Skip to content

deps: bump org.springframework.boot:spring-boot-starter-data-redis from 3.5.8 to 4.0.0 #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SebastianLopezO merged 1 commit into from
Nov 23, 2025
Merged

deps: bump org.springframework.boot:spring-boot-starter-data-redis from 3.5.8 to 4.0.0 #66

SebastianLopezO merged 1 commit into from
Nov 23, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 21, 2025

Bumps org.springframework.boot:spring-boot-starter-data-redis from 3.5.8 to 4.0.0.

Release notes

Sourced from org.springframework.boot:spring-boot-starter-data-redis's releases.

v4.0.0

⭐ New Features

  • Change tomcat and jetty runtime modules to starters #48175
  • Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #48076

🐞 Bug Fixes

  • Error properties are a general web concern and should not be located beneath server.* #48201
  • With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #48198
  • Gradle war task does not exclude starter POMs from lib-provided #48197
  • spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #48193
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #48182
  • Properties bound in the child management context ignore the parent's environment prefix #48177
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #48171
  • Starter for spring-boot-micrometer-metrics is missing #48161
  • Elasticsearch client's sniffer functionality should not be enabled by default #48155
  • spring-boot-starter-elasticsearch should depend on elasticsearch-java #48141
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #48132
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #48128
  • Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #48116
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #48103
  • Image building may fail when specifying a platform if an image has already been built with a different platform #48099
  • Default values of Kotlinx Serialization JSON configuration properties are not documented #48097
  • Custom XML converters should override defaults in HttpMessageConverters #48096
  • Kotlin serialization is used too aggressively when other JSON libraries are available #48070
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #48059
  • Auto-configured JCacheMetrics cannot be customized #48057
  • WebSecurityCustomizer beans are excluded by WebMvcTest #48055
  • Deprecated EnvironmentPostProcessor does not resolve arguments #48047
  • RetryPolicySettings should refer to maxRetries, not maxAttempts #48023
  • Devtools Restarter does not work with a parameterless main method #47996
  • Dependency management for Kafka should not manage Scala 2.12 libraries #47991
  • spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #47983
  • spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #47982
  • Support for ReactiveElasticsearchClient is in the wrong module #47848

📔 Documentation

  • Removed property spring.test.webclient.register-rest-template is still documented #48199
  • Mention support for detecting AWS ECS in "Deploying to the Cloud" #48170
  • Revise AWS section of "Deploying to the Cloud" in reference manual #48163
  • Fix typo in PortInUseException Javadoc #48134
  • Correct section about required setters in "Type-safe Configuration Properties" #48131
  • Use since attribute in configuration properties deprecation consistently #48122
  • Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #48115
  • Document support for configuring servlet context init parameters using properties #48112
  • Some configuration properties are not documented in the appendix #48095
  • Clarify how warnings about soon-to-expire SSL certificates are reported #48063
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #48053

... (truncated)

Commits
  • 1c0e08b Release v4.0.0
  • 3487928 Merge branch '3.5.x'
  • 29b8e96 Switch make-default in preparation for Spring Boot 4.0.0
  • 88da0dd Merge branch '3.5.x'
  • 56feeaa Next development version (v3.5.9-SNAPSHOT)
  • 3becdc7 Move server.error properties to spring.web.error
  • 2b30632 Merge branch '3.5.x'
  • dc140df Upgrade to Spring Framework 7.0.1
  • 75da8b8 Align restclient-test properties with module's name
  • 331e9bc Remove metadata for previously deleted property
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
deps: bump org.springframework.boot:spring-boot-starter-data-redis
d1c5dbc 
Bumps [org.springframework.boot:spring-boot-starter-data-redis](https://github.com/spring-projects/spring-boot) from 3.5.8 to 4.0.0.
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.8...v4.0.0)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-starter-data-redis
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Nov 21, 2025
@github-actions
Copy link

github-actions bot commented Nov 21, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
maven/org.springframework.boot:spring-boot-starter-data-redis 4.0.0 🟢 5.7
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0no SAST tool detected
Fuzzing🟢 10project is fuzzed
Binary-Artifacts🟢 5binaries present in source code
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
Vulnerabilities⚠️ 011 existing vulnerabilities detected

Scanned Files

  • pom.xml

@SebastianLopezO SebastianLopezO self-requested a review November 23, 2025 20:36
SebastianLopezO
SebastianLopezO approved these changes Nov 23, 2025
View reviewed changes
Copy link
Member

@SebastianLopezO SebastianLopezO left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update Spring Boot Redis starter from version 3.5.8 to 4.0.0 to include the newest updates and improvements.

@SebastianLopezO SebastianLopezO merged commit c2ea65e into main Nov 23, 2025
12 of 15 checks passed
@SebastianLopezO SebastianLopezO deleted the dependabot/maven/org.springframework.boot-spring-boot-starter-data-redis-4.0.0 branch November 23, 2025 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SebastianLopezO SebastianLopezO SebastianLopezO approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SebastianLopezO