fix(deps): Bump Spring Boot to 4.0.6#15676
Open
jamesfredley wants to merge 4 commits into
Open
Conversation
Assisted-by: claude-code:claude-opus-4-7
Spring Boot 4.0.6 bumps the managed `mongodb.version` from 5.6.4 to 5.6.5. Our `dependencies.gradle` still pinned 5.6.4, which lost to Spring Boot's 5.6.5 during transitive resolution and tripped the `validateDependencyVersions` task across every grails-data-mongodb module and mongodb test example (bson, mongodb-driver-core, mongodb-driver-sync, bson-record-codec). Bump the explicit pin to 5.6.5 so our BOM matches what Spring Boot 4.0.6 manages and the validator sees a single source of truth. Assisted-by: claude-code:claude-opus-4-7
Spring Boot 4.0.6 bumps `tools.jackson:jackson-bom` from 3.1.0 to 3.1.2, but `io.micronaut.platform:micronaut-platform:5.0.0-M2` still pins 3.1.0. With both platforms imported into grails-micronaut-bom, the probe in `validateDependencyVersions` sees Micronaut's 3.1.0 while actual resolution in consuming projects picks Spring Boot's 3.1.2 - flagging `grails-test-examples-micronaut` as a version mismatch. Apply the same exclusion pattern already used for Groovy and Spock: exclude `tools.jackson` from the Micronaut platform import so spring-boot-dependencies is the single source of truth for Jackson 3, mirroring how SB owns Groovy/Spock in grails-base-bom. The probe and project resolution now agree on 3.1.2, and consumers stay aligned with the Jackson version Spring Boot tests against. Assisted-by: claude-code:claude-opus-4-7
This was referenced May 22, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Grails’ dependency management to align with Spring Boot 4.0.6 and resolves BOM drift conflicts detected by validateDependencyVersions, ensuring consistent transitive resolution across Grails and Micronaut BOM imports.
Changes:
- Bump
spring-boot.versionfrom4.0.5to4.0.6independencies.gradle. - Bump pinned MongoDB driver version from
5.6.4to5.6.5to match Spring Boot 4.0.6. - Exclude
tools.jacksonfrom the Micronaut platform import ingrails-micronaut-bomso Spring Boot remains the single source of truth for Jackson 3.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
dependencies.gradle |
Updates Spring Boot and MongoDB pinned versions to match Spring Boot 4.0.6 managed dependencies. |
grails-bom/micronaut/build.gradle |
Excludes tools.jackson from Micronaut platform import to avoid Jackson BOM version conflicts with Spring Boot. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
✅ All tests passed ✅🏷️ Commit: d554d36 Learn more about TestLens at testlens.app. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps
spring-boot.versionfrom 4.0.5 to 4.0.6 independencies.gradle.Release notes: https://github.com/spring-projects/spring-boot/releases/tag/v4.0.6
Dependency-version fallout (a.k.a. why this PR has three commits)
The
validateDependencyVersionsCI job caught two transitive-version conflicts introduced by the SB 4.0.5 → 4.0.6 bump. Both are upstream BOM drift, not anything broken in our build - but our pins (and the Micronaut platform's pins) had to be reconciled so the validator sees a single source of truth.1. MongoDB driver 5.6.4 → 5.6.5
Spring Boot 4.0.6 bumps its managed
mongodb.versionfrom 5.6.4 to 5.6.5. Ourdependencies.gradlewas still pinning 5.6.4, so the higher SB version won during transitive resolution and the validator flagged every grails-data-mongodb module and mongodb test example:Affected projects:
grails-data-mongodb,-bson,-core,-ext,-spring-boot,-gson-templates,-docs, plus thegrails-test-examples-mongodb-*set.Fix: Bump
mongodb.versionto5.6.5independencies.gradleso our pin matches what Spring Boot 4.0.6 manages.2. Jackson 3 BOM: SB 4.0.6 ships 3.1.2, Micronaut platform still pins 3.1.0
Spring Boot 4.0.6 also bumps
tools.jackson:jackson-bomfrom 3.1.0 to 3.1.2.io.micronaut.platform:micronaut-platform:5.0.0-M2has not caught up yet and still pins 3.1.0. Both platforms are imported intograils-micronaut-bom, so:platform(:grails-micronaut-bom)) sees Micronaut's 3.1.0.enforcedPlatform(:grails-micronaut-bom)picks Spring Boot's higher 3.1.2.Result:
grails-test-examples-micronautfailed validation:Fix: Apply the same exclusion pattern already used for Groovy and Spock in
grails-bom/micronaut/build.gradle- excludetools.jacksonfrom the Micronaut platform import sospring-boot-dependenciesis the single source of truth for Jackson 3. The probe and actual resolution now agree on 3.1.2, and consumers stay aligned with the Jackson version Spring Boot tests against.