build(deps): bump the all-modules group in /sda-sftp-inbox with 8 updates

[dependabot]

Bumps the all-modules group in /sda-sftp-inbox with 8 updates:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	3.5.7	4.0.3
org.junit:junit-bom	6.0.1	6.0.3
org.apache.sshd:sshd-sftp	2.16.0	2.17.1
com.amazonaws:aws-java-sdk-s3	1.12.793	1.12.797
org.bouncycastle:bcprov-jdk18on	1.82	1.83
org.yaml:snakeyaml	2.5	2.6
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5
org.apache.maven.plugins:maven-failsafe-plugin	3.5.4	3.5.5

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.7 to 4.0.3

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.0.3

⭐ New Features

• Add TWENTY_SIX to JavaVersion enum #49193

🐞 Bug Fixes

• Jackson properties may not be applied correctly to RestClients #49223
• ClassNotFoundException when using Actuator without spring-boot-health #49196
• Using the OTel and Zipkin starters together creates invalid configuration #49183
• Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #49060
• Jackson2HttpMessageConvertersConfiguration uses ConditionOn Jackson3 XMLMapper class #49015
• server.jetty.threads.max is ignored when using virtual threads #48989
• Slice test includes fail to load when using spring-boot-starter-test-classic #48981
• Docker credential helpers with file extensions cannot be executed on Windows #48979
• Java version requirement check for native image is confusing if AOT didn't run #48963
• TestPropertyValues.Pair.fromMapEntry(Entry<String, String>) does not comply with its nullability contract #48948

📔 Documentation

• Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #49212
• Document that use of non idiomatic format for '@Value' still apply for environment variables #49109
• Document naming convention for custom test-scoped starters #49017
• Delay removal of Jackson 2 support until 4.3 at the earliest #49010
• LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #49003
• ApplicationContextAssert documents a non-existent assertion in getFailure() #48977
• Highlight the importance of the preStop hook when configuring Kubernetes probes #48946

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.27.7 #49095
• Upgrade to Elasticsearch Client 9.2.5 #49184
• Upgrade to Groovy 5.0.4 #49097
• Upgrade to Hibernate 7.2.3.Final #49098
• Upgrade to Hibernate 7.2.4.Final #49167
• Upgrade to Jaybird 6.0.4 #49099
• Upgrade to JBoss Logging 3.6.2.Final #49100
• Upgrade to Jersey 4.0.2 #49101
• Upgrade to Jetty 12.1.6 #49102
• Upgrade to jOOQ 3.19.30 #49103
• Upgrade to JUnit Jupiter 6.0.3 #49233
• Upgrade to Logback 1.5.29 #49169
• Upgrade to Logback 1.5.32 #49245
• Upgrade to Micrometer 1.16.3 #49111
• Upgrade to Micrometer Tracing 1.6.3 #49112
• Upgrade to MongoDB 5.6.3 #49105
• Upgrade to MySQL 9.6.0 #49106
• Upgrade to Netty 4.2.10.Final #49107
• Upgrade to Postgresql 42.7.10 #49202
• Upgrade to Reactor Bom 2025.0.3 #49087

... (truncated)

Commits

• 1ab1436 Release v4.0.3
• 5cc488d Merge branch '3.5.x' into 4.0.x
• 9138ae2 Next development version (v3.5.12-SNAPSHOT)
• a7e63a7 Merge branch '3.5.x' into 4.0.x
• 54ab3c5 Align "noteworthy" issues in release notes with Spring Framework
• b3ae5b1 Merge branch '3.5.x' into 4.0.x
• 996664f Temporarily switch Docker to overlay2
• 1ce8743 Revert "Temporarily disable containerd snapshotter"
• 5ba88c6 Temporarily disable containerd snapshotter
• 1f1a88c Revert "Temporarily update system tests to use specific platform"
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 6.0.1 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.apache.sshd:sshd-sftp from 2.16.0 to 2.17.1

Release notes

Sourced from org.apache.sshd:sshd-sftp's releases.

Apache MINA SSHD 2.17.1

This patch release fixes the broken Maven deployment of 2.17.0. (The root pom was missing).

There were no code changes, only a pom update to work around a tooling bug that caused the problem with 2.17.0:

• GH-875 Use Apache Parent POM 36

For the real changes since version 2.16.0 see the 2.17.0 change notes.

Apache MINA SSHD 2.17.0

Warning: the publication of this release to Maven Central somehow went wrong; it is missing the root POM.

Use the 2.17.1 release instead.

See the change log.

New Contributors

• @​JannuMies made their first contribution in apache/mina-sshd#832
• @​bemoty made their first contribution in apache/mina-sshd#843
• @​chrjohn made their first contribution in apache/mina-sshd#849
• @​denyshorman made their first contribution in apache/mina-sshd#870

Full Changelog: apache/mina-sshd@sshd-2.16.0...sshd-2.17.0

Changelog

Sourced from org.apache.sshd:sshd-sftp's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0
• Version 2.14.0 to 2.15.0
• Version 2.15.0 to 2.16.0
• Version 2.16.0 to 2.17.0

Latest Version

• Version 2.17.0 to 2.17.1

Planned for Next Version

Bug Fixes

New Features

Potential Compatibility Issues

Major Code Re-factoring

Commits

• 03df246 [maven-release-plugin] prepare release sshd-2.17.1
• e661b4a GH-875: Update Apache Parent POM
• 42d2c7d [maven-release-plugin] prepare for next development iteration
• 9308c1e [maven-release-plugin] prepare release sshd-2.17.0
• 5f6bef6 Prepare documentation for a 2.17.0 release
• 5ee81f4 Fix duplicate character echoing in ProcessShell
• b6848c0 Mock git configuration in git-related tests
• d839c95 Bump JUnit 5 to latest patch version
• 7a7f2bb CoreTestSupportUtils: fix test framework
• 7b397c7 [releng] Build with Java 25 in CI
• Additional commits viewable in compare view

Updates com.amazonaws:aws-java-sdk-s3 from 1.12.793 to 1.12.797

Changelog

Sourced from com.amazonaws:aws-java-sdk-s3's changelog.

1.12.797 2025-12-29

AWS SDK for Java

• Deprecations

  • Updated the warning message for v1 end-of-support

1.12.796 2025-12-18

AWS Kinesis Video

• Features

  • Upgrade Netty to 4.1.130-Final

1.12.795 2025-12-10

Amazon CloudWatch

• Features

  • This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language.

Amazon S3

• Bugfixes

  • Fix error when using S3 with Dualstack and custom regions.

1.12.794 2025-11-24

AWS SDK for Java

• Features

  • Update region metadata.

Commits

• 57ed2e4 AWS SDK for Java 1.12.797
• e8fa479 Update GitHub version number to 1.12.797-SNAPSHOT
• 9990f1b AWS SDK for Java 1.12.796
• f438f8b Update GitHub version number to 1.12.796-SNAPSHOT
• 52c0637 AWS SDK for Java 1.12.795
• ccb8e0e Update GitHub version number to 1.12.795-SNAPSHOT
• 12c4273 AWS SDK for Java 1.12.794
• fdb0fd2 Update GitHub version number to 1.12.794-SNAPSHOT
• See full diff in compare view

Updates org.bouncycastle:bcprov-jdk18on from 1.82 to 1.83

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.84 Date:      TBD

2.2.1 Version Release: 1.83 Date:      2025, November 27th.

... (truncated)

Commits

• See full diff in compare view

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.