Skip to content

Bump the libs group across 1 directory with 6 updates#524

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/libs-e0b604832e
Open

Bump the libs group across 1 directory with 6 updates#524
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/libs-e0b604832e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps the libs group with 6 updates in the / directory:

Package From To
gradle-wrapper 8.14.4 9.5.0
org.jsoup:jsoup 1.22.1 1.22.2
org.bouncycastle:bcpkix-jdk18on 1.83 1.84
org.owasp.dependencycheck 12.2.0 12.2.2
com.diffplug.spotless 7.0.2 8.4.0
com.vanniktech.maven.publish 0.35.0 0.36.0

Updates gradle-wrapper from 8.14.4 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

  • Task provenance in reports and failure messages
  • Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

Updates org.jsoup:jsoup from 1.22.1 to 1.22.2

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.2

jsoup 1.22.2 is out now, with fixes and refinements across the library. It makes editing the DOM during traversal more predictable, refreshes the default HTML tag definitions with newer elements and better text boundaries, and improves reliability in parsing and HTTP transport. The release also fixes a number of edge cases in cleaning, stream parsing, XML doctype handling, and Android packaging.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

  • Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
  • Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
  • Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

  • Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
  • Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
  • Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
  • Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
  • Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
  • If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
  • Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
  • In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

  • Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.2 (2026-Apr-20)

Improvements

  • Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
  • Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
  • Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

  • Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
  • Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
  • Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
  • Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
  • Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
  • If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
  • Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
  • In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

  • Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491
Commits
  • ac28afe [maven-release-plugin] prepare release jsoup-1.22.2
  • 52f2cd3 Improve entity example in changelog
  • cf6ffe0 Add Tag#TextBoundary option; bring TagSet to spec (#2493)
  • 2be739c Bump github/codeql-action from 4 to 4.35.1 (#2492)
  • 45de7cb Migrate integration test server from Jetty to Netty (#2491)
  • 1df14ed Preserve XML doctype internal subset
  • 06fa52d Adding Contribution Guide
  • d4a8941 Simplify the test; doesn't need the buffer
  • 823709f Don't reuse a fully read sniffed doc for StreamParser
  • e1b0df5 NodeFilter javadoc tweak
  • Additional commits viewable in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.83 to 1.84

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

... (truncated)

Commits

Updates org.owasp.dependencycheck from 12.2.0 to 12.2.2

Updates com.diffplug.spotless from 7.0.2 to 8.4.0

Updates com.vanniktech.maven.publish from 0.35.0 to 0.36.0

Release notes

Sourced from com.vanniktech.maven.publish's releases.

0.36.0

BREAKING

  • Updated minimum supported JDK, Gradle, Android Gradle Plugin and Kotlin versions.
  • Removed support for Dokka v1, it's now required to use Dokka in v2 mode.
  • Mark DirectorySignatureType internal.

Behavior changes

  • validateDeployment now has the DeploymentValidation enum as type instead of being a boolean. The default is now to just wait for the VALIDATED state. The previous behavior can be achieved by setting it to PUBLISHED. NONE can be used for disabling the validation completely.
  • When calling configure(...) manually to configure what to publish and not passing javadocJar explicity, the plugin now defaults to publishing an empty javadoc jar.

Features

  • Android projects now support using Dokka for javadoc creation, this will happen automatically when using the default options and the Dokka plugin is applied to the project.
  • Added consistent JavadocJar and SourcesJar options to configureBasedOnAppliedPlugins and to all applicable project types that can be passed to configure. The previous Boolean based versions have been deprecated.
  • When enabling Maven Central publishing through the DSL, the mavenCentralDeploymentValidation and mavenCentralAutomaticPublishing are used for the default values of the 2 parameters when they are not passed explicitly. This allows to more easily override them in certain environments.
  • When isolated projects is enabled the module/project specific gradle.properties files are now considered in the same way they are when isolated projects is disabled.

Improvements

  • Better error message when Maven Central credentials are missing.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 25
  • Gradle 9.3.0
  • Gradle 9.4.0-milestone-4
  • Android Gradle Plugin 8.13.2
  • Android Gradle Plugin 9.0.0
  • Android Gradle Plugin 9.1.0-alpha05
  • Kotlin Gradle Plugin 2.3.0
  • Kotlin Gradle Plugin 2.3.20-Beta1

0.36.0-rc2

BREAKING

  • Updated minimum supported JDK, Gradle, Android Gradle Plugin and Kotlin versions.
  • Removed support for Dokka v1, it's now required to use Dokka in v2 mode.
  • Mark DirectorySignatureType internal.

... (truncated)

Changelog

Sourced from com.vanniktech.maven.publish's changelog.

0.36.0 (2026-01-13)

BREAKING

  • Updated minimum supported JDK, Gradle, Android Gradle Plugin and Kotlin versions.
  • Removed support for Dokka v1, it's now required to use Dokka in v2 mode.
  • Mark DirectorySignatureType internal.

Behavior changes

  • validateDeployment now has the DeploymentValidation enum as type instead of being a boolean. The default is now to just wait for the VALIDATED state. The previous behavior can be achieved by setting it to PUBLISHED. NONE can be used for disabling the validation completely.
  • When calling configure(...) manually to configure what to publish and not passing javadocJar explicity, the plugin now defaults to publishing an empty javadoc jar.

Features

  • Android projects now support using Dokka for javadoc creation, this will happen automatically when using the default options and the Dokka plugin is applied to the project.
  • Added consistent JavadocJar and SourcesJar options to configureBasedOnAppliedPlugins and to all applicable project types that can be passed to configure. The previous Boolean based versions have been deprecated.
  • When enabling Maven Central publishing through the DSL, the mavenCentralDeploymentValidation and mavenCentralAutomaticPublishing are used for the default values of the 2 parameters when they are not passed explicitly. This allows to more easily override them in certain environments.
  • When isolated projects is enabled the module/project specific gradle.properties files are now considered in the same way they are when isolated projects is disabled.

Improvements

  • Better error message when Maven Central credentials are missing.

Minimum supported versions

  • JDK 17
  • Gradle 9.0.0
  • Android Gradle Plugin 8.13.0
  • Kotlin Gradle Plugin 2.2.0

Compatibility tested up to

  • JDK 25
  • Gradle 9.3.0
  • Gradle 9.4.0-milestone-4
  • Android Gradle Plugin 8.13.2
  • Android Gradle Plugin 9.0.0
  • Android Gradle Plugin 9.1.0-alpha05
  • Kotlin Gradle Plugin 2.3.0
  • Kotlin Gradle Plugin 2.3.20-Beta1
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/gradle/libs-e0b604832e branch from f10a497 to 434ed5c Compare May 4, 2026 06:29
@dependabot
Bump the libs group across 1 directory with 6 updates
9fb4b13 
Bumps the libs group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [gradle-wrapper](https://github.com/gradle/gradle) | `8.14.4` | `9.5.0` |
| [org.jsoup:jsoup](https://github.com/jhy/jsoup) | `1.22.1` | `1.22.2` |
| [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) | `1.83` | `1.84` |
| org.owasp.dependencycheck | `12.2.0` | `12.2.2` |
| com.diffplug.spotless | `7.0.2` | `8.4.0` |
| [com.vanniktech.maven.publish](https://github.com/vanniktech/gradle-maven-publish-plugin) | `0.35.0` | `0.36.0` |



Updates `gradle-wrapper` from 8.14.4 to 9.5.0
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v8.14.4...v9.5.0)

Updates `org.jsoup:jsoup` from 1.22.1 to 1.22.2
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](jhy/jsoup@jsoup-1.22.1...jsoup-1.22.2)

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.owasp.dependencycheck` from 12.2.0 to 12.2.2

Updates `com.diffplug.spotless` from 7.0.2 to 8.4.0

Updates `com.vanniktech.maven.publish` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/vanniktech/gradle-maven-publish-plugin/releases)
- [Changelog](https://github.com/vanniktech/gradle-maven-publish-plugin/blob/main/CHANGELOG.md)
- [Commits](vanniktech/gradle-maven-publish-plugin@0.35.0...0.36.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: libs
- dependency-name: com.vanniktech.maven.publish
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: libs
- dependency-name: gradle-wrapper
  dependency-version: 9.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: libs
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: libs
- dependency-name: org.jsoup:jsoup
  dependency-version: 1.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: libs
- dependency-name: org.owasp.dependencycheck
  dependency-version: 12.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: libs
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/gradle/libs-e0b604832e branch from 434ed5c to 9fb4b13 Compare May 11, 2026 06:53
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 11, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants