I have upgraded the spring-boot from 2.2.6.RELEASE to 3.2.11 and there are some references from spring-boot-configuration-processor like below
import org.springframework.boot.configurationprocessor.json.JSONException;
import org.springframework.boot.configurationprocessor.json.JSONObject
It was previously available in the lib folder of the fat jar when it was built, but it is no longer available though its scope as provided appears in the pom.xml file.
In my understanding, it is designed to tell the IDE about metadata and is not required at runtime. However, I would like to know how maven or spring-boot-maven-plugin exclude this jar from the fat jar. Providing an official document regarding this issue would be very helpful if it is indeed a problem.
spring maven plugin
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
We can replace those references with Jackson or JSON third party dependencies but just curious about issue.
As mentioned by @khmarbaise in the comments, reading the release notes and upgrading from minor version to minor version is the best way to plan your Spring Boot upgrades.
In this case, the Spring Boot 2.4 release notes point to this change:
Spring Boot annotation processors are also removed as well as they are only useful during the build. These are spring-boot-autoconfigure-processor and spring-boot-configuration-processor.
Code in the org.springframework.boot.configurationprocessor is not considered public and should not be used by the application. If you're looking for a lightweight JSON library, there are many out there. Here, the configuration processor merely shades a public library, com.vaadin.external.google:android-json. You can add this library to your application and change the package imports. This should result in the same behavior and a lighter repackaged jar.