Bump the dependency-updates group across 1 directory with 5 updates

[dependabot]

Bumps the dependency-updates group with 5 updates in the / directory:

Package	From	To
io.airlift:airbase	305	314
com.squareup.okhttp3:okhttp-bom	5.1.0	5.2.1
io.airlift:units	1.10	1.12
org.apache.maven.plugins:maven-scm-plugin	2.1.0	2.2.1
com.squareup.okhttp3:okhttp-jvm	5.1.0	5.2.1

Updates io.airlift:airbase from 305 to 314

Changelog

Sourced from io.airlift:airbase's changelog.

Airbase 160 and above

Moved to https://github.com/airlift/airbase/releases

Airbase 159

• Dependency updates:

• AssertJ 3.26.3 (from 3.26.0)
• Byte Buddy 1.14.18 (from 1.14.17)

Airbase 159

• Require Maven 3.9.8

Airbase 158

• Plugin updates:

• maven-jar-plugin to 3.4.2 (from 3.4.1)
• maven-release-plugin to 3.1.0 (from 3.0.1)
• maven-surefire-plugin to 3.3.0 (from 3.2.5)
• maven-dependency-plugin to 3.7.1 (from 3.6.1)
• maven-clean-plugin to 3.4.0 (from 3.3.2)
• maven-checkstyle-plugin to 3.4.0 (from 3.3.1)
• git-commit-id plugin to 9.0.1 (from 8.0.1)

• Dependency updates:

• junit 5.10.3 (from 5.10.2)
• jackson 2.17.2 (from 2.17.1)

Airbase 157

• Checkstyle updates:

• Require empty line before record definition

• Plugin configuration:

• Inject git commit info into reactor projects once

• Dependency updates:
  • AssertJ 3.26.0 (from 3.25.3)
  • byte-buddy 1.14.17 (from 1.14.14)
  • checkstyle 10.17.0 (from 10.16.0)
  • error_prone_annotations 2.27.1 (from 2.27.0)
  • guava 33.2.1-jre (from 33.1.0-jre)
  • jackson 2.17.1 (from 2.17.0)
  • kotlin 2.0.0 (from 1.9.23)
  • spotbugs-annotations to 4.8.5 (from 4.8.4)
  • PMD runtime 7.2.0 (from 7.1.0)
• Plugin updates:
  • maven-build-helper 3.6.0 (from 3.5.0)
  • maven-license-plugin 4.5 (from 4.3)
  • maven-modernizer-plugin 2.9.0 (from 2.7.0)
  • maven-sortpom-plugin 4.0.0 (from 3.4.1)
  • spotbugs-maven-plugin to 4.8.5.0 (from 4.8.4.0)
  • maven-enforcer-plugin 3.5.0 (from 3.4.1)
  • maven-javadoc-plugin 3.7.0 (from 3.6.3)
  • maven-shade-plugin 3.6.0 (from 3.5.3)
  • errorprone 2.28.0 (from 2.27.1)

... (truncated)

Commits

• See full diff in compare view

Updates com.squareup.okhttp3:okhttp-bom from 5.1.0 to 5.2.1

Changelog

Sourced from com.squareup.okhttp3:okhttp-bom's changelog.

Version 5.2.1

2025-10-09

• Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21 through 23. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

• Upgrade: [Okio 3.16.1][okio_3_16_1].

Version 5.2.0

2025-10-07

• New: Support [HTTP 101] responses with Response.socket. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

• New: The okhttp-zstd module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:

  val client = OkHttpClient.Builder()
    .addInterceptor(CompressionInterceptor(Zstd, Gzip))
    .build()

• New: Support the QUERY HTTP method. You will need to set the Request.cacheUrlOverride property to cache calls made with this method. The RequestBody.sha256() may be helpful here; use it to compose a cache URL from the query body.

• New: Publish events when calls must wait to execute. EventListener.dispatcherQueueStart() is invoked when a call starts waiting, and dispatcherQueueEnd() is invoked when it's done.

• New: Request.toCurl() returns a copy-pasteable [curl] command consistent with Chrome’s and Firefox’s ‘copy as cURL’ features.

• New: Support [JPMS]. We replaced our Automatic-Module-Name metadata with proper module-info.java files.

• Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle interruptions well. This is now fixed.

• Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].

• Upgrade: [Okio 3.16.0][okio_3_16_0].

Commits

• a8b8dc5 Prepare for release 5.2.1.
• 7d7bdc6 Upgrade to Okio 3.16.1 (#9131)
• 2a95ed0 Prepare for release 5.2.0.
• acfae32 Revert "Add minimal HttpLoggingInterceptor support for streaming request and ...
• d82e875 Put Brotli and Gzip in top-level files (#9116)
• d4a5be1 Fix RequestBody events on upgraded connections (#8970)
• 112a19d Add RequestBody.sha256() (#9109)
• d41a755 Start publishing dispatcher queue events (#9111)
• c06ff31 Get Content-Type from the request body (#9113)
• fdac86b Make Request.toCurl work more like Chrome's 'copy as cURL' (#9112)
• Additional commits viewable in compare view

Updates io.airlift:units from 1.10 to 1.12

Release notes

Sourced from io.airlift:units's releases.

1.11

What's Changed

• Update airbase and add module declaration by @​martint in airlift/units#34
• Simplify Duration by @​wendigo in airlift/units#35
• Optimize succinctBytes, succinctDuration by @​wendigo in airlift/units#36
• Add release automation by @​wendigo in airlift/units#37

New Contributors

• @​martint made their first contribution in airlift/units#34

Full Changelog: airlift/units@1.10...1.11

Commits

• 037c794 [maven-release-plugin] prepare release 1.12
• b3393f7 Return DataSize.EMPTY singleton when bytes are zero
• 748a2c6 [maven-release-plugin] prepare for next development iteration
• ceaa74e [maven-release-plugin] prepare release 1.11
• 2facc60 Add SCM section to pom
• 204a2f2 Add automated release workflow
• dbf3fe4 Update airlift to 363
• 966687b Test on JDK 21 and 25
• 62dd95c Update mvn wrapper to 3.3.4
• 574e099 Upgrade airbase to 307
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-scm-plugin from 2.1.0 to 2.2.1

Release notes

Sourced from org.apache.maven.plugins:maven-scm-plugin's releases.

2.2.1

🚀 New features and improvements

• Add method to ScmManager to get an ScmRepository from an existing (#1319) @​kwin
• Reduce log noise (#1313) @​elharo
• Reduce amount of log junk emitted (#1286) @​elharo
• Support "no-verify" with JGit commits (#1294) @​kwin
• Rework sign option for Git tag/commit (#1293) @​kwin
• [SCM-1011] - Consider interactive flag for SvnExeScmProvider (#181) @​kwin
• Git: Observe interactive flag (#1280) @​kwin
• New option to be able to disable sign for commit/tag to be able use this with jgit when you have gpgsign configured in ~/.gitconfig (#1266) @​olamy
• Add shallow parameter to checkout mojo (#1264) @​clafren1
• Add Apache 2.0 LICENSE file (#1265) @​Ndacyayisenga-droid

🐛 Bug Fixes

• Replace "git whatchanged" by "git log" (#1311) @​kwin
• Avoid raw RuntimeException (#1307) @​elharo
• JGit: Propagate exceptions when pushing tags/branches (#1271) @​kwin
• Git: Use environment variables when pushing tags/branches to remote (#1270) @​kwin
• [SCM-1029] - Fix empty commits on JGit checkin (#238) @​mhoffrog

📝 Documentation updates

• Document SCM authentication means (#1281) @​kwin
• Feature/apt to md (#1277) @​kwin
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#234) @​Bukama
• [MNGSITE-540] - Use correct plugin for reporting (#216) @​kwin
• Remove mention of deprecated SCM provider which have been removed in 2.0.0 (#209) @​elharo

👻 Maintenance

• Deprecate ConsumerUtils (#1315) @​elharo
• cleanup runtime exceptions (#1299) @​elharo
• feat: enable prevent branch protection rules (#1309) @​sebtiem
• Throw is enough (#1306) @​elharo
• Replace raw runtime exceptions with GeneralSecurityException (#1304) @​elharo
• remove not used plugins from pom (#1267) @​olamy
• Enable Github issues (#242) @​Bukama
• Make asserts meaningful (#232) @​elharo
• Convert from plexus to guice injection (#229) @​elharo
• Remove dead commented code (#231) @​elharo
• Unabbreviate cl variable names (#230) @​elharo
• Declare used dependencies (#227) @​elharo
• Prefer try with resources (#228) @​elharo

📦 Dependency updates

• Use SSHD 2.16.0 (#1318) @​kwin

... (truncated)

Commits

• f2a75b3 [maven-release-plugin] prepare for next development iteration
• 65b342b [maven-release-plugin] prepare release maven-scm-2.2.1
• ab95cfc [maven-release-plugin] rollback the release of maven-scm-2.2.1
• 26021cf [maven-release-plugin] prepare for next development iteration
• 851705a Add method to ScmManager to get an ScmRepository from an existing
• 01ffa73 trivial: clarify description
• 0e5bccd Deprecate ConsumerUtils (#1315)
• ea97644 Reduce log noise (#1313)
• 092eed6 Use SSHD 2.16.0
• 041492e Follow Oracle Javadoc guidelines (#1312)
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-jvm from 5.1.0 to 5.2.1

Changelog

Sourced from com.squareup.okhttp3:okhttp-jvm's changelog.

Version 5.2.1

2025-10-09

• Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21 through 23. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

• Upgrade: [Okio 3.16.1][okio_3_16_1].

Version 5.2.0

2025-10-07

• New: Support [HTTP 101] responses with Response.socket. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

• New: The okhttp-zstd module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:

  val client = OkHttpClient.Builder()
    .addInterceptor(CompressionInterceptor(Zstd, Gzip))
    .build()

• New: Support the QUERY HTTP method. You will need to set the Request.cacheUrlOverride property to cache calls made with this method. The RequestBody.sha256() may be helpful here; use it to compose a cache URL from the query body.

• New: Publish events when calls must wait to execute. EventListener.dispatcherQueueStart() is invoked when a call starts waiting, and dispatcherQueueEnd() is invoked when it's done.

• New: Request.toCurl() returns a copy-pasteable [curl] command consistent with Chrome’s and Firefox’s ‘copy as cURL’ features.

• New: Support [JPMS]. We replaced our Automatic-Module-Name metadata with proper module-info.java files.

• Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle interruptions well. This is now fixed.

• Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].

• Upgrade: [Okio 3.16.0][okio_3_16_0].

Commits

• a8b8dc5 Prepare for release 5.2.1.
• 7d7bdc6 Upgrade to Okio 3.16.1 (#9131)
• 2a95ed0 Prepare for release 5.2.0.
• acfae32 Revert "Add minimal HttpLoggingInterceptor support for streaming request and ...
• d82e875 Put Brotli and Gzip in top-level files (#9116)
• d4a5be1 Fix RequestBody events on upgraded connections (#8970)
• 112a19d Add RequestBody.sha256() (#9109)
• d41a755 Start publishing dispatcher queue events (#9111)
• c06ff31 Get Content-Type from the request body (#9113)
• fdac86b Make Request.toCurl work more like Chrome's 'copy as cURL' (#9112)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.