fix(deps): update patch updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@docusaurus/module-type-aliases (source)	3.9.1 -> 3.9.2
@docusaurus/types (source)	3.9.1 -> 3.9.2
@types/node (source)	22.18.8 -> 22.18.11
rollup (source)	4.52.3 -> 4.52.5
org.owasp:dependency-check-maven (source)	12.1.6 -> 12.1.8
org.jacoco:jacoco-maven-plugin (source)	0.8.13 -> 0.8.14
io.netty:netty-bom (source)	4.2.6.Final -> 4.2.7.Final
io.quarkus:quarkus-bom	3.28.2 -> 3.28.4
io.quarkus:quarkus-maven-plugin	3.28.2 -> 3.28.4

---

Release Notes

facebook/docusaurus (@​docusaurus/module-type-aliases)

v3.9.2

Compare Source

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #​11490 fix(docs): add support for missing sidebar_key front matter attribute (@​slorber)
• docusaurus-cssnano-preset
  • #​11487 fix(cssnano-preset): disable CSS counter minification (@​YDKK)
• docusaurus-theme-search-algolia
  • #​11468 fix(theme-search-algolia): Fix Algolia AskAI validation logic (@​slorber)
• docusaurus-theme-translations
  • #​11431 fix(theme-translation): add missing Polish (pl) theme translations (@​mariuszkrzaczkowski)
• docusaurus-theme-classic, docusaurus-theme-common
  • #​11466 fix(theme): Fix CSS scroll-margin-top when clicking footnote items, factorize code (@​slorber)
• docusaurus
  • #​11452 fix(core): allow i18n.localeConfigs.translate in validation (@​trofim24)
• docusaurus-theme-mermaid
  • #​11437 fix(theme-mermaid): Fix Mermaid ELK layout dependency required bug on v3.9 (@​slorber)

🏃‍♀️ Performance

• docusaurus-theme-mermaid
  • #​11438 perf(theme-mermaid): lazy load the Mermaid library (@​slorber)

💅 Polish

• docusaurus-theme-classic
  • #​11463 fix(theme): remove "Edit this page" button from print view (@​richk21)

🤖 Dependencies

• #​11479 chore(deps): bump stefanzweifel/git-auto-commit-action from 6 to 7 (@​dependabot[bot])
• #​11480 chore(deps): bump github/codeql-action from 3.26.5 to 4.30.8 (@​dependabot[bot])
• #​11481 chore(deps): bump actions/dependency-review-action from 4.8.0 to 4.8.1 (@​dependabot[bot])
• #​11446 chore(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 (@​dependabot[bot])

🌐 Translations

• docusaurus-theme-translations
  • #​11484 fix(translations): improve Arabic theme translations (@​maysara-elshewehy)

Committers: 9

• Alexander Trofimov (@​trofim24)
• Dan Roscigno (@​DanRoscigno)
• Eleni Grosdouli (@​egrosdou01)
• Ethan (@​ethanppl)
• Mariusz Krzaczkowski (@​mariuszkrzaczkowski)
• Maysara (@​maysara-elshewehy)
• Richa Kiran (@​richk21)
• Sébastien Lorber (@​slorber)
• @​YDKK

rollup/rollup (rollup)

v4.52.5

Compare Source

2025-10-18

Bug Fixes

• Always produce valid UUIDs as debugIds in sourcemaps (#​6144)

Pull Requests

• #​6135: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6140: chore(deps): update peter-evans/create-or-update-comment action to v5 (@​renovate[bot])
• #​6141: chore(deps): update peter-evans/find-comment action to v4 (@​renovate[bot])
• #​6142: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6143: chore: eslint enable concurrency option (@​btea)
• #​6144: fix: generation of debugIDs with invalid length (@​pablomatiasgomez, @​lukastaegert)
• #​6146: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6147: chore(deps): update actions/setup-node action to v6 (@​renovate[bot])

v4.52.4

Compare Source

2025-10-03

Bug Fixes

• Fix an issue where the wrong branch of nullish coalescing was picked (#​6133)

Pull Requests

• #​6128: Enable npm OIDC publishing (@​lukastaegert)
• #​6133: Correct nullish coalescing branch resolution for symbol left value (@​TrickyPi)
• #​6134: fix(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)

dependency-check/DependencyCheck (org.owasp:dependency-check-maven)

v12.1.8

Compare Source

• fix: improve VulnerableSoftware comparison (#​8031)
• build: fix flaky central test (#​8039)
• docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#​8036)
• docs: add note about central analyzer for gradle (#​8038)

See the full listing of changes

v12.1.7

Compare Source

• fix: disable central analyzer after failures (#​7993)
• fix: Suppress JVM warnings from Lucene within CLI (#​8003)
• fix: Clean up Apache Lucene logging via SLF4j redirect (#​7979)
• fix: Correct Archive Analyzer behaviour on certain tgz archives (#​7986)
• fix: Update NVD CPE search URLs in generated reports to match new search interface (#​7970)
• fix: improve OSS Index Error Reporting (#​7977)
• fix(fp): Consolidate false positive suppression for false positives on Redis client libs (#​8017)
• fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#​7994)
• docs: improve slack notification documentation (#​8026)
• docs: Documentation artifactory settings fix (#​7999)
• docs: Clarify Nexus Analyzer requirements and usage (#​8000)
• build: Build amd64 and arm64 multi-platform Docker image (#​7952)

See the full listing of changes

jacoco/jacoco (org.jacoco:jacoco-maven-plugin)

v0.8.14: 0.8.14

Compare Source

New Features

• JaCoCo now officially supports Java 25 (GitHub #​1950).
• Experimental support for Java 26 class files (GitHub #​1870).
• Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #​1655).
• Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #​1814, #​1954).
• Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #​1956).
• Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #​1929).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #​1945).
• Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #​1871).
• Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #​1911).
• Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #​1885, #​1970, #​1971).

Fixed bugs

• Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #​1813, #​1940).
• Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #​1813, #​1940).
  Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #​1819).

Non-functional Changes

• JaCoCo now depends on ASM 9.9 (GitHub #​1965).

quarkusio/quarkus (io.quarkus:quarkus-bom)

v3.28.4

Compare Source

Complete changelog

• #​49225 - OIDC redirect fails to properly append OAuth parameters when original URL contains query parameters
• #​50321 - @RequestParam required true
• #​50400 - Modify @RequestParam presence handling
• #​50427 - DEV UI workspace shows a log file on Windows rather than Java file and hierarchy visualisation is broken
• #​50476 - Rename leftovers of GlobalDevServicesConfig
• #​50490 - Fix DEV UI workspace directory worktree and item selection on Windows
• #​50491 - Correctly restore query params when OIDC does not drop redirect params
• #​50503 - Add a clarification about OAuth2 protected resource metadata route address
• #​50515 - Move Hibernate ORM/Reactive configuration reference to the bottom of the guides
• #​50517 - Assistant: Remove unused exception method
• #​50520 - Minor update to rest-client.adoc
• #​50528 - Project creation with extension not from platform fails with 3.28.3
• #​50531 - Update logging configuration property from .enable to .enabled in application properties
• #​50541 - Bump the hibernate group with 8 updates
• #​50554 - Ignore quarkus-core in non-platform extension catalogs
• #​50556 - Quarkus augmentation weakens file permissions
• #​50557 - Avoid using COPY_ATTRIBUTES when copying the jars of fast jar
• #​50560 - UnsupportedOperationException with HTTP Response Code 204
• #​50569 - Don't fail in Quarkus REST Servlet when trying to remove an HTTP header

v3.28.3

Compare Source

Complete changelog

• #​29817 - quarkus cli fail hard on bad settings.xml
• #​49733 - quarkus.thread-pool.shutdown-interrupt is not respected
• #​50126 - HQL Console improvements
• #​50306 - Unrecognized configuration key "quarkus.gradle-worker.no-process"
• #​50317 - VertxOutputStream: Cannot reserve 65536 bytes of direct buffer memory (allocated: 7601950, limit: 7602176)
• #​50318 - Avoid importing BOMs managing extensions managed by BOMs with higher preferences
• #​50335 - Change quarkus.gradle-worker.* to gradle.quarkus.gradle-worker.*
• #​50336 - Chunked response always finishes cleanly, client cannot detect incomplete download
• #​50351 - Fix a few issues with Java 25 compatibility and include Java 25 in CI
• #​50360 - Dev MCP: Make sure the config dir exist
• #​50361 - When an error occurs during a streaming response, call HttpServerResponse.reset()
• #​50364 - OIDC Steup authentication is missing information about insufficient authentication level in 'www-authenticate' when provider responses with single ACR
• #​50365 - Bump keycloak to 26.4.0 and keycloak-client to 26.0.7
• #​50366 - ArC: fix construction of interception proxies, part 2
• #​50367 - Fix step authentication with Keycloak when protocol mapper has 'acr' user attribute configured as single valued string
• #​50371 - HQL console: correct allow-hql config on hot reload and enter key to run query
• #​50372 - Remove extra space in Dev UI welcome message
• #​50375 - Log OIDC Client requests in debug mode
• #​50376 - Handle backpressure whilst not on the event loop
• #​50377 - Qute template results in timeout instead of NullPointerException
• #​50383 - Qute: fix error propagation from section helpers
• #​50390 - Quarkus OIDC incorrecty selects request filters for the token revocation
• #​50397 - Fix OIDC TokenRevocation filter binding and improve request logging
• #​50399 - Expand error messages when quarkus cli fail hard on bad settings.xml
• #​50401 - Correctly handle Agroal Dev UI settings in hot-reload scenarios
• #​50403 - Update links to Cassandra demo UI
• #​50404 - Application with quarkus-keycloak-admin-rest-client fails to compile after recent Keycloak bump
• #​50405 - Initialize org.keycloak.common.util.SecretGenerator at runtime for Keycloak admin client
• #​50409 - Bump smallrye-graphql.version from 2.14.1 to 2.15.0
• #​50416 - Set correct quarkus.oidc.token.require-jwt-introspection-only default value
• #​50423 - Fix incorrect timing computation
• #​50426 - Create proxies for abstract entity classes too in Hibernate ORM
• #​50429 - Bump the hibernate group with 9 updates
• #​50462 - Update Elasticsearch clients + dev service image version to 9.1.5
• #​50472 - Fix NPE when no library versions exist in the DevUI

---

Configuration

📅 Schedule: Branch creation - "before 7am on monday" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.