Skip to content

build(deps): bump the dependencies group with 9 updates #3730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jknack merged 1 commit into from
Jul 25, 2025
Merged

build(deps): bump the dependencies group with 9 updates #3730

jknack merged 1 commit into from
Jul 25, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 24, 2025

Bumps the dependencies group with 9 updates:

Package From To
org.junit:junit-bom 5.13.3 5.13.4
io.avaje:avaje-jsonb 3.5 3.6
io.avaje:avaje-jsonb-generator 3.5 3.6
com.zaxxer:HikariCP 6.3.0 6.3.2
com.diffplug.spotless:spotless-maven-plugin 2.46.0 2.46.1
commons-codec:commons-codec 1.18.0 1.19.0
net.bytebuddy:byte-buddy 1.17.5 1.17.6
software.amazon.awssdk:bom 2.32.4 2.32.7
io.smallrye.reactive:mutiny 2.9.3 2.9.4

Updates org.junit:junit-bom from 5.13.3 to 5.13.4

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

Commits
  • 8a21048 Release 5.13.4
  • 9a38789 Finalize 5.13.4 release notes
  • 458325c Log only once per implementation type for CloseableResource types
  • 976a110 Protect against potential problems when converting file-based selectors
  • e94f728 Allow default package for PackageSource
  • b60fecf Fail on classpath resource names that are blank after removing leading /
  • 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
  • 1a360f3 Create initial 5.13.4 release notes from template
  • 806fc9a Document #4689 in release notes
  • 1653839 Document #4686 in release notes
  • Additional commits viewable in compare view

Updates io.avaje:avaje-jsonb from 3.5 to 3.6

Release notes

Sourced from io.avaje:avaje-jsonb's releases.

3.6

What's Changed

Full Changelog: avaje/avaje-jsonb@3.5...3.6

Commits
  • e4a60d9 Version 3.6
  • 3336ace Support writing large raw String content without expanding the underlying buf...
  • 691ca00 Detect large strings, and don't grow the buffer when processing them (#397)
  • a0cbc87 add a static way to retrieve the default instance (#396)
  • d8c7f80 Version 3.6-RC3
  • 27f5d88 Merge pull request #395 from avaje/fix/stream-empty
  • 08e87b7 Fix JsonType.streamAsLines() for empty Stream
  • e4137d5 Version 3.6-RC2
  • 24f6c50 For Stream adapter, always close the stream (using try-with-resources) (#394)
  • e304733 Fix cascading generic types (#393)
  • Additional commits viewable in compare view

Updates io.avaje:avaje-jsonb-generator from 3.5 to 3.6

Updates io.avaje:avaje-jsonb-generator from 3.5 to 3.6

Updates com.zaxxer:HikariCP from 6.3.0 to 6.3.2

Changelog

Sourced from com.zaxxer:HikariCP's changelog.

HikariCP Changes

Changes in 7.0.0

  • merged #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

  • fixed #1294 add support for HikariCredentialsProvider class

Changes in 6.3.2

  • fixed #2342 restore module-info.class to jar file, which was lost in 6.3.1

  • fixed #2256 add support for legacy override of getUsername()/getPassword() of HikariDataSource. See project page for documentation of system property com.zaxxer.hikari.legacy.supportUserPassDataSourceOverride.

  • fixed #2323 right or wrong (wrt driver behavior) return to previous Connection.get/setSchema behavior

  • fixed #2288 upgrade dependencies and fix build warnings

Changes in 6.3.1

  • fixed #2315 source jar contains also binary .class files and missing some .java files

  • fixed #2307 remove improper hardcoded timout, use validationTimeout

  • fixed #2305 keep properties key and values as is rather than forcing stringification. Also fixes #2286 and #2304

  • upgraded various maven plugin dependencies to latest versions

Changes in 6.3.0

  • increase keepaliveTime variance from 10% to 20%

  • merged #2266 support duration values for configuration from properties, such as 10ms, 20s, 30m, 40h or 50d

  • merged #2284 align logs from HikariPool.logPoolState()

  • merged #2285 set default value for maxIdle in HikariConfig constructor (no functional change)

  • merged #2294 Allow setting String[] and int[] properties (useful for pgjdbc HA configuration)

  • merged #2300 catch java.lang.Error instead of java.lang.Exception under certain conditions

Changes in 6.2.1

  • change default keepaliveTime to 2 minutes

  • fix commons-compress dependency, make test scope

... (truncated)

Commits
  • 2812f8f [maven-release-plugin] prepare release HikariCP-6.3.2
  • 25cfcb1 fixes #2342 restore module-info.class to jar file
  • 7cd59f2 fixes #2256 add support for legacy override of getUsername()/getPassword() of...
  • 60c4aa0 fixes #2323 right or wrong (wrt driver behavior) return to previous Connectio...
  • afbb9dd fixes #2288 upgrade dependencies and fix build warnings
  • 066743d [maven-release-plugin] prepare for next development iteration
  • 9bffe3f [maven-release-plugin] prepare release HikariCP-6.3.1
  • f11423c fix nexusURL
  • e56fa46 Update CHANGES file
  • f738486 Keep properties keys and values as it is (#2305)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.46.0 to 2.46.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.46.1

Fixed

  • spotless:install-git-pre-push-hook didn't work on windows, now fixed. (#2562)
Commits

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

  •         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.

  •         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.

  •         Add PMD check to the default Maven goal. Thanks to Gary Gregory.

  •         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.

Fixed Bugs

  •         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.

  •         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  • CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.
  •         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.

  •         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.

  •         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.

  •         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.

  •         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.

  •         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.

  •         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.

  •         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  • CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
  • CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.
  •         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.

  •         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.

  •         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.

  •         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.

  •         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.

  •         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.

  •         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.

  •         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.

  •         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.

Changes

... (truncated)

Commits
  • 351cb22 Prepare for the release candidate 1.19.0 RC1
  • 0d501b6 Prepare for the next release candidate
  • d6d4b82 Refactor duplicate code
  • 6d6456c No need to exclude abstract test classes from Surefire runs
  • 22d62e4 No need to specify the default value for linkXref
  • c4daf34 No longer need to override the version of the Jacoco Maven plugin
  • 8f2b673 Remove workaround for [SUREFIRE-2253]
  • 466a61d Fix Javadoc
  • ca27bd3 Fix Checkstyle
  • 1dfb4e5 Better internal method name
  • Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.5 to 1.17.6

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.17.6

  • Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
  • Add filter for deduplicate fields and methods in class file.
  • Add missing static requirement of Spotbugs annotations to module descriptors.
  • Add LazinessMode for TypePool and add convenience support to AgentBuilder.
  • Fix source jars for multi-version release to contain duplicated source.
Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

16. June 2025: version 1.17.6

  • Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
  • Add filter for deduplicate fields and methods in class file.
  • Add missing static requirement of Spotbugs annotations to module descriptors.
  • Add LazinessMode for TypePool and add convenience support to AgentBuilder.
  • Fix source jars for multi-version release to contain duplicated source.
Commits
  • 4b7cab9 [maven-release-plugin] prepare release byte-buddy-1.17.6
  • 6799b71 [release] Release new version
  • 605d077 Reset version.
  • 45b4630 [maven-release-plugin] prepare for next development iteration
  • ae55939 [maven-release-plugin] prepare release byte-buddy-1.17.6
  • 70ba979 [release] Release new version
  • 1110aa1 Set back version.
  • 684cc18 Add additional tests for assignability.
  • 6da8a5f [maven-release-plugin] prepare for next development iteration
  • e77b355 [maven-release-plugin] prepare release byte-buddy-1.17.6
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.32.4 to 2.32.7

Updates io.smallrye.reactive:mutiny from 2.9.3 to 2.9.4

Release notes

Sourced from io.smallrye.reactive:mutiny's releases.

2.9.4

Changelog

🐛 Fixes

  • 826ee87 race condition in UniMemoizeOp on awaiters forwarding

🧰 Tasks

release

  • 29cc7b7 update version metadata for Mutiny 2.9.4
  • 94bba55 set development version to 999-SNAPSHOT

🛠 Build

deps

  • 6a7d142 bump junit.version from 5.13.3 to 5.13.4
  • 5255e63 bump io.smallrye.config:smallrye-config
  • c0d792d bump io.projectreactor:reactor-core from 3.7.7 to 3.7.8
  • af26032 bump org.jreleaser:jreleaser-maven-plugin
  • e776fbd bump io.smallrye.common:smallrye-common-annotation

Contributors

We'd like to thank the following people for their contributions: Julien Ponge

Commits
  • 29cc7b7 chore(release): update version metadata for Mutiny 2.9.4
  • 894fe90 Merge pull request #1923 from smallrye/fix/uni-memoize-forwarding-race
  • 826ee87 fix: race condition in UniMemoizeOp on awaiters forwarding
  • 175991b Merge pull request #1922 from smallrye/dependabot/maven/junit.version-5.13.4
  • 6a7d142 build(deps): bump junit.version from 5.13.3 to 5.13.4
  • a115274 Merge pull request #1918 from smallrye/dependabot/maven/io.smallrye.config-sm...
  • 5255e63 build(deps): bump io.smallrye.config:smallrye-config
  • da1758d Merge pull request #1917 from smallrye/dependabot/maven/io.projectreactor-rea...
  • c0d792d build(deps): bump io.projectreactor:reactor-core from 3.7.7 to 3.7.8
  • 6bb1da7 Merge pull request #1915 from smallrye/dependabot/maven/io.smallrye.common-sm...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the dependencies group with 9 updates
e0e41f7 
Bumps the dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.13.3` | `5.13.4` |
| [io.avaje:avaje-jsonb](https://github.com/avaje/avaje-jsonb) | `3.5` | `3.6` |
| io.avaje:avaje-jsonb-generator | `3.5` | `3.6` |
| [com.zaxxer:HikariCP](https://github.com/brettwooldridge/HikariCP) | `6.3.0` | `6.3.2` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `2.46.0` | `2.46.1` |
| [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.18.0` | `1.19.0` |
| [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) | `1.17.5` | `1.17.6` |
| software.amazon.awssdk:bom | `2.32.4` | `2.32.7` |
| [io.smallrye.reactive:mutiny](https://github.com/smallrye/smallrye-mutiny) | `2.9.3` | `2.9.4` |


Updates `org.junit:junit-bom` from 5.13.3 to 5.13.4
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.13.3...r5.13.4)

Updates `io.avaje:avaje-jsonb` from 3.5 to 3.6
- [Release notes](https://github.com/avaje/avaje-jsonb/releases)
- [Commits](avaje/avaje-jsonb@3.5...3.6)

Updates `io.avaje:avaje-jsonb-generator` from 3.5 to 3.6

Updates `io.avaje:avaje-jsonb-generator` from 3.5 to 3.6

Updates `com.zaxxer:HikariCP` from 6.3.0 to 6.3.2
- [Changelog](https://github.com/brettwooldridge/HikariCP/blob/dev/CHANGES)
- [Commits](brettwooldridge/HikariCP@HikariCP-6.3.0...HikariCP-6.3.2)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 2.46.0 to 2.46.1
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/2.46.0...maven/2.46.1)

Updates `commons-codec:commons-codec` from 1.18.0 to 1.19.0
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-codec@rel/commons-codec-1.18.0...rel/commons-codec-1.19.0)

Updates `net.bytebuddy:byte-buddy` from 1.17.5 to 1.17.6
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.17.5...byte-buddy-1.17.6)

Updates `software.amazon.awssdk:bom` from 2.32.4 to 2.32.7

Updates `io.smallrye.reactive:mutiny` from 2.9.3 to 2.9.4
- [Release notes](https://github.com/smallrye/smallrye-mutiny/releases)
- [Commits](smallrye/smallrye-mutiny@2.9.3...2.9.4)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 5.13.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.avaje:avaje-jsonb
  dependency-version: '3.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: io.avaje:avaje-jsonb-generator
  dependency-version: '3.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: io.avaje:avaje-jsonb-generator
  dependency-version: '3.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.zaxxer:HikariCP
  dependency-version: 6.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 2.46.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.17.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: software.amazon.awssdk:bom
  dependency-version: 2.32.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.smallrye.reactive:mutiny
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 24, 2025
@jknack jknack added this to the 4.0.0 milestone Jul 25, 2025
@jknack jknack merged commit f651218 into main Jul 25, 2025
5 checks passed
@dependabot dependabot bot deleted the dependabot/maven/dependencies-976574652f branch July 25, 2025 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@jknack