Skip to content

Bump the minor-and-patch-dependencies group across 1 directory with 7 updates#15

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/gradle/minor-and-patch-dependencies-54fa00ea11
Open

Bump the minor-and-patch-dependencies group across 1 directory with 7 updates#15
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/gradle/minor-and-patch-dependencies-54fa00ea11

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 25, 2025
edited
Loading

Bumps the minor-and-patch-dependencies group with 5 updates in the / directory:

Package From To
org.springframework.ai:spring-ai-bom 1.0.1 1.1.0
org.springframework.cloud:spring-cloud-dependencies 2025.0.0 2025.1.0
org.telegram:telegrambots-springboot-longpolling-starter 9.0.0 9.2.0
ch.qos.logback:logback-classic 1.5.18 1.5.21
org.projectlombok:lombok 1.18.38 1.18.42

Updates org.springframework.ai:spring-ai-bom from 1.0.1 to 1.1.0

Release notes

Sourced from org.springframework.ai:spring-ai-bom's releases.

Spring AI 1.1.0 GA Release Notes

🎯 Highlights

This release includes 1 new features, 10 bug fixes, 3 documentation improvements, 3 other improvements.

⭐ New Features

  • Enhanced ChatCompletionRequest to support dynamic field deserialization using @​JsonAnySetter annotation for extraBody properties 3fc939a

🪲 Bug Fixes

  • Resolved an issue where MongoChatMemoryIndexCreator component was not being properly scanned during Spring application context initialization faf3808
  • Added validation for inputSchema in Model Context Protocol (MCP) tool definitions to ensure proper tool configuration #4855 via #4776
  • Improved error handling for malformed responses from the OpenAI API to prevent unexpected failures c0cc32c
  • Changed PgVectorSchemaValidator class visibility to package-private to properly encapsulate internal implementation details #4857
  • Refactored StatelessToolCallbackConverterAutoConfiguration and ToolCallbackConverterAutoConfiguration for better code organization #4858
  • Corrected Maven dependency configuration for the MongoDB chat memory repository integration 374c09e
  • Fixed inconsistent conditional property configuration for ElevenLabs auto-configuration to follow Spring AI standards d71869e
  • Resolved Java bytecode access issue related to invokespecial instruction 9cec4d7
  • Refactored ToolCallbackProvider dependency injection to use Spring's ObjectProvider for better flexibility and optional dependency handling e4926e5
  • Cleaned up excessive debug logging statements in AnthropicChatModel implementation #4847

📓 Documentation

  • Improved documentation for the audio transcription API with clearer examples and usage guidance f167df8
  • Corrected broken hyperlink in the Model Context Protocol (MCP) overview documentation page b6ccb03
  • Updated UserMessage code examples in documentation to properly demonstrate builder pattern usage 68adc26

🔨 Dependency Upgrades

  • Updated Model Context Protocol (MCP) integration to version 0.16.0 #4860

🔩 Build Updates

  • Disabled parallel Maven builds in the fast CI pipeline to resolve intermittent Kotlin compiler errors and improve build stability f6fa47c
  • Updated fast CI workflow to properly run unit tests and generate documentation after tests pass eb0e101

🙏 Contributors

Thanks to all contributors who made this release possible:

Spring AI 1.1.0-RC1 Release Notes

🎯 Highlights

... (truncated)

Commits
  • fa4c61e Release version 1.1.0
  • f6fa47c Disable parallel builds in fast CI to fix intermittent Kotlin compiler errors
  • 151a603 Upgrade MCP to 0.16.0
  • faf3808 Fix MongoChatMemoryIndexCreator not being scanned (4859)
  • eb0e101 Fix fast CI workflow to run unit tests and generate docs after tests pass
  • 1df2af3 Validate inputSchema for MCP tool definitions (#4855)
  • 2768b4c chore: Clean up StatelessToolCallbackConverterAutoConfiguration and ToolCallb...
  • f167df8 docs: enhance transcription API documentation
  • c0cc32c Handle malformed OpenAI API responses
  • bd544fe PgVectorSchemaValidator should be package-private
  • Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.0

Commits
  • fad431d Update SNAPSHOT to 2025.1.0
  • 922da91 Merge pull request #444 from spring-cloud/dependabot/github_actions/main/acti...
  • 56207f4 Bump actions/checkout from 5 to 6
  • f9e1a3a Updates GenerateReleaseTrainDocs to use property from bom for boot version.
  • 36f42b2 Removes spring-cloud-starter-parent
  • 250329c Bumping versions
  • ef9f533 Updates boot to 4.0.0
  • 3c1ebc0 Bumping versions
  • 35cf36e Going back to snapshots
  • bd1fc81 Update SNAPSHOT to 2025.1.0-RC1
  • Additional commits viewable in compare view

Updates org.telegram:telegrambots-springboot-longpolling-starter from 9.0.0 to 9.2.0

Release notes

Sourced from org.telegram:telegrambots-springboot-longpolling-starter's releases.

Api version 9.2

  1. Update Api version 9.2
  2. Bug fixes: #1541

Api Version 9.1

  1. Update Api version 9.1
  2. Bug fixes: #1526, #1527, #1535
Commits

Updates org.telegram:telegrambots-client from 9.0.0 to 9.2.0

Release notes

Sourced from org.telegram:telegrambots-client's releases.

Api version 9.2

  1. Update Api version 9.2
  2. Bug fixes: #1541

Api Version 9.1

  1. Update Api version 9.1
  2. Bug fixes: #1526, #1527, #1535
Commits

Updates org.telegram:telegrambots-client-jetty-adapter from 9.0.0 to 9.2.0

Release notes

Sourced from org.telegram:telegrambots-client-jetty-adapter's releases.

Api version 9.2

  1. Update Api version 9.2
  2. Bug fixes: #1541

Api Version 9.1

  1. Update Api version 9.1
  2. Bug fixes: #1526, #1527, #1535
Commits

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • fed6f37 prepare release 1.5.21
  • b111e89 Initialization procedure has been simplified by removing the step
  • 1cd2df4 fix issues/871
  • dea5b95 minor - remove superflous call to Objects.requireNonNull
  • 3cecf29 add comment for the TurboFilter list ACCEPT case
  • 1497142 improve performance for 2 or more turbo filters
  • 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
  • ab6a006 add maven cache to github CI, update .github/FUNDING.yml
  • 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
  • 2ca8c52 update funding info
  • Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.38 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

  • FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
  • BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.

v1.18.40 (September 4th, 2025)

  • PLATFORM: JDK25 support added #3859.
  • BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
  • PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
  • BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
  • FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
  • IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.
Commits
  • 2031eb0 [release] pre-release version bump for v1.18.42
  • c95a6c1 Merge branch 'logger-access'
  • 71d85ca #2280 Add delivery of this 'access for logging' to the changelog.
  • 99ba3e3 [trivial] Slightly reworded the javadoc on each @Log annotation's `access()...
  • e9cf11e [trivial][style]
  • a6d5568 [deprecation] Marked AccessLevel.MODULE as deprecated. It was written for a...
  • 492011d Refactored to use Javac/Eclipse utility function
  • c1f7f66 Update copyright in logger files
  • f63f40a Add myself to AUTHORS
  • 9152c34 Fix failing tests
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Nov 25, 2025
@dependabot
Bump the minor-and-patch-dependencies group across 1 directory with 7…
6bf15a6 
… updates

Bumps the minor-and-patch-dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.ai:spring-ai-bom](https://github.com/spring-projects/spring-ai) | `1.0.1` | `1.1.0` |
| [org.springframework.cloud:spring-cloud-dependencies](https://github.com/spring-cloud/spring-cloud-release) | `2025.0.0` | `2025.1.0` |
| [org.telegram:telegrambots-springboot-longpolling-starter](https://github.com/rubenlagus/TelegramBots) | `9.0.0` | `9.2.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.21` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.38` | `1.18.42` |



Updates `org.springframework.ai:spring-ai-bom` from 1.0.1 to 1.1.0
- [Release notes](https://github.com/spring-projects/spring-ai/releases)
- [Commits](spring-projects/spring-ai@v1.0.1...v1.1.0)

Updates `org.springframework.cloud:spring-cloud-dependencies` from 2025.0.0 to 2025.1.0
- [Release notes](https://github.com/spring-cloud/spring-cloud-release/releases)
- [Commits](spring-cloud/spring-cloud-release@v2025.0.0...v2025.1.0)

Updates `org.telegram:telegrambots-springboot-longpolling-starter` from 9.0.0 to 9.2.0
- [Release notes](https://github.com/rubenlagus/TelegramBots/releases)
- [Commits](rubenlagus/TelegramBots@v9.0.0...v9.2.0)

Updates `org.telegram:telegrambots-client` from 9.0.0 to 9.2.0
- [Release notes](https://github.com/rubenlagus/TelegramBots/releases)
- [Commits](rubenlagus/TelegramBots@v9.0.0...v9.2.0)

Updates `org.telegram:telegrambots-client-jetty-adapter` from 9.0.0 to 9.2.0
- [Release notes](https://github.com/rubenlagus/TelegramBots/releases)
- [Commits](rubenlagus/TelegramBots@v9.0.0...v9.2.0)

Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.21
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.21)

Updates `org.projectlombok:lombok` from 1.18.38 to 1.18.42
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.38...v1.18.42)

---
updated-dependencies:
- dependency-name: org.springframework.ai:spring-ai-bom
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-dependencies
- dependency-name: org.springframework.cloud:spring-cloud-dependencies
  dependency-version: 2025.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-dependencies
- dependency-name: org.telegram:telegrambots-springboot-longpolling-starter
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-dependencies
- dependency-name: org.telegram:telegrambots-client
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-dependencies
- dependency-name: org.telegram:telegrambots-client-jetty-adapter
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch-dependencies
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/gradle/minor-and-patch-dependencies-54fa00ea11 branch from 96bf85e to 6bf15a6 Compare December 30, 2025 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants