Bump the dependency-updates group across 1 directory with 6 updates

[dependabot]

Bumps the dependency-updates group with 6 updates in the / directory:

Package	From	To
io.airlift:airbase	305	322
com.squareup.okhttp3:okhttp-bom	5.1.0	5.2.1
io.airlift:units	1.10	1.12
com.google.errorprone:error_prone_annotations	2.42.0	2.43.0
org.apache.maven.plugins:maven-scm-plugin	2.1.0	2.2.1
com.squareup.okhttp3:okhttp-jvm	5.1.0	5.2.1

Updates io.airlift:airbase from 305 to 322

Release notes

Sourced from io.airlift:airbase's releases.

airbase 322

What's Changed

Dependency updates 📦

• Bump com.google.errorprone:error_prone_annotations from 2.42.0 to 2.43.0 by @​dependabot[bot] in airlift/airbase#966

Full Changelog: airlift/airbase@321...322

airbase 321

What's Changed

Dependency updates 📦

• Bump tools.jackson:jackson-bom from 3.0.0 to 3.0.1 by @​dependabot[bot] in airlift/airbase#965
• Bump io.airlift:packaging from 367 to 368 by @​dependabot[bot] in airlift/airbase#964

Full Changelog: airlift/airbase@320...321

airbase 320

What's Changed

Dependency updates 📦

• Add Log4j BOM by @​electrum in airlift/airbase#963

Full Changelog: airlift/airbase@319...320

airbase 319

What's Changed

Dependency updates 📦

• Bump com.puppycrawl.tools:checkstyle from 12.0.1 to 12.1.0 by @​dependabot[bot] in airlift/airbase#960
• Bump dep.jetty.version from 12.1.2 to 12.1.3 by @​dependabot[bot] in airlift/airbase#959

Others

• Rename workflow by @​wendigo in airlift/airbase#957
• Create release notes after actual release by @​wendigo in airlift/airbase#958

Full Changelog: airlift/airbase@318...319

318

What's Changed

Improvements 🎉

... (truncated)

Commits

• See full diff in compare view

Updates com.squareup.okhttp3:okhttp-bom from 5.1.0 to 5.2.1

Changelog

Sourced from com.squareup.okhttp3:okhttp-bom's changelog.

Version 5.2.1

2025-10-09

• Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21 through 23. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

• Upgrade: [Okio 3.16.1][okio_3_16_1].

Version 5.2.0

2025-10-07

• New: Support [HTTP 101] responses with Response.socket. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

• New: The okhttp-zstd module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:

  val client = OkHttpClient.Builder()
    .addInterceptor(CompressionInterceptor(Zstd, Gzip))
    .build()

• New: Support the QUERY HTTP method. You will need to set the Request.cacheUrlOverride property to cache calls made with this method. The RequestBody.sha256() may be helpful here; use it to compose a cache URL from the query body.

• New: Publish events when calls must wait to execute. EventListener.dispatcherQueueStart() is invoked when a call starts waiting, and dispatcherQueueEnd() is invoked when it's done.

• New: Request.toCurl() returns a copy-pasteable [curl] command consistent with Chrome’s and Firefox’s ‘copy as cURL’ features.

• New: Support [JPMS]. We replaced our Automatic-Module-Name metadata with proper module-info.java files.

• Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle interruptions well. This is now fixed.

• Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].

• Upgrade: [Okio 3.16.0][okio_3_16_0].

Commits

• a8b8dc5 Prepare for release 5.2.1.
• 7d7bdc6 Upgrade to Okio 3.16.1 (#9131)
• 2a95ed0 Prepare for release 5.2.0.
• acfae32 Revert "Add minimal HttpLoggingInterceptor support for streaming request and ...
• d82e875 Put Brotli and Gzip in top-level files (#9116)
• d4a5be1 Fix RequestBody events on upgraded connections (#8970)
• 112a19d Add RequestBody.sha256() (#9109)
• d41a755 Start publishing dispatcher queue events (#9111)
• c06ff31 Get Content-Type from the request body (#9113)
• fdac86b Make Request.toCurl work more like Chrome's 'copy as cURL' (#9112)
• Additional commits viewable in compare view

Updates io.airlift:units from 1.10 to 1.12

Release notes

Sourced from io.airlift:units's releases.

1.11

What's Changed

• Update airbase and add module declaration by @​martint in airlift/units#34
• Simplify Duration by @​wendigo in airlift/units#35
• Optimize succinctBytes, succinctDuration by @​wendigo in airlift/units#36
• Add release automation by @​wendigo in airlift/units#37

New Contributors

• @​martint made their first contribution in airlift/units#34

Full Changelog: airlift/units@1.10...1.11

Commits

• 037c794 [maven-release-plugin] prepare release 1.12
• b3393f7 Return DataSize.EMPTY singleton when bytes are zero
• 748a2c6 [maven-release-plugin] prepare for next development iteration
• ceaa74e [maven-release-plugin] prepare release 1.11
• 2facc60 Add SCM section to pom
• 204a2f2 Add automated release workflow
• dbf3fe4 Update airlift to 363
• 966687b Test on JDK 21 and 25
• 62dd95c Update mvn wrapper to 3.3.4
• 574e099 Upgrade airbase to 307
• Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_annotations from 2.42.0 to 2.43.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.43.0

The minimum support JDK version to run Error Prone is now JDK 21 (google/error-prone#4867).

Changes:

• -XepPatchChecks now skips disabled checks (#4943)
• AndroidJdkLibsChecker has been removed, the recommended replacement for Android code is Android Lint's NewApi check

New checks:

• NullNeedsCastForVarargs: Detect calls that incorrectly passes a null array instead of a null element.
• RedundantNullCheck: detect checks on expressions that are non-null.

Closed issues: #4943, #5102, #5107, #5121, #5158, #5217, #5239

Full changelog: google/error-prone@v2.42.0...v2.43.0

Commits

• abec9b6 Release Error Prone 2.43.0
• a97374a Upgrade Java version from 17 to 21 in release workflow
• 5882a43 Update release.yml
• 851e0b0 Remove obsolete uses of reflection from Error Prone
• 344e3dc Remove an obsolete use of reflection
• 5f46e62 Fix a typo (wrong quotation mark).
• de7d191 Update IncorrectMainMethod documentation in light of JEP512.
• 09c78e0 Remove an obsolete TODO
• 17c271e Turn down AndroidJdkLibsChecker
• 0ae79f5 Add tests for subtypes of Immutable and ThreadSafe classes
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-scm-plugin from 2.1.0 to 2.2.1

Release notes

Sourced from org.apache.maven.plugins:maven-scm-plugin's releases.

2.2.1

🚀 New features and improvements

• Add method to ScmManager to get an ScmRepository from an existing (#1319) @​kwin
• Reduce log noise (#1313) @​elharo
• Reduce amount of log junk emitted (#1286) @​elharo
• Support "no-verify" with JGit commits (#1294) @​kwin
• Rework sign option for Git tag/commit (#1293) @​kwin
• [SCM-1011] - Consider interactive flag for SvnExeScmProvider (#181) @​kwin
• Git: Observe interactive flag (#1280) @​kwin
• New option to be able to disable sign for commit/tag to be able use this with jgit when you have gpgsign configured in ~/.gitconfig (#1266) @​olamy
• Add shallow parameter to checkout mojo (#1264) @​clafren1
• Add Apache 2.0 LICENSE file (#1265) @​Ndacyayisenga-droid

🐛 Bug Fixes

• Replace "git whatchanged" by "git log" (#1311) @​kwin
• Avoid raw RuntimeException (#1307) @​elharo
• JGit: Propagate exceptions when pushing tags/branches (#1271) @​kwin
• Git: Use environment variables when pushing tags/branches to remote (#1270) @​kwin
• [SCM-1029] - Fix empty commits on JGit checkin (#238) @​mhoffrog

📝 Documentation updates

• Document SCM authentication means (#1281) @​kwin
• Feature/apt to md (#1277) @​kwin
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#234) @​Bukama
• [MNGSITE-540] - Use correct plugin for reporting (#216) @​kwin
• Remove mention of deprecated SCM provider which have been removed in 2.0.0 (#209) @​elharo

👻 Maintenance

• Deprecate ConsumerUtils (#1315) @​elharo
• cleanup runtime exceptions (#1299) @​elharo
• feat: enable prevent branch protection rules (#1309) @​sebtiem
• Throw is enough (#1306) @​elharo
• Replace raw runtime exceptions with GeneralSecurityException (#1304) @​elharo
• remove not used plugins from pom (#1267) @​olamy
• Enable Github issues (#242) @​Bukama
• Make asserts meaningful (#232) @​elharo
• Convert from plexus to guice injection (#229) @​elharo
• Remove dead commented code (#231) @​elharo
• Unabbreviate cl variable names (#230) @​elharo
• Declare used dependencies (#227) @​elharo
• Prefer try with resources (#228) @​elharo

📦 Dependency updates

• Use SSHD 2.16.0 (#1318) @​kwin

... (truncated)

Commits

• f2a75b3 [maven-release-plugin] prepare for next development iteration
• 65b342b [maven-release-plugin] prepare release maven-scm-2.2.1
• ab95cfc [maven-release-plugin] rollback the release of maven-scm-2.2.1
• 26021cf [maven-release-plugin] prepare for next development iteration
• 851705a Add method to ScmManager to get an ScmRepository from an existing
• 01ffa73 trivial: clarify description
• 0e5bccd Deprecate ConsumerUtils (#1315)
• ea97644 Reduce log noise (#1313)
• 092eed6 Use SSHD 2.16.0
• 041492e Follow Oracle Javadoc guidelines (#1312)
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp-jvm from 5.1.0 to 5.2.1

Changelog

Sourced from com.squareup.okhttp3:okhttp-jvm's changelog.

Version 5.2.1

2025-10-09

• Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21 through 23. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

• Upgrade: [Okio 3.16.1][okio_3_16_1].

Version 5.2.0

2025-10-07

• New: Support [HTTP 101] responses with Response.socket. This mechanism is only supported on HTTP/1.1. We also reimplemented our websocket client to use this new mechanism.

• New: The okhttp-zstd module negotiates [Zstandard (zstd)][zstd] compression with servers that support it. It integrates a new (unstable) [ZSTD-KMP] library, also from Square. Enable it like this:

  val client = OkHttpClient.Builder()
    .addInterceptor(CompressionInterceptor(Zstd, Gzip))
    .build()

• New: Support the QUERY HTTP method. You will need to set the Request.cacheUrlOverride property to cache calls made with this method. The RequestBody.sha256() may be helpful here; use it to compose a cache URL from the query body.

• New: Publish events when calls must wait to execute. EventListener.dispatcherQueueStart() is invoked when a call starts waiting, and dispatcherQueueEnd() is invoked when it's done.

• New: Request.toCurl() returns a copy-pasteable [curl] command consistent with Chrome’s and Firefox’s ‘copy as cURL’ features.

• New: Support [JPMS]. We replaced our Automatic-Module-Name metadata with proper module-info.java files.

• Fix: Recover gracefully when worker threads are interrupted. When we introduced fast fallback in OkHttp 5.0, we started using background threads while connecting. Sadly that code didn't handle interruptions well. This is now fixed.

• Upgrade: [Kotlin 2.2.20][kotlin_2_2_20].

• Upgrade: [Okio 3.16.0][okio_3_16_0].

Commits

• a8b8dc5 Prepare for release 5.2.1.
• 7d7bdc6 Upgrade to Okio 3.16.1 (#9131)
• 2a95ed0 Prepare for release 5.2.0.
• acfae32 Revert "Add minimal HttpLoggingInterceptor support for streaming request and ...
• d82e875 Put Brotli and Gzip in top-level files (#9116)
• d4a5be1 Fix RequestBody events on upgraded connections (#8970)
• 112a19d Add RequestBody.sha256() (#9109)
• d41a755 Start publishing dispatcher queue events (#9111)
• c06ff31 Get Content-Type from the request body (#9113)
• fdac86b Make Request.toCurl work more like Chrome's 'copy as cURL' (#9112)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.