Merge branch 'OpenFeign:master' into master

Author: kamilkrzywanski

SECURITY.md

@@ -0,0 +1,55 @@
+# Security Policy
+
+Thank you for your interest in improving the security of OpenFeign Querydsl. We are committed to addressing security issues responsibly and transparently.
+
+## Supported Versions
+
+We currently support the following versions of the project for security updates:
+
+| Version       | Supported          |
+|---------------|--------------------|
+| 6.x           | ✅                |
+| 5.x and older | ❌                |
+
+If you're using an unsupported version, we recommend updating to the latest 6.x release.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please follow these steps to report it responsibly:
+
+1. **Do not open a public issue**. Instead, report vulnerabilities through our [GitHub Security Advisories](https://github.com/OpenFeign/querydsl/security/advisories).
+   - Navigate to the **Security** tab of the repository.
+   - Click **Report a vulnerability**.
+   - Provide as much detail as possible about the issue, including:
+     - Steps to reproduce the vulnerability
+     - Potential impact
+     - Relevant logs, screenshots, or details
+     - A proposed fix (if available)
+
+2. Once submitted, the report will remain private and will be visible only to the maintainers of this repository.
+
+3. Allow us a reasonable timeframe to investigate and address the issue before publicly disclosing any details.
+
+## Security Update Process
+
+- Upon receiving a vulnerability report, we will acknowledge receipt within **3 business days**.
+- Our team will assess and address the issue based on severity and impact.
+- Once resolved, we will release an updated version and disclose the issue in the release notes.
+
+## Scope of Vulnerabilities
+
+We are particularly interested in:
+- Remote code execution (RCE)
+- Unauthorized access or data exposure
+- Denial-of-service attacks
+- Code injection vulnerabilities
+
+We do **not** consider the following out-of-scope for this project:
+- Issues in dependencies (unless specific to this project's usage)
+- Security misconfigurations in end-user deployments
+
+## Contact Us
+
+If you have any questions about this security policy, feel free to open a discussion in the repository.
+
+Thank you for helping us make Querydsl more secure!

pom.xml

@@ -4,7 +4,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>io.github.openfeign.querydsl</groupId>
   <artifactId>querydsl-root</artifactId>
-  <version>6.9-SNAPSHOT</version>
+  <version>6.10-SNAPSHOT</version>
 
   <packaging>pom</packaging>
   <name>Querydsl</name>
@@ -104,11 +104,11 @@
     <junit.version>5.11.3</junit.version>
     <ecj.version>3.33.0</ecj.version>
     <jdo.version>3.2.1</jdo.version>
-    <springboot.version>3.3.5</springboot.version>
+    <springboot.version>3.4.0</springboot.version>
     <spring.version>6.2.0</spring.version>
 
     <!-- SQL deps -->
-    <db2.version>11.5.9.0</db2.version>
+    <db2.version>12.1.0.0</db2.version>
     <derby.version>10.17.1.0</derby.version>
     <hsqldb.version>2.7.4</hsqldb.version>
     <h2.version>2.3.232</h2.version>
@@ -125,7 +125,7 @@
     <r2dbc.version>1.0.0.RELEASE</r2dbc.version>
 
     <!-- JPA deps -->
-    <hibernate.version>6.6.2.Final</hibernate.version>
+    <hibernate.version>6.6.3.Final</hibernate.version>
     <hibernate.validator.version>8.0.1.Final</hibernate.validator.version>
     <eclipselink.version>4.0.4</eclipselink.version>
     <jpa.version>3.1.0</jpa.version>
@@ -144,7 +144,7 @@
     <morphia.version>1.3.2</morphia.version>
     <jmh.version>1.37</jmh.version>
     <kotlin.version>2.0.21</kotlin.version>
-    <ksp.version>2.0.21-1.0.27</ksp.version>
+    <ksp.version>2.0.21-1.0.28</ksp.version>
     <kotlinpoet.version>2.0.0</kotlinpoet.version>
     <dokka.version>1.9.20</dokka.version>
     <scala.version>2.11.12</scala.version>
@@ -309,7 +309,7 @@
     <dependency>
       <groupId>org.easymock</groupId>
       <artifactId>easymock</artifactId>
-      <version>5.4.0</version>
+      <version>5.5.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -1009,7 +1009,7 @@
           <plugin>
             <groupId>org.openrewrite.maven</groupId>
             <artifactId>rewrite-maven-plugin</artifactId>
-            <version>5.45.0</version>
+            <version>5.45.1</version>
 
             <dependencies>
               <dependency>
@@ -1020,7 +1020,7 @@
               <dependency>
                 <groupId>org.openrewrite.recipe</groupId>
                 <artifactId>rewrite-migrate-java</artifactId>
-                <version>2.29.0</version>
+                <version>2.29.1</version>
               </dependency>
             </dependencies>
 

querydsl-docs/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-root</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>querydsl-docs</artifactId>

querydsl-examples/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-root</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>querydsl-examples</artifactId>
@@ -47,7 +47,7 @@
       <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-core</artifactId>
-        <version>2.24.1</version>
+        <version>2.24.2</version>
       </dependency>
     </dependencies>
   </dependencyManagement>

querydsl-examples/querydsl-example-jpa-guice/pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>querydsl-example-jpa-guice</artifactId>

querydsl-examples/querydsl-example-jpa-quarkus/pom.xml

@@ -5,14 +5,14 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>querydsl-example-jpa-quarkus</artifactId>
   <name>Querydsl example - JPA Quarkus</name>
 
   <properties>
-    <quarkus.version>3.16.2</quarkus.version>
+    <quarkus.version>3.16.4</quarkus.version>
   </properties>
 
   <dependencyManagement>

querydsl-examples/querydsl-example-jpa-spring/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
 
   <artifactId>querydsl-example-jpa-spring</artifactId>

querydsl-examples/querydsl-example-kotlin-codegen/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
   <artifactId>querydsl-example-kotlin-codegen</artifactId>
   <name>Querydsl example - Kotlin Codegen</name>

querydsl-examples/querydsl-example-kotlin-jpa/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
   <artifactId>querydsl-example-kotlin</artifactId>
   <name>Querydsl example - Kotlin JPA</name>

querydsl-examples/querydsl-example-kotlin-mongodb/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>io.github.openfeign.querydsl</groupId>
     <artifactId>querydsl-examples</artifactId>
-    <version>6.9-SNAPSHOT</version>
+    <version>6.10-SNAPSHOT</version>
   </parent>
   <artifactId>querydsl-example-kotlin-mongodb</artifactId>
   <name>Querydsl example - Kotlin MongoDB</name>