Bump the production-dependencies group across 1 directory with 19 updates

[dependabot]

Bumps the production-dependencies group with 19 updates in the / directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.19.2	2.20.0
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.19.2	2.20.0
com.fasterxml.jackson.datatype:jackson-datatype-jdk8	2.19.2	2.20.0
com.fasterxml.jackson.module:jackson-module-kotlin	2.19.2	2.20.0
commons-codec:commons-codec	1.18.0	1.19.0
org.rocksdb:rocksdbjni	10.2.1	10.4.2
org.projectlombok:lombok	1.18.38	1.18.40
org.mockito:mockito-core	5.18.0	5.19.0
org.apache.logging.log4j:log4j-api	2.25.0	2.25.1
org.apache.logging.log4j:log4j-slf4j2-impl	2.25.0	2.25.1
org.apache.logging.log4j:log4j-core	2.25.0	2.25.1
commons-io:commons-io	2.19.0	2.20.0
org.yaml:snakeyaml	2.4	2.5
org.threeten:threetenbp	1.7.1	1.7.2
org.jetbrains.kotlinx:kotlinx-datetime-jvm	0.7.0-0.6.x-compat	0.7.1-0.6.x-compat
org.apache.maven.plugins:maven-javadoc-plugin	3.11.2	3.11.3
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.junit:junit-bom	5.12.2	5.13.4
org.graalvm.buildtools:native-maven-plugin	0.10.6	0.11.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits

• 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
• 4d53d9a Prep for 2.20.0
• df3d719 Drop rc2 from version
• 03159dd Post-release version bump
• 3982156 [maven-release-plugin] prepare for next development iteration
• 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
• ddc1e5c Prep for 2.20.0-rc1
• 80b8371 Merge pull request #1025 from k163377/ex
• 50f5527 Update release notes wrt #1025
• 4ab4308 Fix to test that KotlinInvalidNullException is thrown
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits

• 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
• 4d53d9a Prep for 2.20.0
• df3d719 Drop rc2 from version
• 03159dd Post-release version bump
• 3982156 [maven-release-plugin] prepare for next development iteration
• 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
• ddc1e5c Prep for 2.20.0-rc1
• 80b8371 Merge pull request #1025 from k163377/ex
• 50f5527 Update release notes wrt #1025
• 4ab4308 Fix to test that KotlinInvalidNullException is thrown
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.
  

•         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.
  

•         Add PMD check to the default Maven goal. Thanks to Gary Gregory.
  

•         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.
  

Fixed Bugs

•         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.
  

•         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  

• CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.

•         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.
  

•         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.
  

•         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.
  

•         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.
  

•         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.
  

•         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.
  

•         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.
  

•         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  

• CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
• CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.
  

•         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.
  

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.
  

•         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.
  

•         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.
  

•         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.
  

•         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.
  

Changes

... (truncated)

Commits

• 351cb22 Prepare for the release candidate 1.19.0 RC1
• 0d501b6 Prepare for the next release candidate
• d6d4b82 Refactor duplicate code
• 6d6456c No need to exclude abstract test classes from Surefire runs
• 22d62e4 No need to specify the default value for linkXref
• c4daf34 No longer need to override the version of the Jacoco Maven plugin
• 8f2b673 Remove workaround for [SUREFIRE-2253]
• 466a61d Fix Javadoc
• ca27bd3 Fix Checkstyle
• 1dfb4e5 Better internal method name
• Additional commits viewable in compare view

Updates org.rocksdb:rocksdbjni from 10.2.1 to 10.4.2

Release notes

Sourced from org.rocksdb:rocksdbjni's releases.

v10.4.2

10.4.2 (07/09/2025)

Bug Fixes

• Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

• RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

• Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

• Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
• Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
• Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
• Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
• Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

• Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
• Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

• TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

• Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
• Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
• Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.

Changelog

Sourced from org.rocksdb:rocksdbjni's changelog.

10.4.2 (07/09/2025)

Bug Fixes

• Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

• RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

• Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

• Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
• Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
• Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
• Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
• Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

• Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
• Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

• TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

• Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
• Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
• Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.

10.3.0 (05/17/2025)

New Features

• Add new experimental CompactionOptionsFIFO::allow_trivial_copy_when_change_temperature along with CompactionOptionsFIFO::trivial_copy_buffer_size to allow optimizing FIFO compactions with tiering when kChangeTemperature to move files from source tier FileSystem to another tier FileSystem via trivial and direct copying raw sst file instead of reading thru the content of the SST file then rebuilding the table files.
• Add a new field to Compaction Stats in LOG files for the pre-compression size written to each level.
• Add new experimental TransactionOptions::large_txn_commit_optimize_threshold to enable optimizations for large transaction commit with per transaction threshold. TransactionDBOptions::txn_commit_bypass_memtable_threshold is deprecated in favor of this transaction option.
• [internal team use only] Allow an application-defined request_id to be passed to RocksDB and propagated to the filesystem via IODebugContext

Bug Fixes

• Fix a bug where transaction lock upgrade can incorrectly fail with a Deadlock status. This happens when a transaction has a non-zero timeout and tries to upgrade a shared lock that is also held by another transaction.
• Pass wrapped WritableFileWriter pointer to ExternalTableBuilder so that the file checksum can be correctly calculated and returned by SstFileWriter for external table files.
• Fix an infinite-loop bug in transaction locking. This can happen if a transaction reaches lock limit and its time out expires before it attempts to wait for it.
• Fixed a potential data race with CompressionOptions::parallel_threads > 1 and a TablePropertiesCollector overriding BlockAdd().

10.2.0 (04/21/2025)

New Features

• Provide histogram stats COMPACTION_PREFETCH_BYTES to measure number of bytes for RocksDB's prefetching (as opposed to file system's prefetch) on SST file during compaction read
• A new API DB::GetNewestUserDefinedTimestamp is added to return the newest user defined timestamp seen in a column family
• Introduce API IngestWriteBatchWithIndex() for ingesting updates into DB while bypassing memtable writes. This improves performance when writing a large write batch to the DB.
• Add a new CF option memtable_op_scan_flush_trigger that triggers a flush of the memtable if an iterator's Seek()/Next() scans over a certain number of invisible entries from the memtable.

... (truncated)

Commits

• 410c562 Merge pull request #13756 from mszeszko-meta/backport_13609_to_10.4
• 49d0c21 Bump patch version, update HISTORY.md
• b72fe4f Remove stats_ field from SstFileManagerImpl (#13757)
• 8725d90 Update compression libraries to latest releases (#13609)
• 3df9173 10.4.1 Patch Release (#13748)
• c3edaf5 Release 10.4
• f340a2e Port codemod changes from fbcode/rocksdb (#13714)
• 78c83ac Publish/support format_version=7, related enhancements (#13713)
• 190bb0b Disable AutoSkipCompressionManager test (#13715)
• fdc2970 Connect custom compression to crash test and ObjectLibrary (#13710)
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.38 to 1.18.40

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.40 (September 4th, 2025)

• PLATFORM: JDK25 support added #3859.
• BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
• PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
• BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
• FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
• IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.

Commits

• 0187946 [release] pre-release version bump for v1.18.40
• 3c0b6a8 [changelog] Replace PRs with issues, add #3866 fi and #3931 fix.
• 4ae2db7 Merge pull request #3889 from Rawi01/extensionmethod-name-check
• 7eee00a [fixes #3931] Proper output for config tool addNullAnnotations
• 3392bb9 [fixes #3866] Check extension method name before resolving types
• 87e8af4 [comment] Added explanation: We skip ecj check on `NonNullOnRecordExistingCon...
• 1255ae0 [optimisation] Avoid making a pointless arraylist in 90% of cases.
• 7aa264e Merge pull request #3888 from Rawi01/eclipse-record-refactoring
• fb4651b [changelog] Logged: JDK25 support.
• 6648115 Merge branch 'jdk25'
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.18.0 to 5.19.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.19.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.19.0

• 2025-08-15 - 37 commit(s) by Adrian-Kim, Tim van der Lippe, Tran Ngoc Nhan, dependabot[bot], juyeop
• feat: Add support for JDK21 Sequenced Collections. [(#3708)](mockito/mockito#3708)
• Bump actions/checkout from 4 to 5 [(#3707)](mockito/mockito#3707)
• build: Allow overriding 'Created-By' for reproducible builds [(#3704)](mockito/mockito#3704)
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 [(#3703)](mockito/mockito#3703)
• Bump androidx.test:runner from 1.6.2 to 1.7.0 [(#3697)](mockito/mockito#3697)
• Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 [(#3694)](mockito/mockito#3694)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 [(#3693)](mockito/mockito#3693)
• Bump junit-jupiter from 5.13.3 to 5.13.4 [(#3691)](mockito/mockito#3691)
• Bump com.gradle.develocity from 4.0.2 to 4.1 [(#3689)](mockito/mockito#3689)
• Bump com.google.googlejavaformat:google-java-format from 1.27.0 to 1.28.0 [(#3688)](mockito/mockito#3688)
• Bump com.google.googlejavaformat:google-java-format from 1.25.2 to 1.27.0 [(#3686)](mockito/mockito#3686)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.4 to 7.1.0 [(#3685)](mockito/mockito#3685)
• Bump junit-jupiter from 5.13.2 to 5.13.3 [(#3684)](mockito/mockito#3684)
• Bump org.shipkit:shipkit-auto-version from 2.1.0 to 2.1.2 [(#3683)](mockito/mockito#3683)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.4 [(#3682)](mockito/mockito#3682)
• Only run release after both Java and Android tests have finished [(#3681)](mockito/mockito#3681)
• Bump org.junit.platform:junit-platform-launcher from 1.12.2 to 1.13.3 [(#3680)](mockito/mockito#3680)
• Bump org.codehaus.groovy:groovy from 3.0.24 to 3.0.25 [(#3679)](mockito/mockito#3679)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.23.0 to 3.23.100 [(#3678)](mockito/mockito#3678)
• Can no longer publish snapshot releases [(#3677)](mockito/mockito#3677)
• Update Gradle to 8.14.2 [(#3676)](mockito/mockito#3676)
• Bump errorprone from 2.23.0 to 2.39.0 [(#3674)](mockito/mockito#3674)
• Correct Junit docs link [(#3672)](mockito/mockito#3672)
• Bump net.ltgt.gradle:gradle-errorprone-plugin from 4.1.0 to 4.3.0 [(#3670)](mockito/mockito#3670)
• Bump junit-jupiter from 5.13.1 to 5.13.2 [(#3669)](mockito/mockito#3669)
• Bump bytebuddy from 1.17.5 to 1.17.6 [(#3668)](mockito/mockito#3668)
• Bump junit-jupiter from 5.12.2 to 5.13.1 [(#3666)](mockito/mockito#3666)
• Bump org.jetbrains.kotlin:kotlin-stdlib from 2.0.21 to 2.2.0 [(#3665)](mockito/mockito#3665)
• Bump org.gradle.toolchains.foojay-resolver-convention from 0.9.0 to 1.0.0 [(#3661)](mockito/mockito#3661)
• Bump org.junit.platform:junit-platform-launcher from 1.11.4 to 1.12.2 [(#3660)](mockito/mockito#3660)
• Add JDK21 sequenced collections for ReturnsEmptyValues [(#3659)](mockito/mockito#3659)
• Bump com.gradle.develocity from 3.19.1 to 4.0.2 [(#3658)](mockito/mockito#3658)
• Bump ru.vyarus:gradle-animalsniffer-plugin from 1.7.2 to 2.0.1 [(#3657)](mockito/mockito#3657)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.22.0 to 3.23.0 [(#3656)](mockito/mockito#3656)
• Bump org.codehaus.groovy:groovy from 3.0.23 to 3.0.24 [(#3655)](mockito/mockito#3655)
• Bump junit-jupiter from 5.11.4 to 5.12.2 [(#3653)](mockito/mockito#3653)
• Reproducible Build: need to inject JDK distribution details to rebuild [(#3563)](mockito/mockito#3563)

Commits

• 144751b Add support for JDK21 Sequenced Collections. (#3708)
• b275c7d Bump actions/checkout from 4 to 5 (#3707)
• ad6ae2f Allow overriding 'Created-By' for reproducible builds (#3704)
• 096ee9f Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3703)
• aa7be27 Bump androidx.test:runner from 1.6.2 to 1.7.0 (#3697)
• c8a698b Remove unused tests
• ea45979 Bump errorprone from 2.39.0 to 2.41.0
• 9c8eb23 Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 (#3694)
• f05e44d Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 (#3693)
• 9d32dfe Bump junit-jupiter from 5.13.3 to 5.13.4 (#3691)
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-api from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.1

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.1

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

• c224bce Prepare for the release candidate 2.20.0 RC1
• 8981a5c Remove workaround for
• 4ef481f Prepare for the next release candidate
• d23228f Merge branch 'master' of https://github.com/apache/commons-io.git
• 5d2737f Add @​SuppressWarnings
• e5c80d6 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 #761
• 2017ac0 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#761)
• 07ce798 Javadoc
• a828efa Add ciManagement element to POM
• 46bd1c2 Javadoc
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.4 to 2.5

Commits

• 015ab57 [maven-release-plugin] prepare for next development iteration
• 4795519 Update info
• 9c36c69 Introduce devcontainer
• 0c5b3e5 fix: add debug level to internal logger
• a65b131 Merge branch 'master' into devcontainers
• 788a98b Update changes
• 556b4bf Add info for devcontainer
• 0828c39 ops: migrate deployment from OSSRH to Central Portal
• 30d6a3a Add a test for issue 1108
• 2da4c6d Remove unrelated code
• Additional commits viewable in compare view

Updates org.threeten:threetenbp from 1.7.1 to 1.7.2

Release notes

Sourced from org.threeten:threetenbp's releases.

Release v1.7.2

See the change notes for more information.

Commits

• b3a265a [maven-release-plugin] prepare release v1.7.2
• 03e4f0f Fix GitHub credentials
• 96bb591 Prepare for release v1.7.2
• b565745 Set the TZDB update PR to auto-merge (#206)
• 61d901b Update deployment from OSSRH (#205)
• f8f0527 Update time zone data to 2025bgtz (#203)
• edbc341 Nexus auto-release
• 89fc8a7 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.jetbrains.kotlinx:kotlinx-datetime-jvm from 0.7.0-0.6.x-compat to 0.7.1-0.6.x-compat

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's releases.

v0.7.1

• Add kotlinx.datetime.Instant and kotlinx.datetime.Clock type aliases to, respectively, kotlin.time.Instant and kotlin.time.Clock to make migration more convenient.
• Add a fallback timezone database implementation for Darwin that uses the Foundation framework if the timezone database is unavailable on the filesystem (#485).
• Restore binary compatibility in string format definitions utilizing dates on the JVM (#545).

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's changelog.

CHANGELOG

0.7.1

• Add kotlinx.datetime.Instant and kotlinx.datetime.Clock type aliases to, respectively, kotlin.time.Instant and kotlin.time.Clock to make migration more convenient.
• Add a fallback timezone database implementation for Darwin that uses the Foundation framework if the timezone database is unavailable on the filesystem (#485).
• Restore binary compatibility in string format definitions utilizing dates on the JVM (#545).

0.7.0

Breaking changes:

• Remove kotlinx.datetime.Instant and kotlinx.datetime.Clock in favor of kotlin.time.Instant (#506). See https://github.com/Kotlin/kotlinx-datetime?tab=readme-ov-file#deprecation-of-instant for a description of what to do if this causes problems.
• Unify the range of admissible LocalDate and LocalDateTime values on all platforms (#432).
• Rename dayOfMonth to day, monthNumber to month (#84).
• Make DayOfWeek and Month no longer type aliases to java.time.DayOfWeek and java.time.Month (#96).
• Make "UTC" and not "Z" be the timezone identifier for TimeZone.UTC (#474).
• Accept "z" in TimeZone.of, with the same meaning as "Z" (#529).
• Add DateTimeFormat-based KSerializer implementations for datetime entities, and change the default serializers to be based on toString/parse pairs (#415).

Additions:

• Add java.io.Serializable implementations for most of the entities in the library (#143). Thanks for spotting and fixing a potential vulnerability, @​lukellmann!
• Add LocalDateRange, a range of LocalDate values (#190). Thanks, @​PeterAttardo!
• Add YearMonth and YearMonthRange (#457).

Tweaks and fixes:

• Support obtaining the system timezone on old Debian-based distributions (#430).
• Fix not being able to parse some valid timezone identifiers using the timeZoneId() directive (#444).
• Use the grammar defined in RFC 9557 for parsing timezone identifiers in the timeZoneId() directive, allowing parsing values not present in the timezone database (#531).
• Improved error messages when formatting an invalid DateTimeComponents value (#471).
• Set the JPMS dependency on kotlinx.serialization.core to be optional (#496).

0.6.2

• Add the Wasm/WASI target support (#366). Thanks, @​igoriakovlev!
• Add TimeSource.asClock (#164). Thanks, @​hfhbd!
• Implement parsing and formatting day-of-year (#414)
• Improve the precision of NSDate to Instant conversions (#427)
• Deprecate DatePeriod.plus and DateTimePeriod.plus with a warning (#381)
• Deprecate Clock.asTimeSource with a warning (#372)
• Fix a bug in module-info preventing using kotlinx.datetime.format together with JPMS (#438). Thanks, @​cdelabou!
• Small tweaks and fixes.

0.6.1

• Prohibit parsing non-ASCII digits as numbers in DateTimeFormat (#405)
• More accurately determine which files represent time zones and which don't on Linux and Darwin (#395)
• Fix a regression that occasionally considered the right boundary of a time overlap to be a part of it on Native (#399)

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.11.3

🚨 Removed

• Remove workaround for long patched CVE in javadoc (#388) @​elharo

🚀 New features and improvements

• Issue #369 Suppo...

  Description has been truncated

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.