Update all non-major dependencies

Author: renovate-bot

.github/workflows/build-mariadb.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-24.04
     services:
         mariad:
-            image: mariadb:11.5.2
+            image: mariadb:11.7.2
             ports:
                 - 3306:3306
             env:

.github/workflows/build-mysql.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-24.04
     services:
         mariad:
-            image: mysql:9.1
+            image: mysql:9.2
             ports:
                 - 3306:3306
             env:

build.gradle

@@ -96,22 +96,22 @@ plugins {
     id 'org.nosphere.apache.rat' version '0.8.1' apply false
     id 'com.github.hierynomus.license' version '0.16.1' apply false
     id 'com.github.jk1.dependency-license-report' version '2.9' apply false
-    id 'org.zeroturnaround.gradle.jrebel' version '1.2.0' apply false
-    id 'org.springframework.boot' version '3.4.3' apply false
+    id 'org.zeroturnaround.gradle.jrebel' version '1.2.1' apply false
+    id 'org.springframework.boot' version '3.4.4' apply false
     id 'net.ltgt.errorprone' version '4.1.0' apply false
-    id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.23' apply false
-    id 'com.gorylenko.gradle-git-properties' version '2.4.2' apply false
+    id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.29' apply false
+    id 'com.gorylenko.gradle-git-properties' version '2.5.0' apply false
     id 'org.asciidoctor.jvm.convert' version '3.3.2' apply false
     id 'org.asciidoctor.jvm.pdf' version '3.3.2' apply false
-    id 'com.google.cloud.tools.jib' version '3.4.4' apply false
-    id 'org.sonarqube' version '6.0.1.5171'
-    id 'com.github.andygoossens.modernizer' version '1.10.0' apply false
+    id 'com.google.cloud.tools.jib' version '3.4.5' apply false
+    id 'org.sonarqube' version '6.1.0.5360'
+    id 'com.github.andygoossens.modernizer' version '1.11.0' apply false
     // TODO: upgrade to 6.0.4
-    id 'com.github.spotbugs' version '6.0.26' apply false
+    id 'com.github.spotbugs' version '6.1.7' apply false
     id 'se.thinkcode.cucumber-runner' version '0.0.11' apply false
     id "com.github.davidmc24.gradle.plugin.avro-base" version "1.9.1" apply false
-    id 'org.openapi.generator' version '7.8.0' apply false
-    id 'com.gradleup.shadow' version '8.3.5' apply false
+    id 'org.openapi.generator' version '7.12.0' apply false
+    id 'com.gradleup.shadow' version '8.3.6' apply false
 }
 
 apply from: "${rootDir}/buildSrc/src/main/groovy/org.apache.fineract.release.gradle"

buildSrc/build.gradle

@@ -20,7 +20,7 @@
 import static org.slf4j.LoggerFactory.*
 
 plugins {
-    id 'io.spring.dependency-management' version '1.1.6'
+    id 'io.spring.dependency-management' version '1.1.7'
     id 'groovy'
     id 'java-gradle-plugin'
     id 'groovy-gradle-plugin'

buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle

@@ -24,52 +24,52 @@ dependencyManagement {
     imports {
         mavenBom 'com.squareup.okhttp3:okhttp-bom:4.12.0'
         mavenBom 'org.slf4j:slf4j-bom:2.0.17'
-        mavenBom 'io.micrometer:micrometer-bom:1.13.6'
-        mavenBom 'org.springframework:spring-framework-bom:6.1.14'
-        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.4.3'
-        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.2.1'
-        mavenBom 'io.opentelemetry:opentelemetry-bom:1.44.1'
-        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.0.21'
-        mavenBom 'org.junit:junit-bom:5.11.3'
+        mavenBom 'io.micrometer:micrometer-bom:1.14.5'
+        mavenBom 'org.springframework:spring-framework-bom:6.2.5'
+        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.4.4'
+        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.3.0'
+        mavenBom 'io.opentelemetry:opentelemetry-bom:1.48.0'
+        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.1.20'
+        mavenBom 'org.junit:junit-bom:5.12.1'
         mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.3'
-        mavenBom 'io.cucumber:cucumber-bom:7.20.1'
+        mavenBom 'io.cucumber:cucumber-bom:7.21.1'
         mavenBom 'io.netty:netty-bom:4.1.119.Final'
-        mavenBom 'org.mockito:mockito-bom:5.14.2'
-        mavenBom 'software.amazon.awssdk:bom:2.29.9'
-        mavenBom 'io.github.resilience4j:resilience4j-bom:2.2.0'
+        mavenBom 'org.mockito:mockito-bom:5.16.1'
+        mavenBom 'software.amazon.awssdk:bom:2.31.8'
+        mavenBom 'io.github.resilience4j:resilience4j-bom:2.3.0'
     }
 
     dependencies {
         // We use fixed versions, instead of inheriting them from the Spring BOM, to be able to be on more recent ones.
         // We do not use :+ to get the latest available version available on Maven Central, as that could suddenly break things.
         // We use the Renovate Bot to automatically propose Pull Requests (PRs) when upgrades for all of these versions are available.
 
-        dependency 'ch.qos.logback:logback-core:1.5.17'
-        dependency 'ch.qos.logback:logback-classic:1.5.17'
+        dependency 'ch.qos.logback:logback-core:1.5.18'
+        dependency 'ch.qos.logback:logback-classic:1.5.18'
         dependency 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
         dependency 'ch.qos.logback.contrib:logback-jackson:0.1.5'
         dependency 'org.codehaus.janino:janino:3.1.12'
 
 
         dependency 'org.eclipse.persistence:org.eclipse.persistence.jpa:4.0.2'
         dependency 'com.google.guava:guava:32.0.0-jre'
-        dependency 'com.google.code.gson:gson:2.11.0'
-        dependency 'com.google.googlejavaformat:google-java-format:1.24.0'
+        dependency 'com.google.code.gson:gson:2.12.1'
+        dependency 'com.google.googlejavaformat:google-java-format:1.25.2'
         dependency 'org.apache.commons:commons-collections4:4.4'
-        dependency ('software.amazon.msk:aws-msk-iam-auth:2.2.0') {
+        dependency ('software.amazon.msk:aws-msk-iam-auth:2.3.1') {
             exclude 'commons-logging:commons-logging:'
         }
         dependency ('org.apache.commons:commons-email:1.6.0') {
             exclude 'com.sun.mail:javax.mail'
             exclude 'javax.activation:activation'
         }
-        dependency 'commons-io:commons-io:2.17.0'
+        dependency 'commons-io:commons-io:2.18.0'
         dependency 'com.github.librepdf:openpdf:2.0.3'
         dependency ('org.mnode.ical4j:ical4j:3.2.19') {
             exclude 'com.sun.mail:javax.mail'
             exclude 'org.codehaus.groovy:groovy'
         }
-        dependency 'org.apache.commons:commons-csv:1.12.0'
+        dependency 'org.apache.commons:commons-csv:1.14.0'
         dependency 'org.quartz-scheduler:quartz:2.5.0'
         dependency 'org.ehcache:ehcache:3.10.8'
         dependency 'com.github.spullara.mustache.java:compiler:0.9.14'
@@ -121,9 +121,9 @@ dependencyManagement {
         dependency 'joda-time:joda-time:2.13.1'
 
         dependency 'io.github.classgraph:classgraph:4.8.179'
-        dependency 'org.awaitility:awaitility:4.2.2'
+        dependency 'org.awaitility:awaitility:4.3.0'
         // TODO: upgrade to 4.8.3
-        dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6'
+        dependency 'com.github.spotbugs:spotbugs-annotations:4.9.3'
         dependency 'javax.cache:cache-api:1.1.1'
         dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0'
         dependency 'org.webjars:webjars-locator-core:0.59'
@@ -150,26 +150,26 @@ dependencyManagement {
         dependency "org.apache.oltu.oauth2:org.apache.oltu.oauth2.httpclient4:1.0.1"
         dependency "io.gsonfire:gson-fire:1.9.0"
         dependency "com.google.code.findbugs:jsr305:3.0.2"
-        dependency "commons-codec:commons-codec:1.17.1"
+        dependency "commons-codec:commons-codec:1.18.0"
         dependency "org.projectlombok:lombok:1.18.36"
 
-        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.79'
-        dependency 'org.bouncycastle:bcprov-jdk15to18:1.79'
+        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.80'
+        dependency 'org.bouncycastle:bcprov-jdk15to18:1.80'
         dependency 'org.bouncycastle:bcprov-jdk15on:1.70'
         dependency 'org.bouncycastle:bcpg-jdk15on:1.70'
 
         dependency 'org.eclipse.jgit:org.eclipse.jgit:6.10.0.202406032230-r'
-        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.0.0.202409031743-r'
+        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.2.0.202503040940-r'
 
         dependency 'org.tmatesoft.svnkit:svnkit:1.10.11'
         dependency 'com.vdurmont:semver4j:3.1.0'
         dependency 'org.beryx:text-io:3.4.1'
 
-        dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0') {
+        dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.6') {
             exclude 'io.swagger.core.v3:swagger-core'
         }
 
-        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.23.1'
+        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.24.0'
 
         dependency ('org.apache.activemq:activemq-client:6.1.6') {
             exclude 'javax.annotation:javax.annotation-api'
@@ -206,9 +206,9 @@ dependencyManagement {
         }
 
         dependency 'org.owasp.esapi:esapi:2.6.0.0'
-        dependency 'org.awaitility:awaitility:4.2.2'
+        dependency 'org.awaitility:awaitility:4.3.0'
 
-        dependencySet(group: 'org.apache.poi', version: '5.3.0') {
+        dependencySet(group: 'org.apache.poi', version: '5.4.0') {
             entry 'poi'
             entry 'poi-ooxml'
             entry 'poi-ooxml-schemas'
@@ -234,17 +234,17 @@ dependencyManagement {
 
         dependency 'org.postgresql:postgresql:42.7.5'
 
-        dependency 'org.assertj:assertj-core:3.26.3'
+        dependency 'org.assertj:assertj-core:3.27.3'
 
         dependency 'org.apache.commons:commons-math3:3.6.1'
 
         dependency 'org.mockito:mockito-inline:5.2.0'
 
         dependency 'com.github.tomakehurst:wiremock-standalone:3.0.1'
 
-        dependency 'io.cucumber:cucumber-java:7.20.1'
-        dependency 'io.cucumber:cucumber-java8:7.20.1'
-        dependency 'io.cucumber:cucumber-junit-platform-engine:7.20.1'
-        dependency 'io.cucumber:cucumber-spring:7.20.1'
+        dependency 'io.cucumber:cucumber-java:7.21.1'
+        dependency 'io.cucumber:cucumber-java8:7.21.1'
+        dependency 'io.cucumber:cucumber-junit-platform-engine:7.21.1'
+        dependency 'io.cucumber:cucumber-spring:7.21.1'
     }
 }

docker-compose-postgresql-kafka.yml

@@ -20,7 +20,7 @@
 version: "3.7"
 services:
   kafka:
-    image: "bitnami/kafka:3.8.1-debian-12-r1"
+    image: "bitnami/kafka:3.9.0-debian-12-r13"
     ports:
       - "9092:9092"
     env_file:

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

settings.gradle

@@ -19,7 +19,7 @@
 
 plugins {
     id 'com.gradle.develocity' version '3.18.2'
-    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2'
+    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.1'
 }
 
 def isCI = System.getenv('JENKINS_URL') != null