Bump the maven-deps group with 4 updates

[dependabot]

Bumps the maven-deps group with 4 updates: org.jruby:jruby-core, javax.servlet:javax.servlet-api, jakarta.servlet.jsp:jakarta.servlet.jsp-api and jakarta.jms:jakarta.jms-api.

Updates org.jruby:jruby-core from 9.4.12.0 to 10.0.0.1

Release notes

Sourced from org.jruby:jruby-core's releases.

JRuby 10.0.0.1 Released

The JRuby community is pleased to announce the release of JRuby 10.0.0.1.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

We've jumped to Ruby 3.4 compatibility and Java 21 minimum to bring you the best Ruby on JVM experience possible. We are confident this is the most compatible and stable major release we've ever had.

Security

• jruby-openssl has been updated to 0.15.4, which re-enables hostname verification by default. This addresses CVE-2025-46551 and GHSA-72qj-48g4-5xgx.

JRuby 10.0.0.0 Released

The JRuby community is pleased to announce the release of JRuby 10.0.0.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 10 is finally here! We've jumped to Ruby 3.4 compatibility and Java 21 minimum to bring you the best Ruby on JVM experience possible. We are confident this is the most compatible and stable major release we've ever had.

Our blog post on JRuby 10 provides a high-level overview of the major changes, with some additional details below. We will update the blog post with additional detailed articles over the coming weeks: https://blog.jruby.org/2025/04/jruby-10-part-1-whats-new

As with any "dot zero" release, we are planning a series of quick updates to address any last-minute issues that snuck into the release. Please file bugs for any issues you see while testing JRuby 10.0: https://github.com/jruby/jruby/issues

Contributors

The JRuby core team today includes Charles Oliver Nutter (@​headius), Thomas Enebo (@​enebo), and Karol Bucek (@​kares). Over the past year we have been honored to accept contributions from many other developers, and JRuby 10 would not be as stable or complete without their help:

[@​andsel], [@​mrnoname1000], [@​ahorek], [@​evaniainbrooks], [@​edipofederle], [@​ccutrer], [@​danini-the-panini], [@​ntkme], [@​andrykonchin], [@​mohamedhafez], [@​jsvd], [@​jpcamara], [@​mullermp], [@​ikaronen-relex], [@​jimtng], [@​ryannevell], [@​eregon], [@​moste00], [@​sk757a]

Ruby Compatibility

• Ruby compatibility has been updated to Ruby 3.4. We consider this release equivalent to Ruby 3.4.2.
• Most features of Ruby 3.2, 3.3, 3.4 are complete, but some are still in progress. See our checklists based on CRuby's release notes: Ruby 3.2, Ruby 3.3, Ruby 3.4
• Except where a more recent gem was available or a library is unsupported by JRuby, we have included the same standard libraries as Ruby 3.4.

Java 21

After nearly a decade of supporting Java 8, the JRuby team decided it's time for us to move to a more modern version of Java. The new requirement of Java 21 will allow us to take advantage of many features that were impossible to utilize while simultaneously supporting Java 8:

• On-by-default optimization using InvokeDynamic, which has significantly improved since Java 8.
• Support for thousands of Fibers using the lightweight virtual thread support from Project Loom.
• Fast native function calling and native memory management using Project Panama.
• Greatly improved startup time using Application Class Data Store, enabled by default by our launcher executables.
• Easier access to post-Java 21 features like the Ahead-of-time compiler cache in Project Leyden.

... (truncated)

Commits

• 79cf1e4 Version 10.0.0.1 updated for release
• 3b432f5 Update to jruby-openssl 0.15.4
• 6ed59bc Version 10.0.0.0 updated for release
• d067abe Try and exclude any jsa files from making it into windows installer .exe
• 1fdab6e Merge pull request #8759 from enebo/topic/javadoc
• 3c26d79 Revert "Version 10.0.0.0 updated for release"
• dcc1325 moar javadoc fixes
• c4ac45b many more javadoc warns fixed
• 614edf1 More javadoc warns fixed
• 2a24738 More javadoc warnings fixed
• Additional commits viewable in compare view

Updates javax.servlet:javax.servlet-api from 3.0.1 to 4.0.1

Commits

• 5574e9b [maven-release-plugin] prepare release 4.0.1
• 6430ada Update pom with latest copyright plugin version
• 7265df0 Copyright changes. (#192)
• 9a27193 [maven-release-plugin] prepare for next development iteration
• ef2740a [maven-release-plugin] prepare release 4.0.0
• 62e5c39 update the version to 4.0.0-SNAPSHOT
• 10f86f3 Update Bundle-License MANIFEST.MF property
• 779f324 fix typo in skip test
• 8ecb128 Remove watermark, and add preposition where needed
• 8c36bee Fix typo. Insert preposition "to" after "corresponding" as necessary.
• Additional commits viewable in compare view

Updates jakarta.servlet.jsp:jakarta.servlet.jsp-api from 2.3.6 to 4.0.0

Commits

• f723f99 Prepare release jakarta.servlet.jsp:jakarta.servlet.jsp-api:4.0.0
• 539dadf Update copyright year in Javadoc
• 91ccb19 POM version should be SNAPSHOT
• 65e89c3 Add dependency required to run the tests
• 4e0416b Fix compilation warnings
• 254f435 Various POM fixes
• 3956175 Merge pull request #266 from alwin-joseph/tck_rem_snapshotmodules
• 6a1b235 set jdk17 as compiler source/target
• 8abee4f use M1 modules of jakarta.tck project
• dda566d pages tck documentation for 4.0
• Additional commits viewable in compare view

Updates jakarta.jms:jakarta.jms-api from 2.0.3 to 3.1.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.