Update dependency org.springframework.boot:spring-boot-starter-data-jpa to v3

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-data-jpa (source)	dependencies	major	2.3.1.RELEASE -> 3.2.11

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Critical	10.0	CVE-2021-44228
Critical	9.8	CVE-2016-1000027
Critical	9.8	CVE-2022-22965
Critical	9.8	CVE-2024-50379
Critical	9.8	CVE-2024-52316
Critical	9.8	CVE-2024-56337
Critical	9.0	CVE-2021-45046
High	8.6	CVE-2024-38286
High	8.3	CVE-2022-1471
High	8.1	CVE-2024-22243
High	8.1	CVE-2024-22259
High	8.1	CVE-2024-22262
High	7.8	CVE-2021-22118
High	7.5	CVE-2020-36518
High	7.5	CVE-2021-46877
High	7.5	CVE-2022-25857
High	7.5	CVE-2022-42003
High	7.5	CVE-2022-42004
High	7.5	CVE-2022-45143
High	7.5	CVE-2023-20860
High	7.5	CVE-2023-20883
High	7.5	CVE-2023-24998
High	7.5	CVE-2023-46589
High	7.5	CVE-2024-24549
High	7.5	CVE-2024-34750
High	7.5	CVE-2024-38816
High	7.5	CVE-2024-38819
High	7.5	WS-2022-0468
High	7.0	CVE-2022-23181
Medium	6.6	CVE-2021-44832
Medium	6.5	CVE-2021-30640
Medium	6.5	CVE-2022-22950
Medium	6.5	CVE-2022-38749
Medium	6.5	CVE-2022-38750
Medium	6.5	CVE-2022-38751
Medium	6.5	CVE-2022-38752
Medium	6.5	CVE-2023-20861
Medium	6.5	CVE-2023-20863
Medium	6.5	CVE-2024-52317
Medium	6.3	CVE-2024-23672
Medium	6.1	CVE-2023-41080
Medium	5.9	CVE-2021-45105
Medium	5.8	CVE-2022-41854
Medium	5.3	CVE-2021-33037
Medium	5.3	CVE-2022-22968
Medium	5.3	CVE-2022-22970
Medium	5.3	CVE-2022-22970
Medium	5.3	CVE-2023-42795
Medium	5.3	CVE-2023-45648
Medium	5.3	CVE-2024-38809
Medium	4.3	CVE-2021-22060
Medium	4.3	CVE-2021-22060
Medium	4.3	CVE-2021-22096
Medium	4.3	CVE-2021-22096
Medium	4.3	CVE-2021-22096
Medium	4.3	CVE-2023-28708
Medium	4.3	CVE-2024-38808
Low	3.7	CVE-2021-43980
Low	3.1	CVE-2024-38820

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-data-jpa)

v3.2.11

🐞 Bug Fixes

• Case-insensitive comparisons may be adversely affected by the user's locale #​42719
• DataSourceProperties#driverClassIsLoadable should not print a stacktrace to the error stream when it fails #​42681
• Auto-configuration for Rabbit Streams doesn't consider RabbitConnectionDetails #​42489
• ActiveMQ Artemis Connection Factory creation fails in native image #​42414
• Duplicate meter binding when context contains multiple registries, none are primary, and one or more is a composite #​42396
• Report produced by ConditionReportApplicationContextFailureProcessor is always empty in a failed test #​42185

📔 Documentation

• Fix systemd example configuration #​42795
• Polish javadoc for Binder#bindOrCreate(String, Class) #​42777
• Remove stale link to jar-to-war getting started guide #​42691
• Fix Regex javadoc links #​42645
• Clarify why @Primary is recommended when defining your own ObjectMapper that replaces JacksonAutoConfiguration's #​42598
• Remove links to Spring Data GemFire #​42575
• Improve the javadoc describing when @ConditionalOn(Missing)Bean will infer the type to match #​42504
• Polish documentation #​42445
• Document how to handle MANIFEST.MF in native image with Maven #​42412
• Document support for Java 23 #​42374
• Remove note about graceful shutdown with Tomcat requiring 9.0.33 or later as we now require 10.1.x #​42373
• Improve classpath index documentation for reproducible builds #​41265
• Document how Map properties are bound from environment variables #​40936
• Document that the exact behavior of the maximum HTTP request header size property is server-specific #​40798

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.6 #​42612
• Upgrade to Dropwizard Metrics 4.2.28 #​42613
• Upgrade to Infinispan 14.0.32.Final #​42614
• Upgrade to Jaybird 5.0.6.java11 #​42747
• Upgrade to Jersey 3.1.9 #​42615
• Upgrade to Jetty 12.0.14 #​42617
• Upgrade to Jetty Reactive HTTPClient 4.0.8 #​42616
• Upgrade to jOOQ 3.18.21 #​42816
• Upgrade to JUnit Jupiter 5.10.5 #​42619
• Upgrade to Micrometer 1.12.11 #​42531
• Upgrade to Micrometer Tracing 1.2.11 #​42532
• Upgrade to Neo4j Java Driver 5.25.0 #​42626
• Upgrade to Netty 4.1.114.Final #​42620
• Upgrade to Pooled JMS 3.1.7 #​42621
• Upgrade to Pulsar Reactive 0.5.8 #​42817
• Upgrade to R2DBC Pool 1.0.2.RELEASE #​42748
• Upgrade to R2DBC Postgresql 1.0.7.RELEASE #​42749
• Upgrade to Reactor Bom 2023.0.11 #​42533
• Upgrade to Spring Authorization Server 1.2.7 #​42534
• Upgrade to Spring Framework 6.1.14 #​42536
• Upgrade to Spring GraphQL 1.2.9 #​42740
• Upgrade to Spring Integration 6.2.10 #​42537
• Upgrade to Spring LDAP 3.2.7 #​42538
• Upgrade to Spring Pulsar 1.0.11 #​42539
• Upgrade to Spring RESTDocs 3.0.2 #​42741
• Upgrade to Spring Retry 2.0.10 #​42540
• Upgrade to Spring Security 6.2.7 #​42541
• Upgrade to Spring Session 3.2.6 #​42542
• Upgrade to Tomcat 10.1.31 #​42623

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​IMWoo94, @​arefbehboudi, @​jeonghyeon00, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.2.10

🐞 Bug Fixes

• management.health.db.ignore-routing-datasources=true has no effect when an AbstractRoutingDataSource has been wrapped #​42313
• Missing details in OAuth2ClientProperties validation error message #​42278
• FileNotFoundException from unused mis-configured SSL bundles #​42119
• PropertiesMigrationListener wrongly reports property as deprecated when has group #​42068
• Using an empty string MongoDB 'replica-set-name' property will result in ClusterType=REPLICA_SET #​42055
• JarLauncher fails to load large jar files #​42012
• @RestartScope can cause 'Recursive update' exceptions when used with container beans #​41571

📔 Documentation

• Document that spring.jmx.enabled is not intended for third-party libraries #​42272
• Update link to Log4j2 system properties #​42262
• Links to GraphQL in the reference guide redirect to the root instead of specific sections #​42207
• Fix links to Spring Data's reference documentation #​42203
• Update documentation to reflect new no handler found exception behavior #​42164
• Polish configuration property reference #​42162
• Remove link to “Converting a Spring Boot JAR Application to a WAR” as the guide is no longer available #​42110
• Improve documentation in "Command-line Completion" #​42091
• Deprecation reason for the autotime enabled, percentiles, and percentiles-historgram properties is confusing #​41745
• Document that configuration property binding to a Kotlin value class with a default is not supported #​41693
• Replace RFC 7807 by RFC 9457 in property documentation #​41260
• Explain difference between OTel agent and Micrometer instrumentations #​41227

🔨 Dependency Upgrades

• Upgrade to Groovy 4.0.23 #​42291
• Upgrade to Infinispan 14.0.31.Final #​42245
• Upgrade to Jakarta Servlet JSP JSTL 3.0.2 #​42246
• Upgrade to Jetty 12.0.13 #​42248
• Upgrade to Jetty Reactive HTTPClient 4.0.7 #​42247
• Upgrade to Micrometer 1.12.10 #​42121
• Upgrade to Micrometer Tracing 1.2.10 #​42122
• Upgrade to MongoDB 4.11.4 #​42249
• Upgrade to Netty 4.1.113.Final #​42250
• Upgrade to Reactor Bom 2023.0.10 #​42123
• Upgrade to Spring Data Bom 2023.1.10 #​42124
• Upgrade to Spring Framework 6.1.13 #​42125
• Upgrade to Spring HATEOAS 2.2.5 #​42281
• Upgrade to Spring Integration 6.2.9 #​42126
• Upgrade to Spring Kafka 3.1.9 #​42127
• Upgrade to Spring Pulsar 1.0.10 #​42128
• Upgrade to Spring Retry 2.0.9 #​42325
• Upgrade to Tomcat 10.1.30 #​42344
• Upgrade to Undertow 2.3.17.Final #​42302

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Alchemik, @​arefbehboudi, @​izeye, @​mushroom528, @​nosan, and @​quaff

v3.2.9

⭐ New Features

• Add TWENTY_THREE to JavaVersion enum #​41710

🐞 Bug Fixes

• When using WebFlux, server.error.include-binding-errors=ALWAYS no longer has an effect when the BindingResult exception is the cause of a ResponseStatusException #​41984
• spring-boot-testcontainers causes unwanted container initialization during AOT processing #​41838
• Extending DefaultErrorAttributes and overriding getErrorAttributes() gets called twice #​41732
• PropertiesLauncher does not respect classpath.idx when adding jars in BOOT-INF/lib to the classpath #​41719
• ReactiveElasticsearchRepositoriesAutoConfiguration should back off when Reactor is not on the classpath #​41672
• Launcher's ClassLoader is no longer parallel capable #​41665
• Using Gradle's new file permission API is implemented in a way that prevents removal of the old API #​41599
• Constructor binding of EnumMap fails due to missing key type #​41550
• Spring Boot Maven plugin AOT cannot handle Maven modules with module-info.java #​33383
• Docker publishRegistry in Maven plugin configuration is validated when publish option is false #​29756
• mvn spring-boot:build-image fails when 'classifier' is set to non-default value #​26721

📔 Documentation

• Release type conditionals are not working in documentation #​41993
• Harmonize code sample for MyUserHandler in reference documentation #​41948
• Explain that enabling virtual threads disables traditional thread pools #​41937
• Improve documented logging property descriptions and default values #​41933
• Fix duplicate words #​41916
• Javadoc of slice test annotations should describe more accurately which components are considered #​41914
• Document when environment variable property mapping applies #​41877
• Correct grammar in 'Running your Application with Maven' #​41868
• Document the need to explicitly reset mock servers when using mock server customizers directly #​41848
• Pulsar configuration does not have default value for several entries in the metadata #​41682
• management.otlp.metrics.export.aggregation-temporality does not have a default value in the metadata #​41674
• management.newrelic.metrics.export.client-provider-type does not have a default value in the metadata #​41666
• "Use Spring Data repositories" How-to incorrectly refers to Repository annotations #​41625
• Update link to documentation for log4j-spring-boot #​41612
• Fix link to Flyway reference documentation #​41591
• Document configuration property binding's support for using @Name to customize a property name #​41577
• The effect upon Actuator of defining your own SecurityFilterChain is documented inconsistently #​41569
• Document more clearly that username and password are not used when spring.data.redis.url is set #​41231

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 5.18.5 #​41764
• Upgrade to Awaitility 4.2.2 #​41706
• Upgrade to Byte Buddy 1.14.19 #​41881
• Upgrade to Dropwizard Metrics 4.2.27 #​41938
• Upgrade to Hazelcast 5.3.8 #​41765
• Upgrade to Hibernate 6.4.10.Final #​41766
• Upgrade to Infinispan 14.0.30.Final #​41767
• Upgrade to Jakarta Servlet JSP JSTL 3.0.1 #​41842
• Upgrade to Jersey 3.1.8 #​41768
• Upgrade to Jetty 12.0.12 #​41770
• Upgrade to Jetty Reactive HTTPClient 4.0.6 #​41769
• Upgrade to jOOQ 3.18.18 #​41843
• Upgrade to Kotlin 1.9.25 #​41771
• Upgrade to Maven Deploy Plugin 3.1.3 #​41939
• Upgrade to Maven Install Plugin 3.1.3 #​41940
• Upgrade to Micrometer 1.12.9 #​41720
• Upgrade to Micrometer Tracing 1.2.9 #​41721
• Upgrade to MongoDB 4.11.3 #​41772
• Upgrade to Neo4j Java Driver 5.23.0 #​41730
• Upgrade to Netty 4.1.112.Final #​41773
• Upgrade to Pulsar Reactive 0.5.7 #​41882
• Upgrade to Reactor Bom 2023.0.9 #​41722
• Upgrade to RxJava3 3.1.9 #​41844
• Upgrade to SLF4J 2.0.16 #​41774
• Upgrade to Spring AMQP 3.1.7 #​41951
• Upgrade to Spring Authorization Server 1.2.6 #​41723
• Upgrade to Spring Data Bom 2023.1.9 #​41724
• Upgrade to Spring Framework 6.1.12 #​41725
• Upgrade to Spring HATEOAS 2.2.4 #​41883
• Upgrade to Spring Integration 6.2.8 #​41973
• Upgrade to Spring Kafka 3.1.8 #​41952
• Upgrade to Spring LDAP 3.2.6 #​41726
• Upgrade to Spring Pulsar 1.0.9 #​41727
• Upgrade to Spring Retry 2.0.8 #​41941
• Upgrade to Spring Security 6.2.6 #​41728
• Upgrade to Spring Session 3.2.5 #​41729
• Upgrade to Tomcat 10.1.28 #​41775
• Upgrade to Yasson 3.0.4 #​41776

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​PiyalAhmed, @​Rajin9601, @​dreis2211, @​hyunmin0317, @​ivamly, @​lamtrinhdev, @​ngocnhan-tran1996, @​quaff, and @​ritzykey

v3.2.8

🐞 Bug Fixes

• NPE during auto-configuration in OnClassCondition.resolveOutcomesThreaded because firstHalf is null #​41492
• No configuration property for defaultTimeout setting that was introduced in Spring Integration 6.2 #​41477
• NoSuchMethodException on org.apache.activemq.ActiveMQConnectionFactory.<init> when using spring-boot-starter-activemq in a native image #​41212
• build-image failures after docker desktop update with 'Illegal char <:> at index 5: npipe:////' #​41199
• DirtiesContext used with Webflux, a random port and multiple contexts causes multiple contexts to misbehave #​38199
• When using Jetty, filters, listeners, and servlets are not initialized with the same thread context classloader #​37649
• Error message can be misleading if spring.config.import fails to resolve #​36243
• TestcontainersLifecycleBeanPostProcessor does not work correctly with scoped beans #​35786
• PropertiesMigrationListener wrongly reports property as deprecated #​35774

📔 Documentation

• Fix documentation links in the README #​41547
• Document the types to which each spring.mvc.format and spring.webflux.format property applies #​41482
• Fix typos in javadoc of BootstrapContext #​41443
• Document that logging.file.name and logging.file.path cannot be used together #​41351
• Document tracing support for RestClient #​41182
• Update Kotlin DSL examples that configure the environment of bootBuildImage to be additive #​41173

🔨 Dependency Upgrades

• Upgrade to AspectJ 1.9.22.1 #​41470
• Upgrade to Byte Buddy 1.14.18 #​41361
• Upgrade to Dependency Management Plugin 1.1.6 #​41362
• Upgrade to GraphQL Java 21.5 #​41340
• Upgrade to Groovy 4.0.22 #​41363
• Upgrade to HttpCore5 5.2.5 #​41364
• Upgrade to Jetty 12.0.11 #​41365
• Upgrade to JsonAssert 1.5.3 #​41366
• Upgrade to JUnit Jupiter 5.10.3 #​41367
• Upgrade to Lombok 1.18.34 #​41368
• Upgrade to Micrometer 1.12.8 #​41292
• Upgrade to Micrometer Tracing 1.2.8 #​41293
• Upgrade to Neo4j Java Driver 5.22.0 #​41370
• Upgrade to Reactor Bom 2023.0.8 #​41436
• Upgrade to Spring Data Bom 2023.1.8 #​41294
• Upgrade to Spring Framework 6.1.11 #​41295
• Upgrade to Spring GraphQL 1.2.8 #​41523
• Upgrade to Spring HATEOAS 2.2.3 #​41493
• Upgrade to Spring Integration 6.2.7 #​41296
• Upgrade to Spring Kafka 3.1.7 #​41297
• Upgrade to Spring Pulsar 1.0.8 #​41532
• Upgrade to Spring Retry 2.0.7 #​41484
• Upgrade to SQLite JDBC 3.43.2.2 #​41495
• Upgrade to Tomcat 10.1.26 #​41496

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​jxblum, @​mateusscheper, and @​sdeleuze

v3.2.7

🐞 Bug Fixes

• SQL Server JDBC URL is malformed after adding org.springframework.boot.jdbc.parameters label #​41146
• Git instant properties cannot be coerced following git-commit-id Maven plugin upgrade #​41109
• MongoHealthIndicator not compliant with Mongo stable API with strict setting #​41101
• DataSourceProperties fail to bind if java.sql module isn't included #​41082
• Image building requires builder to specify a stack #​41046
• IllegalArgumentException when trying to use Tomcat's HttpNio2Protocol with Spring Boot-configured SSL #​41007
• Uber jar fails to start when it contains a dependency with Multi-Release: true in its manifest and unexpected file entries in META-INF/versions #​41001
• buildInfo does not work with Gradle 8.7 or later when the configuration cache is enabled #​40911
• The auto-configured reactiveNeo4jTransactionManager may cause a failure due to multiple TransactionManager beans #​40895
• Flyway auto-configuration does not work with Flyway 10 when using GraalVM #​40821
• Image building hangs when builder and buildpack are configured #​40697
• Spring Boot remote restart with devtools causes 'factory already defined' Tomcat error when running with 'java -jar' #​39733
• JSP-related resources may not be found in an executable war file when using Jetty #​39472
• Excluding status code from DefaultErrorAttributes throws NPE #​30011

📔 Documentation

• Document more precisely how a Container's Docker image name is used to find the matching service connection #​41111
• Fix typos in javadoc of MockServerRestClientCustomizer and MockServerRestTemplateCustomizer #​41052
• Improve readability when listing three pillars of observability #​41051
• Fix typos in method names and javadoc #​40971
• Warn in the documentation that spring.profiles.group can only be used in non-profile-specific documents #​40918
• Add Kotlin example for @Testcontainers #​40905
• Fix various minor inconsistencies of the documentation #​40900

🔨 Dependency Upgrades

• Upgrade to Byte Buddy 1.14.17 #​41054
• Upgrade to Dropwizard Metrics 4.2.26 #​41055
• Upgrade to FreeMarker 2.3.33 #​41056
• Upgrade to Hibernate 6.4.9.Final #​41095
• Upgrade to HSQLDB 2.7.3 #​41057
• Upgrade to Infinispan 14.0.29.Final #​41096
• Upgrade to Jaybird 5.0.5.java11 #​41127
• Upgrade to Jersey 3.1.7 #​41058
• Upgrade to Jetty 12.0.10 #​41060
• Upgrade to Jetty Reactive HTTPClient 4.0.5 #​41059
• Upgrade to jOOQ 3.18.17 #​41128
• Upgrade to Maven Help Plugin 3.4.1 #​41062
• Upgrade to Micrometer 1.12.7 #​41015
• Upgrade to Micrometer Tracing 1.2.7 #​41027
• Upgrade to Neo4j Java Driver 5.21.0 #​41028
• Upgrade to Netty 4.1.111.Final #​41063
• Upgrade to Pulsar Reactive 0.5.6 #​41129
• Upgrade to Reactor Bom 2023.0.7 #​41016
• Upgrade to Spring AMQP 3.1.6 #​41143
• Upgrade to Spring Authorization Server 1.2.5 #​41017
• Upgrade to Spring Data Bom 2023.1.7 #​41018
• Upgrade to Spring Framework 6.1.10 #​41149
• Upgrade to Spring GraphQL 1.2.7 #​41020
• Upgrade to Spring Integration 6.2.6 #​41021
• Upgrade to Spring Kafka 3.1.6 #​41022
• Upgrade to Spring LDAP 3.2.4 #​41023
• Upgrade to Spring Pulsar 1.0.7 #​41024
• Upgrade to Spring Security 6.2.5 #​41025
• Upgrade to Spring Session 3.2.4 #​41026
• Upgrade to Tomcat 10.1.25 #​41158

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​MazizEsa, @​PiyalAhmed, @​asashour, @​cmabdullah, @​donghoony, @​erie0210, @​mateusscheper, @​quaff, and @​vsanna

v3.2.6

🐞 Bug Fixes

• Image building fails during cleanup when bind mount has read-only content #​40760
• Failure Analysis for InvalidConfigurationPropertyValueException is skipped when the property is not set #​40690
• setReadTimeout can't be set via Reflective factory on JettyClientHttpRequestFactory #​40635
• URISyntaxException is raised if the spring boot application is started in a location that contains invalid URI characters #​40615
• Help information for spring init's build option has the wrong default #​40605
• When using JPA and ImportTestcontainers, test context may fail to refresh due to "Mapped port can only be obtained after the container is started" #​40585
• IllegalArgumentException can be thrown when running an uber jar on a shared drive #​40549
• spring-boot-dependencies cannot be used with repositories that ban com.oracle.database.jdbc:ojdbc-bom #​40534
• SpringBootMockMvcBuilderCustomizer can crash cryptically while collecting data that it would have discarded anyway #​40516
• Containers not shut down between tests when using .withReuse(true) but env. does not support reuse (e.g. CI builds) #​40508
• Pulsar auth parameters don't properly encode JSON values #​40493
• Runtime hint registration for property binding should not fail when parameter information is unavailable #​40485
• ServiceLevelObjectiveBoundary properties cannot be bound in a native image application #​40482
• spring.data.redis.cluster.nodes and spring.data.redis.sentinel.nodes do not handle IPv6 addresses correctly #​40466
• Using relative paths to describe the classpath in the error message from ResolveMainClassName hinders problem diagnosis #​40464
• Native image doesn't start and doesn't log anything if an environment post processor throws an exception #​40450
• Unlike DataSourceAutoConfiguration, DevToolsDataSourceAutoConfiguration assumes that javax.sql.DataSource will always be available #​40440
• Starting from 3.2.x, @SpyBean is not able to initialise MongoRepository bean of the generic type #​40234
• AnsiOutput.detectIfAnsiCapable broken on JDK22 #​40172
• Buildpacks do not support Docker with containerd image store #​40100
• resolveMainClassName fails when building with Gradle using Java 22 #​40074
• server.error.include-binding-errors does not recognize MethodValidationResult exceptions #​39865
• JarUrlConnection.getPermission() can throw NullPointerException if jarFileConnection is null #​39856
• gradlew bootBuildImage fails with Podman on macOS Sonoma #​39830
• CookieSameSiteSupplier influences session cookie #​39766
• Auto-configuration ordering change breaks DocumentReference (in non-reactive MongoTemplate) when depending on mongodb-driver-reactivestreams #​39405
• Properties binding eagerly creates superfluous maps #​39375
• Configuring SSL bundle reload for non-file resource types causes errors that are difficult to diagnose #​38903
• In some situations, the failure when the AOT-generated initializer cannot be loaded is less helpful than before #​38645

📔 Documentation

• Improve graceful shutdown documentation to remove ambiguity #​40845
• Document ways to opt out from immutable @ConfigurationProperties binding with single constructor #​40843
• Document that a custom HttpMessageConverters bean can be used to reorder json message converters when needed #​40838
• Address ambiguity now that Testcontainers has two classes named KafkaContainer [#​40699](https://redirect.github.com/sp