Bump the java group with 9 updates

[dependabot]

Bumps the java group with 9 updates:

Package	From	To
ch.qos.logback:logback-core	1.5.24	1.5.25
ch.qos.logback:logback-classic	1.5.24	1.5.25
com.fasterxml.jackson.core:jackson-databind	2.20.1	2.21.0
com.fasterxml.jackson.datatype:jackson-datatype-joda	2.20.1	2.21.0
org.springframework:spring-web	7.0.2	7.0.3
com.fasterxml.jackson.datatype:jackson-datatype-hibernate7	2.20.1	2.21.0
org.elasticsearch.client:elasticsearch-rest-client	9.2.3	9.2.4
org.postgresql:postgresql	42.7.8	42.7.9
org.apache.jackrabbit:jackrabbit-jcr-commons	2.22.2	2.22.3

Updates ch.qos.logback:logback-core from 1.5.24 to 1.5.25

Commits

• f426e00 prepare release of 1.5.25
• d28931f restrict object creation to expected supertype
• aa264f7 test default variable values in appender-ref ref attribute
• 8fb403a adjust copyright year
• b294a12 check optionList in start()
• b65040a Add EpochConverter for milliseconds/seconds since epoch (related to issue #96...
• 0690174 cla for Duncan Jauncey
• 71dc2af Removed email address for Tony.
• 1f97ae1 check for undeclared by referenced appenders
• b07355e Move the artifact version checking code to VersionUtil in logback-core.
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.24 to 1.5.25

Commits

• f426e00 prepare release of 1.5.25
• d28931f restrict object creation to expected supertype
• aa264f7 test default variable values in appender-ref ref attribute
• 8fb403a adjust copyright year
• b294a12 check optionList in start()
• b65040a Add EpochConverter for milliseconds/seconds since epoch (related to issue #96...
• 0690174 cla for Duncan Jauncey
• 71dc2af Removed email address for Tony.
• 1f97ae1 check for undeclared by referenced appenders
• b07355e Move the artifact version checking code to VersionUtil in logback-core.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.1 to 2.21.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-joda from 2.20.1 to 2.21.0

Commits

• f4c58d7 [maven-release-plugin] prepare release jackson-datatype-joda-2.21.0
• b1e7530 Prep for 2.21.0 release
• 6ec0f0c Post-release dep version bump
• c875c4d Post-release dep version bump
• 91aabb8 [maven-release-plugin] prepare for next development iteration
• f3b75fe Merge branch '2.20' into 2.x
• c699609 Bump the github-actions group with 3 updates (#177)
• 056cd56 Start 2.20 branch; update 2.x to 2.21
• See full diff in compare view

Updates org.springframework:spring-web from 7.0.2 to 7.0.3

Release notes

Sourced from org.springframework:spring-web's releases.

v7.0.3

⭐ New Features

• DisconnectedClientHelper should detect presence of RestClientException and WebClientException separately #36141
• Deprecate PagedListHolder and PropertyComparator for removal #36139
• Add DataAccessException and MessagingException to the excluded outermost exceptions in DisconnectedClientHelper #36134
• Support property placeholders in HTTP service registry #36126
• Introduce Spring property to disable context pausing for tests #36117
• Retain original requested bean class for SpringContainedBean #36116
• Add task rejection support to SyncTaskExecutor's concurrency throttle #36114
• Precompute PropertyDescriptor array in SimpleBeanInfoFactory #36112
• Add option for @ConcurrencyLimit to throw rejection exception #36109
• Support HttpComponents 5.6 #36100
• Fix double encoding in DefaultApiVersionInserter #36097
• Optimize single-char wildcard path matching performance #36095
• Allow WebFlux ApiVersionResolver to return a Mono #36084
• Configure HttpMessageConverters as a list #36083
• HTTP Interface with an @RequestBody Object method parameter should use class of actual value #36078
• Consistently declare @Nullable on parameter in equals() implementations #36075
• Support listener registration for @Transactional triggered method rollbacks #36073
• Introduce generalized MethodFailureEvent for use in EventPublicationInterceptor #36072
• Avoid duplicate flushes in StringHttpMessageConverter #36065
• When no API version is provided, static resources fail to load #36059
• When no API version is provided, /error requests also fail. #36058
• Declare TaskCallback return value as potentially nullable #36057
• Fix case-insensitive semantics for LinkedCaseInsensitiveMap entrySet #36056
• Update to NullAway 0.12.15 and fix new warnings #36054
• Provide alternative to execute(Retryable) which avoids RetryException in favor of rethrowing the last original RuntimeException #36052
• Avoid unnecessary pausing of application contexts in the TestContext framework #36044
• Simplify TransactionalOperator.executeAndAwait by removing Optional #36039
• Deprecated MockMvcClientHttpRequestFactory is required for tests with HTTP service interface proxy #35989
• Introduce Jackson XML codecs #35752
• Support listener registration for @Retryable triggered retry executions #35382

🐞 Bug Fixes

• Fix SmartFactoryBean type matching for ResolvableType.NONE #36123
• AbstractMessageSendingTemplate ignores headers in convertAndSend() variant #36120
• JmsClient.sendAndReceive() fails if headers are included #36118
• PropertyDescriptorUtils does not reliably resolve overloaded write methods #36113
• Fix context class resolution for nested types in AbstractJacksonHttpMessageConverter #36111
• DefaultApiVersionInserter encodes already encoded URI #36080
• ConverterFactory nullness mismatch with Converter #36063
• WiretapConnector leaks data buffers when response body not consumed #36050
• CompilationException should not use -1 for line or column numbers when they are unknown #36041
• org.springframework.core.test.tools.TestCompiler.Errors should handle case where warnings are turned into errors #36037
• UriComponentsBuilder loses the fragment when it consists of only a single character #36029
• Parameter names of the handler method are null in HandlerInterceptor::preHandle during first invocation of an endpoint #36024
• PropertyDescriptorUtils does not reliably resolve read/write methods in type hierarchies with generics #36019
• Illegal reflection use against Hibernate Validator 9 on module path #36012

... (truncated)

Commits

• 02cdd36 Release v7.0.3
• 62fd09d Polishing
• 9df19de Revise wording for PauseMode documentation
• 01a57a7 Simplify DefaultContextCache implementation by using entrySet().removeIf()
• b5c2003 Fix variable name
• 5f5da06 Upgrade to JUnit 6.0.2
• 9f19b40 Exclude DataAccessException and MessagingException in DisconnectedClientHelper
• a784eb0 Improve DisconnectedClientHelper to better guard ClassNotFoundException
• fa40406 Avoid unnecessary pausing of application contexts for tests
• 948af8b Fix typo in Javadoc
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-hibernate7 from 2.20.1 to 2.21.0

Commits

• ce9832c [maven-release-plugin] prepare release jackson-datatype-hibernate-parent-2.21.0
• ffe854c Prep for 2.21.0 release
• ea6a7ca Post-release dep version bump
• 081a601 Revise Jackson compatibility details in README
• 04e56ec Merge branch '2.20' into 2.x
• 4340e55 Post-release dep version bump
• 2d65062 [maven-release-plugin] prepare for next development iteration
• 02a51b9 Correct Hibernate 7.x dependency version details
• a81d426 Update README wrt Deprecation via [JSTEP-9]
• 890a5d9 Merge pull request #189 from FasterXML/dependabot/github_actions/github-actio...
• Additional commits viewable in compare view

Updates org.elasticsearch.client:elasticsearch-rest-client from 9.2.3 to 9.2.4

Release notes

Sourced from org.elasticsearch.client:elasticsearch-rest-client's releases.

Elasticsearch 9.2.4

Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/docs/release-notes/elasticsearch#elasticsearch-9.2.4-release-notes

Commits

• dfc5c38 Fix ST_DISTANCE handling of invalid geometry literals that fold to null (#140...
• 355b1f4 rest-api-spec: fix required annotations (#138147) (#139351)
• b7713b2 Add busy assertion to avoid race condition for testStalledShardMigrationPrope...
• 3ec0066 [9.2] [Inference API] Fix auth exception listener not called bug (#139966) (#...
• 72cc6df Overload randomIdentifier to accept prefix (#140220)
• 04478d0 Add debug logging for reindex shutdown test (#140093)
• 56a3e15 Mute org.elasticsearch.packaging.test.DockerTests test140CgroupOsStatsAreAvai...
• 4e8a5e1 Removed dash (#140182) (#140187)
• 32ae318 Revert "Attempt to clean up index before remote transfer (#115142)" (#139569)...
• 2a8d305 Reject updating low-priority model deployments to more than 1 allocation (#13...
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.8 to 42.7.9

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.9

Changes

• Added changelogs for version 42.7.9 @​davecramer (#3908)
• the classloader is nullable, and remove a space @​davecramer (#3907)
• fix: incorrect pg_stat_replication.reply_time calculation @​atorik (#3906)
• fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only @​davecramer (#3897)
• fix badges for maven central and search paths. Sonatype has changed the search paths @​davecramer (#3901)
• fix: make all Calendar instances proleptic Gregorian (#3837) @​m-van-tilburg (#3887)
• test: add CI tests with Java 26 @​vlsi (#3893)
• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder @​vlsi (#3866)
• use ssl_is_used() to check for ssl connection @​davecramer (#3867)
• Add PEMKeyManager to handle PEM based certs and keys. @​harinath001 (#3700)
• Comment and simplify the complex state machine logic in QueryExecutorImpl @​davecramer (#3850)
• Revert "fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN" @​davecramer (#3851)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN @​ShenFeng312 (#3838)
• Small simplication of locking patterns in QueryExecutorBase @​Sanne (#3849)
• doc: update property quoteReturningIdentifiers default value @​sodekim (#3847)
• feat: default query timeout property @​cfredri4 (#3705)
• create action to deploy docs to https://pgjdbc.github.io/ @​davecramer (#3819)
• fix homepage release note @​davecramer (#3817)

🐛 Bug Fixes

• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob @​vlsi (#3903)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext @​vlsi (#3886)

📝 Documentation

• doc: add the new PGP signing key to the official documentation @​vlsi (#3813)

🧰 Maintenance

• chore: remove unused com.github.spotbugs Gradle plugin dependency @​vlsi (#3868)
• chore: drop SpotBugs as we do not seem to use it @​vlsi (#3834)
• chore: bump version to 42.7.9 after 42.7.8 release @​vlsi (#3810)

⬆️ Dependencies

• chore(deps): update actions/create-github-app-token digest to 29824e6 @​renovate-bot (#3898)
• chore(deps): update actions/setup-java digest to c1e3236 @​renovate-bot (#3899)
• chore(deps): update codecov/codecov-action digest to 671740a @​renovate-bot (#3900)
• fix(deps): update dependency org.junit:junit-bom to v5.14.1 - autoclosed @​renovate-bot (#3884)
• fix(deps): update dependency org.apache.bcel:bcel to v6.11.0 @​renovate-bot (#3883)
• fix(deps): update dependency org.mockito:mockito-bom to v5.20.0 @​renovate-bot (#3885)
• fix(deps): update dependency net.bytebuddy:byte-buddy-parent to v1.18.2 @​renovate-bot (#3882)
• chore(deps): update github/codeql-action digest to 497990d @​renovate-bot (#3881)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.9] (2026-01-14)

Added

• feat: query timeout property [PR #3705](pgjdbc/pgjdbc#3705)
• feat: Add PEMKeyManager to handle PEM based certs and keys [PR #3700](pgjdbc/pgjdbc#3700)

Changed

• perf: optimize PGInterval.getValue() by replacing String.format with StringBuilder
• doc: update property quoteReturningIdentifiers default value [PR #3847](pgjdbc/pgjdbc#3847)
• security: Use a static method forName to load all user supplied classes. Use the Class.forName 3 parameter method and do not initilize it unless it is a subclass of the expected class

Fixed

• fix: incorrect pg_stat_replication.reply_time calculation [PR #3906](pgjdbc/pgjdbc#3906)
• fix: close temporary lob descriptors that are used internally in PreparedStatement#setBlob
• fix: PGXAConnection.prepare(Xid) should return XA_RDONLY if the connection is read only [PR #3897](pgjdbc/pgjdbc#3897)
• fix: make all Calendar instances proleptic Gregorian [PR #3837](pgjdbc/pgjdbc#3887)
• fix: Simplify concurrency guards on QueryExecutorBase#transaction and QueryExecutorBase#standardConformingStrings [PR #3897](pgjdbc/pgjdbc#3849)
• fix: avoid memory leaks in Java <= 21 caused by Thread.inheritedAccessControlContext [PR #3886](pgjdbc/pgjdbc#3886)
• fix: Issue #3784 pgjdbc can't decode numeric arrays containing special numbers like NaN [PR #3838](pgjdbc/pgjdbc#3838)
• fix: use ssl_is_used() to check for ssl connection [PR #3867](pgjdbc/pgjdbc#3867)
• fix: the classloader is nullable [PR #3907](pgjdbc/pgjdbc#3907)

Commits

• 79b784e Added changelogs for version 42.7.9 (#3908)
• 1c00ffc doc: add the new PGP signing key to the official documentation
• f774000 chore(deps): update actions/create-github-app-token digest to 29824e6
• 27daf3b chore(deps): update actions/setup-java digest to c1e3236
• 6eb01ff chore(deps): update codecov/codecov-action digest to 671740a
• dbf1e57 the classloader is nullable, and remove a space (#3907)
• 6a20574 Merge commit from fork
• c07721a fix: incorrect pg_stat_replication.reply_time calculation (#3906)
• 83023f3 fix: close temporary lob descriptors that are used internally in PreparedStat...
• 62c9805 fix: issue #3892, PGXAConnection.prepare(Xid) should return XA_RDONLY if the ...
• Additional commits viewable in compare view

Updates org.apache.jackrabbit:jackrabbit-jcr-commons from 2.22.2 to 2.22.3

Changelog

Sourced from org.apache.jackrabbit:jackrabbit-jcr-commons's changelog.

Changes in Jackrabbit 2.22.3

Sub-task

[JCR-5160] - Create jacoco reports compliant with SonarQube Cloud
[JCR-5172] - Exclude test sources from SonarQube analysis
[JCR-5173] - Create aggregate jacoco report
[JCR-5174] - Exclude jackrabbit-jcr-tests from coverage calculation

Bug

[JCR-5141] - Deprecate org.apache.jackrabbit.commons.json
[JCR-5196] - Some test classes are not executed by default because they haven't been added to a test suite

Improvement

[JCR-5154] - Replace deprecated call of Class.newInstance()

Task

[JCR-5132] - webapp: update tomcat dependency to 9.0.104
[JCR-5133] - Update easymock dependency to 5.5.0
[JCR-5140] - Improve support for generating namespace prefixes
[JCR-5148] - remove (comment out) mysql test profile
[JCR-5156] - webapp: update tomcat dependency to 9.0.112
[JCR-5163] - Update commons file-upload dependency to 1.6.0
[JCR-5175] - Update Mockito dependency to 5.20.0
[JCR-5176] - Update commons-io dependency to 2.21.0
[JCR-5178] - Update easymock dependency to 5.6.0
[JCR-5182] - Update pax-exam test dependency to 4.14.0
[JCR-5183] - Vote Template should be clear about the fact that running the check script in "sh" will not work
[JCR-5185] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.86.0
[JCR-5187] - Update commons-cli dependency to 1.11.0
[JCR-5188] - Update h2db dependency to 2.3.232
[JCR-5189] - update Jetty to 9.4.58.v20250814
[JCR-5190] - webapp: bump htmlunit to 4.19.0
[JCR-5191] - remove JEXL dependency
[JCR-5192] - update aws java sdk version to 1.12.791
[JCR-5193] - update Apache parent pom to version 35
[JCR-5195] - Utilities for 'safe' creation of XML document builders
[JCR-5197] - cleanup o.a.j.util.Base64 and update Javadoc
[JCR-5200] - Update h2db dependency to 2.4.240
[JCR-5201] - Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.88.0

For more detailed information about all the changes in this and other Jackrabbit releases, please see the Jackrabbit issue tracker at

https://issues.apache.org/jira/browse/JCR

... (truncated)

Commits

• 5dce857 [maven-release-plugin] prepare release jackrabbit-2.22.3
• b6da2b3 JCR-5214: Release Jackrabbit 2.22.3 - Candidate Release Notes (#321)
• d241fae JCR-5174 Use SonarQube path patterns which should work with multimodule
• d96fb2f trivial: Remove prerequisites from POM
• 0fbedf4 JCR-5174 Exclude jackrabbit-jcr-tests from coverage calculation
• dadb919 JCR-5173 Create aggregated coverage report
• 7a90a41 Fix a typo: @​peop -> @​prop
• be3a79f JCR-5160 Generate Jacoco Report in default location to be picked up by
• 76c7cd0 JCR-5174 Exclude jackrabbit-jcr-tests from coverage calculation
• ace0186 JCR-5201: Update oak-jackrabbit-api.version.implemented in trunk to Oak 1.88....
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.