[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates #13785

dependabot · 2025-10-15T12:12:51Z

Bumps the dev-dependencies group with 48 updates in the /jetty-ee10 directory:

Package	From	To
com.sun.mail:jakarta.mail	`2.0.1`	`2.0.2`
org.glassfish.jersey.containers:jersey-container-servlet	`3.1.10`	`3.1.11`
org.glassfish.jersey.inject:jersey-hk2	`3.1.10`	`3.1.11`
org.glassfish.jersey.media:jersey-media-json-binding	`3.1.10`	`3.1.11`
org.ow2.asm:asm	`9.8`	`9.9`
org.ow2.asm:asm-commons	`9.8`	`9.9`
org.ow2.asm:asm-bom	`9.8`	`9.9`
org.apache.maven.surefire:surefire-junit47	`3.5.3`	`3.5.4`
org.eclipse.jetty.toolchain:jetty-test-helper	`6.3`	`6.4`
org.apache.logging.log4j:log4j-core	`2.25.0`	`2.25.2`
org.apache.logging.log4j:log4j-api	`2.25.0`	`2.25.2`
commons-codec:commons-codec	`1.18.0`	`1.19.0`
org.mariadb.jdbc:mariadb-java-client	`3.5.4`	`3.5.6`
org.apache.openwebbeans:openwebbeans-web	`2.0.27`	`2.0.28`
com.hazelcast:hazelcast	`5.5.0`	`5.6.0`
com.google.code.gson:gson	`2.13.1`	`2.13.2`
org.apache.lucene:lucene-core	`9.11.1`	`9.12.3`
com.fasterxml.jackson:jackson-bom	`2.18.3`	`2.20.0`
io.netty:netty-bom	`4.2.0.Final`	`4.2.6.Final`
org.junit:junit-bom	`5.13.2`	`5.14.0`
ch.qos.logback:logback-core	`1.5.18`	`1.5.19`
com.google.guava:guava	`33.4.8-jre`	`33.5.0-jre`
commons-io:commons-io	`2.19.0`	`2.20.0`
io.grpc:grpc-core	`1.72.0`	`1.76.0`
io.smallrye.common:smallrye-common-cpu	`2.8.0`	`2.13.9`
net.java.dev.jna:jna	`5.17.0`	`5.18.1`
net.java.dev.jna:jna-jpms	`5.17.0`	`5.18.1`
net.minidev:json-smart	`2.5.2`	`2.6.0`
org.apache.commons:commons-compress	`1.27.1`	`1.28.0`
org.apache.commons:commons-lang3	`3.18.0`	`3.19.0`
org.apache.maven.resolver:maven-resolver-api	`1.9.22`	`1.9.24`
org.apache.maven.resolver:maven-resolver-supplier	`1.9.22`	`1.9.24`
org.bouncycastle:bcpkix-jdk18on	`1.81`	`1.82`
org.bouncycastle:bcprov-jdk18on	`1.81`	`1.82`
org.bouncycastle:bctls-jdk18on	`1.81`	`1.82`
org.bouncycastle:bcutil-jdk18on	`1.81`	`1.82`
org.eclipse.jdt:ecj	`3.42.0`	`3.43.0`
org.eclipse.sisu:org.eclipse.sisu.plexus	`0.9.0.M3`	`0.9.0.M4`
org.jboss.logging:jboss-logging-annotations	`3.0.3.Final`	`3.0.4.Final`
org.jboss.logging:jboss-logging-processor	`3.0.3.Final`	`3.0.4.Final`
org.jboss.threads:jboss-threads	`3.8.0.Final`	`3.9.1`
org.junit.platform:junit-platform-engine	`1.13.2`	`1.14.0`
com.puppycrawl.tools:checkstyle	`10.23.0`	`10.26.1`
eu.maveniverse.maven.njord:extension3	`0.8.2`	`0.8.4`
eu.maveniverse.maven.plugins:njord	`0.8.2`	`0.8.4`
org.apache.maven.shared:maven-filtering	`3.3.0`	`3.4.0`
org.cyclonedx:cyclonedx-maven-plugin	`2.8.0`	`2.9.1`
org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin	`1.4.3`	`1.5.2`

Updates com.sun.mail:jakarta.mail from 2.0.1 to 2.0.2

Updates org.glassfish.jersey.containers:jersey-container-servlet from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.1.10 to 3.1.11

Updates org.ow2.asm:asm from 9.8 to 9.9

Updates org.ow2.asm:asm-commons from 9.8 to 9.9

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates org.ow2.asm:asm-commons from 9.8 to 9.9

Updates org.apache.maven.surefire:surefire-junit47 from 3.5.3 to 3.5.4

Updates org.eclipse.jetty.toolchain:jetty-test-helper from 6.3 to 6.4

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-api from 2.25.0 to 2.25.2

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

        Add HmacUtils.hmac(Path). Thanks to Gary Gregory.

        Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.

        Add PMD check to the default Maven goal. Thanks to Gary Gregory.

        Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.

Fixed Bugs

        Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.

        Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.

CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.

        Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.

        Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.

        Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.

        Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.

        Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.

        Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.

        Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.

        Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.

CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.

        Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.

        Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.

        Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.

        Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.

        Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.

        Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.

        The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.

        Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.

        Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.

Changes

... (truncated)

Commits

351cb22 Prepare for the release candidate 1.19.0 RC1
0d501b6 Prepare for the next release candidate
d6d4b82 Refactor duplicate code
6d6456c No need to exclude abstract test classes from Surefire runs
22d62e4 No need to specify the default value for linkXref
c4daf34 No longer need to override the version of the Jacoco Maven plugin
8f2b673 Remove workaround for [SUREFIRE-2253]
466a61d Fix Javadoc
ca27bd3 Fix Checkstyle
1dfb4e5 Better internal method name
Additional commits viewable in compare view

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.4 to 3.5.6

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.6

3.5.6 (Sep 2025)

Full Changelog

Key Enhancements

CONJ-1238 - rewriteBatchStatements implementation

CONJ-1274 - server prepared statement client failover to client prepared statement

Issues Resolved

CONJ-1278 - prepared statement caching enablement correction, same than 2.x

CONJ-1279 - metadata table name addition for 12.1 after MDEV-28933

CONJ-1280 - permit having multiple command with initSql option

CONJ-1276 - Connection#isValid(int timeout) does not obey the passed in timeout if the network is down.

MariaDB Connector/Java 3.5.5

3.5.5 (Aug 2025)

Full Changelog

Issues Resolved

CONJ-1265 - ensure rollback and release savepoint operation to be sent to server, even when there is no transaction in progress

CONJ-1270 - forceConnectionTimeZoneToSession doesn't always set the timezone to server

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.6 (Sep 2025)

Full Changelog

Key Enhancements

CONJ-1238 - rewriteBatchStatements implementation

CONJ-1274 - server prepared statement client failover to client prepared statement

Issues Resolved

CONJ-1278 - prepared statement caching enablement correction, same than 2.x

CONJ-1279 - metadata table name addition for 12.1 after MDEV-28933

CONJ-1280 - permit having multiple command with initSql option

CONJ-1276 - Connection#isValid(int timeout) does not obey the passed in timeout if the network is down.

3.5.5 (Aug 2025)

Full Changelog

Issues Resolved

CONJ-1265 - ensure rollback and release savepoint operation to be sent to server, even when there is no transaction in progress

CONJ-1270 - forceConnectionTimeZoneToSession doesn't always set the timezone to server

Commits

0bffb46 Merge branch 'develop'
8e5f44d bump 3.5.6
d870e13 [CONJ-1274] have server prepared statement client failover
b43a845 [misc] failover during a transaction must only throw one error
13f120e [misc] correct github action to test main branch
b3701fb [misc] test improvement
7903a4b [misc] updating CI links to mariadb-corporation account
bcb0981 [misc] updating CI links to mariadb-corporation account
79609b8 [CONJ-1276] Connection#isValid(int timeout) does not obey the passed in timeo...
fac4146 [CONJ-1272] Tests fail with early access JVM builds
Additional commits viewable in compare view

Updates org.apache.openwebbeans:openwebbeans-web from 2.0.27 to 2.0.28

Commits

09181d5 [maven-release-plugin] prepare release openwebbeans-2.0.28
ab45ce6 fix(#OWB-1450): Interceptor proxy memory leak. Add caching at an higher level
f93bfea fix(#OWB-1450): remove non working cache on proxies per AT
cdc9a57 fix: maven dependency to Gradle not found and NPE in previous plugin version
3feacc6 Merge pull request #127 from jgallimore/owb_2.0.x-owb-cdi-junit
129a538 OWB-1448 remove wildcard import
9bbd3f7 OWB-1448 rework following feedback
eb4b4c6 OWB-1448 removing left over e.printStackTrace()
41a5596 OWB-1448 Fix Issue with Cdi annotation and alternatives
0376bd7 upgrade to apache-parent 29
Additional commits viewable in compare view

Updates com.hazelcast:hazelcast from 5.5.0 to 5.6.0

Commits

See full diff in compare view

Updates com.google.code.gson:gson from 2.13.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

Improved packaging of JPMS module declaration in Gson jar
This fixes an issue where Eclipse and VS Code users could not refer to the Gson module name com.google.gson. See issue google/gson#2679.

Remove internal class GsonPreconditions by @Marcono1234 in google/gson#2879

Switch to using central-publishing-maven-plugin by @eamonnmcmanus in google/gson#2900

New Contributors

@MukjepScarlet made their first contribution in google/gson#2852

@ChrisCraik made their first contribution in google/gson#2856

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Commits

686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
c2d252a Switch to using central-publishing-maven-plugin. (#2900)
69cb755 Bump the github-actions group with 5 updates (#2894)
ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
fdc616d Set top-level permissions for CodeQL workflow (#2889)
9334715 Create scorecard.yml (#2888)
f7de5c2 Bump the maven group with 8 updates (#2885)
8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
5eab3ed Bump the github-actions group with 2 updates (#2886)
5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
Additional commits viewable in compare view

Updates org.apache.lucene:lucene-core from 9.11.1 to 9.12.3

Updates com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.20.0

Commits

54f854b [maven-release-plugin] prepare release jackson-bom-2.20.0
9cc68d4 Prep for 2.20.0
cbef800 Version sync for 2.20.0 release (in near future)
79bc4ed Back to snapshot deps
94947a0 [maven-release-plugin] prepare for next development iteration
369dffe [maven-release-plugin] prepare release jackson-bom-2.20.0-rc1
c5caaf2 Prep for 2.20.0-rc1
8ad6e0a Move to 2.20.0-rc1-SNAPSHOT
500ef4d Merge branch '2.19' into 2.x
274f228 Back to snapshot deps
Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.2.0.Final to 4.2.6.Final

Commits

255ad95 [maven-release-plugin] prepare release netty-4.2.6.Final
bbacc6b BouncyCastleAlpnSslUtils needs to use the correct SSLEngine class as … (#15630)
d28a0fc Make ResourceLeakDetector.track not final (#15620)
7134f60 [refactor] add error message to all new Error() calls (#15609)
f7f5b48 Add test for OpenJdkSelfSignedCertGenerator (#15619)
9e4bb29 IoUring: Allow to create IoHandlerFactory that supports changing the (#15608)
22d414b Skip huge decompression test with leak detection (#15616)
77661e7 Update the CentOS devcontainer (#15615)
ea90268 Don't try to generate aggregated javadocs for the stubs as otherwise it will ...
b54f47e [maven-release-plugin] prepare for next development iteration
Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.2 to 5.14.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

8545c93 Release 5.14.0
1d405a0 Polish release notes for 5.14 GA
c1f78f6 Prepare 5.14.0 release notes and link to migration guide
a6f666c Allow new classes to be added
f728dfa Disable compatibility checks for all aggregator projects
72b34aa Validate list of accepted breaking changes
bc62d27 Only track module-specific lines in accepted-breaking-changes.txt
1d95a3c Clear custom initialize-at-build-time lists
513be32 Update plugin org.graalvm.buildtools.native to v0.11.1
174d8de Back to snapshots for further development
Additional commits viewable in compare view

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
4adae8b add plugin for Maven Central deployment
ee70cf4 prepare release 1.5.19
20802cf mindor javadoc changes
8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
7f65340 minor changes
8d2262d soften warning on using ConsoleAppender
c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
61f6a25 disallow new in if condition attribute in config files
a07cfd5 logback-core: fix spelling errors (#956)
Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  
  <version>33.5.0-android</version>
</dependency>
Jar files

33.5.0-jre.jar

33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

failureaccess-1.0.3.jar

Javadoc

33.5.0-jre

33.5.0-android

JDiff

33.5.0-jre vs. 33.4.8-jre

33.5.0-android vs. 33.4.8-android

33.5.0-android vs. 33.5.0-jre

Changelog

Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)

For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.

Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)

Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)

cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)

collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)

math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)

net: Added image/avif to MediaType. (53344caba6)

testing: Made CollectorTester available to Android users. (294c251079)

util.concurrent: Added Striped.custom. (1586eb271d)

Commits

See full diff in compare view

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

c224bce Prepare for the release candidate 2.20.0 RC1
8981a5c Remove workaround for
4ef481f Prepare for the next release candidate
d23228f Merge branch 'master' of https://github.com/apache/commons-io.git
5d2737f Add @SuppressWarnings
e5c80d6 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 #761
2017ac0 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#761)
07ce798 Javadoc
a828efa Add ciManagement element to POM
46bd1c2 Javadoc
Additional commits viewable in compare view

Updates io.grpc:grpc-core from 1.72.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-core's releases.

v1.76.0

Bug Fixes

xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.

compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.

servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.

servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.

binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.

binder: The server will now only accept post-setup transactions from the authorized server UID.

util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”

android: A fix has been implemented for network change handling on API levels below 24.

Improvements

api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.

api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.

servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name

servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first

xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs

bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.

bazel: Unnecessary direct build dependencies were removed from some targets

netty: Support for the BCJSSE provider has been added in GrpcSslContexts.

netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers

netty: Include allow header for HTTP response code 405

okhttp: Include allow header for HTTP response code 405

binder: Error descriptions for ServiceConnection callbacks have been improved

binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.

compiler: Support for macOS aarch64 with a universal binary has been added.

opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support

binder: A NameResolver for Android's intent: URIs has been introduced.

binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.

examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

Upgraded Guava version to 33.4.8.

The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt @Sangamesh1997

... (truncated)

Commits

d0db129 Bump version to 1.76.0
aa672ca Update README etc to reference 1.76.0
70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
f89d1d8 api: remove nullable from StatusOr value methods (#12338)
040665f examples: Explain Bazel BCR releases and git_override option
4995700 xds: Remove verify TODO for onResult2 error status
afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
1a7042a android: fix network change handling on API levels < 24
8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
Additional commits viewable in compare view

Updates io.smallrye.common:smallrye-common-cpu from 2.8.0 to 2.13.9

Release notes

Sourced from io.smallrye.common:smallrye-common-cpu's releases.

2.13.9

No release notes provided.

2.13.8

No release notes provided.

2.13.7

No release notes provided.

2.13.6

No release notes provided.

2.13.5

No release notes provided.

2.13.4

No release notes provided.

2.13.3

No release notes provided.

2.13.2

No release notes provided.

2.13.1

No release notes provided.

2.13.0

No release notes provided.

2.13.beta2

No release notes provided.

2.13.beta1

No release notes provided.

2.12.0

No release notes provided.

2.11.0

#402 Introduce parent-child structure for duplication context

2.10.0

#394 Release 2.10.0

#393 Bump io.smallrye:smallrye-parent from 46 to 47

#392 Javadoc fixes

#391 Bump version.vertx from 4.5.11 to 4.5.12

#390 Bump org.graalvm.sdk:nativeimage from 24.1.1 to 24.1.2

#389 Make CPU cache interrogation an opt-in feature

#388 Slightly reduce the startup cost of the modules used in Quarkus

... (truncated)

Commits

fb23335 [maven-release-plugin] prepare release 2.13.9
a6bff5b Merge pull request #480 from smallrye/release
b4c7b8b Release 2.13.9
14a2061 Merge pull request #479 from dmlloyd/fix-nanos
199f099 Fix duration conversion error
3af34aa Merge pull request #477 from dmlloyd/fix-timeout
6c3ccae Allow null for process timeout
2719c1e Bump io.sundr:sundr-maven-plugin from 0.220.0 to 0.220.1 (#474)
0b3edcb Merge pull request #472 from smallrye/dependabot/maven/io.sundr-sundr-maven-p...
b164212 Bump io.sundr:sundr-maven-plugin from 0.210.0 to 0.220.0
Additional commits viewable in compare view

Updates net.java.dev.jna:jna from 5.17.0 to 5.18.1

Changelog

Sourced from net.java.dev.jna:jna's changelog.

Release 5.18.1

Bug Fixes

#1686: Fix sortFields race condition while getting fields - @bendk.

Release 5.18.0

Features

#1671: Add isRISCV to c.s.j.Platform - @Glavo.

#1672: Add CFLocale, CFLocaleCopyCurrent, CFCFDateFormatter, CFDateFormatterStyle, CFDateFormatterCreate and CFDateFormatterGetFormat to c.s.j.p.mac.CoreFoundation - @dbwiddis.

#1669: Document requirement for running on JDK 24+ - @matthiasblaesing.

Bug Fixes

#1681: Fix deadlock in Structure constructor introduced in 5.16.0 - @brettwooldridge.

#1683: Fix native build error on Xcode 16.3 / Apple Clang 17 - @brettwooldridge.

Commits

3c493c1 Release 5.18.1
e3838d5 Merge pull request #1680 from java-native-access/dependabot/github_actions/gi...
5cac361 Bump the github-actions group with 2 updates
5511f28 Merge pull request #1687 from bendk/push-yyprxvvrrttk
c401bca Merge pull request #1690 from jonalmeida/patch-1
6e7e828 Update recommended Android proguard rules
b665e9e Avoid threading issues in sortFields (#1686)
0da700d Prepare next development iteration
285632f Release 5.18.0
77fe152 Support/Prepare deployment to new maven central repository
Additional commits viewable in compare view

Updates `net.java.dev.jna:jna-jpm...

Description has been truncated

… 48 updates Bumps the dev-dependencies group with 48 updates in the /jetty-ee10 directory: | Package | From | To | | --- | --- | --- | | com.sun.mail:jakarta.mail | `2.0.1` | `2.0.2` | | org.glassfish.jersey.containers:jersey-container-servlet | `3.1.10` | `3.1.11` | | org.glassfish.jersey.inject:jersey-hk2 | `3.1.10` | `3.1.11` | | org.glassfish.jersey.media:jersey-media-json-binding | `3.1.10` | `3.1.11` | | org.ow2.asm:asm | `9.8` | `9.9` | | org.ow2.asm:asm-commons | `9.8` | `9.9` | | org.ow2.asm:asm-bom | `9.8` | `9.9` | | org.apache.maven.surefire:surefire-junit47 | `3.5.3` | `3.5.4` | | org.eclipse.jetty.toolchain:jetty-test-helper | `6.3` | `6.4` | | org.apache.logging.log4j:log4j-core | `2.25.0` | `2.25.2` | | org.apache.logging.log4j:log4j-api | `2.25.0` | `2.25.2` | | [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.18.0` | `1.19.0` | | [org.mariadb.jdbc:mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j) | `3.5.4` | `3.5.6` | | [org.apache.openwebbeans:openwebbeans-web](https://github.com/apache/openwebbeans) | `2.0.27` | `2.0.28` | | [com.hazelcast:hazelcast](https://github.com/hazelcast/hazelcast) | `5.5.0` | `5.6.0` | | [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.1` | `2.13.2` | | org.apache.lucene:lucene-core | `9.11.1` | `9.12.3` | | [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.18.3` | `2.20.0` | | [io.netty:netty-bom](https://github.com/netty/netty) | `4.2.0.Final` | `4.2.6.Final` | | [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.13.2` | `5.14.0` | | [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.19` | | [com.google.guava:guava](https://github.com/google/guava) | `33.4.8-jre` | `33.5.0-jre` | | [commons-io:commons-io](https://github.com/apache/commons-io) | `2.19.0` | `2.20.0` | | [io.grpc:grpc-core](https://github.com/grpc/grpc-java) | `1.72.0` | `1.76.0` | | [io.smallrye.common:smallrye-common-cpu](https://github.com/smallrye/smallrye-common) | `2.8.0` | `2.13.9` | | [net.java.dev.jna:jna](https://github.com/java-native-access/jna) | `5.17.0` | `5.18.1` | | [net.java.dev.jna:jna-jpms](https://github.com/java-native-access/jna) | `5.17.0` | `5.18.1` | | [net.minidev:json-smart](https://github.com/netplex/json-smart-v2) | `2.5.2` | `2.6.0` | | [org.apache.commons:commons-compress](https://github.com/apache/commons-compress) | `1.27.1` | `1.28.0` | | org.apache.commons:commons-lang3 | `3.18.0` | `3.19.0` | | [org.apache.maven.resolver:maven-resolver-api](https://github.com/apache/maven-resolver) | `1.9.22` | `1.9.24` | | org.apache.maven.resolver:maven-resolver-supplier | `1.9.22` | `1.9.24` | | [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) | `1.81` | `1.82` | | [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) | `1.81` | `1.82` | | [org.bouncycastle:bctls-jdk18on](https://github.com/bcgit/bc-java) | `1.81` | `1.82` | | [org.bouncycastle:bcutil-jdk18on](https://github.com/bcgit/bc-java) | `1.81` | `1.82` | | [org.eclipse.jdt:ecj](https://github.com/eclipse-jdt/eclipse.jdt.core) | `3.42.0` | `3.43.0` | | [org.eclipse.sisu:org.eclipse.sisu.plexus](https://github.com/eclipse-sisu/sisu-project) | `0.9.0.M3` | `0.9.0.M4` | | [org.jboss.logging:jboss-logging-annotations](https://github.com/jboss-logging/jboss-logging-tools) | `3.0.3.Final` | `3.0.4.Final` | | [org.jboss.logging:jboss-logging-processor](https://github.com/jboss-logging/jboss-logging-tools) | `3.0.3.Final` | `3.0.4.Final` | | [org.jboss.threads:jboss-threads](https://github.com/jbossas/jboss-threads) | `3.8.0.Final` | `3.9.1` | | [org.junit.platform:junit-platform-engine](https://github.com/junit-team/junit-framework) | `1.13.2` | `1.14.0` | | [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `10.23.0` | `10.26.1` | | [eu.maveniverse.maven.njord:extension3](https://github.com/maveniverse/njord) | `0.8.2` | `0.8.4` | | [eu.maveniverse.maven.plugins:njord](https://github.com/maveniverse/njord) | `0.8.2` | `0.8.4` | | [org.apache.maven.shared:maven-filtering](https://github.com/apache/maven-filtering) | `3.3.0` | `3.4.0` | | [org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) | `2.8.0` | `2.9.1` | | org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin | `1.4.3` | `1.5.2` | Updates `com.sun.mail:jakarta.mail` from 2.0.1 to 2.0.2 Updates `org.glassfish.jersey.containers:jersey-container-servlet` from 3.1.10 to 3.1.11 Updates `org.glassfish.jersey.inject:jersey-hk2` from 3.1.10 to 3.1.11 Updates `org.glassfish.jersey.media:jersey-media-json-binding` from 3.1.10 to 3.1.11 Updates `org.glassfish.jersey.inject:jersey-hk2` from 3.1.10 to 3.1.11 Updates `org.glassfish.jersey.media:jersey-media-json-binding` from 3.1.10 to 3.1.11 Updates `org.ow2.asm:asm` from 9.8 to 9.9 Updates `org.ow2.asm:asm-commons` from 9.8 to 9.9 Updates `org.ow2.asm:asm-bom` from 9.8 to 9.9 Updates `org.ow2.asm:asm-commons` from 9.8 to 9.9 Updates `org.apache.maven.surefire:surefire-junit47` from 3.5.3 to 3.5.4 Updates `org.eclipse.jetty.toolchain:jetty-test-helper` from 6.3 to 6.4 Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 2.25.2 Updates `org.apache.logging.log4j:log4j-api` from 2.25.0 to 2.25.2 Updates `commons-codec:commons-codec` from 1.18.0 to 1.19.0 - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-codec@rel/commons-codec-1.18.0...rel/commons-codec-1.19.0) Updates `org.mariadb.jdbc:mariadb-java-client` from 3.5.4 to 3.5.6 - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/main/CHANGELOG.md) - [Commits](mariadb-corporation/mariadb-connector-j@3.5.4...3.5.6) Updates `org.apache.openwebbeans:openwebbeans-web` from 2.0.27 to 2.0.28 - [Commits](apache/openwebbeans@openwebbeans-2.0.27...openwebbeans-2.0.28) Updates `com.hazelcast:hazelcast` from 5.5.0 to 5.6.0 - [Release notes](https://github.com/hazelcast/hazelcast/releases) - [Commits](https://github.com/hazelcast/hazelcast/commits) Updates `com.google.code.gson:gson` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/google/gson/releases) - [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md) - [Commits](google/gson@gson-parent-2.13.1...gson-parent-2.13.2) Updates `org.apache.lucene:lucene-core` from 9.11.1 to 9.12.3 Updates `com.fasterxml.jackson:jackson-bom` from 2.18.3 to 2.20.0 - [Commits](FasterXML/jackson-bom@jackson-bom-2.18.3...jackson-bom-2.20.0) Updates `io.netty:netty-bom` from 4.2.0.Final to 4.2.6.Final - [Commits](netty/netty@netty-4.2.0.Final...netty-4.2.6.Final) Updates `org.junit:junit-bom` from 5.13.2 to 5.14.0 - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.13.2...r5.14.0) Updates `org.ow2.asm:asm-bom` from 9.8 to 9.9 Updates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.19 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.18...v_1.5.19) Updates `com.google.guava:guava` from 33.4.8-jre to 33.5.0-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `commons-io:commons-io` from 2.19.0 to 2.20.0 - [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-io@rel/commons-io-2.19.0...rel/commons-io-2.20.0) Updates `io.grpc:grpc-core` from 1.72.0 to 1.76.0 - [Release notes](https://github.com/grpc/grpc-java/releases) - [Commits](grpc/grpc-java@v1.72.0...v1.76.0) Updates `io.smallrye.common:smallrye-common-cpu` from 2.8.0 to 2.13.9 - [Release notes](https://github.com/smallrye/smallrye-common/releases) - [Commits](smallrye/smallrye-common@2.8.0...2.13.9) Updates `net.java.dev.jna:jna` from 5.17.0 to 5.18.1 - [Changelog](https://github.com/java-native-access/jna/blob/master/CHANGES.md) - [Commits](java-native-access/jna@5.17.0...5.18.1) Updates `net.java.dev.jna:jna-jpms` from 5.17.0 to 5.18.1 - [Changelog](https://github.com/java-native-access/jna/blob/master/CHANGES.md) - [Commits](java-native-access/jna@5.17.0...5.18.1) Updates `net.java.dev.jna:jna-jpms` from 5.17.0 to 5.18.1 - [Changelog](https://github.com/java-native-access/jna/blob/master/CHANGES.md) - [Commits](java-native-access/jna@5.17.0...5.18.1) Updates `net.minidev:json-smart` from 2.5.2 to 2.6.0 - [Release notes](https://github.com/netplex/json-smart-v2/releases) - [Commits](netplex/json-smart-v2@2.5.2...v2.6.0) Updates `org.apache.commons:commons-compress` from 1.27.1 to 1.28.0 - [Changelog](https://github.com/apache/commons-compress/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-compress@rel/commons-compress-1.27.1...rel/commons-compress-1.28.0) Updates `org.apache.commons:commons-lang3` from 3.18.0 to 3.19.0 Updates `org.apache.logging.log4j:log4j-api` from 2.25.0 to 2.25.2 Updates `org.apache.maven.resolver:maven-resolver-api` from 1.9.22 to 1.9.24 - [Release notes](https://github.com/apache/maven-resolver/releases) - [Commits](apache/maven-resolver@maven-resolver-1.9.22...maven-resolver-1.9.24) Updates `org.apache.maven.resolver:maven-resolver-supplier` from 1.9.22 to 1.9.24 Updates `org.apache.maven.resolver:maven-resolver-supplier` from 1.9.22 to 1.9.24 Updates `org.bouncycastle:bcpkix-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcprov-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bctls-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcutil-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcprov-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bctls-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcutil-jdk18on` from 1.81 to 1.82 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.eclipse.jdt:ecj` from 3.42.0 to 3.43.0 - [Commits](https://github.com/eclipse-jdt/eclipse.jdt.core/commits) Updates `org.eclipse.sisu:org.eclipse.sisu.plexus` from 0.9.0.M3 to 0.9.0.M4 - [Release notes](https://github.com/eclipse-sisu/sisu-project/releases) - [Changelog](https://github.com/eclipse-sisu/sisu-project/blob/main/RELEASE.md) - [Commits](eclipse-sisu/sisu-project@milestones/0.9.0.M3...milestones/0.9.0.M4) Updates `org.jboss.logging:jboss-logging-annotations` from 3.0.3.Final to 3.0.4.Final - [Release notes](https://github.com/jboss-logging/jboss-logging-tools/releases) - [Commits](jboss-logging/jboss-logging-tools@3.0.3.Final...3.0.4.Final) Updates `org.jboss.logging:jboss-logging-processor` from 3.0.3.Final to 3.0.4.Final - [Release notes](https://github.com/jboss-logging/jboss-logging-tools/releases) - [Commits](jboss-logging/jboss-logging-tools@3.0.3.Final...3.0.4.Final) Updates `org.jboss.threads:jboss-threads` from 3.8.0.Final to 3.9.1 - [Release notes](https://github.com/jbossas/jboss-threads/releases) - [Commits](jboss/jboss-threads@3.8.0.Final...3.9.1) Updates `org.junit.platform:junit-platform-engine` from 1.13.2 to 1.14.0 - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](https://github.com/junit-team/junit-framework/commits) Updates `com.puppycrawl.tools:checkstyle` from 10.23.0 to 10.26.1 - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](checkstyle/checkstyle@checkstyle-10.23.0...checkstyle-10.26.1) Updates `eu.maveniverse.maven.njord:extension3` from 0.8.2 to 0.8.4 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.8.2...release-0.8.4) Updates `eu.maveniverse.maven.plugins:njord` from 0.8.2 to 0.8.4 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.8.2...release-0.8.4) Updates `org.apache.maven.shared:maven-filtering` from 3.3.0 to 3.4.0 - [Release notes](https://github.com/apache/maven-filtering/releases) - [Commits](apache/maven-filtering@maven-filtering-3.3.0...maven-filtering-3.4.0) Updates `eu.maveniverse.maven.plugins:njord` from 0.8.2 to 0.8.4 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.8.2...release-0.8.4) Updates `org.cyclonedx:cyclonedx-maven-plugin` from 2.8.0 to 2.9.1 - [Release notes](https://github.com/CycloneDX/cyclonedx-maven-plugin/releases) - [Commits](CycloneDX/cyclonedx-maven-plugin@cyclonedx-maven-plugin-2.8.0...cyclonedx-maven-plugin-2.9.1) Updates `org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin` from 1.4.3 to 1.5.2 --- updated-dependencies: - dependency-name: com.sun.mail:jakarta.mail dependency-version: 2.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.glassfish.jersey.containers:jersey-container-servlet dependency-version: 3.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.glassfish.jersey.inject:jersey-hk2 dependency-version: 3.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.glassfish.jersey.media:jersey-media-json-binding dependency-version: 3.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.glassfish.jersey.inject:jersey-hk2 dependency-version: 3.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.glassfish.jersey.media:jersey-media-json-binding dependency-version: 3.1.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.ow2.asm:asm dependency-version: '9.9' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.ow2.asm:asm-commons dependency-version: '9.9' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.ow2.asm:asm-bom dependency-version: '9.9' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.ow2.asm:asm-commons dependency-version: '9.9' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.apache.maven.surefire:surefire-junit47 dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.eclipse.jetty.toolchain:jetty-test-helper dependency-version: '6.4' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.apache.logging.log4j:log4j-core dependency-version: 2.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.logging.log4j:log4j-api dependency-version: 2.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: commons-codec:commons-codec dependency-version: 1.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.mariadb.jdbc:mariadb-java-client dependency-version: 3.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.openwebbeans:openwebbeans-web dependency-version: 2.0.28 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.hazelcast:hazelcast dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: com.google.code.gson:gson dependency-version: 2.13.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.lucene:lucene-core dependency-version: 9.12.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: io.netty:netty-bom dependency-version: 4.2.6.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.junit:junit-bom dependency-version: 5.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.ow2.asm:asm-bom dependency-version: '9.9' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: ch.qos.logback:logback-core dependency-version: 1.5.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.google.guava:guava dependency-version: 33.5.0-jre dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: commons-io:commons-io dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: io.grpc:grpc-core dependency-version: 1.76.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: io.smallrye.common:smallrye-common-cpu dependency-version: 2.13.9 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: net.java.dev.jna:jna dependency-version: 5.18.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: net.java.dev.jna:jna-jpms dependency-version: 5.18.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: net.java.dev.jna:jna-jpms dependency-version: 5.18.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: net.minidev:json-smart dependency-version: 2.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.apache.commons:commons-compress dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.apache.commons:commons-lang3 dependency-version: 3.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.apache.logging.log4j:log4j-api dependency-version: 2.25.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.maven.resolver:maven-resolver-api dependency-version: 1.9.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.maven.resolver:maven-resolver-supplier dependency-version: 1.9.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.maven.resolver:maven-resolver-supplier dependency-version: 1.9.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bcpkix-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bctls-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bcutil-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bctls-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.bouncycastle:bcutil-jdk18on dependency-version: '1.82' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.eclipse.jdt:ecj dependency-version: 3.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.eclipse.sisu:org.eclipse.sisu.plexus dependency-version: 0.9.0.M4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.jboss.logging:jboss-logging-annotations dependency-version: 3.0.4.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.jboss.logging:jboss-logging-processor dependency-version: 3.0.4.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.jboss.threads:jboss-threads dependency-version: 3.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.junit.platform:junit-platform-engine dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: com.puppycrawl.tools:checkstyle dependency-version: 10.26.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.njord:extension3 dependency-version: 0.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.plugins:njord dependency-version: 0.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.maven.shared:maven-filtering dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.plugins:njord dependency-version: 0.8.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.cyclonedx:cyclonedx-maven-plugin dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 15, 2025

dependabot bot force-pushed the dependabot/maven/jetty-ee10/jetty-12.1.x/dev-dependencies-7e29dac16d branch from 932c6c9 to 73da1c7 Compare October 17, 2025 06:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates #13785

[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates #13785

dependabot bot commented on behalf of github Oct 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates #13785

Are you sure you want to change the base?

[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 48 updates #13785

Conversation

dependabot bot commented on behalf of github Oct 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Apache Commons Codec 1.19.0 Release Notes

New features

Fixed Bugs

Changes

MariaDB Connector/Java 3.5.6

3.5.6 (Sep 2025)

Key Enhancements

Issues Resolved

MariaDB Connector/Java 3.5.5

3.5.5 (Aug 2025)

Issues Resolved

3.5.6 (Sep 2025)

Key Enhancements

Issues Resolved

3.5.5 (Aug 2025)

Issues Resolved

Gson 2.13.2

What's Changed

New Contributors

Logback 1.5.19

33.5.0

Maven

Jar files

Javadoc

JDiff

Changelog

Introduction

New features

Fixed Bugs

v1.76.0

Bug Fixes

Improvements

New Features

Documentation

Dependencies

Thanks to

2.13.9

2.13.8

2.13.7

2.13.6

2.13.5

2.13.4

2.13.3

2.13.2

2.13.1

2.13.0

2.13.beta2

2.13.beta1

2.12.0

2.11.0

2.10.0

Release 5.18.1

Bug Fixes

Release 5.18.0

Features

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Oct 15, 2025 •

edited

Loading