [OpenAPI] Api client method with oneOf primitive param stays simplified ...
• fd2cdb7 chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the ...
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.6.0 to 3.7.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.7.0

Fixed

• Parse standard git year output in LicenseHeaderStep. (#2940)
• <toggleOffOn> no longer disables lint-only steps such as <forbidWildcardImports>. (#2962)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• <flexmark> step now supports arbitrary formatter options via <formatterOptions>. (#2968)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.7.0] - 2026-06-16

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• flexmark step now supports arbitrary formatter options via a formatterOptions map. (#2968)

Fixed

• FenceStep.preserveWithin now forwards lints from nested steps while still suppressing lints inside preserved blocks. (#2962)
• Support ktfmt 0.63 and use its new builder API for formatting options to better avoid future breaking changes.
• Parse standard git year output in LicenseHeaderStep. (#2940)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Changes

• Bump default greclipse version to latest 4.35 -> 4.39. (#2924)

[4.6.2] - 2026-05-27

Fixed

• P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
• versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
• Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
• expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

• LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

• scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
• Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
• Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)

... (truncated)

Commits

• ef7703a Published maven/3.7.0
• 91113e0 Published gradle/8.7.0
• 611b48e Published lib/4.7.0
• 5f3a85f ci(deploy): use base64 -w0 so the auth header has no embedded newline
• f84f025 ci(deploy): force HTTP/1.1 on git fetch origin main
• 780f0f6 fix(spotless/gradle-plugin): Fix StringIndexOutOfBoundsException in scenari...
• b0328c8 Update plugin rewrite to v7.34.0 (#2972)
• 9a502ce Update plugin com.gradle.develocity to v4.4.2 (#2971)
• b4d9ec0 Revert the changes to assertUnchanged() and use assertTransform() when ne...
• 787819d Remove unneeded debug comments
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.14 to 3.5.15

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.15

🐞 Bug Fixes

• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50743
• MailSender auto-configuration does not enable hostname verification #50742
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50624
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50501
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50451
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50429
• GraphQL WebSocket support does not configure allowed origins #50391
• Buildpack module does not validate long-to-int casts #50382
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50373
• Created StackTracePrinter instances have no access to the Environment #50303
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50301
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50292
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50273
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50254
• Meter registries are not removed from the global registry when the context is closed #50235
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50225
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50205
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50118
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50095

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50641
• Remove the use of Optional from Data Neo4j repository examples #50600
• Fix typos in documentation #50593
• Document Java 25 requirement for AOT cache #50482
• Clarify dependency requirement for Bean Validation support #50290
• Document SSL reloading with Let's Encrypt #50222
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50212
• Document known testcontainers lifecycle issues #50210
• Document configuring multiple connectors with Jetty #50206
• Fix typo in Spring Security OAuth2 client registration documentation #50193

🔨 Dependency Upgrades

• Upgrade to Caffeine 3.2.4 #50308
• Upgrade to Cassandra Driver 4.19.3 #50670
• Upgrade to Glassfish JAXB 4.0.9 #50671
• Upgrade to Groovy 4.0.32 #50310
• Upgrade to Hibernate 6.6.53.Final #50721
• Upgrade to Jackson Bom 2.21.4 #50673
• Upgrade to Jakarta Json Bind 3.0.2 #50674
• Upgrade to Jakarta XML Bind 4.0.5 #50313
• Upgrade to Jaxen 2.0.6 #50722
• Upgrade to Jetty 12.0.36 #50676
• Upgrade to Jetty Reactive HTTPClient 4.0.14 #50723
• Upgrade to jOOQ 3.19.35 #50724

... (truncated)

Commits

• c069bce Release v3.5.15
• b068647 Upgrade to Spring Integration 6.5.9
• 327bef3 Enable hostname verification by default in Mail auto-config
• 4218bd7 Fix predictable temp directory in Artemis embedded configuration
• b2a67be Upgrade to Spring GraphQL 1.4.6
• 54ef8d3 Upgrade to Spring Batch 5.2.6
• d3f60fe Upgrade to Spring WS 4.1.4
• 28d4ae8 Upgrade to Spring Session 3.5.7
• 190c452 Upgrade to Spring Security 6.5.11
• 34e7b58 Upgrade to Spring Pulsar 1.2.18
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.30.0 to 5.31.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.31.0

5.31.0 - June 10, 2026

All Release Changes

✨ New Functionality

• OAuth token requests to IAS now attempt to dynamically resolve the IAS tenant host, if not given. When the current tenant does not contain a subdomain, and the IAS service binding contains the property btp-tenant-api, then an HTTP call to that URL is performed to obtain the IAS tenant host.

📈 Improvements

• (Generic OData Client) Allow for parameters in OData v4 expand sub-queries.

What's Changed

• chore: Update netty versions by @​Jonas-Isr in SAP/cloud-sdk-java#1171
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1176
• chore: [DevOps] bump the production-minor-patch group with 10 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1175
• [IAS] Dynamically Resolve IAS Host On-Demand by @​MatKuhr in SAP/cloud-sdk-java#1177
• fix: [OData Generic] Enable query params on odatav4 expand by @​newtork in SAP/cloud-sdk-java#1181
• chore: Set permissions for GH workflows explicitly by @​Jonas-Isr in SAP/cloud-sdk-java#1182
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1193
• chore: [DevOps] bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1192
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1189
• fix: [OpenAPI] Api client method with oneOf primitive param stays simplified in OpenAPI generator 7.22.0 by @​CharlesDuboisSAP in SAP/cloud-sdk-java#1179
• chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1194
• chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the production-major group by @​dependabot[bot] in SAP/cloud-sdk-java#1191
• chore: [DevOps] Update Jackson to 2.22.0 by @​rpanackal in SAP/cloud-sdk-java#1195
• chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the test group by @​dependabot[bot] in SAP/cloud-sdk-java#1200
• chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in the plugins group by @​dependabot[bot] in SAP/cloud-sdk-java#1199
• chore: [DevOps] bump the production-minor-patch group with 2 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1198
• fix: [Connectivity] Change (almost) all JKS usage to PKCS12 by @​rpanackal in SAP/cloud-sdk-java#1185

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.31.0

Commits

• e92c7cb Update to version 5.31.0
• 59ff59f fix: [Connectivity] Change (almost) all JKS usage to PKCS12 (#1185)
• 1f54450 chore: [DevOps] bump the production-minor-patch group with 2 updates (#1198)
• ce2edb0 chore: [DevOps] bump org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15 in ...
• a568465 chore: [DevOps] bump net.bytebuddy:byte-buddy from 1.18.9 to 1.18.10 in the t...
• 65c23fe chore: [DevOps] Update Jackson to 2.22.0 (#1195)
• 0691c51 chore: [DevOps] bump org.json:json from 20251224 to 20260522 in the productio...
• f5480c9 chore: [DevOps] bump the production-minor-patch group across 1 directory with...
• 11c7bcd fix: [OpenAPI] Api client method with oneOf primitive param stays simplified ...
• fd2cdb7 chore: [DevOps] bump slackapi/slack-github-action from 3.0.2 to 3.0.3 in the ...
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.6.0 to 3.7.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.7.0

Fixed

• Parse standard git year output in LicenseHeaderStep. (#2940)
• <toggleOffOn> no longer disables lint-only steps such as <forbidWildcardImports>. (#2962)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• <flexmark> step now supports arbitrary formatter options via <formatterOptions>. (#2968)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.7.0] - 2026-06-16

Added

• Add support for AsciiDoc formatting via adocfmt. (#2960)
• flexmark step now supports arbitrary formatter options via a formatterOptions map. (#2968)

Fixed

• FenceStep.preserveWithin now forwards lints from nested steps while still suppressing lints inside preserved blocks. (#2962)
• Support ktfmt 0.63 and use its new builder API for formatting options to better avoid future breaking changes.
• Parse standard git year output in LicenseHeaderStep. (#2940)
• Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Changes

• Bump default greclipse version to latest 4.35 -> 4.39. (#2924)

[4.6.2] - 2026-05-27

Fixed

• P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
• versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
• Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
• expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

• LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

• scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
• Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
• Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)

... (truncated)

Commits

• ef7703a Published maven/3.7.0
• 91113e0 Published gradle/8.7.0
• 611b48e Published lib/4.7.0
• 5f3a85f ci(deploy): use base64 -w0 so the auth header has no embedded newline
• f84f025 ci(deploy): force HTTP/1.1 on git fetch origin main
• 780f0f6 fix(spotless/gradle-plugin): Fix StringIndexOutOfBoundsException in scenari...
• b0328c8 Update plugin rewrite to v7.34.0 (#2972)
• 9a502ce Update plugin com.gradle.develocity to v4.4.2 (#2971)
• b4d9ec0 Revert the changes to assertUnchanged() and use assertTransform() when ne...
• 787819d Remove unneeded debug comments
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.14 to 3.5.15

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.15

🐞 Bug Fixes

• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50743
• MailSender auto-configuration does not enable hostname verification #50742
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50624
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50501
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50451
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50429
• GraphQL WebSocket support does not configure allowed origins #50391
• Buildpack module does not validate long-to-int casts #50382
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50373
• Created StackTracePrinter instances have no access to the Environment #50303
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50301
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50292
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50273
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50254
• Meter registries are not removed from the global registry when the context is closed #50235
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50225
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50205
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50118
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50095

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50641
• Remove the use of Optional from Data Neo4j repository examples #50600
• Fix typos in documentation #50593
• Document Java 25 requirement for AOT cache #50482
• Clarify dependency requirement for Bean Validation support #50290
• Document SSL reloading with Let's Encrypt #50222
• Polish InvalidConfigurationPropertyValueException constructor javadoc #50212
• Document known testcontainers lifecycle issues #50210
• Document configuring multiple connectors with Jetty #50206
• Fix typo in Spring Security OAuth2 client registration documentation #50193

🔨 Dependency Upgrades

• Upgrade to Caffeine 3.2.4 #50308
• Upgrade to Cassandra Driver 4.19.3 #50670
• Upgrade to Glassfish JAXB 4.0.9 #50671
• Upgrade to Groovy 4.0.32 #50310
• Upgrade to Hibernate 6.6.53.Final #50721
• Upgrade to Jackson Bom 2.21.4 #50673
• Upgrade to Jakarta Json Bind 3.0.2 #50674
• Upgrade to Jakarta XML Bind 4.0.5 #50313
• Upgrade to Jaxen 2.0.6 #50722
• Upgrade to Jetty 12.0.36 #50676
• Upgrade to Jetty Reactive HTTPClient 4.0.14 #50723
• Upgrade to jOOQ 3.19.35 #50724

... (truncated)

Commits

• c069bce Release v3.5.15
• b068647 Upgrade to Spring Integration 6.5.9
• 327bef3 Enable hostname verification by default in Mail auto-config
• 4218bd7 Fix predictable temp directory in Artemis embedded configuration
• b2a67be Upgrade to Spring GraphQL 1.4.6
• 54ef8d3 Upgrade to Spring Batch 5.2.6
• d3f60fe Upgrade to Spring WS 4.1.4
• 28d4ae8 Upgrade to Spring Session 3.5.7
• 190c452 Upgrade to Spring Security 6.5.11
• 34e7b58 Upgrade to Spring Pulsar 1.2.18
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.30.0 to 5.31.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.31.0

5.31.0 - June 10, 2026

All Release Changes

✨ New Functionality

• OAuth token requests to IAS now attempt to dynamically resolve the IAS tenant host, if not given. When the current tenant does not contain a subdomain, and the IAS service binding contains the property btp-tenant-api, then an HTTP call to that URL is performed to obtain the IAS tenant host.

📈 Improvements

• (Generic OData Client) Allow for parameters in OData v4 expand sub-queries.

What's Changed

• chore: Update netty versions by @​Jonas-Isr in SAP/cloud-sdk-java#1171
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1176
• chore: [DevOps] bump the production-minor-patch group with 10 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1175
• [IAS] Dynamically Resolve IAS Host On-Demand by @​MatKuhr in SAP/cloud-sdk-java#1177
• fix: [OData Generic] Enable query params on odatav4 expand by @​newtork in SAP/cloud-sdk-java#1181
• chore: Set permissions for GH workflows explicitly by @​Jonas-Isr in SAP/cloud-sdk-java#1182
• chore: [DevOps] bump the test group with 4 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1193
• chore: [DevOps] bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 in the plugins group by @​dependabot[bot] in