Skip to content

[CORE-69]: Bump the minor-patch-dependencies group with 11 updates#469

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/gradle/master/minor-patch-dependencies-fe9049ff61
Closed

[CORE-69]: Bump the minor-patch-dependencies group with 11 updates#469
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/gradle/master/minor-patch-dependencies-fe9049ff61

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Nov 18, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the minor-patch-dependencies group with 11 updates:

Package From To
com.nimbusds:nimbus-jose-jwt 10.5 10.6
io.projectreactor.netty:reactor-netty-http 1.2.11 1.3.0
com.fasterxml.jackson:jackson-bom 2.19.2 2.19.4
bio.terra:terra-common-lib 1.1.61-SNAPSHOT 1.1.65-SNAPSHOT
com.google.auto.value:auto-value-annotations 1.11.0 1.11.1
com.google.cloud:google-cloud-pubsub 1.143.0 1.143.1
org.apache.commons:commons-lang3 3.19.0 3.20.0
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml 2.20.1 2.19.4
com.google.auto.value:auto-value 1.11.0 1.11.1
com.google.cloud.tools.jib 3.4.5 3.5.0
ch.qos.logback:logback-classic 1.5.20 1.5.21

Updates com.nimbusds:nimbus-jose-jwt from 10.5 to 10.6

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.5 (2025-09-05) * Support for specifying a ScheduledExecutorService instance in RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).

10.6 (2025-11-06) * Adds static CollectionUtils.containsNull(Set) method. * DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatible with Set.of (iss #499). * The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTException messages (iss #605).

Commits
  • dacdb14 [maven-release-plugin] prepare for next development iteration
  • d5b9c10 Documents truncation and rounding for float and double getters in JWTClaimsSet
  • 86011d2 The DefaultJWTClaimsVerifier must not include JWT claim values in BadJWTExcep...
  • 1079a45 Adds JSONObjectUtilsTest.testParseObjectDuplicateMember_object (iss #603)
  • 78e86f8 DefaultJWTClaimsVerifier accepted "aud" (audience) argument must be compatibl...
  • d4c1e05 [maven-release-plugin] prepare release 10.6
  • See full diff in compare view

Updates io.projectreactor.netty:reactor-netty-http from 1.2.11 to 1.3.0

Release notes

Sourced from io.projectreactor.netty:reactor-netty-http's releases.

v1.3.0

Reactor Netty 1.3.0 is part of 2025.0.0 Release Train.

1.3.0 Highlights

🎯 Major Upgrades

Netty 4.2

Built on the latest Netty 4.2, bringing the latest networking capabilities and performance improvements.

🎓 Graduated Features

HTTP/3 support

Reactor Netty HTTP/3 support is now production-ready.

QUIC support

Reactor Netty QUIC support is now production-ready.

IO_Uring support

Reactor Netty IO_Uring support is now production-ready.

  • Reactor Netty default transport (Linux): Epoll (included out-of-the-box)
  • Reactor Netty IO_Uring support: Available via explicit dependency: io.netty:netty-transport-native-io_uring
  • Requirements: JDK 11+

🔍 Enhanced Null Safety using JSpecify

Migrated to JSpecify annotations for nullability constraints.

For detailed information and code examples, visit our documentation.

What's Changed

⚠️ Update considerations and deprecations

  • Ensure POST empty body sending content-length 0 by @​violetagg in #3663
  • Ensure HttpClient does not add Content-Length header when GET/HEAD/DELETE and the send Publisher does not provide content by @​violetagg in #3664

✨ New features and improvements

... (truncated)

Commits

Updates com.fasterxml.jackson:jackson-bom from 2.19.2 to 2.19.4

Commits
  • 085b32f [maven-release-plugin] prepare release jackson-bom-2.19.4
  • f2a1f50 Prep for 2.19.4 release
  • ee69fcf ...
  • 3735e1e ...
  • d405492 Add helper script for safekeeping
  • 67f7da4 Post-release dep version bump
  • 5e0052f [maven-release-plugin] prepare for next development iteration
  • 1919993 [maven-release-plugin] prepare release jackson-bom-2.19.3
  • 81d8588 Prep for 2.19.3 release
  • db56c8c Merge branch '2.18' into 2.19
  • Additional commits viewable in compare view

Updates bio.terra:terra-common-lib from 1.1.61-SNAPSHOT to 1.1.65-SNAPSHOT

Updates com.google.auto.value:auto-value-annotations from 1.11.0 to 1.11.1

Release notes

Sourced from com.google.auto.value:auto-value-annotations's releases.

AutoValue 1.11.1

  • Fixed a crash with @AutoValue.CopyAnnotations(exclude=Missing.class), where Missing is a class that does not exist.
  • Type-use annotations such as @Nullable are now better preserved in generated builder setter method parameters. Previously they could be lost in some circumstances, for example with @Nullable T.
  • An issue with @Nullable type-use annotations in AutoBuilder has been fixed.
  • Report a diagnostic for setters with boxed primitive types for primitive properties.
  • A bug with AutoBuilder and Kotlin data classes has been fixed. If there was a mix of required and optional parameters in a data class with a large number of properties, sometimes the generated code would not compile.
Commits
  • 4a03588 Set version number for auto-value-parent to 1.11.1.
  • c5c1ae5 Update do-not-publish configuration.
  • 6d41b70 [maven-release-plugin] prepare for next development iteration
  • 74d3d07 [maven-release-plugin] prepare release auto-value-parent-1.11.1
  • 82eb4f8 Bump the dependencies group in /value with 2 updates
  • d09c2d3 Bump the dependencies group in /value with 4 updates
  • 893034b Delete the WeakHashMap recommendation.
  • 4bcb6b9 Bump net.ltgt.gwt.maven:gwt-maven-plugin from 1.1.0 to 1.2.0 in /value in the...
  • 66a26da Slightly reword @​AutoOneOf docs
  • 7e5e3c8 Bump the dependencies group in /value with 2 updates
  • Additional commits viewable in compare view

Updates com.google.cloud:google-cloud-pubsub from 1.143.0 to 1.143.1

Release notes

Sourced from com.google.cloud:google-cloud-pubsub's releases.

v1.143.1

1.143.1 (2025-11-13)

Bug Fixes

  • Deflake WaiterTest (#2600) (298c8db)
  • deps: Update the Java code generator (gapic-generator-java) to 2.64.1 (b210251)

Dependencies

  • Remove OpenTelemetry semconv dependency (#2611) (240fc37)
  • Update actions/checkout action to v5 (#2592) (6ca466d)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.55.3 (#2602) (d14106c)
  • Update dependency com.google.cloud:google-cloud-core to v2.61.0 (#2588) (244cf75)
  • Update dependency com.google.cloud:google-cloud-storage to v2.59.0 (#2603) (d9d05bf)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.54.1 (#2609) (c99373f)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.33.0 (#2587) (33724ce)
Changelog

Sourced from com.google.cloud:google-cloud-pubsub's changelog.

1.143.1 (2025-11-13)

Bug Fixes

  • Deflake WaiterTest (#2600) (298c8db)
  • deps: Update the Java code generator (gapic-generator-java) to 2.64.1 (b210251)

Dependencies

  • Remove OpenTelemetry semconv dependency (#2611) (240fc37)
  • Update actions/checkout action to v5 (#2592) (6ca466d)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.55.3 (#2602) (d14106c)
  • Update dependency com.google.cloud:google-cloud-core to v2.61.0 (#2588) (244cf75)
  • Update dependency com.google.cloud:google-cloud-storage to v2.59.0 (#2603) (d9d05bf)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.54.1 (#2609) (c99373f)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.33.0 (#2587) (33724ce)
Commits
  • 1550b9f chore(main): release 1.143.1 (#2601)
  • b210251 chore: Update generation configuration at Thu Nov 13 02:35:52 UTC 2025 (#2606)
  • c99373f deps: update dependency com.google.cloud:sdk-platform-java-config to v3.54.1 ...
  • 240fc37 deps: Remove OpenTelemetry semconv dependency (#2611)
  • 42ad2d0 chore(deps): update dependency com.google.cloud:google-cloud-pubsub to v1.143...
  • 0330c66 chore(deps): update dependency com.google.cloud:libraries-bom to v26.71.0 (#2...
  • 33724ce deps: update dependency com.google.protobuf:protobuf-java-util to v4.33.0 (#2...
  • 244cf75 deps: update dependency com.google.cloud:google-cloud-core to v2.61.0 (#2588)
  • d14106c deps: update dependency com.google.cloud:google-cloud-bigquery to v2.55.3 (#2...
  • 6ca466d deps: update actions/checkout action to v5 (#2592)
  • Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.20.1 to 2.19.4

Commits
  • 36aeb37 Back to snapshot dep
  • f207025 [maven-release-plugin] prepare for next development iteration
  • 28c8df2 [maven-release-plugin] prepare release jackson-dataformats-text-2.19.2
  • a3b0e7a Prep for 2.19.2
  • 4dd1536 Back to snapshot dep
  • cf085a7 [maven-release-plugin] prepare for next development iteration
  • 58246bf [maven-release-plugin] prepare release jackson-dataformats-text-2.19.1
  • c0ad1a8 Prep for 2.19.1
  • 77ad244 Manual pom.xml merge
  • 247b42b Merge branch '2.18' into 2.19
  • Additional commits viewable in compare view

Updates com.google.auto.value:auto-value from 1.11.0 to 1.11.1

Release notes

Sourced from com.google.auto.value:auto-value's releases.

AutoValue 1.11.1

  • Fixed a crash with @AutoValue.CopyAnnotations(exclude=Missing.class), where Missing is a class that does not exist.
  • Type-use annotations such as @Nullable are now better preserved in generated builder setter method parameters. Previously they could be lost in some circumstances, for example with @Nullable T.
  • An issue with @Nullable type-use annotations in AutoBuilder has been fixed.
  • Report a diagnostic for setters with boxed primitive types for primitive properties.
  • A bug with AutoBuilder and Kotlin data classes has been fixed. If there was a mix of required and optional parameters in a data class with a large number of properties, sometimes the generated code would not compile.
Commits
  • 4a03588 Set version number for auto-value-parent to 1.11.1.
  • c5c1ae5 Update do-not-publish configuration.
  • 6d41b70 [maven-release-plugin] prepare for next development iteration
  • 74d3d07 [maven-release-plugin] prepare release auto-value-parent-1.11.1
  • 82eb4f8 Bump the dependencies group in /value with 2 updates
  • d09c2d3 Bump the dependencies group in /value with 4 updates
  • 893034b Delete the WeakHashMap recommendation.
  • 4bcb6b9 Bump net.ltgt.gwt.maven:gwt-maven-plugin from 1.1.0 to 1.2.0 in /value in the...
  • 66a26da Slightly reword @​AutoOneOf docs
  • 7e5e3c8 Bump the dependencies group in /value with 2 updates
  • Additional commits viewable in compare view

Updates com.google.cloud.tools.jib from 3.4.5 to 3.5.0

Updates ch.qos.logback:logback-classic from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • fed6f37 prepare release 1.5.21
  • b111e89 Initialization procedure has been simplified by removing the step
  • 1cd2df4 fix issues/871
  • dea5b95 minor - remove superflous call to Objects.requireNonNull
  • 3cecf29 add comment for the TurboFilter list ACCEPT case
  • 1497142 improve performance for 2 or more turbo filters
  • 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
  • ab6a006 add maven cache to github CI, update .github/FUNDING.yml
  • 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
  • 2ca8c52 update funding info
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
com.google.cloud.tools.jib [>= 3.4.3.a, < 3.4.4]
com.google.cloud.tools.jib [>= 3.4.2.a, < 3.4.3]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
[CORE-69]: Bump the minor-patch-dependencies group with 11 updates
3d50d14 
Bumps the minor-patch-dependencies group with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) | `10.5` | `10.6` |
| [io.projectreactor.netty:reactor-netty-http](https://github.com/reactor/reactor-netty) | `1.2.11` | `1.3.0` |
| [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.19.2` | `2.19.4` |
| bio.terra:terra-common-lib | `1.1.61-SNAPSHOT` | `1.1.65-SNAPSHOT` |
| [com.google.auto.value:auto-value-annotations](https://github.com/google/auto) | `1.11.0` | `1.11.1` |
| [com.google.cloud:google-cloud-pubsub](https://github.com/googleapis/java-pubsub) | `1.143.0` | `1.143.1` |
| org.apache.commons:commons-lang3 | `3.19.0` | `3.20.0` |
| [com.fasterxml.jackson.dataformat:jackson-dataformat-yaml](https://github.com/FasterXML/jackson-dataformats-text) | `2.20.1` | `2.19.4` |
| [com.google.auto.value:auto-value](https://github.com/google/auto) | `1.11.0` | `1.11.1` |
| com.google.cloud.tools.jib | `3.4.5` | `3.5.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.20` | `1.5.21` |


Updates `com.nimbusds:nimbus-jose-jwt` from 10.5 to 10.6
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/10.6..10.5)

Updates `io.projectreactor.netty:reactor-netty-http` from 1.2.11 to 1.3.0
- [Release notes](https://github.com/reactor/reactor-netty/releases)
- [Commits](reactor/reactor-netty@v1.2.11...v1.3.0)

Updates `com.fasterxml.jackson:jackson-bom` from 2.19.2 to 2.19.4
- [Commits](FasterXML/jackson-bom@jackson-bom-2.19.2...jackson-bom-2.19.4)

Updates `bio.terra:terra-common-lib` from 1.1.61-SNAPSHOT to 1.1.65-SNAPSHOT

Updates `com.google.auto.value:auto-value-annotations` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/google/auto/releases)
- [Commits](google/auto@auto-value-1.11.0...auto-value-1.11.1)

Updates `com.google.cloud:google-cloud-pubsub` from 1.143.0 to 1.143.1
- [Release notes](https://github.com/googleapis/java-pubsub/releases)
- [Changelog](https://github.com/googleapis/java-pubsub/blob/main/CHANGELOG.md)
- [Commits](googleapis/java-pubsub@v1.143.0...v1.143.1)

Updates `org.apache.commons:commons-lang3` from 3.19.0 to 3.20.0

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.20.1 to 2.19.4
- [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.20.1...jackson-dataformats-text-2.19.4)

Updates `com.google.auto.value:auto-value` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/google/auto/releases)
- [Commits](google/auto@auto-value-1.11.0...auto-value-1.11.1)

Updates `com.google.cloud.tools.jib` from 3.4.5 to 3.5.0

Updates `ch.qos.logback:logback-classic` from 1.5.20 to 1.5.21
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.20...v_1.5.21)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: '10.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: io.projectreactor.netty:reactor-netty-http
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: bio.terra:terra-common-lib
  dependency-version: 1.1.65-SNAPSHOT
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: com.google.auto.value:auto-value-annotations
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: com.google.cloud:google-cloud-pubsub
  dependency-version: 1.143.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: org.apache.commons:commons-lang3
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: com.google.auto.value:auto-value
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
- dependency-name: com.google.cloud.tools.jib
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch-dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner November 18, 2025 17:51
@dependabot dependabot Bot requested review from calypsomatic and samanehsan and removed request for a team November 18, 2025 17:51
@sonarqubecloud

sonarqubecloud Bot commented Nov 18, 2025

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dependabot @github

dependabot Bot commented on behalf of github Nov 19, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Nov 19, 2025
@dependabot dependabot Bot deleted the dependabot/gradle/master/minor-patch-dependencies-fe9049ff61 branch November 19, 2025 14:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@calypsomatic calypsomatic Awaiting requested review from calypsomatic calypsomatic was automatically assigned from DataBiosphere/broad-core-services

@samanehsan samanehsan Awaiting requested review from samanehsan samanehsan was automatically assigned from DataBiosphere/broad-core-services

Assignees

No one assigned

Labels

dependency gradle

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants