Bump org.springframework.kafka:spring-kafka-bom from 4.0.5 to 4.1.0

[dependabot]

Bumps org.springframework.kafka:spring-kafka-bom from 4.0.5 to 4.1.0.

Release notes

Sourced from org.springframework.kafka:spring-kafka-bom's releases.

v4.1.0

⭐ New Features

• make the method setBackOffFunction work for the batch processing as well #4455

🐞 Bug Fixes

• Require exact package match for trusted header types #4496
• Harden retry topic headers decoding in Spring Kafka #4493
• Fix unbounded cache in DelegatingDeserializer #4489
• @RetryableTopic: built-in DLT logging handler fails with "No Acknowledgment available" on 4.0 (works on 3.3.x) #4468
• Suspend @KafkaListener re-delivers a failing record without bound after DefaultErrorHandler retries are exhausted #4465
• KafkaMessageListenerContainer for ackMode=COUNT_TIME doesn't check ackTime #4444
• Different behavior for value serializer mappings for different classloaders #4442
• DefaultAfterRollbackProcessor for batch-listeners consuming ConsumerRecords doesn't seek consumer #4439
• NPE when properties are not defined for StreamsBuilderFactoryBean #4434
• Incorrect key, value, and headers passed to KafkaStreamsDeadLetterDestinationResolver #4430
• Inconsistent handling of non-string values in Properties argument passed to DefaultConsumerFactory::createKafkaConsumer #4384

📔 Documentation

• BatchListenerFailedException silently commits offsets for unprocessed records in BatchMessageListener #4436
• Polish README.md and CONTRIBUTING.adoc #4184

🔨 Dependency Upgrades

• Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 #4485
• Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 #4481
• Bump io.micrometer:micrometer-tracing-bom from 1.7.0-SNAPSHOT to 1.7.0 #4480
• Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.21.4 #4458
• Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 #4457
• Bump kafkaVersion from 4.2.0 to 4.2.1 #4456
• Bump org.slf4j:slf4j-api from 2.0.17 to 2.0.18 #4445
• Bump tools.jackson:jackson-bom from 3.1.2 to 3.1.3 #4438
• Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 #4437
• Bump kotlinVersion from 2.3.20 to 2.3.21 #4426

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​LeosBitto and @​ngocnhan-tran1996

v4.1.0-RC1

⭐ New Features

• Add AcknowledgementCommitCallback support for async share consumer commits #4380
• Introduce ShareAckMode enum for share consumers #4376
• Expose group.protocol configuration for Kafka Streams server-side rebalance (KIP-1071) #4329
• Expose native Kafka Streams DLQ configuration (KIP-1034) #4328

... (truncated)

Commits

• a8dba16 [CI/CD] Release version 4.1.0
• 9439fbb GH-4496: Require exact package match for trusted header types
• 7495b37 GH-4493: Harden retry topic headers decoding
• ca2337b GH-4489: Fix unbounded cache in DelegatingDeserializer
• 78ee8bf Upgrade from SNAPSHOTs to GAs
• 75597bb CI/CD: Trigger dependabot updates
• 3711c3a Bump io.projectreactor:reactor-bom from 2025.0.5 to 2025.0.6 (#4485)
• ff8b048 Bump org.springframework:spring-framework-bom from 7.0.7 to 7.0.8 (#4481)
• d586be4 Bump io.micrometer:micrometer-tracing-bom from 1.7.0-SNAPSHOT to 1.7.0 (#4480)
• 8c2d29c CI/CD: Trigger dependabot updates
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.78%. Comparing base (413a8ba) to head (89fc0d2).

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #6683      +/-   ##
============================================
- Coverage     97.79%   97.78%   -0.01%     
- Complexity     7325     7559     +234     
============================================
  Files          1015     1015              
  Lines         21508    21508              
  Branches       1416     1416              
============================================
- Hits          21033    21031       -2     
- Misses          359      360       +1     
- Partials        116      117       +1     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.