chore(deps): bump the all-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the all-dependencies group with 4 updates in the / directory: com.fasterxml.jackson.module:jackson-module-kotlin, org.projectlombok:lombok, org.springframework.boot and org.cyclonedx.bom.

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.17.2 to 2.20.0

Commits

• 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
• 4d53d9a Prep for 2.20.0
• df3d719 Drop rc2 from version
• 03159dd Post-release version bump
• 3982156 [maven-release-plugin] prepare for next development iteration
• 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
• ddc1e5c Prep for 2.20.0-rc1
• 80b8371 Merge pull request #1025 from k163377/ex
• 50f5527 Update release notes wrt #1025
• 4ab4308 Fix to test that KotlinInvalidNullException is thrown
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.38 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

• FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
• BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.

v1.18.40 (September 4th, 2025)

• PLATFORM: JDK25 support added #3859.
• BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
• PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
• BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
• FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
• IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.

Commits

• 2031eb0 [release] pre-release version bump for v1.18.42
• c95a6c1 Merge branch 'logger-access'
• 71d85ca #2280 Add delivery of this 'access for logging' to the changelog.
• 99ba3e3 [trivial] Slightly reworded the javadoc on each @Log annotation's `access()...
• e9cf11e [trivial][style]
• a6d5568 [deprecation] Marked AccessLevel.MODULE as deprecated. It was written for a...
• 492011d Refactored to use Javac/Eclipse utility function
• c1f7f66 Update copyright in logger files
• f63f40a Add myself to AUTHORS
• 9152c34 Fix failing tests
• Additional commits viewable in compare view

Updates org.springframework.boot from 4.0.0-M2 to 4.0.0-M3

Release notes

Sourced from org.springframework.boot's releases.

v4.0.0-M3

⭐ New Features

• Deprecate JUnit 4 integration #47256
• Add support for SimpleTaskExecutor#cancel-remaining-tasks-on-close #47244
• Restructure foundational packages to remove dependency on 'org.springframework.boot' #47232
• Add configuration property for Tomcat's static resource cache max size #47229
• Introduce specialized interfaces in PropertiesConfigAdapter #47226
• Make ConfigDataLocation.of non-nullable #47221
• Make SanitizableData.key non-nullable #47220
• Add methods to connector and request factory builds to apply pre-packaged customizations #47205
• Finalize and document Spring Boot's HTTP Service client support #47179
• Revisit Kotlin Serialization integration #47178
• Remove explicit dependency management for Spring Authorization Server as it is now part of Spring Security #47174
• Adapt RetryTopicConfiguration now that Spring Kafka no longer relies on Spring Retry #47125
• Remove auto-configuration support for '@HttpServiceClient' #47123
• Adapt RabbitRetryTemplateCustomizer now that Spring AMQP no longer relies on Spring Retry #47122
• Rename spring.mongodb.uuid-representation #47052
• Remove Spring Data MongoDB dependency from MongoDB health support #47051
• Always use mongodb rather than mongo in MongoDB-related configuration properties #47050
• Remove GridFs from MongoConnectionDetails #47044
• Rename *DataProperties classes to Data*Properties #47043
• Add a configuration property for configuring Spring Data MongoDB's BigDecimal representation #47041
• Rename ConditionalOnEnabledTracing to ConditionalOnEnabledTracingExport #47029
• Update PropertyMapper to better support nullability #47024
• Drop support for Jersey, at least until it supports JAX-RS 4 (Jakarta EE 11) #47017
• Rename ScheduledTasksObservabilityAutoConfiguration to ScheduledTasksObservationAutoConfiguration #46995
• Refine JSpecify annotations #46926
• Introduce Kotlin Serialization auto-configuration #46546
• Exclude spring-boot-devtools from AOT processing in Maven #46533
• Improve Log4j Core configuration file detection for Log4j 3 #46409
• Remove dependency management for Spring Retry in favor of spring-core's new retry support #46309
• Optimize resource lookup in DevTools restart #46289
• Add support for authenticating with Elasticsearch using an API key #46167
• Remove isImmutable and getPrefix from OriginLookup #45547
• Update Jackson support to require Jackson 3 #45535
• Use a shaded version of org.json in spring-boot-configuration-metadata and spring-boot-cli #45504
• Replace @OptionalParameter with JSpecify's @Nullable #45390
• Create spring-boot-persistence module to house general persistence-related code and properties #45328
• Rename spring-boot-starter-aop to spring-boot-starter-aspectj #42948
• Rename MongoDB properties that do not require Spring Data MongoDB #34954
• Enable readiness and liveness probe endpoints by default #22825

🐞 Bug Fixes

• App fails to start when trying to use Prometheus without Actuator #47175
• Quoted -D arguments break system property resolution on Linux with Spring AOT #47167
• available() does not behave correctly when reading stored entries from a NestedJarFile #47058
• spring-boot-docker-compose doesn't create service connections when image has registry host but not project #47020
• Flyway Ignore Migration Patterns setting can't be set to an empty string #47014

... (truncated)

Commits

• 104fe6e Release v4.0.0-M3
• 4cb2c62 Merge branch '3.5.x'
• 3e12b56 Next development version (v3.5.7-SNAPSHOT)
• 2d1c661 Revert "Upgrade to Kotlin 2.2.20"
• e9daa9a Merge branch '3.5.x'
• d96267f Merge branch '3.4.x' into 3.5.x
• 9363f03 Next development version (v3.4.11-SNAPSHOT)
• aac1845 Improve null-safety of core/spring-boot
• 7689389 Use correct nullable annotations in smoke tests
• f81f2de Revert "Upgrade to Jakarta XML Bind 4.0.4"
• Additional commits viewable in compare view

Updates org.cyclonedx.bom from 2.3.1 to 2.4.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.