Skip to content

chore(deps): Update spring (major) - autoclosed#294

Closed
renovate[bot] wants to merge 1 commit into
developfrom
renovate/major-spring
Closed

chore(deps): Update spring (major) - autoclosed#294
renovate[bot] wants to merge 1 commit into
developfrom
renovate/major-spring

Conversation

@renovate

@renovate renovate Bot commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
org.springframework.ai:spring-ai-bom 1.1.22.0.0 age confidence
org.springframework.boot 3.5.84.1.0 age confidence
org.springframework.boot:spring-boot-dependencies (source) 3.5.84.1.0 age confidence

Release Notes

spring-projects/spring-ai (org.springframework.ai:spring-ai-bom)

v2.0.0: Spring AI 2.0.0

For upgrading from 1.1.x to 2.0.0, please refer to the upgrade notes here.

For the detailed reference documentation on 2.0.0, please refer here

⭐ New Features

  • Update Google GenAI models #​6406
  • Use only Jackson 2 in OpenAiChatModel #​6392
  • Make org.springframework.ai.image.observation null-marked #​6388
  • Polish Prompt #​6387
  • Preserve OpenAI tool call additional properties #​6365

🐞 Bug Fixes

  • Filter unsupported tool messages in CassandraChatMemoryRepository #​6400
  • Filter unsupported tool messages in MongoChatMemoryRepository #​6399
  • Filter unsupported tool messages in JdbcChatMemoryRepository #​6398
  • Remove streamToolCallResponses from advisor builders #​6391
  • Add missing promptCacheKey parameter in OpenAiChatOptions #​6380

📔 Documentation

  • Update reference docs to reflect 2.0 API changes #​6405
  • Add more guides #​6401
  • Introduce CLAUDE.md and AGENTS.md #​6376
  • Consolidate upgrade notes for 2.0.0 #​6333

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ericbottard, @​guanxuc, @​ilayaperumalg, @​sdeleuze, @​sdudzin, @​tzolov, and @​ultramancode

v1.1.8: Spring AI 1.1.8

🐞 Bug Fixes

  • Add missing values to ZhiPuAiApi.ChatCompletionFinishReason #​5532

📔 Documentation

  • Add a rate-limit metadata section to anthropic-chat.adoc #​6175

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​demo-zexuan and @​sobychacko

v1.1.7: Spring AI 1.1.7

⭐ New Features

  • Ollama doesnt work in a graalvm native image #​6064

🐞 Bug Fixes

  • OpenAiChatModel streaming drops chunks due to internal switchMap when using buffered concatMap #​6122
  • RedisVectorStore#doDelete only deletes the 10 first messages #​6066

v1.1.6: Spring AI 1.1.6

Spring AI 1.1.6 Release Notes

🎯 Highlights

This release includes 1 new features, 5 bug fixes, 2 documentation improvements, 5 other improvements.

⏪ Breaking Changes

  • Chat memory advisors now require an explicit conversation ID to be supplied. This is a behavioral change that affects how chat memory is scoped and managed. Applications relying on implicit conversation IDs must be updated to supply an explicit ID. 13cde41

⚠️ Upgrading Notes

  • PromptChatMemoryAdvisor is now deprecated and chat memory advisors require an explicit conversation ID. Update your code to: (1) replace PromptChatMemoryAdvisor with the recommended alternative, and (2) ensure an explicit conversation ID is supplied when using any chat memory advisor. 917f62e

⭐ New Features

  • MCP auto-configuration now includes the missing @​ConditionalOnMissingBean check, allowing users to provide their own bean definitions and override the auto-configured MCP beans as expected in Spring Boot auto-configuration patterns. d4025e5

🪲 Bug Fixes

  • Fixed an issue where the MilvusVectorStore's doDelete method incorrectly escaped strings in the ID list, which could cause deletion operations to fail or behave unexpectedly. 20206a4
  • Fixed the ChatClientAdvisorTests test suite to supply an explicit conversation ID, aligning tests with the new requirement for explicit conversation IDs in chat memory advisors. 704e5c6
  • Fixed the MistralAiChatModelObservationIT integration test to ensure observation functionality works correctly with the MistralAI chat model provider. a89145d
  • Corrects an issue where configured options were not being properly included in MistralAI API requests, ensuring all user-defined settings are correctly passed through. 7bcf32a
  • Resolves a regression in how AssistantMessage.ToolCall.id is handled when using the Ollama integration, restoring correct tool call identification behavior. bb9d65e

📓 Documentation

  • Corrected typographical errors in the MCP (Model Context Protocol) documentation for improved readability and accuracy. a1ad7f2
  • Fixed broken xref anchors in the documentation to restore proper cross-reference navigation between documentation sections. f03c104

🔨 Dependency Upgrades

  • Updated MCP SDK from version 0.17.0 to 0.18.2 and MCP annotations from 0.8.0 to 0.9.0, bringing in the latest MCP protocol improvements and bug fixes. #​5961

🔩 Build Updates

  • Updated the project build to use JDK 17.0.19, ensuring compatibility and incorporating the latest Java 17 patch release for the build environment. 27281e6
  • Reorganizes the project structure by relocating Spring AI starter modules to a dedicated starters/ directory for better maintainability and clarity. 22f8676

🙏 Contributors

Thanks to all contributors who made this release possible:

v1.1.5: Spring AI 1.1.5

Spring AI 1.1.5 Release Notes

🎯 Highlights

This release includes 9 bug fixes, 3 documentation improvements, 11 other improvements.

⚠️ Upgrading Notes

  • The Pixtral 12B model has been removed and Pixtral Large is deprecated. Update your model configuration to use the currently recommended Pixtral models to avoid issues in future releases. 447d2a4

📢 Noteworthy

  • The Pixtral 12B model has been removed and the Pixtral Large model is now deprecated. Integration tests have been updated to use the recommended replacement models. Users relying on these models should migrate to the recommended alternatives. 447d2a4

🪲 Bug Fixes

  • Fixed the CosmosDB vector store's doDelete method to properly parameterize queries, preventing potential SQL injection vulnerabilities and improving correctness. 6039e57
  • Fixed an issue where conversationId was not correctly applied in the VectorStoreChatMemoryAdvisor filter, which could cause incorrect memory retrieval across conversations. 3cccfdf
  • Corrected key handling in the vector store filter expression converter to ensure filter expressions are properly evaluated. 01386e2
  • Resolved test non-determinism in the BedrockConverse streaming token usage tests, improving test reliability. 4747a3c
  • Corrected the test class naming to properly apply the integration test suffix, ensuring proper test categorization and execution. #​5853
  • Corrected string parsing logic for the toolChoice field in OpenAiSdkChatModel to ensure proper handling of tool choice configurations. aeb33b0 via #​5735
  • Fixed an issue where the extra_body parameter was incorrectly included in outgoing OpenAI API requests, which could cause unexpected behavior. 4c0120c
  • Resolved issues with Javadoc generation and configuration to ensure API documentation is correctly produced. 0a71804
  • Corrected the test bypass condition so integration tests are properly skipped when required API keys are not configured in the environment. bc26dc1

📓 Documentation

  • Updated the README to include a note about CPU architecture requirements or compatibility information. a21e988
  • Added documentation explaining how MCP servers can re-publish tools from MCP clients, clarifying the tool propagation model in multi-server setups. #​5778
  • Improved documentation to clarify the intended usage and behavior of the extra_body parameter in OpenAI API requests. 3d4d75b

🔨 Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and improvements from the Spring Boot team. eb4c9a5
  • Updated the Spring Boot dependency to version 3.5.13 as an intermediate upgrade. 9b902f8
  • Updated document parsing dependencies: Apache Tika upgraded to 3.3.0, jsoup to 1.22.1, and Apache PDFBox to 3.0.7 for improved document processing capabilities and bug fixes. f25fc52

🔩 Build Updates

  • Updated GitHub Actions workflow dependencies to their latest versions to improve CI/CD reliability and security. 9b70b38
  • Changed the PR check workflow to use mvn package instead of mvn test for more efficient pull request validation. 7d2e455
  • Integration tests are now skipped in the CI pipeline to improve build performance, and the release notes generation workflow has been removed. #​5688
  • The project has been bumped to the next development version 1.1.5-SNAPSHOT following the release. 400dc42

🔐 Security

  • Hardened the default cache directory used for transformer models to prevent unauthorized access or tampering with cached model files. aac6b80
  • Fixed a potential denial-of-service vulnerability where a malformed PDF could cause excessive memory allocation during document parsing. b61ac6a

🙏 Contributors

Thanks to all contributors who made this release possible:

v1.1.4: Spring AI 1.1.4

Spring AI 1.1.4 Release Notes

🎯 Highlights

This release includes 1 new feature, 11 bug fixes, 1 other improvement.

⭐ New Features

  • Added capability to dynamically disable Structured Output Native functionality at runtime, providing more flexibility in configuration and usage scenarios. 45a1607

🪲 Bug Fixes

  • Resolved issues with Oracle and PgVector vector store integration tests to improve test reliability 56fa3ee
  • Corrected issue where extraBody parameter was being lost when toolDefinitions were provided in chat requests d886961
  • Improved stability of Bedrock converse integration tests by addressing flaky test scenarios fac5647
  • Updated Google GenAI embedding model to use current API and fixed flaky function call tests 6c82800
  • Resolved issues in Google GenAI text embedding model observation integration tests 650a343
  • Enhanced error handling and reliability when fetching media resources in Bedrock proxy chat model a7d3223
  • Improved filter evaluation logic in SimpleVectorStore for better performance and maintainability 04742fb
  • Resolved issue where multi-block system messages were not being properly cached in Anthropic prompt caching implementation 11bd45e
  • Corrected handling of string values for TAG and TEXT filter types in Redis filter expression converter 707e990
  • Improved key handling in Neo4j vector store filter expression converter for more accurate filtering 3a46c7d
  • Resolved issues with identifier parsing logic in FilterExpressionTextParser to ensure correct filter expression handling. 7275cba

🔩 Build Updates

  • Corrected issues in the documentation upload GitHub Actions workflow to ensure proper documentation deployment. f4984b5

🙏 Contributors

Thanks to all contributors who made this release possible:

v1.1.3: Spring AI 1.1.3 Release

Spring AI 1.1.3 Release Notes

🎯 Highlights

This release includes 19 new features, 31 bug fixes, 23 documentation improvements, 25 other improvements.

📢 Noteworthy

  • All deprecated Anthropic model names have been replaced with active model identifiers throughout the codebase and integration tests to maintain compatibility with Anthropic's API. 54f35dc

⭐ New Features

  • Neo4j vector store now allows customization of the filter expression converter via the builder pattern, providing more flexibility for custom query filtering logic. 82bc777
  • Introduces builder pattern for more flexible and readable construction of OpenAiSdkChatModel instances 982bc1e
  • Adds support for custom embedding dimensions via '/embedding/embedding-model-dimensions.properties' configuration file for OpenAiEmbeddingModel a5359c7
  • ToolCallAdvisor now supports streaming responses, enabling real-time function calling interactions 21dac8d
  • SimpleVectorStore now supports filtering when deleting entries, providing more granular control over vector data management 7752ef8
  • Added support for Anthropic Claude Skills API with unified API design and helper classes for skill integration #​5299
  • Added dimensions parameter support for Ollama embedding models, allowing control over embedding vector size #​2713
  • Enabled customization of JSON schema generation for structured outputs and function calling 4a8bdd7
  • Mistral AI chat model now supports structured outputs using JSON schema validation, enabling type-safe responses with automatic conversion 76587fe
  • New convenience method for easily retrieving system messages from Prompt objects a78d2e8
  • Added Mcp*ServerCustomizer interfaces and fixed MCP auto-configuration to work properly in non-web environments #​5261
  • OllamaChatOptions now implements StructuredOutputChatOptions, enabling structured JSON output handling with comprehensive unit and integration tests a6ce0f6
  • Added support for simple JSON format option in Ollama chat interactions 7b23ee2
  • Enhanced model provider detection logic for Microsoft Foundry integration d4db917
  • Chat memory advisors now support ToolResponseMessage, enabling better handling of tool responses in conversation history f74b04a
  • Added support for dynamically augmenting tool schemas at runtime, enabling more flexible tool configuration and customization 6d310cc
  • Added conversationHistoryEnabled option to ToolCallAdvisor, allowing users to control whether conversation history is included when making tool calls 4197b81
  • Added support for configurable field names in Azure Vector Store, allowing users to work with existing Azure AI Search indexes that use custom field names instead of hardcoded defaults (content, embedding, metadata) 706f23e
  • Added support for custom punctuation marks in TokenTextSplitter, enabling more flexible text splitting for various languages and use cases c0e279a

🪲 Bug Fixes

  • Fixed and improved the FilterExpressionConverter for vector store operations, enhancing query filtering capabilities 5b67238
  • Replaced disabled Azure OpenAI image model with the latest available version 9578d34
  • Corrected the prefixAssistantMessage implementation in DeepSeekAssistantMessage 321314b
  • Resolved an issue where token counts were not properly tracked for the first document when starting a new batch, ensuring accurate token usage reporting. cbc1432
  • Document names are now properly sanitized to meet AWS Bedrock Converse API naming requirements, preventing API rejection errors. 924478b
  • Ensures CosmosDB chat memory auto-configuration is applied first, resolving bean dependency and initialization order issues. 55a819b
  • Resolved issues with Anthropic integration tests by updating to current model names. cc47474
  • Adds ambiguity check and improves Google GenAI authentication logic to prevent configuration conflicts 29ca4a6
  • Resolves issue where MetadataMode configuration was not being applied correctly when processing embeddings in batch mode 6fa8730
  • Corrects filter expression grouping logic in OpenSearch vector store integration to ensure accurate query results 03be3bb
  • Resolves issue where Bedrock cache metrics were not being properly included in the Usage object for monitoring and observability fc7d55d
  • Corrected the filter expression syntax for IN and NOT IN operators in Elasticsearch integration d287c39
  • Fixed message ordering issue in MongoChatMemoryRepository to ensure correct conversation history retrieval 52a5c76
  • Fixed ToolCallAdvisor to correctly preserve system messages when memory is disabled de32dd2
  • Corrected the observation provider usage for Google Generative AI embedding model to ensure proper metrics and tracing #​5227
  • Improved error handling in ChromaApi to properly catch and process exceptions f7ed9d1
  • Modified tool descriptions to help models provide geographical coordinates correctly and polished integration test classes cf55714
  • Corrected the chatClientEntityWithStructuredOutput integration test for Mistral AI 43479ac
  • Resolved string parsing issue in grammar processing fe5c3f9
  • Fixed missing Redis chat memory repository artifacts in Spring AI BOM b2cfd5e
  • Improved integration test stability by handling token count variations across different Ollama model versions f4f8d75
  • Switched Anthropic integration tests to use active model for improved test reliability 98e24eb
  • Fixed issue where Neo4jVectorStore doAdd method was ignoring session configuration 99127f6
  • General improvements and updates to Neo4jVectorStore implementation 3293a20
  • Resolved issues with Antora documentation build process 820ef7e
  • Fixed ChromaApi HTTP server/client exception message verification to properly handle error conditions 330a35c
  • Corrected typo in error message for collection existence checks #​5080
  • Updated TransformersEmbeddingModel to use raw URL for improved compatibility 0f95508
  • Resolved checkstyle execution issues in the build process 5634944
  • Addressed multiple build system issues to improve build stability b75af37
  • Fixed various errors reported by ErrorProne across the codebase to improve code quality and prevent potential bugs ad11820

📓 Documentation

  • Enhanced Javadoc to clarify supported content types for requests (string or list of media content) and responses (string only) 18a661b
  • Adds documentation explaining Java code formatting requirements and setup for contributors 60a8c76
  • Enhances documentation and test coverage for Bedrock cache metrics feature while ensuring backward compatibility 3191835
  • Corrected API reference error in user guide documentation 01ca552
  • Corrected typo in documentation #​5327
  • Added documentation for message ordering behavior in MongoChatMemoryRepository 4899e8f
  • Added dependency information to ETL pipeline documentation for easier integration 77b80f3
  • Fixed typos in code comments in commons module d3e3f6b
  • Improved documentation for Prompt functionality 72e59a4
  • Added documentation for using native structured output conversion with Mistral AI cff1cc4
  • Corrected various typos throughout the documentation d30fc15
  • Corrected step numbering in RetrievalAugmentationAdvisor documentation #​5160
  • New documentation guide covering LLM as a Judge pattern and implementation strategies 05f44e5
  • New documentation guide explaining dynamic tool discovery capabilities and usage patterns 13a7e4a
  • Corrected typos in Gemini model provider documentation 8ee553b
  • Removed redundant /v1 suffix from OpenAI base-url examples in documentation for clarity 3f9f53d
  • Added comprehensive reference documentation for Anthropic custom skills integration 23ac6ae
  • Fixed syntax error in chat options builder example code #​4915
  • Corrected broken documentation link in TokenCountBatchingStrategy Javadoc #​5083
  • Updated broken documentation link in MilvusFilterExpressionConverter Javadoc #​5028
  • Added Maven Central badge to project README for better visibility bc06e4d
  • Added documentation for Azure Vector Store custom field names feature 2e7c327
  • Added documentation for custom punctuation mark support in TokenTextSplitter 7abe9a0

🔨 Dependency Upgrades

  • Updated dependencies for vector store components to latest versions 6f12ac9
  • Updated GemFire vector store Docker image version used in integration tests a802b72
  • Upgraded Spring Boot dependency to version 3.5.11, bringing the latest bug fixes and improvements from the Spring Boot ecosystem. fceafa7
  • Updates the OpenAI Java SDK dependency to version 4.17.0 for latest features and fixes f331633
  • Updated Azure SDK dependencies to latest versions for improved security and stability db3a997
  • Updated Google GenAI SDK with support for thinking levels specific to Gemini 3 Pro and Flash models 0c07a6d
  • Updated the list of available Mistral AI chat models to include latest model offerings 2c6be59
  • Updated OpenAI Java SDK dependency to version 4.13.0 bd62378
  • Upgraded Google Generative AI SDK dependency to version 1.30.0 cf34a25

🔩 Build Updates

  • Removed AnthropicApiLegacyToolIT integration test that is no longer needed d793364
  • Updated checkstyle rules to accommodate new copyright header pattern dbcf55d
  • Updated copyright headers across non-Java files to maintain licensing consistency 5a56c7e
  • Standardized copyright headers across the codebase to use '2023-present' format for better maintenance. 5d778f0
  • Updates integration tests for Google GenAI chat auto-configuration 73fe1de
  • Simplified backport automation by using the official spring-io backport bot action #​5389
  • Reorganized build structure by moving antlr4 grammar and swagger files out of resources directory 08a4c28
  • Requalified OllamaEmbeddingOptionsTests as integration test for proper test categorization 47dd6a8
  • Moved test to IT test classification for proper test categorization #​5208
  • Corrected Checkstyle plugin configuration for code quality checks 2338b25
  • Consolidated multiple CI workflows into a single unified workflow for improved maintainability d31dc3e
  • Integrated Maven Build Cache plugin to improve build performance 36d9d7f
  • Optimized Maven Build Cache configuration for better caching efficiency 0edeaef
  • Cleaned up ambiguous test from ChatClientToolsWithGenericArgumentTypesIT 5cbc3c6
  • Updated BedrockRuntimeHints and OpenAIRuntimeHints for improved GraalVM native image compatibility 9c0c053, 612da95

🙏 Contributors

Thanks to all contributors who made this release possible:

spring-projects/spring-boot (org.springframework.boot:spring-boot-dependencies)

v4.1.0

v4.0.7

v4.0.6

🐞 Bug Fixes

  • Default security is misconfigured when spring-boot-actuator-autoconfigure is present and spring-boot-health is not #​50188
  • Elasticsearch Rest5Client auto-configuration misconfigures underlying HTTP client #​50187
  • ApplicationPidFileWriter does not handle symlinks correctly #​50185
  • RandomValuePropertySource is not suitable for secrets #​50183
  • Cassandra auto-configuration misconfigures CqlSessionBuilder #​50180
  • ApplicationTemp does not handle symlinks correctly #​50178
  • Remote DevTools performs comparison incorrectly #​50176
  • spring.rabbitmq.ssl.verify-hostname is applied inconsistently #​50174
  • Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #​50077
  • Classic starters are missing several modules #​50071
  • Module spring-boot-resttestclient is missing from spring-boot-starter-test-classic #​50069
  • Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #​50064
  • EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #​50039
  • WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #​50017
  • Imports on a containing test class are ignored when a nested class has imports #​50012
  • With spring.jackson.use-jackson2-defaults set to true, FAIL_ON_UNKNOWN_PROPERTIES is enabled #​49951
  • 500 response from env endpoint when supplied pattern is invalid #​49946
  • Reactive MongoDB starter has a transitive dependency on the synchronous MongoDB driver #​49945
  • HTTP method is lost when configuring excludes in EndpointRequest #​49943
  • Honor HttpMethod for reactive additional endpoint paths #​49880
  • Docker Compose support doesn't work with apache/artemis image #​49869
  • Docker Compose support doesn't work with apache/activemq image #​49866
  • Spring Security's PathPatternRequestMatcher.Builder is not auto-configured when using WebMvcTest and spring-boot-security-test #​49854
  • API versioning path strategy should be applied path last as it is not meant to yield #​49800

📔 Documentation

  • Update docs to encourage Java fundamentals for beginners that prefer to learn that way #​50146
  • HTTP Service Interface Clients still document that API versioning can be configured via properties #​50126
  • Link to the observability section of the Lettuce documentation is broken #​50097
  • Javadoc for StaticResourceLocation.FAVICON doesn't describe icons location #​50085
  • MySamlRelyingPartyConfiguration is missing a Kotlin sample #​50024
  • Incorrect default value for management.httpexchanges.recording.include in configuration metadata #​50019
  • Link to the Kubernetes documentation when discussing startup probes #​50015
  • Typo in JdbcSessionAutoConfiguration Javadoc #​49873
  • Clarify that configuration property default values are not available through the Environment #​49851
  • Document the need for Liquibase and Flyway starters #​49839
  • Kafka documentation refers to deprecated JSON serializer and deserializer classes #​49826

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GollapudiSrikanth, @​MohammedGhallab, @​bachhs, @​dlwldnjs1009, @​edwardsre, @​kodama-kcc, @​kwondh5217, @​ppapaj, @​quaff, @​refeccd, [@​scordio](ht

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone Asia/Seoul)

  • Branch creation
    • "before 10am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@claude

claude Bot commented Jun 21, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 2m 27s —— View job


🤖 Claude 의존성 영향도 분석

📦 변경점 요약

라이브러리 변경 종류
org.springframework.boot 3.5.8 → 4.1.0 major
org.springframework.ai:spring-ai-bom 1.1.2 → 2.0.0 major

Spring Boot 4.1.0 주요 변경:

  • Spring Framework 7.0.7, Spring Security 7.0.5, Hibernate 7.2.12.Final, Spring Data 2025.1.5 포함
  • Spring Security 7: PathPatternRequestMatcher.Builder 자동 구성 방식 변경
  • Reactor Bom 2025.0.5, Spring AMQP 4.0.3 등 관련 생태계 전체 메이저 업

Spring AI 2.0.0 주요 변경:

  • Google GenAI 모델 업데이트 (Update Google GenAI models #6406)
  • Prompt API 개선 (Polish Prompt #6387)
  • 업그레이드 가이드 별도 제공 (1.1.x → 2.0.0 upgrade notes)
  • 내부적으로 Spring Boot 4.1.0 강제 (Upgrade to Spring Boot 4.1.0 #6329)

⚠️ Renovate 아티팩트 업데이트 실패: gradle.lockfile이 갱신되지 않았음. Maven Central 429(Too Many Requests)로 인해 lockfile 재생성 실패. 현재 PR 상태로는 빌드 불가.


🎯 Q-Asker 영향도: 🔴 HIGH

Spring AI 사용처 (modules/quiz-ai/impl):

파일 사용 중인 Spring AI API
GeminiChatService.java ChatModel, ChatResponse, Prompt, GoogleGenAiChatOptions, GoogleGenAiThinkingLevel, GoogleGenAiUsage
GeminiCacheService.java GoogleGenAiCachedContentService, CachedContentRequest, GoogleGenAiCachedContent, GoogleGenAiChatProperties
GeminiCacheConfig.java GoogleGenAiCachedContentService 빈 직접 생성
GeminiClientConfig.java GoogleGenAiConnectionProperties
GeminiMetricsRecorder.java Usage, GoogleGenAiUsage (Prometheus 메트릭 기록)
GeminiResponseSchema.java BeanOutputConverter (JSON 스키마 생성)
GeminiEssayResponseSchema.java BeanOutputConverter
EssayGradingServiceImpl.java ChatModel, ChatResponse, Prompt, BeanOutputConverter, GoogleGenAiChatOptions, GoogleGenAiUsage
OXQuizOrchestrator.java / MultipleQuizOrchestrator.java / BlankQuizOrchestrator.java / EssayQuizOrchestrator.java ChatModel, SystemMessage, UserMessage, ChatResponse, Prompt, Media, GoogleGenAiChatOptions, GoogleGenAiUsage

Spring Boot 4.x 전체 영향 범위 (61개 파일):

  • modules/auth/implSecurityConfig (HttpSecurity, SecurityFilterChain, OAuth2), JWT 필터 체인
  • modules/globalGlobalExceptionHandler, @ConfigurationProperties 기반 설정 클래스 전체
  • 기타 서비스 레이어 — Spring Data JPA, Spring Web MVC 전반

예상 영향:

  1. Spring AI Google GenAI API 패키지 변경 가능성: 2.0.0에서 Google GenAI 모델 업데이트가 이루어졌으므로, org.springframework.ai.google.genai.* 패키지 내 클래스(GoogleGenAiChatOptions, GoogleGenAiThinkingLevel, GoogleGenAiUsage, GoogleGenAiCachedContentService 등) 시그니처/패키지가 변경되었을 수 있음 — 공식 업그레이드 노트 확인 필수

  2. BeanOutputConverter API 변경 가능성: Prompt 개선(#6387) 등으로 인해 converter API도 영향을 받을 수 있음. GeminiResponseSchema에서 스키마 생성 로직 검증 필요

  3. Spring Security 7 breaking change: SecurityConfigauthorizeHttpRequestsoauth2Login 설정이 Spring Security 7 API와 호환되는지 검증 필요

  4. 서드파티 라이브러리 Spring Boot 4 호환성 미검증:

    • jasypt-spring-boot-starter 3.0.5 — Spring Boot 4 지원 여부 불명확
    • springdoc-openapi-starter-webmvc-ui 2.8.17 — Spring Boot 4 지원 여부 불명확
    • resilience4j-spring-boot3 2.3.0아티팩트명 자체가 boot3, Spring Boot 4에서는 spring-boot4 아티팩트 필요할 가능성 높음
    • jodconverter-spring-boot-starter 4.4.9 — 호환성 미확인
  5. Lockfile 미갱신: transitive 의존성 전체가 3.x 기준으로 잠겨있어 빌드 자체가 실패함


✅ 권장 액션

  • [BLOCKER] Lockfile 재생성 필요: Renovate rebase/retry 체크박스 클릭 또는 로컬에서 ./gradlew resolveAndLockAll --write-locks 실행 후 커밋
  • [BLOCKER] 서드파티 라이브러리 Spring Boot 4 호환성 확인:
    • resilience4j-spring-boot3resilience4j-spring-boot4 아티팩트로 교체 검토
    • jasypt-spring-boot-starter, springdoc, jodconverter 공식 릴리즈 노트 확인
  • Spring AI 2.0.0 공식 upgrade notes 숙독: GoogleGenAi* 클래스 API 변경 사항 점검
  • 별도 마이그레이션 티켓 생성 강력 권장: Spring Boot 4.x + Spring AI 2.0.0 동시 메이저 업은 단순 버전 범프가 아님. 검증 없이 머지 금지
  • CI green 확인 (현재 lockfile 미갱신으로 빌드 실패 예상)
  • 로컬 ./gradlew bootRun 후 AI 퀴즈 생성 전체 시나리오 동작 확인 (quiz-ai 모듈이 가장 큰 영향 대상)

📋 참고

@renovate renovate Bot force-pushed the renovate/major-spring branch 6 times, most recently from b6a7bd1 to db845cb Compare June 29, 2026 16:24
@renovate renovate Bot force-pushed the renovate/major-spring branch 2 times, most recently from 63dde6e to b0314f3 Compare July 3, 2026 01:21
@renovate renovate Bot force-pushed the renovate/major-spring branch from b0314f3 to 9f33672 Compare July 3, 2026 02:51
@renovate

renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: gradle/libs.versions.toml
Command failed: ./gradlew -Dorg.gradle.jvmargs=-Xms512m -Xmx512m --console=plain --dependency-verification lenient -q properties

FAILURE: Build failed with an exception.

* What went wrong:
Could not resolve all artifacts for configuration 'classpath'.
> Could not resolve com.google.code.gson:gson:2.10.1.
  Required by:
      unspecified:unspecified:unspecified > org.gradle.toolchains.foojay-resolver-convention:org.gradle.toolchains.foojay-resolver-convention.gradle.plugin:0.8.0 > org.gradle.toolchains:foojay-resolver:0.8.0
   > Could not resolve com.google.code.gson:gson:2.10.1.
      > Could not get resource 'https://plugins.gradle.org/m2/com/google/code/gson/gson/2.10.1/gson-2.10.1.pom'.
         > Could not GET 'https://repo.maven.apache.org/maven2/com/google/code/gson/gson/2.10.1/gson-2.10.1.pom'. Received status code 429 from server: Too Many Requests

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
> Get more help at https://help.gradle.org.

BUILD FAILED in 15s

@GulSauce

GulSauce commented Jul 3, 2026

Copy link
Copy Markdown
Member

결정: Defer (별도 마이그레이션 티켓 필요)

근거:

  1. 동시 MAJOR 두 개는 원인 분리 불가: Spring Boot 3.5.8 → 4.1.0 + Spring AI 1.1.2 → 2.0.0. 부팅 실패 시 두 축으로 원인 조사가 필요해 Constitution II(Surgical Changes) 위배.
  2. Spring Boot 4.x 요구사항:
    • Jakarta EE 11 (Bucket4j 8.19.0, Auth0 java-jwt 4.5.0, JODConverter 4.4.9의 Jakarta 10 호환 검증 필요)
    • Java 25 baseline (프로젝트 baseline JDK 21, PR #290과도 얽힘)
    • Spring Security / Spring Data / Micrometer 하위 BOM 일괄 변경
  3. Spring AI 2.0.0: 공식 upgrade notes 정독 필요. ChatModel, ChatClient, GoogleGenAi* 심볼 유지 여부를 심볼 단위로 확인해야 하며 별도 스파이크 규모.

재평가 트리거:

  • Renovate가 spring-boot / spring-ai를 분리 PR로 발행하는 시점
  • 또는 별도 마이그레이션 티켓(예: ICC-38x MAJOR 승격) 승인 시

관련 회귀 세이프티 넷: 이 스펙에서 확보한 RT-001 ~ RT-003이 향후 MAJOR 마이그레이션의 최소 안전망.

GulSauce added a commit that referenced this pull request Jul 3, 2026
## 반영된 버전 승격

- spring-boot     3.5.8  → 4.1.0  (MAJOR, PR #292#294)
- spring-ai       1.1.2  → 2.0.0  (MAJOR)
- google-cloud    26.67  → 26.84  (PR #293)
- jib             3.4.0  → 3.5.3  (PR #293)
- jodconverter    4.4.9  → 4.4.11 (PR #291)
- pdfbox          3.0.3  → 3.0.7  (PR #291)
- resilience4j    2.3.0  → 2.4.0  (PR #288, spring-boot4 모듈로 참조 교체)
- Temurin base    21     → 25     (PR #290)
- springdoc       2.8.17 → 3.0.3  (Boot 4 호환 라인)

## Boot 4 breaking change 해소

1. `spring-boot-starter-aop` 아티팩트 제거 → `spring-boot-starter-aspectj`로 rename
2. Jackson 3.x(tools.jackson) 도입:
   - com.fasterxml.jackson.databind.* → tools.jackson.databind.*
   - com.fasterxml.jackson.core.type.TypeReference → tools.jackson.core.type.TypeReference
   - com.fasterxml.jackson.core.JsonProcessingException → tools.jackson.core.JacksonException
   - ObjectNode.fields() 제거 → ObjectNode.properties() (Set<Entry>)
   - Iterator.forEachRemaining → Collection.forEach
   - com.fasterxml.jackson.annotation.*는 Jackson 3에서 그대로 유지
3. RateLimitFilter의 ObjectMapper 주입 실패 → auth-impl에 spring-boot-starter-json 명시
4. LegacyJacksonConfig 신설(global/config):
   - RestClient.Builder Bean 명시 (SlackNotifier용)
   - CacheManager Bean 명시 (@EnableCaching 대응)
5. resilience4j-spring-boot3 → resilience4j-spring-boot4 (Boot 4 전용 모듈)
6. SpringDoc 3.0.3 승격 (2.x는 Boot 4의 WebMvcProperties를 못 찾음)

## 신규 회귀 세이프티 넷

- app/src/test/.../ApplicationContextBootTest (RT-001 + RT-004):
  contextLoads / chatModelBeanIsPresent / aiServerCircuitBreakerIsRegisteredWithExpectedConfig
- modules/quiz-ai/impl/src/test/.../PdfUtilsTest (RT-003):
  pdfbox extractPages 정상 슬라이스 / 범위 초과 무시 / 빈 리스트 원본 반환
- modules/quiz-ai/impl/src/test/.../GeminiChatServiceSmokeTest (RT-005):
  Spring AI 2.0의 chatModel.call → JSON 파싱 사슬 유지 확인

## 검증

- ./gradlew build GREEN
- ./gradlew spotlessCheck GREEN
- pre-push hook 통과

## 남은 후속 티켓 후보

- Jackson 3.x 도입 후 LegacyJacksonConfig 클래스명 재검토 (이제 Jackson과 무관)
- Temurin 25 base 이미지 재빌드 + LibreOffice 설치·GC 튜닝 검증 (docker build)
- 첫 프로덕션 배포 후 Actuator/Micrometer 태그 변경 및 GC pause 관측

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@renovate renovate Bot changed the title chore(deps): Update spring (major) chore(deps): Update spring (major) - autoclosed Jul 4, 2026
@renovate renovate Bot closed this Jul 4, 2026
@renovate renovate Bot deleted the renovate/major-spring branch July 4, 2026 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant