Skip to content

fix(deps): bump the all-deps group with 28 updates#930

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/all-deps-aa6f46bdfe
Open

fix(deps): bump the all-deps group with 28 updates#930
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/all-deps-aa6f46bdfe

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-deps group with 28 updates:

Package From To
org.apache.logging.log4j:log4j-bom 2.25.3 2.26.1
io.vertx:vertx-stack-depchain 5.0.12 5.1.5
org.junit:junit-bom 5.12.2 6.1.2
org.apache.kafka:kafka-clients 4.2.0 4.3.1
com.google.guava:guava 33.0.0-jre 33.6.0-jre
org.folio:mod-inventory-storage-dto 30.0.0 30.0.3
org.projectlombok:lombok 1.18.42 1.18.46
org.awaitility:awaitility 3.0.0 4.3.0
io.rest-assured:rest-assured 4.3.3 6.0.1
org.mockito:mockito-core 5.2.0 5.23.0
net.bytebuddy:byte-buddy 1.17.1 1.18.11
org.assertj:assertj-core 3.20.2 3.27.7
joda-time:joda-time 2.14.0 2.14.2
org.folio:mod-source-record-storage-client 6.0.0 6.0.1
org.folio:mod-source-record-manager-client 4.0.0 4.0.5
com.jayway.jsonpath:json-path-assert 2.4.0 3.0.0
com.github.ben-manes.caffeine:caffeine 2.8.5 3.2.4
org.postgresql:postgresql 42.7.8 42.7.13
org.liquibase:liquibase-core 5.0.1 5.0.3
org.folio:folio-module-descriptor-validator 1.0.0 1.0.1
org.apache.maven.plugins:maven-surefire-report-plugin 3.2.5 3.5.6
org.apache.maven.plugins:maven-compiler-plugin 3.11.0 3.15.0
org.apache.maven.plugins:maven-resources-plugin 3.3.1 3.5.0
org.jsonschema2pojo:jsonschema2pojo-maven-plugin 1.0.2 1.3.3
org.apache.maven.plugins:maven-shade-plugin 3.5.2 3.6.2
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.6
org.apache.maven.plugins:maven-failsafe-plugin 3.2.5 3.5.6
org.apache.maven.plugins:maven-release-plugin 2.5.3 3.3.1

Updates org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.26.1

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.26.1

This patch release delivers certain fixes on top of 2.26.0.

Changed

  • Improve logging for LinkageError scenarios involving the LMAX Disruptor library (#2250, #4124)

Fixed

  • Fix the createOnDemand behavior of RollingFileAppender to correctly defer file and directory creation until the first log event, while preserving eager creation when disabled. (#2006, #4072)
  • Improve documentation for locale handling in the Pattern Layout date pattern converter (#4129, #4130)
  • Fix handling of non-finite numbers while encoding MapMessage to JSON (#4163)
  • Fix encoding of MSGID and SD-ID fields of StructuredDataMessage to XML (#4136)
  • Fix stack trace rendering for exceptions with identity malfunction (e.g., colliding equals() and/or hashCode() implementations) (#3933, #4133)
  • Fix resource leaks in ConfigurationSource when loading configuration via URL fails (#4127)
  • Fix KafkaAppender reporting error to error handler even after a successful retry (#4125)

2.26.0

This minor release delivers all the fixes in the [2.25.0, 2.25.4] version range, plus some new fixes, and several other improvements and features.

Added

  • Add a new ConfigurationFactory::getConfiguration method accepting multiple URIs (#3775, #3921)
  • Add and export org.apache.logging.log4j.core.pattern.NamedInstantPattern enabling users to programmatically access named date & time patterns supported by Pattern Layout (#3789)
  • Add log4j.plugin.processor.minAllowedMessageKind annotation processor option to PluginProcessor to filter diagnostic messages by severity. This allows builds that treat compiler notes as errors (e.g. Maven with -Werror) to suppress informational notes emitted during normal plugin processing. (apache/logging-log4j2#3380, #4063)
  • Add missing setters to Rfc5424LayoutBuilder

Changed

  • Ensure scripts in the global Scripts element have explicit names by throwing a ConfigurationException for unnamed ones. (#3176)
  • Simplify file manager registry factory methods (#3968)

Deprecated

  • Deprecated withers in builder classes in favor of setters. This change improves API consistency with Log4j Core 3 and helps users adapt to the upcoming changes. (#3750)

Fixed

  • Fix script resolution failure when the Scripts element is placed after a ScriptRef in the configuration. (#3336)
  • Fix ArrayIndexOutOfBoundsException thrown by ThrowableStackTraceRenderer when the stack trace is modified concurrently (#3940, #3955)
  • Fix SLF4JLogger.atFatal() returning atLevel(Level.TRACE) instead of atLevel(Level.FATAL). This was causing FATAL-level log events to be silently discarded when using the fluent API through the log4j-to-slf4j bridge. (#4068, #4089)
  • Fix Javadoc references across module boundaries (i.e., cross-references) (#4099, #4100)
  • Fix header write in RollingRandomAccessFileManager that was being incorrectly skipped if append=true and the file didn't exist before
  • Fix a properties file configuration regression caused by not referenced loggers, appenders, and filters (#4036, #4069)

Removed

  • Remove the jvmrunargs lookup. (#3874)

Updated

... (truncated)

Commits
  • dd0f9d2 Release changelog for version 2.26.1
  • efbb638 Update the project.build.outputTimestamp property
  • c9332be Fix handling of non-finite numbers while encoding MapMessage to JSON (#4163)
  • bd8eca1 Fix AsciiDoc typo in pattern-layout.adoc
  • df1c753 tidy up changelogs
  • 0592cff fix version in pom.xml
  • e320257 Release changelog for version 2.26.1
  • 5755541 Update the project.build.outputTimestamp property
  • 6c2d931 Set version to 2.26.1
  • 69d6641 add patch release/2.26.1 liked commits and moved changelog the release/2.26.1...
  • Additional commits viewable in compare view

Updates io.vertx:vertx-stack-depchain from 5.0.12 to 5.1.5

Updates org.junit:junit-bom from 5.12.2 to 6.1.2

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.2 = Platform 6.1.2 + Jupiter 6.1.2 + Vintage 6.1.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.1...r6.1.2

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

... (truncated)

Commits
  • b685426 Release 6.1.2
  • ae244a6 Remove blanket outputDirectoryCreator from SuiteEngineTests (#5793)
  • 43bd154 Finalize 6.1.2 release notes
  • 0cd9510 Fix order of release note sections
  • a1507cb Add initial 6.1.2 release notes to release notes index
  • 9326641 Fix NoTestsDiscoveredException for suites containing only dynamic tests (#5839)
  • 2ef1123 Create initial 6.1.2 release notes from template
  • 83fa9ab Back to snapshots for further development
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • Additional commits viewable in compare view

Updates org.apache.kafka:kafka-clients from 4.2.0 to 4.3.1

Updates com.google.guava:guava from 33.0.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMultimap, and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

33.5.0

Maven

<dependency>
</tr></table> 

... (truncated)

Commits

Updates org.folio:mod-inventory-storage-dto from 30.0.0 to 30.0.3

Release notes

Sourced from org.folio:mod-inventory-storage-dto's releases.

v30.0.3

Bug fixes

  • Fix Instance complete_updated_date update performance on item create/update (MODINVSTOR-1569)

v30.0.2

Bug fixes

  • Add MATERIALIZED to bound_instances CTE in reindexInstances query (MODINVSTOR-1566)
  • Update Instance complete_updated_date when items/holdings are moved between instances (MODINVSTOR-1542)

v30.0.1

Bug fixes

  • Fix item order value calculation under concurrent execution to avoid race conditions. (MODINVSTOR-1547)
  • Trigger holding items recalculation on instanceId change (MODINVSTOR-1548)
Changelog

Sourced from org.folio:mod-inventory-storage-dto's changelog.

v30.1.0 YYYY-mm-DD

Breaking changes

New APIs versions

  • Provides settings v1.0
  • Requires API_NAME vX.Y

Features

  • Create feature flag for enabling optimization to prevent redundant updates in Inventory (Instance,Holding,Item) (MODINVSTOR-1577)

Bug fixes

  • Trigger holding items recalculation on instanceId change (MODINVSTOR-1548)
  • Fix item order value calculation under concurrent execution to avoid race conditions. (MODINVSTOR-1547)
  • Update Instance complete_updated_date when items/holdings are moved between instances (MODINVSTOR-1542)
  • Add MATERIALIZED to bound_instances CTE in reindexInstances query (MODINVSTOR-1566)
  • Fix Instace complete_updated_date update performance on item create/update (MODINVSTOR-1569)
  • Add full-text index for formerIds to improve item lookup via formerIds field (MODINVSTOR-1579)
  • HttpClient leak: reuse shared client instead of creating per request (MODINVSTOR-1583)
  • Improve performance of /inventory-reindex-records/export api (MSEARCH-1245)

Tech Dept

Dependencies

  • Bump folio-kafka-wrapper from 4.0.0 to 4.1.0
  • Add LIB_NAME VERSION
  • Remove LIB_NAME

Commits
  • 14d8ee3 [maven-release-plugin] prepare release v30.0.3
  • e1bf236 Update NEWS
  • 71f33ac fix: Fix Instace complete_updated_date update performance on item create/upda...
  • 722190c [maven-release-plugin] prepare for next development iteration
  • 9091a4c [maven-release-plugin] prepare release v30.0.2
  • 82a29b2 fix: update instance complete_updated_date when items/holdings are moved betw...
  • 272e765 fix: update SQL syntax for materialized view in reindexInstances query (#1360)
  • f427d54 fix(reindex): Fix slow s3 reindexing flow (#1344)
  • 9912f3c chore(deps-dev): bump org.folio.okapi:okapi-testing (#1356)
  • 7b92fc5 fix(deps): bump org.junit:junit-bom (#1357)
  • Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.42 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

  • PLATFORM: JDK26 support added #4019.
  • PLATFORM: Spring Tools Suite 5 supported #3985.
  • BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
  • BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
  • BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

v1.18.44 (March 11th, 2026)

  • FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
  • BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
  • BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.
Commits
  • 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
  • fcdab3f [version] pre-release version bump
  • 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
  • 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
  • 2be766c Merge branch 'jackson3-final-touches'
  • 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
  • e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
  • 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
  • 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
  • e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
  • Additional commits viewable in compare view

Updates org.awaitility:awaitility from 3.0.0 to 4.3.0

Changelog

Sourced from org.awaitility:awaitility's changelog.

Changelog 4.3.0 (2025-02-21)

  • Support for kotlin.time.Duration in Kotlin DSL (thanks to Ivo Šmíd for PR)

  • Upgraded kotlin version in the awaitility-kotlin module to 2.1.10

  • Using a more descriptive error message when using VERY long wait conditions or poll durations (issue 290)

  • Added an overloaded method of untilAsserted(..) that takes a supplier and a consumer. For example, lets say you have a class like this: public class MyClass { public String myFunction() { // Imagine stuff being executed in asynchronously here and the result of this // operation is a string called "my value" return "my value" } }

    // Then in your test you can wait for the "myFunction" to be asserted by a "consumer" that uses // assertj to make sure that "myFunction" returns ""my value" await().untilAsserted(myClass::myFunction, value -> Assertions.assertThat(value).isEqualTo("my value"));

    This has also been implemented for all atomic, adder, and accumulator methods.

Changelog 4.2.2 (2024-08-07)

  • Support JDK EA builds in JavaVersionDetector (thanks to Oleg Estekhin for pull request)

Changelog 4.2.1 (2024-03-15)

  • Upgraded Kotlin to 1.9.22

  • Added extension properties forever, then, and, given to the Kotlin extension. This allows you to do e.g.:

    await.forever until { .. }

  • Added shortcut for enabling logging. Before you had to do e.g.

    await() .with() .conditionEvaluationListener(new ConditionEvaluationLogger(log::info)) .pollInterval(ONE_HUNDRED_MILLISECONDS) .until(logs::size, is(4));

    You can now instead use the "logging" shortcut:

    await() .with() .logging(log::info) .pollInterval(ONE_HUNDRED_MILLISECONDS) .until(logs::size, is(4));

    or simply ".logging()" for "System.out".

    This shortcut has also been added globally:

... (truncated)

Commits
  • e3ff879 [maven-release-plugin] prepare release awaitility-4.3.0
  • d116712 [ci skip] Preparing changelog for release
  • 4e186df Added kotlin source folder explicitly
  • e8d3ab7 Upgraded lots of plugin dependencies
  • a7a167a Added an overloaded method of untilAsserted(..) that takes a supplier and a c...
  • ef8f663 Make ConditionFactory safer to use in java 8
  • 5550079 Using a more descriptive error message when using VERY long wait conditions o...
  • 2a9814b Upgraded kotlin version in the awaitility-kotlin module to 2.1.10
  • 8f22c00 [ci skip] Updated changelog.txt to reflect latest changes
  • 6a35c24 #235 Support for kotlin.time.Duration in Kotlin DSL (#285)
  • Additional commits viewable in compare view

Updates io.rest-assured:rest-assured from 4.3.3 to 6.0.1

Changelog

Sourced from io.rest-assured:rest-assured's changelog.

Changelog 6.0.1 (2026-07-10)

  • Fix a JsonPath denial-of-service where oversized numeric literals in untrusted JSON were parsed into arbitrarily large BigIntegers, an O(n^2) CPU and heap cost. JSON number tokens are now capped at 1000 characters by default, configurable via JsonPathConfig.numberLengthLimit and JsonConfig.numberLengthLimit (a negative value disables the check). Thanks to Brian Lee (PhD security researcher, Georgia Tech SSLab) for the private report.
  • Use custom Jackson 3 object mapper in JsonPath (#1858) (thanks to gkiel for PR)
  • Fix Spring MockMvc cookie handling with Jakarta-only servlet APIs (fixes #1853)
  • Use Jackson 3 mapper in JsonPath deserialization when Jackson 3 is the only Jackson on the classpath (#1865) (thanks to dickerpulli for PR)
  • Add JsonPath.using(Jackson3ObjectMapperFactory) overload (#1861) (thanks to Anusha-7254 for PR)
  • Fix typo in duplicate-finder-maven-plugin phase property (#1866) (thanks to metacosm for PR)
  • Fix incorrect serialization of enum constants declared with a body when used as query/path parameters (#1799)
  • The spring-mock-mvc and spring-web-test-client modules now target Spring Framework 7 and no longer expose their own Spring version as a transitive dependency (the Spring dependencies are declared optional), so they no longer drag Spring 5 onto a Spring Boot 4 / Spring Framework 7 classpath. This removes the need for manual Spring exclusions on Spring Boot 4 (fixes #1853, #1868). Thanks to spencerarq for the detailed investigation.

Changelog 5.5.7 (2026-01-16)

  • Spring MockMvc module now supports Spring Framework 7.0 (thanks to Marcin Grzejszczak for PR)

Changelog 6.0.0 (2025-12-12)

  • spring-mock-mvc module now supports Spring 7.x
  • spring-web-test-client now supports Spring 7.x
  • Upgraded commons-lang3 from 3.18.0 to 3.19.0
  • The spring modules now required Spring 5.3+ (previously 5.1 was required)
  • New minimum Java baseline is now 17
  • New minimum Groovy base is now 5.x
  • Support for Jackson 3 object mapping
  • Support for Yasson 3 object mapping
  • Support for jakarta JsonB/Johnzon 3 object mapping
  • Migrate json-path fully to Java, bypass GroovyShell for evaluation (#1844) (thanks to Michael Edgar for PR)
    • This fixed some nasty memory leaks when using JsonPath heavily in long running processes
  • Stop resetting ResponseParserRegistrar during build (#1759, #1505, #1207 & #978) (thanks to Marc Easen for PR)
  • Skip Null filters in FilterContextImpl (#1834) (thanks to Boyarshinov Alexander for PR)
  • Upgraded Kotlin extension module to use Kotlin 2.2.21

Changelog 5.5.6 (2025-08-15)

  • Remove deprecated constructors in multipart handling (#1827) (thanks to Tobias Unger for PR)
  • Fix NPE in RequestSpecificationImpl #1830 (thanks to Boyarshinov Alexander for PR)
  • Bump commons-lang3 from 3.16.0 to 3.18.0 (thanks to Ash Skelton for PR)

Changelog 5.5.5 (2025-05-22)

  • The rest-assured-bom project is back and works

Changelog 5.5.4 (2025-05-22)

  • The rest-assured-bom project is back

Changelog 5.5.3 (2025-05-22)

  • Greatly improved csrf support. When applying csrf, it'll automatically forward the cookies to returns from the GET request to the csrf token and apply it to the actual request. These cookies will also be applied to the CookieFilter automatically (if configured) and SessionFilter (if configured). For example: given().

... (truncated)

Commits
  • 8cc835a [maven-release-plugin] prepare release rest-assured-6.0.1
  • 92551ed Sync dist and OSGi module versions during release
  • 29b55e2 Sync dist and osgi module parent versions to 6.0.1-SNAPSHOT
  • f1abe77 [ci skip] Preparing for release
  • d134dfb Target Spring Framework 7 in the Spring modules and stop leaking Spring onto ...
  • a146f56 Add AGENTS.md with changelog convention, reference it from CLAUDE.md
  • 2bbb19a Fix remaining duplicate-finder property typo in spring7-mvc-webapp
  • c5214b8 Fix serialization of enum constants declared with a body (#1799)
  • bc4608f [ci skip] Updated changelog to reflect the latest changes
  • 2054f37 Add JsonPath.using(Jackson3ObjectMapperFactory) overload
  • Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.2.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.


Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

... (truncated)

Commits
  • a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
  • f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
  • aa2298a fix: make spotless happy
  • a6729d6 chore: update BDDMockito with jspecify annotation
  • bb83c92 chore: move jspecify as a compile only dependency
  • 47a4695 chore: add jspecify with minimal change. Fixes #3503
  • 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
  • ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
  • d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
  • 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
  • Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.1 to 1.18.11

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

Byte Buddy 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

Byte Buddy 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

Byte Buddy 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

  • Add support for new build description in Android 9.

Byte Buddy 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

Byte Buddy 1.18.2

  • Support modifiers for value classes in Valhalla builds.
  • Improve use of build cache in Gradle.

Byte Buddy 1.18.1

  • Fix generated module-info to include new package.

Byte Buddy 1.18.0

  • Add support for module-info class files and ModuleDescriptions.
  • Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

  • Avoid use of types that are deprecated as of Java 26.
  • Include ASM 9.9 that offers ASM support for Java 26.

... (truncated)

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

2. July 2026: version 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

3. June 2026: version 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

1. June 2026: version 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

1. April 2026: version 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

  • Add support for new build description in Android 9.

26. November 2025: version 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

26. November 2025: version 1.18.2

... (truncated)

Commits
  • 88dd0a3 [publish] Releasing Byte Buddy 1.18.11
  • 46fcade [release] Release new version
  • 6a68de6 Prevent path traversal from crafted type names when writing class files to fo...
  • 9ba4ab6 Pin ClusterFuzzLite base image and actions by hash.
  • dd4f81e Add SBOM to build.
  • 7dd9a0d Update internal Byte Buddy and release notes
  • d6b3e15 [publish] Start next development iteration 1.18.11-SNAPSHOT
  • e85623d [publish] Releasing Byte Buddy 1.18.10
  • e3bfa68 [release] Release new version
  • 5821ccc Delay disabling of unsafe by default to Java 26 and improve on error message.
  • Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.20.2 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

  • Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

  • Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency...

Description has been truncated

Bumps the all-deps group with 28 updates:

| Package | From | To |
| --- | --- | --- |
| [org.apache.logging.log4j:log4j-bom](https://github.com/apache/logging-log4j2) | `2.25.3` | `2.26.1` |
| io.vertx:vertx-stack-depchain | `5.0.12` | `5.1.5` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.12.2` | `6.1.2` |
| org.apache.kafka:kafka-clients | `4.2.0` | `4.3.1` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.0.0-jre` | `33.6.0-jre` |
| [org.folio:mod-inventory-storage-dto](https://github.com/folio-org/mod-inventory-storage) | `30.0.0` | `30.0.3` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.42` | `1.18.46` |
| [org.awaitility:awaitility](https://github.com/awaitility/awaitility) | `3.0.0` | `4.3.0` |
| [io.rest-assured:rest-assured](https://github.com/rest-assured/rest-assured) | `4.3.3` | `6.0.1` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.2.0` | `5.23.0` |
| [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) | `1.17.1` | `1.18.11` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.20.2` | `3.27.7` |
| [joda-time:joda-time](https://github.com/JodaOrg/joda-time) | `2.14.0` | `2.14.2` |
| [org.folio:mod-source-record-storage-client](https://github.com/folio-org/mod-source-record-storage) | `6.0.0` | `6.0.1` |
| [org.folio:mod-source-record-manager-client](https://github.com/folio-org/mod-source-record-manager) | `4.0.0` | `4.0.5` |
| [com.jayway.jsonpath:json-path-assert](https://github.com/jayway/JsonPath) | `2.4.0` | `3.0.0` |
| [com.github.ben-manes.caffeine:caffeine](https://github.com/ben-manes/caffeine) | `2.8.5` | `3.2.4` |
| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.8` | `42.7.13` |
| [org.liquibase:liquibase-core](https://github.com/liquibase/liquibase) | `5.0.1` | `5.0.3` |
| [org.folio:folio-module-descriptor-validator](https://github.com/folio-org/folio-module-descriptor-validator) | `1.0.0` | `1.0.1` |
| [org.apache.maven.plugins:maven-surefire-report-plugin](https://github.com/apache/maven-surefire) | `3.2.5` | `3.5.6` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.11.0` | `3.15.0` |
| [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) | `3.3.1` | `3.5.0` |
| [org.jsonschema2pojo:jsonschema2pojo-maven-plugin](https://github.com/joelittlejohn/jsonschema2pojo) | `1.0.2` | `1.3.3` |
| [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.5.2` | `3.6.2` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.6` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.2.5` | `3.5.6` |
| [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `2.5.3` | `3.3.1` |


Updates `org.apache.logging.log4j:log4j-bom` from 2.25.3 to 2.26.1
- [Release notes](https://github.com/apache/logging-log4j2/releases)
- [Changelog](https://github.com/apache/logging-log4j2/blob/2.x/RELEASE-NOTES.adoc)
- [Commits](apache/logging-log4j2@rel/2.25.3...rel/2.26.1)

Updates `io.vertx:vertx-stack-depchain` from 5.0.12 to 5.1.5

Updates `org.junit:junit-bom` from 5.12.2 to 6.1.2
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.12.2...r6.1.2)

Updates `org.apache.kafka:kafka-clients` from 4.2.0 to 4.3.1

Updates `com.google.guava:guava` from 33.0.0-jre to 33.6.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.folio:mod-inventory-storage-dto` from 30.0.0 to 30.0.3
- [Release notes](https://github.com/folio-org/mod-inventory-storage/releases)
- [Changelog](https://github.com/folio-org/mod-inventory-storage/blob/master/NEWS.md)
- [Commits](folio-org/mod-inventory-storage@v30.0.0...v30.0.3)

Updates `org.projectlombok:lombok` from 1.18.42 to 1.18.46
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.42...v1.18.46)

Updates `org.awaitility:awaitility` from 3.0.0 to 4.3.0
- [Changelog](https://github.com/awaitility/awaitility/blob/master/changelog.txt)
- [Commits](awaitility/awaitility@awaitility-3.0.0...awaitility-4.3.0)

Updates `io.rest-assured:rest-assured` from 4.3.3 to 6.0.1
- [Changelog](https://github.com/rest-assured/rest-assured/blob/master/changelog.txt)
- [Commits](rest-assured/rest-assured@rest-assured-4.3.3...rest-assured-6.0.1)

Updates `org.mockito:mockito-core` from 5.2.0 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.2.0...v5.23.0)

Updates `net.bytebuddy:byte-buddy` from 1.17.1 to 1.18.11
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.17.1...byte-buddy-1.18.11)

Updates `org.assertj:assertj-core` from 3.20.2 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-core-3.20.2...assertj-build-3.27.7)

Updates `joda-time:joda-time` from 2.14.0 to 2.14.2
- [Release notes](https://github.com/JodaOrg/joda-time/releases)
- [Changelog](https://github.com/JodaOrg/joda-time/blob/main/RELEASE-NOTES.txt)
- [Commits](JodaOrg/joda-time@v2.14.0...v2.14.2)

Updates `org.folio:mod-source-record-storage-client` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/folio-org/mod-source-record-storage/releases)
- [Changelog](https://github.com/folio-org/mod-source-record-storage/blob/v6.0.1/NEWS.md)
- [Commits](folio-org/mod-source-record-storage@v6.0.0...v6.0.1)

Updates `org.folio:mod-source-record-manager-client` from 4.0.0 to 4.0.5
- [Release notes](https://github.com/folio-org/mod-source-record-manager/releases)
- [Changelog](https://github.com/folio-org/mod-source-record-manager/blob/v4.0.5/NEWS.md)
- [Commits](folio-org/mod-source-record-manager@v4.0.0...v4.0.5)

Updates `com.jayway.jsonpath:json-path-assert` from 2.4.0 to 3.0.0
- [Release notes](https://github.com/jayway/JsonPath/releases)
- [Changelog](https://github.com/json-path/JsonPath/blob/master/changelog.md)
- [Commits](json-path/JsonPath@json-path-2.4.0...json-path-3.0.0)

Updates `com.github.ben-manes.caffeine:caffeine` from 2.8.5 to 3.2.4
- [Release notes](https://github.com/ben-manes/caffeine/releases)
- [Commits](ben-manes/caffeine@v2.8.5...v3.2.4)

Updates `org.postgresql:postgresql` from 42.7.8 to 42.7.13
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.8...REL42.7.13)

Updates `org.liquibase:liquibase-core` from 5.0.1 to 5.0.3
- [Release notes](https://github.com/liquibase/liquibase/releases)
- [Changelog](https://github.com/liquibase/liquibase/blob/main/changelog.txt)
- [Commits](liquibase/liquibase@v5.0.1...v5.0.3)

Updates `org.folio:folio-module-descriptor-validator` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/folio-org/folio-module-descriptor-validator/releases)
- [Changelog](https://github.com/folio-org/folio-module-descriptor-validator/blob/master/NEWS.md)
- [Commits](folio-org/folio-module-descriptor-validator@v1.0.0...v1.0.1)

Updates `org.apache.maven.plugins:maven-surefire-report-plugin` from 3.2.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.2.5...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.11.0 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.11.0...maven-compiler-plugin-3.15.0)

Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.3.1 to 3.5.0
- [Release notes](https://github.com/apache/maven-resources-plugin/releases)
- [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...maven-resources-plugin-3.5.0)

Updates `org.jsonschema2pojo:jsonschema2pojo-maven-plugin` from 1.0.2 to 1.3.3
- [Release notes](https://github.com/joelittlejohn/jsonschema2pojo/releases)
- [Changelog](https://github.com/joelittlejohn/jsonschema2pojo/blob/master/CHANGELOG.md)
- [Commits](joelittlejohn/jsonschema2pojo@jsonschema2pojo-1.0.2...jsonschema2pojo-1.3.3)

Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.5.2 to 3.6.2
- [Release notes](https://github.com/apache/maven-shade-plugin/releases)
- [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.5.2...maven-shade-plugin-3.6.2)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.2.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.2.5...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-release-plugin` from 2.5.3 to 3.3.1
- [Release notes](https://github.com/apache/maven-release/releases)
- [Commits](apache/maven-release@maven-release-2.5.3...maven-release-3.3.1)

---
updated-dependencies:
- dependency-name: org.apache.logging.log4j:log4j-bom
  dependency-version: 2.26.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: io.vertx:vertx-stack-depchain
  dependency-version: 5.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-deps
- dependency-name: org.apache.kafka:kafka-clients
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: com.google.guava:guava
  dependency-version: 33.6.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.folio:mod-inventory-storage-dto
  dependency-version: 30.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.awaitility:awaitility
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-deps
- dependency-name: io.rest-assured:rest-assured
  dependency-version: 6.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-deps
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.18.11
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: joda-time:joda-time
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.folio:mod-source-record-storage-client
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.folio:mod-source-record-manager-client
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: com.jayway.jsonpath:json-path-assert
  dependency-version: 3.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-deps
- dependency-name: com.github.ben-manes.caffeine:caffeine
  dependency-version: 3.2.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-deps
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.liquibase:liquibase-core
  dependency-version: 5.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.folio:folio-module-descriptor-validator
  dependency-version: 1.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-surefire-report-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-resources-plugin
  dependency-version: 3.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.jsonschema2pojo:jsonschema2pojo-maven-plugin
  dependency-version: 1.3.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-shade-plugin
  dependency-version: 3.6.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-deps
- dependency-name: org.apache.maven.plugins:maven-release-plugin
  dependency-version: 3.3.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants