Skip to content

Bump the prod-deps-ver group with 9 updates #1902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kuntzed merged 2 commits into from
Jan 23, 2026
Merged

Bump the prod-deps-ver group with 9 updates #1902

kuntzed merged 2 commits into from
Jan 23, 2026
+15 −7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 23, 2026
edited
Loading

Bumps the prod-deps-ver group with 9 updates:

Package From To
org.apache.logging.log4j:log4j-to-slf4j 2.25.2 2.25.3
org.apache.logging.log4j:log4j-api 2.25.2 2.25.3
io.projectreactor:reactor-core 3.8.0 3.8.2
io.projectreactor:reactor-test 3.7.11 3.8.2
commons-io:commons-io 2.20.0 2.21.0
org.mockito:mockito-core 5.20.0 5.21.0
org.apache.maven.plugins:maven-source-plugin 3.3.1 3.4.0
org.eclipse.jetty.ee10:jetty-ee10-servlet 12.0.27 12.1.5
org.eclipse.jetty.ee10:jetty-ee10-webapp 12.0.27 12.1.5

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.25.2 to 2.25.3

Updates org.apache.logging.log4j:log4j-api from 2.25.2 to 2.25.3

Updates org.apache.logging.log4j:log4j-api from 2.25.2 to 2.25.3

Updates io.projectreactor:reactor-core from 3.8.0 to 3.8.2

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.8.2

Reactor Core 3.8.2 is part of the 2025.0.2 Release Train.

What's Changed

✨ New features and improvements

Full Changelog: reactor/reactor-core@v3.8.1...v3.8.2

v3.8.1

Reactor Core 3.8.1 is part of 2025.0.1 Release Train.

What's Changed

✨ New features and improvements

🐞 Bug fixes

Full Changelog: reactor/reactor-core@v3.8.0...v3.8.1

Commits
  • 126a846 [release] Prepare and release 3.8.2
  • 771a60d Merge-ignore release 3.7.15 into 3.8.2
  • 590087a [release] Next development version 3.7.16-SNAPSHOT
  • 5de5a2a [release] Prepare and release 3.7.15
  • 4cf56bb Bump Micrometer from 1.16.1 to 1.16.2 (#4182)
  • 55a9513 Merge #4181 into 3.8.2
  • cb953c7 Bump io.projectreactor.tools:blockhound from 1.0.15.RELEASE to 1.0.16.RELEASE...
  • 537f6f3 Bump NullAway from 0.12.12 to 0.12.15 and adjust VirtualTimeScheduler (#4180)
  • be0c230 Merge #4178 into 3.8.2
  • 7c33de8 Bump ruby/setup-ruby from 1.267.0 to 1.281.0 in /.github/workflows (#4178)
  • Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.7.11 to 3.8.2

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.8.2

Reactor Core 3.8.2 is part of the 2025.0.2 Release Train.

What's Changed

✨ New features and improvements

Full Changelog: reactor/reactor-core@v3.8.1...v3.8.2

v3.8.1

Reactor Core 3.8.1 is part of 2025.0.1 Release Train.

What's Changed

✨ New features and improvements

🐞 Bug fixes

Full Changelog: reactor/reactor-core@v3.8.0...v3.8.1

v3.8.0

Reactor Core 3.8.0 is part of 2025.0.0 Release Train.

3.8.0 Highlights

Enhanced Null Safety using JSpecify

🦺 Reactor Core 3.8.0 introduces JSpecify annotations for comprehensive null safety, replacing the legacy JSR 305-based annotations with a modern, properly specified standard that prevents NullPointerExceptions through build-time checks. This upgrade provides enhanced IDE support, seamless Kotlin integration with automatic translation to Kotlin's null safety system, and more precise nullability declarations including support for arrays, varargs, and generic types — making Reactor APIs safer and more developer-friendly across the entire ecosystem.

⚠️ Nullability annotations from reactor.util.annotation have been deprecated in favour of JSpecify annotations.

📖 Check the refreshed reference documentation section on Null Safety.

⚠️ Note for Kotlin users: While this change is backwards compatible in the Java ecosystem and does not dictate a new generation of Reactor Core, we do appreciate it can appear as breaking changes for Kotlin codebases. The benefits are well defined nullness of the Reactor API and reduction of the ceremony that was required prior to the introduction of JSpecify annotations.

Repeat Spec

Repeat functionality from Reactor Addons has been ported to Reactor Core under the RepeatSpec class and can be used in conjunction with the Flux#repeatWhen() and Mono#repeatWhen() operators. Make sure to check out the Javadoc.

... (truncated)

Commits
  • 126a846 [release] Prepare and release 3.8.2
  • 771a60d Merge-ignore release 3.7.15 into 3.8.2
  • 590087a [release] Next development version 3.7.16-SNAPSHOT
  • 5de5a2a [release] Prepare and release 3.7.15
  • 4cf56bb Bump Micrometer from 1.16.1 to 1.16.2 (#4182)
  • 55a9513 Merge #4181 into 3.8.2
  • cb953c7 Bump io.projectreactor.tools:blockhound from 1.0.15.RELEASE to 1.0.16.RELEASE...
  • 537f6f3 Bump NullAway from 0.12.12 to 0.12.15 and adjust VirtualTimeScheduler (#4180)
  • be0c230 Merge #4178 into 3.8.2
  • 7c33de8 Bump ruby/setup-ruby from 1.267.0 to 1.281.0 in /.github/workflows (#4178)
  • Additional commits viewable in compare view

Updates commons-io:commons-io from 2.20.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.22.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.22.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

This is a feature and maintenance release. Java 8 or later is required.

New features

o Add and use IOUtils.closeQuietly(Closeable, Throwable) #818. Thanks to Gary Gregory.

Fixed Bugs

o Fix Apache RAT plugin console warnings. Thanks to Gary Gregory. o ByteArraySeekableByteChannel.position(long) and truncate(long) shouldn't throw an IllegalArgumentException for a new positive position that's too large #817. Thanks to Gary Gregory, Piotr P. Karwasz. o Fix malformed Javadoc comments. Thanks to Gary Gregory. o ReadAheadInputStream.close() doesn't always close its filtered input stream. Thanks to Stanislav Fort, Gary Gregory.

Changes

o Bump org.apache.commons:commons-parent from 91 to 95 #816. Thanks to Gary Gregory, Dependabot. o Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 #812. Thanks to Gary Gregory, Dependabot. o Bump commons.bytebuddy.version from 1.17.8 to 1.18.3 #814, #820. Thanks to Gary Gregory, Dependabot. o Bump commons-lang3 from 3.19.0 to 3.20.0. Thanks to Gary Gregory, Dependabot.

Commons IO 2.7 and up requires Java 8 or above. Commons IO 2.6 requires Java 7 or above. Commons IO 2.3 through 2.5 requires Java 6 or above. Commons IO 2.2 requires Java 5 or above. Commons IO 1.4 requires Java 1.3 or above.

Historical list of changes: https://commons.apache.org/proper/commons-io/changes.html

For complete information on Apache Commons IO, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons IO website:

https://commons.apache.org/proper/commons-io/

Download page: https://commons.apache.org/proper/commons-io/download_io.cgi

... (truncated)

Commits

Updates org.mockito:mockito-core from 5.20.0 to 5.21.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

Commits
  • 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
  • df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
  • 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
  • 756a3cf Add description of matchers to potential mismatch (#3760)
  • 58ba445 Forbid mocking WeakReference with inline mock maker (#3759)
  • 966d600 Bump actions/upload-artifact from 4 to 5 (#3756)
  • 632bf7b Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 (#3755)
  • 8564b43 Fix primitives support in GenericArrayReturnType for Android (#3753)
  • bf3a809 Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 (#3744)
  • cffddd4 Bump gradle/actions from 4 to 5 (#3743)
  • Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.7.11 to 3.8.2

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.8.2

Reactor Core 3.8.2 is part of the 2025.0.2 Release Train.

What's Changed

✨ New features and improvements

Full Changelog: reactor/reactor-core@v3.8.1...v3.8.2

v3.8.1

Reactor Core 3.8.1 is part of 2025.0.1 Release Train.

What's Changed

✨ New features and improvements

🐞 Bug fixes

Full Changelog: reactor/reactor-core@v3.8.0...v3.8.1

v3.8.0

Reactor Core 3.8.0 is part of 2025.0.0 Release Train.

3.8.0 Highlights

Enhanced Null Safety using JSpecify

🦺 Reactor Core 3.8.0 introduces JSpecify annotations for comprehensive null safety, replacing the legacy JSR 305-based annotations with a modern, properly specified standard that prevents NullPointerExceptions through build-time checks. This upgrade provides enhanced IDE support, seamless Kotlin integration with automatic translation to Kotlin's null safety system, and more precise nullability declarations including support for arrays, varargs, and generic types — making Reactor APIs safer and more developer-friendly across the entire ecosystem.

⚠️ Nullability annotations from reactor.util.annotation have been deprecated in favour of JSpecify annotations.

📖 Check the refreshed reference documentation section on Null Safety.

⚠️ Note for Kotlin users: While this change is backwards compatible in the Java ecosystem and does not dictate a new generation of Reactor Core, we do appreciate it can appear as breaking changes for Kotlin codebases. The benefits are well defined nullness of the Reactor API and reduction of the ceremony that was required prior to the introduction of JSpecify annotations.

Repeat Spec

Repeat functionality from Reactor Addons has been ported to Reactor Core under the RepeatSpec class and can be used in conjunction with the Flux#repeatWhen() and Mono#repeatWhen() operators. Make sure to check out the Javadoc.

... (truncated)

Commits
  • 126a846 [release] Prepare and release 3.8.2
  • 771a60d Merge-ignore release 3.7.15 into 3.8.2
  • 590087a [release] Next development version 3.7.16-SNAPSHOT
  • 5de5a2a [release] Prepare and release 3.7.15
  • 4cf56bb Bump Micrometer from 1.16.1 to 1.16.2 (#4182)
  • 55a9513 Merge #4181 into 3.8.2
  • cb953c7 Bump io.projectreactor.tools:blockhound from 1.0.15.RELEASE to 1.0.16.RELEASE...
  • 537f6f3 Bump NullAway from 0.12.12 to 0.12.15 and adjust VirtualTimeScheduler (#4180)
  • be0c230 Merge #4178 into 3.8.2
  • 7c33de8 Bump ruby/setup-ruby from 1.267.0 to 1.281.0 in /.github/workflows (#4178)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
  • 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
  • 7a9a770 [maven-release-plugin] prepare for next development iteration
  • 292c1ce Use plexus-utils version from parent
  • bf79b71 Bump m-invoker-p to 3.9.1
  • 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
  • a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
  • 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
  • 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
  • ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.0.27 to 12.1.5

Updates org.eclipse.jetty.ee10:jetty-ee10-webapp from 12.0.27 to 12.1.5

Updates org.eclipse.jetty.ee10:jetty-ee10-webapp from 12.0.27 to 12.1.5

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
org.mockito:mockito-core [>= 4.a, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 23, 2026
@dependabot dependabot bot mentioned this pull request Jan 23, 2026
Closed
@dependabot dependabot bot force-pushed the dependabot/maven/prod-deps-ver-4d4f6d5174 branch from 90586af to c434b79 Compare January 23, 2026 08:48
@dependabot
Bump the prod-deps-ver group with 9 updates
d65a10c 
Bumps the prod-deps-ver group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| org.apache.logging.log4j:log4j-to-slf4j | `2.25.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-api | `2.25.2` | `2.25.3` |
| [io.projectreactor:reactor-core](https://github.com/reactor/reactor-core) | `3.8.0` | `3.8.2` |
| [io.projectreactor:reactor-test](https://github.com/reactor/reactor-core) | `3.7.11` | `3.8.2` |
| [commons-io:commons-io](https://github.com/apache/commons-io) | `2.20.0` | `2.21.0` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.20.0` | `5.21.0` |
| [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.1` | `3.4.0` |
| org.eclipse.jetty.ee10:jetty-ee10-servlet | `12.0.27` | `12.1.5` |
| org.eclipse.jetty.ee10:jetty-ee10-webapp | `12.0.27` | `12.1.5` |


Updates `org.apache.logging.log4j:log4j-to-slf4j` from 2.25.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-api` from 2.25.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-api` from 2.25.2 to 2.25.3

Updates `io.projectreactor:reactor-core` from 3.8.0 to 3.8.2
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.8.0...v3.8.2)

Updates `io.projectreactor:reactor-test` from 3.7.11 to 3.8.2
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.7.11...v3.8.2)

Updates `commons-io:commons-io` from 2.20.0 to 2.21.0
- [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-io@rel/commons-io-2.20.0...rel/commons-io-2.21.0)

Updates `org.mockito:mockito-core` from 5.20.0 to 5.21.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.20.0...v5.21.0)

Updates `io.projectreactor:reactor-test` from 3.7.11 to 3.8.2
- [Release notes](https://github.com/reactor/reactor-core/releases)
- [Commits](reactor/reactor-core@v3.7.11...v3.8.2)

Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0
- [Release notes](https://github.com/apache/maven-source-plugin/releases)
- [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.0.27 to 12.1.5

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.27 to 12.1.5

Updates `org.eclipse.jetty.ee10:jetty-ee10-webapp` from 12.0.27 to 12.1.5

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-to-slf4j
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-core
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-test
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: commons-io:commons-io
  dependency-version: 2.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: io.projectreactor:reactor-test
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.apache.maven.plugins:maven-source-plugin
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-webapp
  dependency-version: 12.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-deps-ver
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/prod-deps-ver-4d4f6d5174 branch from c434b79 to d65a10c Compare January 23, 2026 08:56
@kuntzed kuntzed enabled auto-merge (squash) January 23, 2026 11:23
@kuntzed kuntzed merged commit b69f9f9 into main Jan 23, 2026
6 checks passed
@kuntzed kuntzed deleted the dependabot/maven/prod-deps-ver-4d4f6d5174 branch January 23, 2026 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NiklasHerrmann21 NiklasHerrmann21 NiklasHerrmann21 approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NiklasHerrmann21 @kuntzed