build(deps): bump the dependencies group with 15 updates

[dependabot]

Bumps the dependencies group with 15 updates:

Package	From	To
com.github.ben-manes.caffeine:caffeine	3.2.1	3.2.2
com.typesafe:config	1.4.3	1.4.4
io.avaje:avaje-validator	2.11	2.12
io.avaje:avaje-validator-generator	2.11	2.12
org.apache.logging.log4j:log4j-core	2.25.0	2.25.1
org.apache.logging.log4j:log4j-slf4j-impl	2.25.0	2.25.1
io.swagger.parser.v3:swagger-parser	2.1.30	2.1.31
org.hibernate.orm:hibernate-core	6.6.20.Final	6.6.21.Final
com.squareup.okhttp3:okhttp-jvm	5.0.0	5.1.0
com.squareup.okhttp3:okhttp-sse	5.0.0	5.1.0
com.squareup.okhttp3:okhttp-tls	5.0.0	5.1.0
com.diffplug.spotless:spotless-maven-plugin	2.44.5	2.45.0
io.reactivex.rxjava3:rxjava	3.1.10	3.1.11
software.amazon.awssdk:bom	2.31.77	2.31.78
io.smallrye.reactive:mutiny	2.9.2	2.9.3

Updates com.github.ben-manes.caffeine:caffeine from 3.2.1 to 3.2.2

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.2

• Fixed characteristics returned by Spliterators (#1883)

Commits

• f55fea4 minor touchups
• 419e861 increase branch coverage
• a794497 additional tests for collection streams
• 9021c74 Return correct characteristics from spliterators (#1884)
• e9ecffe increase branch coverage
• b20d839 increase branch coverage
• a5e031b increase branch coverage
• 7df5358 Release 3.2.1
• See full diff in compare view

Updates com.typesafe:config from 1.4.3 to 1.4.4

Release notes

Sourced from com.typesafe:config's releases.

1.4.4: July 10, 2025

• build: bump actions to get sbt (#818) thanks to @​johanandren
• build: second try for sbt back in CI job (#820) thanks to @​johanandren
• fix: Incorrect abs of hashes in BadMap (#817) thanks to @​johanandren

Changelog

Sourced from com.typesafe:config's changelog.

1.4.4: July 3, 2025

• build: bump actions to get sbt (#818) thanks to @​johanandren
• build: second try for sbt back in CI job (#820) thanks to @​johanandren
• fix: Incorrect abs of hashes in BadMap (#817) thanks to @​johanandren

Commits

• 0595998 Update release.yml to install sbt
• d34ac70 Rename release.yml
• ed6e1c1 Merge pull request #822 from johanandren/wip-modernize-build
• 8606830 newer plugin, drop old sonatype config
• 90e5084 get rid of failing publish and publishLocal
• 7c107b4 some javadoc fixes to make the build pass
• a72c646 build: Modernize, use sbt-ci-release for releases
• 41c5b72 chore: update NEWS and release 1.4.4 (#821)
• 2d9b9ee fix: Incorrect abs of hashes in BadMap (#817)
• b7b008a build: second try for sbt back in CI job (#820)
• Additional commits viewable in compare view

Updates io.avaje:avaje-validator from 2.11 to 2.12

Release notes

Sourced from io.avaje:avaje-validator's releases.

2.12

What's Changed

• Better error message for missing adapters by @​SentryMan in avaje/avaje-validator#305
• Support Custom Classloader by @​SentryMan in avaje/avaje-validator#306
• For custom ClassLoader support, use non-static ExtensionLoader by @​rbygrave in avaje/avaje-validator#307
• ExtensionLoader was not adding the service loaded AdapterFactories and Ann… by @​rbygrave in avaje/avaje-validator#308
• Add Release Workflow by @​SentryMan in avaje/avaje-validator#310

Full Changelog: avaje/avaje-validator@2.11...2.12

Commits

• 71bfa2e Version 2.12 (#317)
• 2de0dfd Merge pull request #316 from avaje/dependabot/maven/main/dependencies-fa9aa9fefe
• 8843e26 Bump io.avaje:avaje-applog from 1.1 to 1.2 in the dependencies group
• 2f7a006 Merge pull request #315 from avaje/dependabot/maven/main/dependencies-1f96688efa
• 0a55a8a Bump io.avaje:avaje-applog from 1.0 to 1.1 in the dependencies group
• 25a6c11 Merge pull request #314 from avaje/dependabot/maven/main/dependencies-b8f0f6cce3
• 179a8eb Bump org.springframework.boot:spring-boot-dependencies
• b100435 Merge pull request #313 from avaje/dependabot/maven/main/dependencies-aaff35870d
• 2d13303 Bump org.hibernate.validator:hibernate-validator
• a30f977 Merge pull request #312 from avaje/dependabot/github_actions/main/peter-evans...
• Additional commits viewable in compare view

Updates io.avaje:avaje-validator-generator from 2.11 to 2.12

Updates io.avaje:avaje-validator-generator from 2.11 to 2.12

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.25.0 to 2.25.1

Updates io.swagger.parser.v3:swagger-parser from 2.1.30 to 2.1.31

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.31 released!

• fix: configuration for timeout http connection (#2156) (#2207)

Commits

• a3ee58b prepare release 2.1.31
• 63b1cc6 fix: configuration for timeout http connection (#2156) (#2207)
• 08e3553 bump snapshot 2.1.31-SNAPSHOT
• See full diff in compare view

Updates org.hibernate.orm:hibernate-core from 6.6.20.Final to 6.6.21.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Hibernate ORM 6.6.21.Final released

Today, we published a new release of Hibernate ORM 6.6: 6.6.21.Final.

You can find the full list of 6.6.21.Final changes here.

What's new

This release introduces a few minor improvements as well as bug fixes.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 6.6.21.Final (July 13, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/34199

** Bug * [HHH-19596] - NPE when array/collection of Struct contains null value * [HHH-19542] - Embeddable in secondary table fails to recognize a nested embeddable is in the same table

Commits

• e2c64c8 Pre-steps for release : 6.6.21.Final
• f50c525 HHH-19497 fixes incorrect implementation of 'negated in'
• 1cc2aef HHH-19596 Copy & paste org.hibernate.testing.orm.junit.DialectFeatureChecks.S...
• 8c90cba HHH-19596 Additional fix for 6.6 backport
• 2f13d40 HHH-19596 Added checks to avoid NPE's
• 8db5a3a HHH-19596 Test case from example in Jira issue
• cd9a86b Do not use docker registry creds
• acfde43 Only require pull request build approval in the check stage
• 9bfabbd HHH-19542 Ensure columns in embeddables default to correct table
• 381e323 HHH-19542: Embeddable property order for SecondaryTable is no longer causing ...
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-jvm from 5.0.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-jvm's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-sse from 5.0.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-sse's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-tls from 5.0.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-tls's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-sse from 5.0.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-sse's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.44.5 to 2.45.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.45.0

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

Changed

• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[2.45.0] - 2024-01-23

Added

• Support for gofmt (#2001)
• Support for formatting Java Docs for the Palantir formatter (#2009)

[2.44.0] - 2024-01-15

Added

• New static method to DiffMessageFormatter which allows to retrieve diffs with their line numbers (#1960)
• Gradle - Support for formatting shell scripts via shfmt. (#1994)

Fixed

• Fix empty files with biome >= 1.5.0 when formatting files that are in the ignore list of the biome configuration file. (#1989 fixes #1987)
• Fix a regression in BufStep where the same arguments were being provided to every buf invocation. (#1976)

Changed

• Use palantir-java-format 2.39.0 on Java 21. (#1948)
• Bump default ktlint version to latest 1.0.1 -> 1.1.1. (#1973)
• Bump default googleJavaFormat version to latest 1.18.1 -> 1.19.2. (#1971)
• Bump default diktat version to latest 1.2.5 -> 2.0.0. (#1972)

[2.43.1] - 2023-12-04

Fixed

• Eclipse-based steps which contained any jars with a + in their path were broken, now fixed. (#1860)

Changed

• Bump default palantir-java-format version to latest 2.28.0 -> 2.38.0 on Java 21. (#1920)
• Bump default googleJavaFormat version to latest 1.17.0 -> 1.18.1. (#1920)
• Bump default ktfmt version to latest 0.44 -> 0.46. (#1927)
• Bump default eclipse version to latest 4.27 -> 4.29. (#1939)
• Bump default greclipse version to latest 4.28 -> 4.29. (#1939)
• Bump default cdt version to latest 11.1 -> 11.3. (#1939)

[2.43.0] - 2023-11-27

Added

• Support custom rule sets for Ktlint. (#1896)

Fixed

• Fix Eclipse JDT on some settings files. (#1864 fixes #1638)

Changed

• Bump default ktlint version to latest 1.0.0 -> 1.0.1. (#1855)
• Add a Step to remove semicolons from Groovy files. (#1881)

[2.42.0] - 2023-09-28

Added

• Support for biome. The Rome project was renamed to Biome. The configuration is still the same, but you should switch to the new biome tag / function and adjust the version accordingly. (#1804).
• Support for google-java-format's skip-javadoc-formatting option. (#1793)
• Support configuration of mirrors for P2 repositories in Maven DSL (#1697).
• New line endings mode GIT_ATTRIBUTES_FAST_ALLSAME. (#1838)

Fixed

• Fix support for plugins when using Prettier version 3.0.0 and newer. (#1802)
• Fix configuration cache issue around external process started '/usr/bin/git --version'. (#1806)

Changed

... (truncated)

Commits

• 52654ef Published lib/2.45.0
• e62f9cd Remove stale references to _ext (#2016 closes #1970)
• a48a91c Remove _ext from .gitignore.
• 9d468eb Remove _ext from CONTRIBUTING.md.
• 706f18e Add support for gofmt (#2001)
• a145ac0 Merge branch 'main' into petertrr/add-gofmt#861
• 13d9627 flag to format JavaDoc for Palantir formatter (#2009 fixes #1995)
• 6e349d4 Update README.md to increase readability of prettier plugin configuration (#2...
• d4b102c Apply suggestions from code review
• 56a019c Update README.md
• Additional commits viewable in compare view

Updates io.reactivex.rxjava3:rxjava from 3.1.10 to 3.1.11

Release notes

Sourced from io.reactivex.rxjava3:rxjava's releases.

v3.1.11

Version 3.1.11 - July 7, 2025

Maven JavaDocs

Bugfixes

• Fix ReplaySubject termination-subscription race emitting wrongly. #7879

v3.1.11-RC5

Testing if releasing to the new Central Sonatype repository works. Round 5.

Please ignore this update.

v3.1.11-RC4

Testing if releasing to the new Central Sonatype repository works. Attempt 4.

Please ignore this update.

v3.1.11-RC3

Testing if releasing to the new Central Sonatype repository works. Attempt 3.

Please ignore this update.

v3.1.11-RC2

Testing if releasing to the new Central Sonatype repository works. Attempt 2.

Please ignore this update.

v3.1.11-RC1

Testing if releasing to the new Central Sonatype repository works.

Please ignore this update.

Commits

• df73d03 3.x: Fix ReplaySubject termination-subscription race emitting wrongly (#7879)
• be0bd27 chore(deps): bump com.vanniktech.maven.publish from 0.32.0 to 0.33.0 (#7875)
• a206350 chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 (#7877)
• c9516be chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 (#7873)
• 19412e6 chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 (#7871)
• c8c5399 Bump JMH Plugin to 0.7.3 & adjust build.gradle (#7869)
• bf452a7 Fix snapshot publishing
• 5a0ef13 chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#7870)
• 6bc940d Fix syntax error
• 5081ce2 Try another way for sonatype central portal
• Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.31.77 to 2.31.78

Updates io.smallrye.reactive:mutiny from 2.9.2 to 2.9.3

Release notes

Sourced from io.smallrye.reactive:mutiny's releases.

2.9.3

Changelog

🐛 Fixes

• 10a5ac5 deadlock in Uni memoization, closes #1910
• bea5e28 allow Multi ranges to be empty, closes #1901

🧰 Tasks

release

• 8ebf260 update version metadata for Mutiny 2.9.3
• 832a3ac set development version to 999-SNAPSHOT

🛠 Build

deps

• 9bad7bc downgrade to JReleaser 1.18.0
• d812948 bump io.smallrye.common:smallrye-common-annotation
• c2b4a63 bump io.smallrye.common:smallrye-common-annotation
• 1de0082 bump junit.version from 5.13.2 to 5.13.3
• e2fe6b5 bump org.apache.maven.plugins:maven-gpg-plugin
• 7e393de bump org.jreleaser:jreleaser-maven-plugin
• 8987b2a bump io.smallrye.common:smallrye-common-annotation
• 813983b bump io.smallrye.common:smallrye-common-annotation
• 66b4a28 bump io.smallrye.common:smallrye-common-annotation
• 81f8c59 bump junit.version from 5.13.1 to 5.13.2
• 1ddfe5f bump kotlin.version from 2.1.21 to 2.2.0

deps-dev

• 83c4800 bump io.reactivex.rxjava3:rxjava from 3.1.10 to 3.1.11

Contributors

We'd like to thank the following people for their contributions: Julien Ponge

Commits

• 8ebf260 chore(release): update version metadata for Mutiny 2.9.3
• 5ec4ea7 Merge pull request #1913 from jponge/deps/jreleaser-1.18.0-downgrade
• 9bad7bc build(deps): downgrade to JReleaser 1.18.0
• f0904d2 Merge pull request #1911 from jponge/fix/1910-uni-memoization-deadlock
• bc42224 Merge pull request #1912 from smallrye/dependabot/maven/io.smallrye.common-sm...
• d812948 build(deps): bump io.smallrye.common:smallrye-common-annotation
• 10a5ac5 fix: deadlock in Uni memoization
• eb7e61c Merge pull request #1909 from smallrye/dependabot/maven/io.smallrye.common-sm...
• c2b4a63 build(deps): bump io.smallrye.common:smallrye-common-annotation
• 88d3161 Merge pull request #1907 from smallrye/dependabot/maven/junit.version-5.13.3
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-tls from 5.0.0 to 5.1.0

Changelog

Sourced from com.squareup.okhttp3:okhttp-tls's changelog.

Version 5.1.0

2025-07-07

• New: Response.peekTrailers(). When we changed Response.trailers() to block instead of throwing in 5.0.0, we inadvertently removed the ability for callers to peek the trailers (by catching the IllegalStateException if they weren't available). This new API restores that capability.

• Fix: Don't crash on trailers() if the response doesn't have a body. We broke [Retrofit] users who read the trailers on the raw() OkHttp response, after its body was decoded.

Commits

• d2dd180 Prepare for release 5.1.0.
• 61a8735 New Response.peekTrailers() API (#8921)
• 6684401 Update dependency gradle to v8.14.3 (#8915)
• 7adb2b6 Update junit-framework monorepo (#8914)
• e41ff18 Link to new mockwebserver artifacts (#8911)
• 0ff8751 Remove Graal init tracing (#8909)
• b9a2560 Run graal on master (#8907)
• 8339524 Remove ExperimentalOkHttpApi references (#8908)
• ce29ef6 Fix graal tests (#8906)
• 8579689 Don't force a response body read on all trailers (#8904)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.hibernate.orm:hibernate-core	[>= 7.a0, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions