[12.1.x EE10] Bump the dev-dependencies group across 1 directory with 46 updates

[dependabot]

Bumps the dev-dependencies group with 46 updates in the /jetty-ee10 directory:

Package	From	To
com.sun.mail:jakarta.mail	2.0.1	2.0.2
org.glassfish.jersey.containers:jersey-container-servlet	3.1.10	3.1.11
org.glassfish.jersey.inject:jersey-hk2	3.1.10	3.1.11
org.glassfish.jersey.media:jersey-media-json-binding	3.1.10	3.1.11
org.ow2.asm:asm	9.8	9.9
org.ow2.asm:asm-commons	9.8	9.9
org.ow2.asm:asm-bom	9.8	9.9
org.apache.maven.surefire:surefire-junit47	3.5.3	3.5.4
org.eclipse.jetty.toolchain:jetty-test-helper	6.3	6.4
org.apache.logging.log4j:log4j-core	2.25.0	2.25.2
org.apache.logging.log4j:log4j-api	2.25.0	2.25.2
commons-codec:commons-codec	1.18.0	1.19.0
org.mariadb.jdbc:mariadb-java-client	3.5.4	3.5.6
org.apache.openwebbeans:openwebbeans-web	2.0.27	2.0.28
com.hazelcast:hazelcast	5.5.0	5.6.0
com.google.code.gson:gson	2.13.1	2.13.2
org.apache.lucene:lucene-core	9.11.1	9.12.3
com.fasterxml.jackson:jackson-bom	2.18.3	2.20.0
io.netty:netty-bom	4.2.0.Final	4.2.7.Final
org.junit:junit-bom	5.13.2	5.14.0
ch.qos.logback:logback-core	1.5.18	1.5.20
com.google.guava:guava	33.4.8-jre	33.5.0-jre
commons-io:commons-io	2.19.0	2.20.0
io.grpc:grpc-core	1.72.0	1.76.0
io.smallrye.common:smallrye-common-cpu	2.8.0	2.13.9
net.java.dev.jna:jna	5.17.0	5.18.1
net.java.dev.jna:jna-jpms	5.17.0	5.18.1
net.minidev:json-smart	2.5.2	2.6.0
org.apache.commons:commons-compress	1.27.1	1.28.0
org.apache.commons:commons-lang3	3.18.0	3.19.0
org.apache.maven.resolver:maven-resolver-api	1.9.22	1.9.24
org.apache.maven.resolver:maven-resolver-supplier	1.9.22	1.9.24
org.bouncycastle:bcpkix-jdk18on	1.81	1.82
org.bouncycastle:bcprov-jdk18on	1.81	1.82
org.bouncycastle:bctls-jdk18on	1.81	1.82
org.bouncycastle:bcutil-jdk18on	1.81	1.82
org.eclipse.jdt:ecj	3.42.0	3.43.0
org.eclipse.sisu:org.eclipse.sisu.plexus	0.9.0.M3	0.9.0.M4
org.jboss.threads:jboss-threads	3.8.0.Final	3.9.1
org.junit.platform:junit-platform-engine	1.13.2	1.14.0
com.puppycrawl.tools:checkstyle	10.23.0	10.26.1
eu.maveniverse.maven.njord:extension3	0.8.2	0.8.5
eu.maveniverse.maven.plugins:njord	0.8.2	0.8.5
org.apache.maven.shared:maven-filtering	3.3.0	3.4.0
org.cyclonedx:cyclonedx-maven-plugin	2.8.0	2.9.1
org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin	1.4.3	1.5.2

Updates com.sun.mail:jakarta.mail from 2.0.1 to 2.0.2

Updates org.glassfish.jersey.containers:jersey-container-servlet from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.1.10 to 3.1.11

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.1.10 to 3.1.11

Updates org.ow2.asm:asm from 9.8 to 9.9

Updates org.ow2.asm:asm-commons from 9.8 to 9.9

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates org.ow2.asm:asm-commons from 9.8 to 9.9

Updates org.apache.maven.surefire:surefire-junit47 from 3.5.3 to 3.5.4

Updates org.eclipse.jetty.toolchain:jetty-test-helper from 6.3 to 6.4

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-api from 2.25.0 to 2.25.2

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.
  

•         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.
  

•         Add PMD check to the default Maven goal. Thanks to Gary Gregory.
  

•         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.
  

Fixed Bugs

•         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.
  

•         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  

• CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.

•         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.
  

•         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.
  

•         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.
  

•         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.
  

•         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.
  

•         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.
  

•         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.
  

•         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  

• CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
• CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.
  

•         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.
  

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.
  

•         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.
  

•         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.
  

•         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.
  

•         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.
  

Changes

... (truncated)

Commits

• 351cb22 Prepare for the release candidate 1.19.0 RC1
• 0d501b6 Prepare for the next release candidate
• d6d4b82 Refactor duplicate code
• 6d6456c No need to exclude abstract test classes from Surefire runs
• 22d62e4 No need to specify the default value for linkXref
• c4daf34 No longer need to override the version of the Jacoco Maven plugin
• 8f2b673 Remove workaround for [SUREFIRE-2253]
• 466a61d Fix Javadoc
• ca27bd3 Fix Checkstyle
• 1dfb4e5 Better internal method name
• Additional commits viewable in compare view

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.4 to 3.5.6

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.6

3.5.6 (Sep 2025)

Full Changelog

Key Enhancements

• CONJ-1238 - rewriteBatchStatements implementation
• CONJ-1274 - server prepared statement client failover to client prepared statement

Issues Resolved

• CONJ-1278 - prepared statement caching enablement correction, same than 2.x
• CONJ-1279 - metadata table name addition for 12.1 after MDEV-28933
• CONJ-1280 - permit having multiple command with initSql option
• CONJ-1276 - Connection#isValid(int timeout) does not obey the passed in timeout if the network is down.

MariaDB Connector/Java 3.5.5

3.5.5 (Aug 2025)

Full Changelog

Issues Resolved

• CONJ-1265 - ensure rollback and release savepoint operation to be sent to server, even when there is no transaction in progress
• CONJ-1270 - forceConnectionTimeZoneToSession doesn't always set the timezone to server

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.6 (Sep 2025)

Full Changelog

Key Enhancements

• CONJ-1238 - rewriteBatchStatements implementation
• CONJ-1274 - server prepared statement client failover to client prepared statement

Issues Resolved

• CONJ-1278 - prepared statement caching enablement correction, same than 2.x
• CONJ-1279 - metadata table name addition for 12.1 after MDEV-28933
• CONJ-1280 - permit having multiple command with initSql option
• CONJ-1276 - Connection#isValid(int timeout) does not obey the passed in timeout if the network is down.

3.5.5 (Aug 2025)

Full Changelog

Issues Resolved

• CONJ-1265 - ensure rollback and release savepoint operation to be sent to server, even when there is no transaction in progress
• CONJ-1270 - forceConnectionTimeZoneToSession doesn't always set the timezone to server

Commits

• 0bffb46 Merge branch 'develop'
• 8e5f44d bump 3.5.6
• d870e13 [CONJ-1274] have server prepared statement client failover
• b43a845 [misc] failover during a transaction must only throw one error
• 13f120e [misc] correct github action to test main branch
• b3701fb [misc] test improvement
• 7903a4b [misc] updating CI links to mariadb-corporation account
• bcb0981 [misc] updating CI links to mariadb-corporation account
• 79609b8 [CONJ-1276] Connection#isValid(int timeout) does not obey the passed in timeo...
• fac4146 [CONJ-1272] Tests fail with early access JVM builds
• Additional commits viewable in compare view

Updates org.apache.openwebbeans:openwebbeans-web from 2.0.27 to 2.0.28

Commits

• 09181d5 [maven-release-plugin] prepare release openwebbeans-2.0.28
• ab45ce6 fix(#OWB-1450): Interceptor proxy memory leak. Add caching at an higher level
• f93bfea fix(#OWB-1450): remove non working cache on proxies per AT
• cdc9a57 fix: maven dependency to Gradle not found and NPE in previous plugin version
• 3feacc6 Merge pull request #127 from jgallimore/owb_2.0.x-owb-cdi-junit
• 129a538 OWB-1448 remove wildcard import
• 9bbd3f7 OWB-1448 rework following feedback
• eb4b4c6 OWB-1448 removing left over e.printStackTrace()
• 41a5596 OWB-1448 Fix Issue with Cdi annotation and alternatives
• 0376bd7 upgrade to apache-parent 29
• Additional commits viewable in compare view

Updates com.hazelcast:hazelcast from 5.5.0 to 5.6.0

Release notes

Sourced from com.hazelcast:hazelcast's releases.

v5.6.0

For the full release notes for this release, see https://docs.hazelcast.com/hazelcast/5.6/release-notes/5-6-0.

Commits

• a9ce2a0 Upgrade version to 5.6.0
• 0c74a48 Fix Maven Central Publisher javadoc validation errors [REL-722][5.6.0] (#5436)
• 6dca350 Fix PartitionContainerImpl [5.6.0] (#5232)
• 23b166f Bump spring.boot.version to 3.5.6 to address CVE-2025-41249 [5.6.0] (#5...
• 1813672 Fix com.hazelcast.internal.dynamicconfig.DynamicConfigTest [5.6.0] (#5222)
• 1cc9f20 Explicit throw if ExplicitSuspicionOp received without master set [5.6.0] (#5...
• f42fea2 Migrate to new Maven Central repositories [5.6.0] (#5205)
• 63fd7e3 Comment Spring Boot version usage in tests [5.6.0] (#5168)
• ec455c4 Add missing postProcessBeanFactory for Spring 5 compatibility [5.6.0] (#5184)
• 9b8b92d Fix com.hazelcast.internal.diagnostics.DiagnosticsAutoOffTests.testAutoOff_do...
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

• Improved packaging of JPMS module declaration in Gson jar
  This fixes an issue where Eclipse and VS Code users could not refer to the Gson module name com.google.gson. See issue google/gson#2679.
• Remove internal class GsonPreconditions by @​Marcono1234 in google/gson#2879
• Switch to using central-publishing-maven-plugin by @​eamonnmcmanus in google/gson#2900

New Contributors

• @​MukjepScarlet made their first contribution in google/gson#2852
• @​ChrisCraik made their first contribution in google/gson#2856

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Commits

• 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
• c2d252a Switch to using central-publishing-maven-plugin. (#2900)
• 69cb755 Bump the github-actions group with 5 updates (#2894)
• ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
• fdc616d Set top-level permissions for CodeQL workflow (#2889)
• 9334715 Create scorecard.yml (#2888)
• f7de5c2 Bump the maven group with 8 updates (#2885)
• 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
• 5eab3ed Bump the github-actions group with 2 updates (#2886)
• 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
• Additional commits viewable in compare view

Updates org.apache.lucene:lucene-core from 9.11.1 to 9.12.3

Updates com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.20.0

Commits

• 54f854b [maven-release-plugin] prepare release jackson-bom-2.20.0
• 9cc68d4 Prep for 2.20.0
• cbef800 Version sync for 2.20.0 release (in near future)
• 79bc4ed Back to snapshot deps
• 94947a0 [maven-release-plugin] prepare for next development iteration
• 369dffe [maven-release-plugin] prepare release jackson-bom-2.20.0-rc1
• c5caaf2 Prep for 2.20.0-rc1
• 8ad6e0a Move to 2.20.0-rc1-SNAPSHOT
• 500ef4d Merge branch '2.19' into 2.x
• 274f228 Back to snapshot deps
• Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.2.0.Final to 4.2.7.Final

Commits

• 511cbac [maven-release-plugin] prepare release netty-4.2.7.Final
• bf1cad6 Adjust plugin config to not publish testsuite artifacts
• 690f56f [maven-release-plugin] rollback the release of netty-4.2.7.Final
• 63b5232 [maven-release-plugin] prepare for next development iteration
• 9f99dfd [maven-release-plugin] prepare release netty-4.2.7.Final
• 551c32a Upgrade publishing plugin
• a6660fe [maven-release-plugin] rollback the release of netty-4.2.7.Final
• 297b7c1 [maven-release-plugin] prepare for next development iteration
• 2c89a17 [maven-release-plugin] prepare release netty-4.2.7.Final
• 1782e8c Merge commit from fork
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.2 to 5.14.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8545c93 Release 5.14.0
• 1d405a0 Polish release notes for 5.14 GA
• c1f78f6 Prepare 5.14.0 release notes and link to migration guide
• a6f666c Allow new classes to be added
• f728dfa Disable compatibility checks for all aggregator projects
• 72b34aa Validate list of accepted breaking changes
• bc62d27 Only track module-specific lines in accepted-breaking-changes.txt
• 1d95a3c Clear custom initialize-at-build-time lists
• 513be32 Update plugin org.graalvm.buildtools.native to v0.11.1
• 174d8de Back to snapshots for further development
• Additional commits viewable in compare view

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 930fb15 prepare release 1.5.20
• 0b4432a provide an alternative to Janino based conditional configuration processing -...
• 258558f provide an alternative to Janino based conditional configuration processing -...
• ee77a70 provide an alternative to Janino based conditional configuration processing -...
• 5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
• 728803f fix typo
• aa5eeb1 start work on version 1.5.20-SNAPSHOT
• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

• c224bce Prepare for the release candidate 2.20.0 RC1
• 8981a5c Remove workaround for
• 4ef481f Prepare for the next release candidate
• d23228f Merge branch 'master' of https://github.com/apache/commons-io.git
• 5d2737f Add @​SuppressWarnings
• e5c80d6 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 #761
• 2017ac0 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#761)
• 07ce798 Javadoc
• a828efa Add ciManagement element to POM
• 46bd1c2 Javadoc
• Additional commits viewable in compare view

Updates io.grpc:grpc-core from 1.72.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-core's releases.

v1.76.0

Bug Fixes

• xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
• compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
• servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
• servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
• binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
• binder: The server will now only accept post-setup transactions from the authorized server UID.
• util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
• android: A fix has been implemented for network change handling on API levels below 24.

Improvements

• api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
• api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
• servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
• servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
• xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
• bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
• bazel: Unnecessary direct build dependencies were removed from some targets
• netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
• netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
• netty: Include allow header for HTTP response code 405
• okhttp: Include allow header for HTTP response code 405
• binder: Error descriptions for ServiceConnection callbacks have been improved
• binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

• stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
• compiler: Support for macOS aarch64 with a universal binary has been added.
• opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
• binder: A NameResolver for Android's intent: URIs has been introduced.
• binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

• SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
• examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

• Upgraded Guava version to 33.4.8.
• The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt @Sangamesh1997

... (truncated)

Commits

• d0db129 Bump version to 1.76.0
• aa672ca Update README etc to reference 1.76.0
• 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
• f89d1d8 api: remove nullable from StatusOr value methods (#12338)
• 040665f examples: Explain Bazel BCR releases and git_override option
• 4995700 xds: Remove verify TODO for onResult2 error status
• afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
• 1a7042a android: fix network change handling on API levels < 24
• 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
• 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
• Additional commits viewable in compare view

Updates io.smallrye.common:smallrye-common-cpu from 2.8.0 to 2.13.9

Release notes

Sourced from io.smallrye.common:smallrye-common-cpu's releases.

2.13.9

No release notes provided.

2.13.8

No release notes provided.

2.13.7

No release notes provided.

2.13.6

No release notes provided.

2.13.5

No release notes provided.

2.13.4

No release notes provided.

2.13.3

No release notes provided.

2.13.2

No release notes provided.

2.13.1

No release notes provided.

2.13.0

No release notes provided.

2.13.beta2

No release notes provided.

2.13.beta1

No release notes provided.

2.12.0

No release notes provided.

2.11.0

• #402 Introduce parent-child structure for duplication context

2.10.0

• #394 Release 2.10.0
• #393 Bump io.smallrye:smallrye-parent from 46 to 47
• #392 Javadoc fixes
• #391 Bump version.vertx from 4.5.11 to 4.5.12
• #390 Bump org.graalvm.sdk:nativeimage from 24.1.1 to 24.1.2
• #389 Make CPU cache interrogation an opt-in feature
• #388 Slightly reduce the startup cost of the modules used in Quarkus

... (truncated)

Commits

• fb23335 [maven-release-plugin] prepare release 2.13.9
• a6bff5b Merge pull request #480 from smallrye/release
• b4c7b8b Release 2.13.9
• 14a2061 Merge pull request #479 from dmlloyd/fix-nanos
• 199f099 Fix duration conversion error
• 3af34aa Merge pull request #477 from dmlloyd/fix-timeout
• 6c3ccae Allow null for process timeout
• 2719c1e Bump io.sundr:sundr-maven-plugin from 0.220.0 to 0.220.1 (#474)
• 0b3edcb Merge pull request #472 from smallrye/dependabot/maven/io.sundr-sundr-maven-p...
• b164212 Bump io.sundr:sundr-maven-plugin from 0.210.0 to 0.220.0
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna from 5.17.0 to 5.18.1

Changelog

Sourced from net.java.dev.jna:jna's changelog.

Release 5.18.1

Bug Fixes

• #1686: Fix sortFields race condition while getting fields - @​bendk.

Release 5.18.0

Features

• #1671: Add isRISCV to c.s.j.Platform - @​Glavo.
• #1672: Add CFLocale, CFLocaleCopyCurrent, CFCFDateFormatter, CFDateFormatterStyle, CFDateFormatterCreate and CFDateFormatterGetFormat to c.s.j.p.mac.CoreFoundation - @​dbwiddis.
• #1669: Document requirement for running on JDK 24+ - @​matthiasblaesing.

Bug Fixes

• #1681: Fix deadlock in Structure constructor introduced in 5.16.0 - @​brettwooldridge.
• #1683: Fix native build error on Xcode 16.3 / Apple Clang 17 - @​brettwooldridge.

Commits

• 3c493c1 R...

  Description has been truncated