chore: Update 3PP libraries (#149)

This update was generated by running `./gradlew versionCatalogUpdate`

It also explictly manages the following dependencies to ensure they are
covered by the automatic updates:
- apache httpclient
- log4j core
- netty-codec

This should now cover all dependabot issues regarding the core JDBC work

Author: mkaufmann

buildSrc/src/main/kotlin/version-updates.gradle.kts

@@ -28,6 +28,10 @@ versionCatalogUpdate {
         } else if ("org.mockito" in it.candidate.group && !candidateVersion.startsWith("4.")) {
             //This is soft pinned to 4.* (as 5 is not Java 8 compatible)
             false
+        } else if ("io.netty" in it.candidate.group && "netty-codec" in it.candidate.module && !candidateVersion.startsWith("4.1.")) {
+            // netty-codec is soft pinned to 4.1.* (as 4.2+ may have compatibility issues)
+            // This restriction applies only to the netty-codec version entry, not other netty libraries
+            false
         } else {
             stableKeyword || regex.matches(candidateVersion)
         }

gradle/libs.versions.toml

@@ -1,47 +1,52 @@
 # https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format
 # https://docs.gradle.org/current/userguide/version_catalogs.html
 [versions]
+apache-httpcomponents-httpclient = "5.6"
 # @pin this version as it is the last Java 8 compatible version of Arrow
 arrow = "17.0.0"
-com-fasterxml-jackson-core-jackson-databind = "2.20.0"
-com-fasterxml-jackson-module-jackson-module-scala = "2.20.0"
+com-fasterxml-jackson-core-jackson-databind = "2.21.0"
+com-fasterxml-jackson-module-jackson-module-scala = "2.21.0"
 # This has special version logic in `buildSrc/src/main/kotlin/version-updates.gradle.kts` to also pick the -jre version
 com-google-guava-guava = "33.5.0-jre"
-grpc = "1.75.0"
+grpc = "1.78.0"
 # This is only indirectly used by gRPC & Arrow but we provide an explicit version to fix security issues in the transitive dependencies
-io-netty = "4.2.6.Final"
+io-netty = "4.2.9.Final"
 javax-annotation-javax-annotation-api = "1.3.2"
 jjwt = "0.13.0"
+log4j-core = "2.25.3"
 # This is soft pinned to 4.* (as 5 is not Java 8 compatible) in `buildSrc/src/main/kotlin/version-updates.gradle.kts`
 mockito = "4.11.0"
 net-jodah-failsafe = "3.3.2"
+# This is soft pinned to 4.1.* (as 4.2+ may have compatibility issues) in `buildSrc/src/main/kotlin/version-updates.gradle.kts`
+netty-codec = "4.1.130.Final"
 # This is soft pinned to 4.* (as we didn't invest in the upgrade yet) in `buildSrc/src/main/kotlin/version-updates.gradle.kts`
 okhttp3 = "4.12.0"
 # @pin this version as the following versions have a breaking Cursor change, that - with the upcoming Avactica removal - we currently don't want to invest in
 org-apache-calcite-avatica-core = "1.26.0"
-org-apache-commons-commons-lang3 = "3.19.0"
+org-apache-commons-commons-lang3 = "3.20.0"
 # This is soft pinned to 3.* (as the driver is targetting in Spark 3) in `buildSrc/src/main/kotlin/version-updates.gradle.kts`
-org-apache-spark = "3.5.7"
-org-assertj-assertj-core = "3.27.6"
+org-apache-spark = "3.5.8"
+org-assertj-assertj-core = "3.27.7"
 org-grpcmock-grpcmock-junit5 = "0.16.0"
 # This is soft pinned to 5.* (as 6 is not Java 8 compatible) in `buildSrc/src/main/kotlin/version-updates.gradle.kts`
-org-junit-bom = "5.14.0"
+org-junit-bom = "5.14.2"
 org-junit-platform-junit-platform-launcher = "1.14.0"
-org-postgresql-pgjdbc = "42.7.8"
+org-postgresql-pgjdbc = "42.7.9"
 org-scalatest = "3.2.19"
 org-scalatestplus-junit5 = "3.2.19.0"
 plugin-build-buf = "0.10.3"
-plugin-com-google-protobuf = "0.9.5"
-plugin-com-gradleup-shadow = "9.2.2"
-plugin-freefair-lombok = "9.0.0"
-protobuf = "4.32.1"
+plugin-com-google-protobuf = "0.9.6"
+plugin-com-gradleup-shadow = "9.3.1"
+plugin-freefair-lombok = "9.2.0"
+protobuf = "4.33.4"
 slf4j = "2.0.17"
 
 [libraries]
 apache-arrow-memory-netty = { module = "org.apache.arrow:arrow-memory-netty", version.ref = "arrow" }
 apache-arrow-vector = { module = "org.apache.arrow:arrow-vector", version.ref = "arrow" }
 apache-calcite-avatica = { module = "org.apache.calcite.avatica:avatica-core", version.ref = "org-apache-calcite-avatica-core" }
 apache-commons-lang3 = { module = "org.apache.commons:commons-lang3", version.ref = "org-apache-commons-commons-lang3" }
+apache-httpcomponents-httpclient = { module = "org.apache.httpcomponents.client5:httpclient5", version.ref = "apache-httpcomponents-httpclient" }
 assertj = { module = "org.assertj:assertj-core", version.ref = "org-assertj-assertj-core" }
 failsafe = { module = "dev.failsafe:failsafe", version.ref = "net-jodah-failsafe" }
 grpc-inprocess = { module = "io.grpc:grpc-inprocess", version.ref = "grpc" }
@@ -57,16 +62,18 @@ javax-annotation-api = { module = "javax.annotation:javax.annotation-api", versi
 jjwt-api = { module = "io.jsonwebtoken:jjwt-api", version.ref = "jjwt" }
 jjwt-impl = { module = "io.jsonwebtoken:jjwt-impl", version.ref = "jjwt" }
 jjwt-jackson = { module = "io.jsonwebtoken:jjwt-jackson", version.ref = "jjwt" }
-junit-bom = "org.junit:junit-bom:5.14.0"
+junit-bom = "org.junit:junit-bom:5.14.2"
 junit-jupiter-api = { module = "org.junit.jupiter:junit-jupiter-api", version.ref = "org-junit-bom" }
 junit-jupiter-base = { module = "org.junit.jupiter:junit-jupiter", version.ref = "org-junit-bom" }
 junit-jupiter-engine = { module = "org.junit.jupiter:junit-jupiter-engine", version.ref = "org-junit-bom" }
 junit-jupiter-params = { module = "org.junit.jupiter:junit-jupiter-params", version.ref = "org-junit-bom" }
 junit-platform-engine = { module = "org.junit.platform:junit-platform-engine", version.ref = "org-junit-platform-junit-platform-launcher" }
 junit-platform-launcher = { module = "org.junit.platform:junit-platform-launcher", version.ref = "org-junit-platform-junit-platform-launcher" }
 junit-platform-launcher-test = { module = "org.junit.platform:junit-platform-launcher", version.ref = "org-junit-platform-junit-platform-launcher" }
+log4j-core = { module = "org.apache.logging.log4j:log4j-core", version.ref = "log4j-core" }
 mockito-inline = { module = "org.mockito:mockito-inline", version.ref = "mockito" }
 mockito-junit-jupiter = { module = "org.mockito:mockito-junit-jupiter", version.ref = "mockito" }
+netty-codec = { module = "io.netty:netty-codec", version.ref = "netty-codec" }
 netty-common = { module = "io.netty:netty-common", version.ref = "io-netty" }
 okhttp3-client = { module = "com.squareup.okhttp3:okhttp", version.ref = "okhttp3" }
 okhttp3-logging-interceptor = { module = "com.squareup.okhttp3:logging-interceptor", version.ref = "okhttp3" }