Skip to content
This repository was archived by the owner on Dec 12, 2025. It is now read-only.

chore(deps): bump the all-dependencies group across 1 directory with 14 updates#170

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/all-dependencies-310e34c452
Open

chore(deps): bump the all-dependencies group across 1 directory with 14 updates#170
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/all-dependencies-310e34c452

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Bumps the all-dependencies group with 14 updates in the / directory:

Package From To
org.springdoc:springdoc-openapi-starter-webmvc-ui 2.8.10 3.0.0
io.swagger.core.v3:swagger-core 2.2.36 2.2.41
com.azure:azure-monitor-opentelemetry-autoconfigure 1.3.0 1.4.0
net.logstash.logback:logstash-logback-encoder 8.1 9.0
org.apache.logging.log4j:log4j-to-slf4j 2.24.3 2.25.2
ch.qos.logback:logback-classic 1.5.18 1.5.21
ch.qos.logback:logback-core 1.5.18 1.5.21
org.hibernate.validator:hibernate-validator 9.0.1.Final 9.1.0.Final
org.apache.commons:commons-text 1.14.0 1.15.0
com.fasterxml.jackson.core:jackson-databind 2.19.2 2.20.1
org.projectlombok:lombok 1.18.38 1.18.42
org.junit:junit-bom 5.13.4 6.0.1
com.github.ben-manes.versions 0.52.0 0.53.0
org.cyclonedx.bom 2.3.1 3.1.0

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.10 to 3.0.0

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.0 released!

Added

  • #2975 - Spring Framework 7 - Initial API versioning support
  • #3123 - Support static resources for webflux

Changed

  • Upgrade to Spring Boot 4.0.0!
  • Upgrade to Scalar 0.4.3

Fixed

  • #3131 - Warning messages when docs are explicitly enabled
  • #3121 - NPE in KotlinDeprecatedPropertyCustomizer - resolvedSchema is null

Full Changelog: springdoc/springdoc-openapi@v3.0.0-RC1...v3.0.0

springdoc-openapi v3.0.0-RC1 released!

Added

  • #3095 - Add support for Spring Boot 4.0.0-RC1

Full Changelog: springdoc/springdoc-openapi@v3.0.0-M1...v3.0.0-RC1

springdoc-openapi v3.0.0-M1 released!

Added

  • #3062 - Add Spring Boot 4.0.0-M2 support

springdoc-openapi v2.8.14 released!

What's Changed

Added

  • #3090 - Add logs to notify when SpringDocs/Scalar is enabled because SpringDocs/Scalar is enabled by default

Changed

  • Upgrade swagger-ui to v5.30.1
  • Upgrade swagger-core to v2.2.38
  • Upgrade spring-boot to v3.5.7
  • Upgrade commons-lang3 to v3.18.0
  • Upgrade scalar to v0.3.12

Fixed

  • #3107 - Fix:compatible with lower version of getOpenApi().

... (truncated)

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[2.8.14] - 2025-11-02

Added

  • #3090 - Add logs to notify when SpringDocs/Scalar is enabled because SpringDocs/Scalar is enabled by default

Changed

  • Upgrade swagger-ui to v5.30.1
  • Upgrade swagger-core to v2.2.38
  • Upgrade spring-boot to v3.5.7
  • Upgrade commons-lang3 to v3.18.0
  • Upgrade scalar to v0.3.12

Fixed

  • #3107 - Fix:compatible with lower version of getOpenApi().
  • #3121 - NPE in KotlinDeprecatedPropertyCustomizer - resolvedSchema is null

[2.8.13] - 2025-09-07

Added

  • #3084 - Add Scalar Support

Changed

  • Upgrade swagger-ui to v5.28.1

Fixed

  • #3076 - With oneOf the response schema contains an extra type: string

[2.8.12] - 2025-09-01

Changed

  • Upgrade swagger-ui to v5.28.0

Fixed

  • #3073 - Duplicate key class Parameter when documenting two GET methods with same path and PathVariable.
  • #3071 - @​io.swagger.v3.oas.annotations.parameters.RequestBody does not work well with @​RequestPart

... (truncated)

Commits
  • 6526d7a [maven-release-plugin] prepare release v3.0.0
  • 49409a9 Prepare for next release
  • aa333b3 moving to 3.0.0-SNAPSHOT
  • 44e2f70 Upgrade to spring-boot 4
  • 4b95d0e scalar upgrade to version 0.4.3
  • 9b3dd90 Remove dependency on the latest spring-framework SNAPSHOT.
  • 95c3b87 Warning messages when docs are explicitly enabled. Fixes #3131
  • e444dee Changes report: Regression where content type from swagger @​RequestBody does ...
  • 007977e feat: static resources for webflux #3123
  • 0293459 Spring Framework 7 - API versioning support #2975
  • Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-core from 2.2.36 to 2.2.41

Release notes

Sourced from io.swagger.core.v3:swagger-core's releases.

Swagger-core 2.2.41 released!

  • Fix/annotated type caching 5003 (#5005)
  • #4852 Unit test and fix to allow recursive models to process without StackOverflow (#5004)
  • fix: Refactor JsonAssert and apply to json/yaml assertions (#5002)
  • fix: use arraySchema when deciding required of an array (#4998)
  • fix: NotBlank and NotEmpty annotations follow NotNull behavior (#4968)

Swagger-core 2.2.40 released!

  • fix: remove superfluous ref for a composed schema. Fixes #4959 (#5000)
  • Bump classgraph version to 4.8.184 (#4992)
  • fix(test): Make serialization tests robust against key reordering (#4990)

Swagger-core 2.2.39 released!

  • chore: remove System.out and printStackTrace to align with Sonar rules S106 and S1148 (#4988)
  • fix: adjust docs about RequiredMode.AUTO + small refactor (#4982)
  • Fix a non-deterministic assertion in ServletUtilsTest (#4981)
  • Fix(core): Prevent redundant schema resolution by fixing AnnotatedType equality (#4975)

Swagger-core 2.2.38 released!

  • honor array schema description when generating OpenAPI 3.1 (#4942)

Swagger-core 2.2.37 released!

  • fix: prevent leaking properties to enum schema when Schema#implementa… (#4970)
  • refs enumAsRef Issue 4932 (#4969)
  • fix: add booleanSchemaValue to Schema's hashCode and equals (#4958)
  • fix: Fix missing items on nested @​ArraySchema items in OAS 3.1 (#4949)
Commits
  • fae397a prepare release 2.2.41 (#5022)
  • cf11db7 fix: use arraySchema when deciding required of an array (#4998) Fixes: #4341
  • 2546511 fix: stops reprocessing parameters extracted from nested BeanParam Fixes: #39...
  • 23d2971 fix: NotBlank and NotEmpty annotations follow NotNull behavior (#4968)
  • 75af075 fix: Refactor JsonAssert and apply to json/yaml assertions (#5002)
  • 0a5556a #4852 fix: allow recursive models to process without StackOverflow (#5004)
  • 8260e8f Fix/annotated type caching 5003 (#5005)
  • 99ba4cd bump snapshot 2.2.41-SNAPSHOT
  • 1b170bf prepare release 2.2.40
  • 24ade8e Bump classgraph version to 4.8.184
  • Additional commits viewable in compare view

Updates com.azure:azure-monitor-opentelemetry-autoconfigure from 1.3.0 to 1.4.0

Commits
  • 56c7913 Prepare azure-json and azure-xml for February 2025 release (#43948)
  • cf5a43b Port OpenRewrite to Main (#43884)
  • 0f86c1a Improve token credential object caching logic for identity extension (#43936)
  • 7f0d67f Sync eng/common directory with azure-sdk-tools for PR 9687 (#43909)
  • 62e88e4 Move CI version overrides to matrix based approach (#43913)
  • 4bd28aa Change ClientCore's baseline to Java 8 and make it a multi-release JAR (#43931)
  • b50fa28 Sparse checkout 1espt auto-baselining file by default (#43921)
  • 71c2ecf Add necessary condition (#43933)
  • 00c4511 Increment package versions for resourcemanager releases (#43928)
  • 4783bce Increment package versions for kusto releases (#43929)
  • Additional commits viewable in compare view

Updates net.logstash.logback:logstash-logback-encoder from 8.1 to 9.0

Release notes

Sourced from net.logstash.logback:logstash-logback-encoder's releases.

logstash-logback-encoder-9.0

This major release migrates to Jackson 3, and bumps the minimum Java version to 17.

The migration to Jackson 3 introduced some backwards incompatibilities. See #1095 for upgrade details.

Special thanks to new contributors @​tommyulfsparre, @​patrickjbarry, and @​maxxedev!

What's Changed

⚠️ Update considerations and deprecations

✨ New features and improvements

🐞 Bug fixes

📖 Documentation, Tests and Build

🆙 Dependency Upgrades

New Contributors

Full Changelog: logfellow/logstash-logback-encoder@logstash-logback-encoder-8.1...logstash-logback-encoder-9.0

Commits
  • e8a1c8e [maven-release-plugin] prepare release logstash-logback-encoder-9.0
  • eecb205 Add link to discussions in contributing.md
  • 572543c fix build badge in readme
  • c64b998 Use alert at top of readme
  • f74c821 Make it possible to pretty print throwables as array of strings. (#1043)
  • 358f644 Document Thread and ThreadLocal cleanup (#1105)
  • 0d553cf Add ability to suppress messages from stacktrace (#1104)
  • c9318cd Bump maven to 3.9.11 (#1103)
  • ef58694 Bump codeql action to v3 (#1102)
  • 3059741 Bump logback-core.version from 1.5.19 to 1.5.20 (#1097)
  • Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.2

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • fed6f37 prepare release 1.5.21
  • b111e89 Initialization procedure has been simplified by removing the step
  • 1cd2df4 fix issues/871
  • dea5b95 minor - remove superflous call to Objects.requireNonNull
  • 3cecf29 add comment for the TurboFilter list ACCEPT case
  • 1497142 improve performance for 2 or more turbo filters
  • 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
  • ab6a006 add maven cache to github CI, update .github/FUNDING.yml
  • 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
  • 2ca8c52 update funding info
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • fed6f37 prepare release 1.5.21
  • b111e89 Initialization procedure has been simplified by removing the step
  • 1cd2df4 fix issues/871
  • dea5b95 minor - remove superflous call to Objects.requireNonNull
  • 3cecf29 add comment for the TurboFilter list ACCEPT case
  • 1497142 improve performance for 2 or more turbo filters
  • 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
  • ab6a006 add maven cache to github CI, update .github/FUNDING.yml
  • 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
  • 2ca8c52 update funding info
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • fed6f37 prepare release 1.5.21
  • b111e89 Initialization procedure has been simplified by removing the step
  • 1cd2df4 fix issues/871
  • dea5b95 minor - remove superflous call to Objects.requireNonNull
  • 3cecf29 add comment for the TurboFilter list ACCEPT case
  • 1497142 improve performance for 2 or more turbo filters
  • 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
  • ab6a006 add maven cache to github CI, update .github/FUNDING.yml
  • 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
  • 2ca8c52 update funding info
  • Additional commits viewable in compare view

Updates org.hibernate.validator:hibernate-validator from 9.0.1.Final to 9.1.0.Final

Release notes

Sourced from org.hibernate.validator:hibernate-validator's releases.

Release 9.1.0.Final

Hibernate Validator 9.1.0.Final released

We are pleased to announce the release of Hibernate Validator 9.1: 9.1.0.Final.

You can find the full list of 9.1.0.Final changes here.

What's new

This release mainly targets to improve performance. At the same time it contains a few other improvements, new constraints and more. See the "what's new" page to learn more.

You can also find the report on validation performace improvements at our blog.

Conclusion

For additional details, see:

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.validator:hibernate-validator's changelog.

9.1.0.Final (2025-11-07)

https://hibernate.atlassian.net/projects/HV/versions/35947

** Improvement * HV-2154 Include hibernate-validator-test-utils in the dist bundle * HV-2153 Create migration guide as part of the project sources * HV-2152 Add a "What's New" document for series

9.1.0.CR1 (2025-10-29)

** Bug * HV-2151 CachingTraversableResolverForSingleValidation won't work

** Improvement * HV-2148 Update Hibernate asciidoc theme to 6.1.1.Final

** Task * HV-2150 Test against wildfly-preview 38.0.0.Final * HV-2149 Lower the log level for some resource bundle messages

9.1.0.Beta1 (2025-10-22)

** Improvement * HV-2147 Bump Apache Groovy to 5.0.2 * HV-2145 Require JDK 25 for the build * HV-2144 Update to com.fasterxml:classmate 1.7.1 * HV-2143 Apply the unified Hibernate Documentation theme

** New Feature * HV-2137 Add IpAddress constraint

** Task * HV-2142 Stage documentation and javadocs to projectroot/target/staging-deploy/documentation

9.1.0.Alpha2 (2025-09-19)

** Improvement * HV-2140 Bump Apache Groovy to 5.0.1 * HV-2139 Introduce a RandomAccessPath as an extension of the org.hibernate.validator.path.Path * HV-2138 Include license file in the META-INF of published artifacts * HV-2135 Do not initialize the alreadyProcessedGroups unless necessary in BeanValueContext * HV-2004 add constant pool for @​Pattern

** Task

... (truncated)

Commits
  • 6a1892c [Jenkins release job] Preparing release 9.1.0.Final
  • 24e2fa2 [Jenkins release job] changelog.txt updated by release build 9.1.0.Final
  • f3d68ef [Jenkins release job] README.md updated by release build 9.1.0.Final
  • b907d99 Fix file permissions on XMLs
  • 9739153 Use alternative Release Scripts
  • a9822c6 Bump the build-dependencies group with 4 updates
  • 109c5f8 HV-2152 Adjust the previous stable version
  • e020246 HV-2154 Include hibernate-validator-test-utils in the dist bundle
  • 42ee1b0 HV-2152 Add a "What's New" document for series / HV-2153 Create migration gui...
  • f394975 Bump the workflow-actions group with 2 updates
  • Additional commits viewable in compare view

Updates org.apache.commons:commons-text from 1.14.0 to 1.15.0

Changelog

Sourced from org.apache.commons:commons-text's changelog.

Apache Commons Text 1.15.0 Release Notes

The Apache Commons Text team is pleased to announce the release of Apache Commons Text 1.15.0.

Apache Commons Text is a set of utility functions and reusable components for processing and manipulating text in a Java environment.

Release 1.15.0. This is a feature and maintenance release. Java 8 or later is required.

New features

  •        Add experimental CycloneDX VEX file [#683](https://github.com/apache/commons-text/issues/683). Thanks to Piotr P. Karwasz, Gary Gregory.
  • TEXT-235: Add Damerau-Levenshtein distance #687. Thanks to LorgeN, Gary Gregory.
  •        Add unit tests to increase coverage [#719](https://github.com/apache/commons-text/issues/719). Thanks to Michael Hausegger, Gary Gregory.

  •        Add new test for CharSequenceTranslator#with() [#725](https://github.com/apache/commons-text/issues/725). Thanks to Michael Hausegger, Gary Gregory.

  •        Add tests and assertions to org.apache.commons.text.similarity to get to 100% code coverage [#727](https://github.com/apache/commons-text/issues/727), [#728](https://github.com/apache/commons-text/issues/728). Thanks to Michael Hausegger.

Fixed Bugs

  •        Fix exception message typo in XmlStringLookup.XmlStringLookup(Map, Path...). Thanks to Gary Gregory.
  • TEXT-236: Inserting at the end of a TextStringBuilder throws a StringIndexOutOfBoundsException. Thanks to Pierre Post, Sumit Bera, Alex Herbert, Gary Gregory.
  •        Fix TextStringBuilderTest.testAppendToCharBuffer() to use proper argument type [#724](https://github.com/apache/commons-text/issues/724). Thanks to Michael Hausegger.

  •        Fix Apache RAT plugin console warnings. Thanks to Gary Gregory.

  •        Fix site XML to use version 2.0.0 XML schema. Thanks to Gary Gregory.

  •        Removed unreachable threshold verification code in src/main/java/org/apache/commons/text/similarity [#730](https://github.com/apache/commons-text/issues/730). Thanks to Michael Hausegger.

  •        Enable secure processing for the XML parser in XmlStringLookup in case the underlying JAXP implementation doesn't [#729](https://github.com/apache/commons-text/issues/729). Thanks to 김민재 (minjas0507), Gary Gregory, Piotr Karwasz.

Changes

  •        Bump org.apache.commons:commons-parent from 85 to 93 [#704](https://github.com/apache/commons-text/issues/704), [#723](https://github.com/apache/commons-text/issues/723), [#726](https://github.com/apache/commons-text/issues/726). Thanks to Gary Gregory.

  •        Bump commons.bytebuddy.version from 1.17.6 to 1.18.2 [#696](https://github.com/apache/commons-text/issues/696), [#722](https://github.com/apache/commons-text/issues/722). Thanks to Gary Gregory.

  •        Bump graalvm.version from 24.2.2 to 25.0.1 [#703](https://github.com/apache/commons-text/issues/703), [#716](https://github.com/apache/commons-text/issues/716). Thanks to Gary Gregory, Dependabot.

  •        Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0. Thanks to Gary Gregory.

  •        Bump commons-io:commons-io from 2.20.0 to 2.21.0. Thanks to Gary Gregory.

Historical list of changes: https://commons.apache.org/proper/commons-text/changes.html

For complete information on Apache Commons Text, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Text website:

https://commons.apache.org/proper/commons-text

Download page: https://commons.apache.org/proper/commons-text/download_text.cgi

... (truncated)

Commits
  • 04e9374 Prepare for the release candidate 1.15.0 RC1
  • 502c4c4 Prepare for the next release candidate
  • c6e17ec Use direct access
  • 58e1e12 Simplify XML FSP (#731)
  • b5052c9 Bump actions/setup-java from 5.0.0 to 5.1.0
  • 2e2d4bc Revert "Bump actions/setup-java from 5.0.0 to 5.1.0"
  • b0ddbd1 Bump actions/setup-java from 5.0.0 to 5.1.0
  • 1c2d382 Add tests with external DTD
  • ed3df4b Internal clean up
  • bb508f3 Bump actions/checkout from 6.0.0 to 6.0.1
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.1

Commits

Updates org.projectlombok:lombok from 1.18.38 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

  • FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
  • BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.

v1.18.40 (September 4th, 2025)

  • PLATFORM: JDK25 support added #3859.
  • BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
  • PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
  • BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
  • FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
  • IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.
Description has been truncated

@dependabot dependabot bot added dependencies java Pull requests that update java code labels Dec 8, 2025
@dependabot dependabot bot force-pushed the dependabot/gradle/all-dependencies-310e34c452 branch 2 times, most recently from 86aac00 to 374aaf6 Compare December 9, 2025 10:07
@dependabot
chore(deps): bump the all-dependencies group across 1 directory with …
5ddf892 
…14 updates

Bumps the all-dependencies group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) | `2.8.10` | `3.0.0` |
| [io.swagger.core.v3:swagger-core](https://github.com/swagger-api/swagger-core) | `2.2.36` | `2.2.41` |
| [com.azure:azure-monitor-opentelemetry-autoconfigure](https://github.com/Azure/azure-sdk-for-java) | `1.3.0` | `1.4.0` |
| [net.logstash.logback:logstash-logback-encoder](https://github.com/logfellow/logstash-logback-encoder) | `8.1` | `9.0` |
| org.apache.logging.log4j:log4j-to-slf4j | `2.24.3` | `2.25.2` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.21` |
| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.21` |
| [org.hibernate.validator:hibernate-validator](https://github.com/hibernate/hibernate-validator) | `9.0.1.Final` | `9.1.0.Final` |
| [org.apache.commons:commons-text](https://github.com/apache/commons-text) | `1.14.0` | `1.15.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.19.2` | `2.20.1` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.38` | `1.18.42` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.13.4` | `6.0.1` |
| com.github.ben-manes.versions | `0.52.0` | `0.53.0` |
| org.cyclonedx.bom | `2.3.1` | `3.1.0` |



Updates `org.springdoc:springdoc-openapi-starter-webmvc-ui` from 2.8.10 to 3.0.0
- [Release notes](https://github.com/springdoc/springdoc-openapi/releases)
- [Changelog](https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md)
- [Commits](springdoc/springdoc-openapi@v2.8.10...v3.0.0)

Updates `io.swagger.core.v3:swagger-core` from 2.2.36 to 2.2.41
- [Release notes](https://github.com/swagger-api/swagger-core/releases)
- [Commits](swagger-api/swagger-core@v2.2.36...v2.2.41)

Updates `com.azure:azure-monitor-opentelemetry-autoconfigure` from 1.3.0 to 1.4.0
- [Release notes](https://github.com/Azure/azure-sdk-for-java/releases)
- [Commits](Azure/azure-sdk-for-java@v1.3.0...azure-json_1.4.0)

Updates `net.logstash.logback:logstash-logback-encoder` from 8.1 to 9.0
- [Release notes](https://github.com/logfellow/logstash-logback-encoder/releases)
- [Commits](logfellow/logstash-logback-encoder@logstash-logback-encoder-8.1...logstash-logback-encoder-9.0)

Updates `org.apache.logging.log4j:log4j-to-slf4j` from 2.24.3 to 2.25.2

Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.21
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.21)

Updates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.21
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.21)

Updates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.21
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.21)

Updates `org.hibernate.validator:hibernate-validator` from 9.0.1.Final to 9.1.0.Final
- [Release notes](https://github.com/hibernate/hibernate-validator/releases)
- [Changelog](https://github.com/hibernate/hibernate-validator/blob/main/changelog.txt)
- [Commits](hibernate/hibernate-validator@9.0.1.Final...9.1.0.Final)

Updates `org.apache.commons:commons-text` from 1.14.0 to 1.15.0
- [Changelog](https://github.com/apache/commons-text/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-text@rel/commons-text-1.14.0...rel/commons-text-1.15.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.19.2 to 2.20.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.projectlombok:lombok` from 1.18.38 to 1.18.42
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.38...v1.18.42)

Updates `org.junit:junit-bom` from 5.13.4 to 6.0.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.13.4...r6.0.1)

Updates `com.github.ben-manes.versions` from 0.52.0 to 0.53.0

Updates `org.cyclonedx.bom` from 2.3.1 to 3.1.0

---
updated-dependencies:
- dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: io.swagger.core.v3:swagger-core
  dependency-version: 2.2.41
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: com.azure:azure-monitor-opentelemetry-autoconfigure
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: net.logstash.logback:logstash-logback-encoder
  dependency-version: '9.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-to-slf4j
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.hibernate.validator:hibernate-validator
  dependency-version: 9.1.0.Final
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-text
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.20.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: com.github.ben-manes.versions
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.cyclonedx.bom
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/gradle/all-dependencies-310e34c452 branch from 374aaf6 to 5ddf892 Compare December 9, 2025 17:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants