Skip to content

Bump the production-dependencies group across 1 directory with 23 updates #1160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 2 commits into from
Closed

Bump the production-dependencies group across 1 directory with 23 updates #1160

dependabot wants to merge 2 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 22, 2025
edited
Loading

Bumps the production-dependencies group with 23 updates in the / directory:

Package From To
com.fasterxml.jackson.core:jackson-databind 2.19.2 2.20.0
com.fasterxml.jackson.datatype:jackson-datatype-jdk8 2.19.2 2.20.0
com.fasterxml.jackson.module:jackson-module-kotlin 2.19.2 2.20.0
commons-codec:commons-codec 1.18.0 1.19.0
org.rocksdb:rocksdbjni 10.2.1 10.4.2
org.projectlombok:lombok 1.18.38 1.18.42
org.mockito:mockito-core 5.18.0 5.20.0
org.apache.logging.log4j:log4j-api 2.25.0 2.25.2
org.apache.logging.log4j:log4j-slf4j2-impl 2.25.0 2.25.2
org.apache.logging.log4j:log4j-core 2.25.0 2.25.2
commons-io:commons-io 2.19.0 2.20.0
org.yaml:snakeyaml 2.4 2.5
jakarta.xml.bind:jakarta.xml.bind-api 4.0.2 4.0.4
com.google.guava:guava 33.4.8-jre 33.5.0-jre
org.threeten:threetenbp 1.7.1 1.7.2
org.jetbrains.kotlinx:kotlinx-datetime-jvm 0.7.0-0.6.x-compat 0.7.1-0.6.x-compat
org.apache.maven.plugins:maven-compiler-plugin 3.14.0 3.14.1
org.apache.maven.plugins:maven-surefire-plugin 3.5.3 3.5.4
org.apache.maven.plugins:maven-javadoc-plugin 3.11.2 3.12.0
org.apache.maven.plugins:maven-gpg-plugin 3.2.7 3.2.8
org.codehaus.mojo:flatten-maven-plugin 1.7.2 1.7.3
org.junit:junit-bom 5.12.2 5.13.4
org.graalvm.buildtools:native-maven-plugin 0.10.6 0.11.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.0

Commits

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits
  • 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
  • 4d53d9a Prep for 2.20.0
  • df3d719 Drop rc2 from version
  • 03159dd Post-release version bump
  • 3982156 [maven-release-plugin] prepare for next development iteration
  • 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
  • ddc1e5c Prep for 2.20.0-rc1
  • 80b8371 Merge pull request #1025 from k163377/ex
  • 50f5527 Update release notes wrt #1025
  • 4ab4308 Fix to test that KotlinInvalidNullException is thrown
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits
  • 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
  • 4d53d9a Prep for 2.20.0
  • df3d719 Drop rc2 from version
  • 03159dd Post-release version bump
  • 3982156 [maven-release-plugin] prepare for next development iteration
  • 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
  • ddc1e5c Prep for 2.20.0-rc1
  • 80b8371 Merge pull request #1025 from k163377/ex
  • 50f5527 Update release notes wrt #1025
  • 4ab4308 Fix to test that KotlinInvalidNullException is thrown
  • Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

  •         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.

  •         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.

  •         Add PMD check to the default Maven goal. Thanks to Gary Gregory.

  •         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.

Fixed Bugs

  •         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.

  •         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  • CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.
  •         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.

  •         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.

  •         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.

  •         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.

  •         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.

  •         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.

  •         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.

  •         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  • CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
  • CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.
  •         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.

  •         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.

  •         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.

  •         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.

  •         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.

  •         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.

  •         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.

  •         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.

  •         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.

Changes

... (truncated)

Commits
  • 351cb22 Prepare for the release candidate 1.19.0 RC1
  • 0d501b6 Prepare for the next release candidate
  • d6d4b82 Refactor duplicate code
  • 6d6456c No need to exclude abstract test classes from Surefire runs
  • 22d62e4 No need to specify the default value for linkXref
  • c4daf34 No longer need to override the version of the Jacoco Maven plugin
  • 8f2b673 Remove workaround for [SUREFIRE-2253]
  • 466a61d Fix Javadoc
  • ca27bd3 Fix Checkstyle
  • 1dfb4e5 Better internal method name
  • Additional commits viewable in compare view

Updates org.rocksdb:rocksdbjni from 10.2.1 to 10.4.2

Release notes

Sourced from org.rocksdb:rocksdbjni's releases.

v10.4.2

10.4.2 (07/09/2025)

Bug Fixes

  • Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

  • RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

  • Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

  • Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
  • Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
  • Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
  • Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
  • Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

  • Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
  • Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

  • TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

  • Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
  • Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
  • Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.
Changelog

Sourced from org.rocksdb:rocksdbjni's changelog.

10.4.2 (07/09/2025)

Bug Fixes

  • Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

  • RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

  • Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

  • Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
  • Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
  • Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
  • Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
  • Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

  • Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
  • Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

  • TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

  • Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
  • Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
  • Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.

10.3.0 (05/17/2025)

New Features

  • Add new experimental CompactionOptionsFIFO::allow_trivial_copy_when_change_temperature along with CompactionOptionsFIFO::trivial_copy_buffer_size to allow optimizing FIFO compactions with tiering when kChangeTemperature to move files from source tier FileSystem to another tier FileSystem via trivial and direct copying raw sst file instead of reading thru the content of the SST file then rebuilding the table files.
  • Add a new field to Compaction Stats in LOG files for the pre-compression size written to each level.
  • Add new experimental TransactionOptions::large_txn_commit_optimize_threshold to enable optimizations for large transaction commit with per transaction threshold. TransactionDBOptions::txn_commit_bypass_memtable_threshold is deprecated in favor of this transaction option.
  • [internal team use only] Allow an application-defined request_id to be passed to RocksDB and propagated to the filesystem via IODebugContext

Bug Fixes

  • Fix a bug where transaction lock upgrade can incorrectly fail with a Deadlock status. This happens when a transaction has a non-zero timeout and tries to upgrade a shared lock that is also held by another transaction.
  • Pass wrapped WritableFileWriter pointer to ExternalTableBuilder so that the file checksum can be correctly calculated and returned by SstFileWriter for external table files.
  • Fix an infinite-loop bug in transaction locking. This can happen if a transaction reaches lock limit and its time out expires before it attempts to wait for it.
  • Fixed a potential data race with CompressionOptions::parallel_threads > 1 and a TablePropertiesCollector overriding BlockAdd().

10.2.0 (04/21/2025)

New Features

  • Provide histogram stats COMPACTION_PREFETCH_BYTES to measure number of bytes for RocksDB's prefetching (as opposed to file system's prefetch) on SST file during compaction read
  • A new API DB::GetNewestUserDefinedTimestamp is added to return the newest user defined timestamp seen in a column family
  • Introduce API IngestWriteBatchWithIndex() for ingesting updates into DB while bypassing memtable writes. This improves performance when writing a large write batch to the DB.
  • Add a new CF option memtable_op_scan_flush_trigger that triggers a flush of the memtable if an iterator's Seek()/Next() scans over a certain number of invisible entries from the memtable.

... (truncated)

Commits

Updates org.projectlombok:lombok from 1.18.38 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

  • FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
  • BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.

v1.18.40 (September 4th, 2025)

  • PLATFORM: JDK25 support added #3859.
  • BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
  • PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
  • BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
  • FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
  • IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.
Commits
  • 2031eb0 [release] pre-release version bump for v1.18.42
  • c95a6c1 Merge branch 'logger-access'
  • 71d85ca #2280 Add delivery of this 'access for logging' to the changelog.
  • 99ba3e3 [trivial] Slightly reworded the javadoc on each @Log annotation's `access()...
  • e9cf11e [trivial][style]
  • a6d5568 [deprecation] Marked AccessLevel.MODULE as deprecated. It was written for a...
  • 492011d Refactored to use Javac/Eclipse utility function
  • c1f7f66 Update copyright in logger files
  • f63f40a Add myself to AUTHORS
  • 9152c34 Fix failing tests
  • Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.18.0 to 5.20.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

v5.19.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.19.0

... (truncated)

Commits
  • 3a1a19e Add support for generic types in MockedConstruction and MockedStatic (#3729)
  • f3c957a Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#3730)
  • 3cfbd42 Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 (#3725)
  • 6f9a04b Bump com.gradle.develocity from 4.1.1 to 4.2 (#3726)
  • c75dfb8 Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 (#3720)
  • 54474fa Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 (#3719)
  • bc06f21 Use Assume.assumeThat for SequencedCollection tests (#3711)
  • a10aed0 Bump actions/setup-java from 4 to 5 (#3715)
  • 37bb3e5 Fix metadata generation on GraalVM (#3710)
  • ef2fd6f Bump com.gradle.develocity from 4.1 to 4.1.1 (#3713)
  • Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-api from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

Updates org.yaml:snakeyaml from 2.4 to 2.5

Commits
  • 015ab57 [maven-release-plugin] prepare for next development iteration
  • 4795519 Update info
  • 9c36c69 Introduce devcontainer
  • 0c5b3e5 fix: add debug level to internal logger
  • a65b131 Merge branch 'master' into devcontainers
  • 788a98b Update changes
  • 556b4bf Add info for devcontainer
  • 0828c39 ops: migrate deployment from OSSRH to Central Portal
  • 30d6a3a Add a test for issue 1108
  • 2da4c6d Remove unrelated code
  • Additional commits viewable in compare view

Updates jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4

Commits
  • 1df980a Update API version of : to 4.0.4
  • 5548633 fix #315
  • b44c5ca activation-api 2.1.4
  • b106241 Create TCK challenge template
  • d91e825 Merge pull request #322 from jakartaee/4.0.3-RELEASE
  • 85e2fb6 Update API version of : to 4.0.4-SNAPSHOT
  • cae8cae Update API version of : to 4.0.3
  • 256b24e fix: Unmarshalling hexBinary with leading whitespaces yields null (#313)
  • 57884ff Fix #316, Unable to override JAXBContextFactory through properties (#317)
  • 3cb177a Handle empty string input for parseBase64Binary instead of throwing IllegalAr...
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
  • For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
  • Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
  • Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
  • cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
  • collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
  • math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
  • net: Added image/avif to MediaType. (53344caba6)
  • testing: Made CollectorTester available to Android users. (294c251079)
  • util.concurrent: Added Striped.custom. (1586eb271d)
Commits

Updates org.threeten:threetenbp from 1.7.1 to 1.7.2

Release notes

Sourced from org.threeten:threetenbp's releases.

Release v1.7.2

See the change notes for more information.

Commits

Updates org.jetbrains.kotlinx:kotlinx-datetime-jvm from 0.7.0-0.6.x-compat to 0.7.1-0.6.x-compat

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's releases.

v0.7.1

  • Add kotlinx.datetime.Instant and kotlinx.datetime.Clock type aliases to, respectively, kotlin.time.Instant and kotlin.time.Clock to make migration more convenient.
  • Add a fallback timezone database implementat...

    Description has been truncated

@dependabot
Bump the production-dependencies group across 1 directory with 23 upd…
fb00b02 
…ates

Bumps the production-dependencies group with 23 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.19.2` | `2.20.0` |
| com.fasterxml.jackson.datatype:jackson-datatype-jdk8 | `2.19.2` | `2.20.0` |
| [com.fasterxml.jackson.module:jackson-module-kotlin](https://github.com/FasterXML/jackson-module-kotlin) | `2.19.2` | `2.20.0` |
| [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.18.0` | `1.19.0` |
| [org.rocksdb:rocksdbjni](https://github.com/facebook/rocksdb) | `10.2.1` | `10.4.2` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.38` | `1.18.42` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.18.0` | `5.20.0` |
| org.apache.logging.log4j:log4j-api | `2.25.0` | `2.25.2` |
| org.apache.logging.log4j:log4j-slf4j2-impl | `2.25.0` | `2.25.2` |
| org.apache.logging.log4j:log4j-core | `2.25.0` | `2.25.2` |
| [commons-io:commons-io](https://github.com/apache/commons-io) | `2.19.0` | `2.20.0` |
| [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) | `2.4` | `2.5` |
| [jakarta.xml.bind:jakarta.xml.bind-api](https://github.com/jakartaee/jaxb-api) | `4.0.2` | `4.0.4` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.4.8-jre` | `33.5.0-jre` |
| [org.threeten:threetenbp](https://github.com/ThreeTen/threetenbp) | `1.7.1` | `1.7.2` |
| [org.jetbrains.kotlinx:kotlinx-datetime-jvm](https://github.com/Kotlin/kotlinx-datetime) | `0.7.0-0.6.x-compat` | `0.7.1-0.6.x-compat` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.14.1` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` |
| [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.11.2` | `3.12.0` |
| [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.2.7` | `3.2.8` |
| [org.codehaus.mojo:flatten-maven-plugin](https://github.com/mojohaus/flatten-maven-plugin) | `1.7.2` | `1.7.3` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.12.2` | `5.13.4` |
| [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools) | `0.10.6` | `0.11.0` |



Updates `com.fasterxml.jackson.core:jackson-databind` from 2.19.2 to 2.20.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.19.2 to 2.20.0

Updates `com.fasterxml.jackson.module:jackson-module-kotlin` from 2.19.2 to 2.20.0
- [Commits](FasterXML/jackson-module-kotlin@jackson-module-kotlin-2.19.2...jackson-module-kotlin-2.20.0)

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jdk8` from 2.19.2 to 2.20.0

Updates `com.fasterxml.jackson.module:jackson-module-kotlin` from 2.19.2 to 2.20.0
- [Commits](FasterXML/jackson-module-kotlin@jackson-module-kotlin-2.19.2...jackson-module-kotlin-2.20.0)

Updates `commons-codec:commons-codec` from 1.18.0 to 1.19.0
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-codec@rel/commons-codec-1.18.0...rel/commons-codec-1.19.0)

Updates `org.rocksdb:rocksdbjni` from 10.2.1 to 10.4.2
- [Release notes](https://github.com/facebook/rocksdb/releases)
- [Changelog](https://github.com/facebook/rocksdb/blob/v10.4.2/HISTORY.md)
- [Commits](facebook/rocksdb@v10.2.1...v10.4.2)

Updates `org.projectlombok:lombok` from 1.18.38 to 1.18.42
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.38...v1.18.42)

Updates `org.mockito:mockito-core` from 5.18.0 to 5.20.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.18.0...v5.20.0)

Updates `org.apache.logging.log4j:log4j-api` from 2.25.0 to 2.25.2

Updates `org.apache.logging.log4j:log4j-slf4j2-impl` from 2.25.0 to 2.25.2

Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 2.25.2

Updates `org.apache.logging.log4j:log4j-slf4j2-impl` from 2.25.0 to 2.25.2

Updates `org.apache.logging.log4j:log4j-core` from 2.25.0 to 2.25.2

Updates `commons-io:commons-io` from 2.19.0 to 2.20.0
- [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-io@rel/commons-io-2.19.0...rel/commons-io-2.20.0)

Updates `org.yaml:snakeyaml` from 2.4 to 2.5
- [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.5..snakeyaml-2.4)

Updates `jakarta.xml.bind:jakarta.xml.bind-api` from 4.0.2 to 4.0.4
- [Release notes](https://github.com/jakartaee/jaxb-api/releases)
- [Commits](jakartaee/jaxb-api@4.0.2...4.0.4)

Updates `com.google.guava:guava` from 33.4.8-jre to 33.5.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.threeten:threetenbp` from 1.7.1 to 1.7.2
- [Release notes](https://github.com/ThreeTen/threetenbp/releases)
- [Changelog](https://github.com/ThreeTen/threetenbp/blob/main/RELEASE-NOTES.md)
- [Commits](ThreeTen/threetenbp@v1.7.1...v1.7.2)

Updates `org.jetbrains.kotlinx:kotlinx-datetime-jvm` from 0.7.0-0.6.x-compat to 0.7.1-0.6.x-compat
- [Release notes](https://github.com/Kotlin/kotlinx-datetime/releases)
- [Changelog](https://github.com/Kotlin/kotlinx-datetime/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Kotlin/kotlinx-datetime/commits)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.14.1
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.14.1)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4)

Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.11.2 to 3.12.0
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.11.2...maven-javadoc-plugin-3.12.0)

Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.2.7 to 3.2.8
- [Release notes](https://github.com/apache/maven-gpg-plugin/releases)
- [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8)

Updates `org.codehaus.mojo:flatten-maven-plugin` from 1.7.2 to 1.7.3
- [Release notes](https://github.com/mojohaus/flatten-maven-plugin/releases)
- [Commits](mojohaus/flatten-maven-plugin@1.7.2...1.7.3)

Updates `org.junit:junit-bom` from 5.12.2 to 5.13.4
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.12.2...r5.13.4)

Updates `org.graalvm.buildtools:native-maven-plugin` from 0.10.6 to 0.11.0
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@0.10.6...0.11.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: com.fasterxml.jackson.module:jackson-module-kotlin
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: com.fasterxml.jackson.module:jackson-module-kotlin
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.rocksdb:rocksdbjni
  dependency-version: 10.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.logging.log4j:log4j-slf4j2-impl
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.logging.log4j:log4j-slf4j2-impl
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: commons-io:commons-io
  dependency-version: 2.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.yaml:snakeyaml
  dependency-version: '2.5'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: com.google.guava:guava
  dependency-version: 33.5.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.threeten:threetenbp
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.jetbrains.kotlinx:kotlinx-datetime-jvm
  dependency-version: 0.7.1-0.6.x-compat
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.apache.maven.plugins:maven-gpg-plugin
  dependency-version: 3.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.codehaus.mojo:flatten-maven-plugin
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 5.13.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: org.graalvm.buildtools:native-maven-plugin
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 22, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 22, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 29, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Sep 29, 2025
@dependabot dependabot bot deleted the dependabot/maven/main/production-dependencies-270ca015ad branch September 29, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anidotnet