Bump the all-maven-dependencies group across 2 directories with 5 updates

[dependabot]

Bumps the all-maven-dependencies group with 5 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	3.5.8	3.5.9
com.sap.cds:cds-services-bom	4.5.1	4.6.0
com.sap.cds:cds-maven-plugin	4.5.1	4.6.0
com.sap.cds:cds-feature-attachments	1.2.3	1.2.4
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3

Bumps the all-maven-dependencies group with 4 updates in the /srv directory: org.springframework.boot:spring-boot-starter-parent, com.sap.cds:cds-maven-plugin, com.sap.cds:cds-services-bom and com.sap.cds:cds-feature-attachments.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.8 to 3.5.9

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.9

🐞 Bug Fixes

• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48486
• Profiles retained during AOT processing are not configured in a native image #48475
• NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #48450
• Redis health check reports an error when redis_version is missing from the INFO response #48326
• Parent's MeterRegistry beans are closed when child context closes #48324
• SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48271

📔 Documentation

• Documentation has an outdated reference to the Jackson Kotlin Module #48533
• Caching documentation should clarify how to use a no-op implementation to run a test suite #48531
• Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48526
• License header in build samples is displayed in the reference documentation #48477
• Configuring Two DataSources How-To code sample is inconsistent #48448
• Improve javadoc for when to use class names rather than class references #48395
• Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48359
• Polish TestRestTemplate examples in the reference guide #48335
• Fix links to javadoc in the reference documentation #48299
• Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #48265
• Kotlin auto-configuration examples are not annotated with @AutoConfiguration #48227
• Infinispan Cache Documentation is outdated #48217
• Revise "Use Liquibase for test-only migrations" section in reference manual #48169

🔨 Dependency Upgrades

• Prevent upgrade to Netty 4.1.129.Final #48508
• Upgrade to AspectJ 1.9.25.1 #48557
• Upgrade to Hibernate 6.6.39.Final #48540
• Upgrade to Jetty 12.0.31 #48455
• Upgrade to jOOQ 3.19.29 #48456
• Upgrade to Logback 1.5.22 #48507
• Upgrade to MariaDB 3.5.7 #48558
• Upgrade to Micrometer 1.15.7 #48423
• Upgrade to Micrometer Tracing 1.5.7 #48424
• Upgrade to Netty 4.1.130.Final #48541
• Upgrade to Pooled JMS 3.1.8 #48559
• Upgrade to Pulsar 4.0.8 #48457
• Upgrade to Quartz 2.5.2 #48458
• Upgrade to Reactor Bom 2024.0.13 #48425
• Upgrade to Spring Authorization Server 1.5.5 #48426
• Upgrade to Spring Data Bom 2025.0.7 #48427
• Upgrade to Spring Framework 6.2.15 #48428
• Upgrade to Spring GraphQL 1.4.4 #48429
• Upgrade to Spring Integration 6.5.5 #48560
• Upgrade to Spring LDAP 3.3.5 #48430
• Upgrade to Spring Pulsar 1.2.13 #48431
• Upgrade to Spring Session 3.5.4 #48432

... (truncated)

Commits

• 9d307e0 Release v3.5.9
• 08e2cab Polish javadoc for when to use class names rather than class references
• 15ede46 Improve javadoc for when to use class names rather than class references
• 10477ba Merge branch '3.4.x' into 3.5.x
• 34e51dc Polish
• 9252526 Merge branch '3.4.x' into 3.5.x
• 7831a36 Upgrade to Spring Session 3.5.4
• 0d3ec7c Upgrade to Spring Integration 6.5.5
• 388815b Upgrade to Spring GraphQL 1.4.4
• d9d44ff Upgrade to Pooled JMS 3.1.8
• Additional commits viewable in compare view

Updates com.sap.cds:cds-services-bom from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-maven-plugin from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-maven-plugin from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-feature-attachments from 1.2.3 to 1.2.4

Release notes

Sourced from com.sap.cds:cds-feature-attachments's releases.

1.2.4

What's Changed

• Fix overflowing filename by @​Schmarvinius in cap-java/cds-feature-attachments#693
• change to https for connection by @​Schmarvinius in cap-java/cds-feature-attachments#695
• Bugfix DraftCancel not registering attachments as compositions by @​Schmarvinius in cap-java/cds-feature-attachments#700

Full Changelog: cap-java/cds-feature-attachments@1.2.3...1.2.4

Changelog

Sourced from com.sap.cds:cds-feature-attachments's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

The format is based on Keep a Changelog.

Commits

• 7807469 Bugfix DraftCancel not registering attachments as compositions (#700)
• 9a5b105 [Hyperspace] 🤖 Add PR Bot Configuration (#699)
• 5fc838a Bump the minor-patch group across 1 directory with 3 updates (#690)
• e6287e5 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.1 to 4.9.8.2 (#691)
• 3d0ec6b Bump actions/checkout from 5 to 6 (#689)
• 4ee0877 change scm connection to https for deploy link
• c27728b Fix overflowing filename (#693)
• 0b6d4aa bump version of plugin and sample (#688)
• 6e020e9 Update version to 1.2.3
• See full diff in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.3

📝 Documentation updates

• Document thread group isolation limitation in java goal (#503) @copilot-swe-agent[bot]

👻 Maintenance

• JUnit 5 best practices (#505) @​slachiewicz
• Move ExecJavaMojoTest, ExecMojoTest to JUnit 5 (#502) @​slawekjaranowski
• Add support for JEP 512 for for package-private static main method (#499) @​anuragagarwal561994
• Move to JUnit 5 (#501) @​slawekjaranowski

📦 Dependency updates

• Bump asm.version from 9.9 to 9.9.1 (#509) @dependabot[bot]
• Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0 (#508) @dependabot[bot]

Commits

• fe1fa8c [maven-release-plugin] prepare release 3.6.3
• 5b3feca Bump asm.version from 9.9 to 9.9.1
• efc7faa Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0
• cdaf267 JUnit 5 best practices (#505)
• f3f5997 Move ExecJavaMojoTest, ExecMojoTest to JUnit 5
• 03b87b5 Document thread group isolation limitation in java goal (#503)
• 7a66c3e Add support for JEP 512 for for package-private static main methods with and ...
• a6d01ef Move to JUnit 5
• 88d5961 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.8 to 3.5.9

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.9

🐞 Bug Fixes

• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48486
• Profiles retained during AOT processing are not configured in a native image #48475
• NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #48450
• Redis health check reports an error when redis_version is missing from the INFO response #48326
• Parent's MeterRegistry beans are closed when child context closes #48324
• SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48271

📔 Documentation

• Documentation has an outdated reference to the Jackson Kotlin Module #48533
• Caching documentation should clarify how to use a no-op implementation to run a test suite #48531
• Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48526
• License header in build samples is displayed in the reference documentation #48477
• Configuring Two DataSources How-To code sample is inconsistent #48448
• Improve javadoc for when to use class names rather than class references #48395
• Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48359
• Polish TestRestTemplate examples in the reference guide #48335
• Fix links to javadoc in the reference documentation #48299
• Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #48265
• Kotlin auto-configuration examples are not annotated with @AutoConfiguration #48227
• Infinispan Cache Documentation is outdated #48217
• Revise "Use Liquibase for test-only migrations" section in reference manual #48169

🔨 Dependency Upgrades

• Prevent upgrade to Netty 4.1.129.Final #48508
• Upgrade to AspectJ 1.9.25.1 #48557
• Upgrade to Hibernate 6.6.39.Final #48540
• Upgrade to Jetty 12.0.31 #48455
• Upgrade to jOOQ 3.19.29 #48456
• Upgrade to Logback 1.5.22 #48507
• Upgrade to MariaDB 3.5.7 #48558
• Upgrade to Micrometer 1.15.7 #48423
• Upgrade to Micrometer Tracing 1.5.7 #48424
• Upgrade to Netty 4.1.130.Final #48541
• Upgrade to Pooled JMS 3.1.8 #48559
• Upgrade to Pulsar 4.0.8 #48457
• Upgrade to Quartz 2.5.2 #48458
• Upgrade to Reactor Bom 2024.0.13 #48425
• Upgrade to Spring Authorization Server 1.5.5 #48426
• Upgrade to Spring Data Bom 2025.0.7 #48427
• Upgrade to Spring Framework 6.2.15 #48428
• Upgrade to Spring GraphQL 1.4.4 #48429
• Upgrade to Spring Integration 6.5.5 #48560
• Upgrade to Spring LDAP 3.3.5 #48430
• Upgrade to Spring Pulsar 1.2.13 #48431
• Upgrade to Spring Session 3.5.4 #48432

... (truncated)

Commits

• 9d307e0 Release v3.5.9
• 08e2cab Polish javadoc for when to use class names rather than class references
• 15ede46 Improve javadoc for when to use class names rather than class references
• 10477ba Merge branch '3.4.x' into 3.5.x
• 34e51dc Polish
• 9252526 Merge branch '3.4.x' into 3.5.x
• 7831a36 Upgrade to Spring Session 3.5.4
• 0d3ec7c Upgrade to Spring Integration 6.5.5
• 388815b Upgrade to Spring GraphQL 1.4.4
• d9d44ff Upgrade to Pooled JMS 3.1.8
• Additional commits viewable in compare view

Updates com.sap.cds:cds-maven-plugin from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-services-bom from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-maven-plugin from 4.5.1 to 4.6.0

Updates com.sap.cds:cds-feature-attachments from 1.2.3 to 1.2.4

Release notes

Sourced from com.sap.cds:cds-feature-attachments's releases.

1.2.4

What's Changed

• Fix overflowing filename by @​Schmarvinius in cap-java/cds-feature-attachments#693
• change to https for connection by @​Schmarvinius in cap-java/cds-feature-attachments#695
• Bugfix DraftCancel not registering attachments as compositions by @​Schmarvinius in cap-java/cds-feature-attachments#700

Full Changelog: cap-java/cds-feature-attachments@1.2.3...1.2.4

Changelog

Sourced from com.sap.cds:cds-feature-attachments's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

The format is based on Keep a Changelog.

Commits

• 7807469 Bugfix DraftCancel not registering attachments as compositions (#700)
• 9a5b105 [Hyperspace] 🤖 Add PR Bot Configuration (#699)
• 5fc838a Bump the minor-patch group across 1 directory with 3 updates (#690)
• e6287e5 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.1 to 4.9.8.2 (#691)
• 3d0ec6b Bump actions/checkout from 5 to 6 (#689)
• 4ee0877 change scm connection to https for deploy link
• c27728b Fix overflowing filename (#693)
• 0b6d4aa bump version of plugin and sample (#688)
• 6e020e9 Update version to 1.2.3
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.boot:spring-boot-starter-parent	[>= 4.a0, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions