[CORE-69]: Bump the minor-patch-dependencies group with 8 updates

[dependabot]

Bumps the minor-patch-dependencies group with 8 updates:

Package	From	To
io.swagger.core.v3:swagger-annotations	2.2.29	2.2.30
org.springframework.boot	3.4.4	3.4.5
com.diffplug.spotless	7.0.2	7.0.3
io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations	2.14.0	2.15.0
org.mockito:mockito-core	5.16.1	5.17.0
com.github.spotbugs	6.1.7	6.1.10
io.sentry.jvm.gradle	5.3.0	5.4.0
org.junit.jupiter:junit-jupiter-api	5.12.1	5.12.2

Updates io.swagger.core.v3:swagger-annotations from 2.2.29 to 2.2.30

Updates org.springframework.boot from 3.4.4 to 3.4.5

Release notes

Sourced from org.springframework.boot's releases.

v3.4.5

🐞 Bug Fixes

• Spring Boot with native image container image build fails on podman due to directory permissions #45256
• Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #45235
• Wrong jOOQ exception translator with empty db name #45219
• MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #45213
• IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #45194
• OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #45178
• MongoDB's dependency management is missing Kotlin coroutine driver modules #45159
• ImagePlatform can cause "OS must not be empty" IllegalArgumentException #45153
• TypeUtils does not handle generics with identical names in different positions #45039
• HttpClient5 5.4.3 breaks local Docker transport #45028
• spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #45002
• Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #44998
• DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #44995
• SSL config does not watch for symlink file changes #44887
• EmbeddedLdapAutoConfiguration should not rely on PreDestroy #44874
• DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #44819
• JsonValueWriter can throw StackOverflowError on deeply nested items #44627
• In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #44535
• Logging a Path object using structured logging throws StackOverflowError #44507

📔 Documentation

• Make @Component a javadoc link #45258
• Fix documentation links to buildpacks.io #45241
• Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #45224
• Show the use of token properties in authorization server clients configuration example #45176
• Add details of the purpose of the metrics endpoint #45047
• Escape the asterisk in spring-application.adoc #45033
• Add reference to Styra (OPA) Spring Boot SDK #44976
• Update CDS documentation to cover AOTCache #44970
• WebFlux security documentation incorrectly links to servlet classes #44966
• Replace mentions of deprecated MockBean annotation #44947
• TaskExecution documentation should describe what happens when multiple Executor beans are present #44908
• Documentation lists coordinates for some dependencies that are not actually managed #44879
• Polish javadoc of SpringProfileAction #44826

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.24 #45184
• Upgrade to Couchbase Client 3.7.9 #45072
• Upgrade to Hibernate 6.6.13.Final #45073
• Upgrade to HttpClient5 5.4.3 #45074
• Upgrade to HttpCore5 5.3.4 #45075
• Upgrade to Jaybird 5.0.7.java11 #45076
• Upgrade to Jetty 12.0.19 #45077
• Upgrade to jOOQ 3.19.22 #45078
• Upgrade to Lombok 1.18.38 #45079

... (truncated)

Commits

• b882c29 Release v3.4.5
• 918066f Merge branch '3.3.x' into 3.4.x
• ab0c332 Next development version (v3.3.12-SNAPSHOT)
• 71acf93 Merge branch '3.3.x' into 3.4.x
• d2eaac6 Revert "Upgrade to Netty 4.1.120.Final"
• d24a38f Merge branch '3.3.x' into 3.4.x
• 933572a Upgrade to Netty 4.1.120.Final
• 016b3de Upgrade to Netty 4.1.120.Final
• 46a709a Merge branch '3.3.x' into 3.4.x
• 55f67c9 Fix potential null problem in actuator
• Additional commits viewable in compare view

Updates com.diffplug.spotless from 7.0.2 to 7.0.3

Updates io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations from 2.14.0 to 2.15.0

Release notes

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations's releases.

Version 2.15.0

This release targets the OpenTelemetry SDK 1.49.0.

Note that many artifacts have the -alpha suffix attached to their version number, reflecting that they are still alpha quality and will continue to have breaking changes. Please see the VERSIONING.md for more details.

📈 Enhancements

• Delete deprecated java http client classes (#13527)
• Support latest version of kafka client library (#13544)
• Implement genai events for bedrock (streaming) (#13507)
• JMX metrics support unit conversion (#13448)
• Rename experimental method, use Telemetry instead of Metrics (#13574)
• End metric description with dot (#13559)
• Add initial gen_ai instrumentation of bedrock InvokeModel (#13547)
• Delete deprecated library instrumentation methods (#13575)
• Add experimental http client url.template attribute (#13581)
• Add error.type for JDBC under otel.semconv-stability.opt-in flag (#13331)
• Add azure resource provider (#13627)
• Remove aws.endpoint attribute from SQS instrumentation (#13620)
• Avoid conflicts with user-defined Apache Dubbo filters with default order (#13625)
• Support filtering negative values from JMX metrics (#13589)
• Instrument bedrock InvokeModelWithResponseStream (#13607)
• Use context instead of request attributes for servlet async instrumentation (#13493)
• Improve handling of quoted table names (#13612)

🛠️ Bug fixes

• Fix aws timeseries requests misdetected as dynamodb (#13579)
• Fix pekko route naming (#13491)
• Fix route handling when local root span wasn't created by instrumentation api (#13588)
• The HostIdResourceProvider should instantiate an HostIdResource, not an HostResource (#13628)
• Fix OpenTelemetryPreparedStatement and the returned ResultSet.getStatement() do not match (#13646)
• Fix Spring boot starter dependency resolution failure with Gradle and Java 11 (#13384)
• Fix extremely large DB statements may cause memory leak (#13353)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​123liuziming @​alexgenon @​anuraaga @​breedx-splk @​codefromthecrypt @​crossoverJie @​cyrille-leclerc @​hannahchan @​jack-berg @​jaydeluca @​jeanbisutti

... (truncated)

Changelog

Sourced from io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations's changelog.

Version 2.15.0 (2025-04-10)

📈 Enhancements

• Delete deprecated java http client classes (#13527)
• Support latest version of kafka client library (#13544)
• Implement genai events for bedrock (streaming) (#13507)
• JMX metrics support unit conversion (#13448)
• Rename experimental method, use Telemetry instead of Metrics (#13574)
• End metric description with dot (#13559)
• Add initial gen_ai instrumentation of bedrock InvokeModel (#13547)
• Delete deprecated library instrumentation methods (#13575)
• Add experimental http client url.template attribute (#13581)
• Add error.type for JDBC under otel.semconv-stability.opt-in flag (#13331)
• Add azure resource provider (#13627)
• Remove aws.endpoint attribute from SQS instrumentation (#13620)
• Avoid conflicts with user-defined Apache Dubbo filters with default order (#13625)
• Support filtering negative values from JMX metrics (#13589)
• Instrument bedrock InvokeModelWithResponseStream (#13607)
• Use context instead of request attributes for servlet async instrumentation (#13493)
• Improve handling of quoted table names (#13612)

🛠️ Bug fixes

• Fix aws timeseries requests misdetected as dynamodb (#13579)
• Fix pekko route naming (#13491)
• Fix route handling when local root span wasn't created by instrumentation api (#13588)
• The HostIdResourceProvider should instantiate an HostIdResource, not an HostResource (#13628)
• Fix OpenTelemetryPreparedStatement and the returned ResultSet.getStatement() do not match

... (truncated)

Commits

• fc64eba [release/v2.15.x] Prepare release 2.15.0 (#13692)
• dba6948 Update change log for upcoming release (#13690)
• aa4c948 Replace deprecated tasks.create with tasks.register (#13691)
• 8cd11e4 Don't cache sanitization results for large sql statements (#13353)
• 95cc300 Compile runtime-telemetry-java17 for java8 (#13679)
• 29ea551 Db error type (#13640)
• b0a1691 chore(deps): update plugin org.gradle.playframework to v0.15.3 (#13687)
• 4da68c4 chore(deps): update plugin org.gradle.toolchains.foojay-resolver-convention t...
• ad378c6 fix(deps): update dependency com.squareup.okio:okio-bom to v3.11.0 (#13681)
• 6edaa0d Improve handling of quoted table names (#13612)
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.16.1 to 5.17.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.17.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.17.0

• 2025-04-04 - 7 commit(s) by Adrian Roos, Andre Kurait, Jan Ouwens, Rafael Winterhalter, Taeik Lim, Thach Le, Tim van der Lippe
• Fixes #3631: Fix broken banner image link [(#3632)](mockito/mockito#3632)
• Banner image is broken [(#3631)](mockito/mockito#3631)
• Update exception message with mockito-inline [(#3628)](mockito/mockito#3628)
• Clarify structure of commit messages [(#3626)](mockito/mockito#3626)
• Fixes #3622: MockitoExtension fails cleanup when aborted before setup [(#3623)](mockito/mockito#3623)
• MockitoExtension fails cleanup when aborted before setup [(#3622)](mockito/mockito#3622)
• Since mockito-inline has been removed, the exception messages with mockito-inline should be modified. [(#3621)](mockito/mockito#3621)
• Fixes #3171: Fall back to Throwable Location strategy on Android [(#3619)](mockito/mockito#3619)
• Fixes #3615 : broken links to javadoc.io [(#3616)](mockito/mockito#3616)
• Broken links to javadoc.io [(#3615)](mockito/mockito#3615)
• Mocks are not working on particular devices after update Android SDK from 33 to 34 [(#3171)](mockito/mockito#3171)

Commits

• 7764992 Remove mention of mockito-inline from mockmaker exception (#3628)
• ee92ad4 Fix broken banner image link (#3632)
• 3edab52 Clarify structure of commit messages (#3626)
• bfab743 Fall back to Throwable Location strategy on Android (#3619)
• 4f469c8 MockitoExtension fails cleanup when aborted before setup (#3623)
• 1764e62 Update links to javadoc.io (#3616)
• 1e029d7 Add missing requirement to objenesis.
• See full diff in compare view

Updates com.github.spotbugs from 6.1.7 to 6.1.10

Updates io.sentry.jvm.gradle from 5.3.0 to 5.4.0

Release notes

Sourced from io.sentry.jvm.gradle's releases.

5.4.0

Fixes

• Kotlin Compiler Plugin: Fix API incompatibility with Kotlin 2.1.20 (#857)
• Make SentryGenerateIntegrationListTask configuration-cache compatible (#866)

Internal

• Migrate Dependencies to Gradle version catalog (#712)
• Integrate spotless + ktfmt instead of ktlint (#849)

Dependencies

• Bump CLI from v2.42.2 to v2.43.0 (#851, #854, #860)
  • changelog
  • diff
• Bump Android SDK from v8.3.0 to v8.9.0 (#852, #853, #865, #867)
  • changelog
  • diff

Changelog

Sourced from io.sentry.jvm.gradle's changelog.

5.4.0

Fixes

• Kotlin Compiler Plugin: Fix API incompatibility with Kotlin 2.1.20 (#857)
• Make SentryGenerateIntegrationListTask configuration-cache compatible (#866)

Internal

• Migrate Dependencies to Gradle version catalog (#712)
• Integrate spotless + ktfmt instead of ktlint (#849)

Dependencies

• Bump CLI from v2.42.2 to v2.43.0 (#851, #854, #860)
  • changelog
  • diff
• Bump Android SDK from v8.3.0 to v8.9.0 (#852, #853, #865, #867)
  • changelog
  • diff

Commits

• 610a114 release: 5.4.0
• 57e53d5 fix(instrumentation): Make SentryGenerateIntegrationListTask configuration-ca...
• b3dd905 chore: update plugin-build/sentry-cli.properties to 2.43.0 (#860)
• 686d1ed chore: update scripts/update-android.sh to 8.9.0 (#867)
• a92bf41 chore: update scripts/update-android.sh to 8.8.0 (#865)
• 9e25ec4 chore: update plugin-build/sentry-cli.properties to 2.42.4 (#854)
• 2200451 chore: update scripts/update-android.sh to 8.5.0 (#853)
• 932c813 Fix API incompatibility with Kotlin 2.1.20
• 235cce1 chore: update scripts/update-android.sh to 8.4.0 (#852)
• a4abc66 chore: update plugin-build/sentry-cli.properties to 2.42.3 (#851)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-api from 5.12.1 to 5.12.2

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 5.12.2 = Platform 1.12.2 + Jupiter 5.12.2 + Vintage 5.12.2

See Release Notes.

Full Changelog: junit-team/junit5@r5.12.1...r5.12.2

Commits

• 0a44659 Release 5.12.2
• 4c7dfdc Finalize 5.12.2 release notes
• 561613e Fix handling of CleanupMode.ON_SUCCESS
• 19d07d2 Add 5.12.2 release notes from template
• 803cbb6 Add build parameter for enabling dry-run mode for test execution
• eb43e62 Back to snapshots for further development
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud