Skip to content

chore(deps): bump the all-dependencies group across 1 directory with 9 updates#169

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/all-dependencies-dc6b6fceac
Open

chore(deps): bump the all-dependencies group across 1 directory with 9 updates#169
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/gradle/all-dependencies-dc6b6fceac

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026
edited
Loading

Bumps the all-dependencies group with 8 updates in the / directory:

Package From To
net.logstash.logback:logstash-logback-encoder 8.1 9.0
org.owasp.encoder:encoder 1.2.3 1.4.0
org.mapstruct:mapstruct 1.5.5.Final 1.6.3
org.wiremock.integrations:wiremock-spring-boot 4.1.0 4.2.1
org.projectlombok:lombok 1.18.40 1.18.44
org.springframework.boot 4.0.3 4.0.4
org.cyclonedx.bom 3.2.0 3.2.2
gradle-wrapper 9.0.0 9.4.1

Updates net.logstash.logback:logstash-logback-encoder from 8.1 to 9.0

Release notes

Sourced from net.logstash.logback:logstash-logback-encoder's releases.

logstash-logback-encoder-9.0

This major release migrates to Jackson 3, and bumps the minimum Java version to 17.

The migration to Jackson 3 introduced some backwards incompatibilities. See #1095 for upgrade details.

Special thanks to new contributors @​tommyulfsparre, @​patrickjbarry, and @​maxxedev!

What's Changed

⚠️ Update considerations and deprecations

✨ New features and improvements

🐞 Bug fixes

📖 Documentation, Tests and Build

🆙 Dependency Upgrades

New Contributors

Full Changelog: logfellow/logstash-logback-encoder@logstash-logback-encoder-8.1...logstash-logback-encoder-9.0

Commits
  • e8a1c8e [maven-release-plugin] prepare release logstash-logback-encoder-9.0
  • eecb205 Add link to discussions in contributing.md
  • 572543c fix build badge in readme
  • c64b998 Use alert at top of readme
  • f74c821 Make it possible to pretty print throwables as array of strings. (#1043)
  • 358f644 Document Thread and ThreadLocal cleanup (#1105)
  • 0d553cf Add ability to suppress messages from stacktrace (#1104)
  • c9318cd Bump maven to 3.9.11 (#1103)
  • ef58694 Bump codeql action to v3 (#1102)
  • 3059741 Bump logback-core.version from 1.5.19 to 1.5.20 (#1097)
  • Additional commits viewable in compare view

Updates org.owasp.encoder:encoder from 1.2.3 to 1.4.0

Release notes

Sourced from org.owasp.encoder:encoder's releases.

v1.4.0

What's Changed

New Contributors

Full Changelog: OWASP/owasp-java-encoder@v1.3.1...v1.4.0

v1.3.1

What's Changed

New Contributors

Full Changelog: OWASP/owasp-java-encoder@v1.3.0...v1.3.1

v1.3.0

What's Changed

New Contributors

Full Changelog: OWASP/owasp-java-encoder@v1.2.3...v1.3.0

Commits

Updates org.mapstruct:mapstruct from 1.5.5.Final to 1.6.3

Release notes

Sourced from org.mapstruct:mapstruct's releases.

1.6.3

Bugs

  • Redundant if condition in Java record mapping with RETURN_DEFAULT strategy (#3747)
  • Stackoverflow with Immutables custom builder (#3370)
  • Unused import of java.time.LocalDate when mapping source LocalDateTime to target LocalDate (#3732)

Documentation

  • Add section to README.md comparing mapstruct with Java Records (#3751)

1.6.2

Bugs

  • Regression from 1.6.1: ClassCastException when using records (#3717)

1.6.1

Enhancements

  • Use Java LinkedHashSet and LinkedHashMap new factory method with known capacity when on Java 19 or later (#3113)

Bugs

  • Inverse Inheritance Strategy not working for ignored mappings only with target (#3652)
  • Inconsistent ambiguous mapping method error when using SubclassMapping: generic vs raw types (#3668)
  • Fix regression when using InheritInverseConfiguration with nested target properties and reversing target = "." (#3670)
  • Deep mapping with multiple mappings broken in 1.6.0 (#3667)
  • Two different constants are ignored in 1.6.0 (#3673)
  • Inconsistent ambiguous mapping method error: generic vs raw types in 1.6.0 (#3668)
  • Fix cross module records with interfaces not recognizing accessors (#3661)
  • @AfterMapping methods are called twice when using target with builder (#3678)
  • Compile error when using @AfterMapping method with Builder and TargetObject (#3703)

Behaviour change

Inverse Inheritance Strategy not working for ignored mappings only with target

Prior to this fix @Mapping(target = "myProperty", ignore = true) was being ignored when using @InheritInverseConfiguration.

e.g.

@Mapper
public interface ModelMapper {
@Mapping(target = "creationDate", ignore = true)
Entity toEntity(Model model);    
@InheritInverseConfiguration
Model toModel(Entity entity);

</tr></table>

... (truncated)

Commits
  • b4e25e4 Releasing version 1.6.3
  • 772fae4 Prepare release notes for 1.6.3
  • efdf435 #3751 Improve readme to include support for Java 16+ records
  • c2bd847 #3732 Do not generate obsolete imports for LocalDateTime <-> LocalDate conver...
  • 21fdaa0 #3747 Do not generate redundant if condition with constructor mapping and RET...
  • 32f1fea #3370 Prevent stack overflow error for Immutables with custom builder
  • 26c5bcd Update readme with 1.6.2
  • 4e0d73d Next version 1.7.0-SNAPSHOT
  • 212607b Releasing version 1.6.2
  • 4fd22d6 Prepare release notes for 1.6.2
  • Additional commits viewable in compare view

Updates org.mapstruct:mapstruct-processor from 1.5.5.Final to 1.6.3

Release notes

Sourced from org.mapstruct:mapstruct-processor's releases.

1.6.3

Bugs

  • Redundant if condition in Java record mapping with RETURN_DEFAULT strategy (#3747)
  • Stackoverflow with Immutables custom builder (#3370)
  • Unused import of java.time.LocalDate when mapping source LocalDateTime to target LocalDate (#3732)

Documentation

  • Add section to README.md comparing mapstruct with Java Records (#3751)

1.6.2

Bugs

  • Regression from 1.6.1: ClassCastException when using records (#3717)

1.6.1

Enhancements

  • Use Java LinkedHashSet and LinkedHashMap new factory method with known capacity when on Java 19 or later (#3113)

Bugs

  • Inverse Inheritance Strategy not working for ignored mappings only with target (#3652)
  • Inconsistent ambiguous mapping method error when using SubclassMapping: generic vs raw types (#3668)
  • Fix regression when using InheritInverseConfiguration with nested target properties and reversing target = "." (#3670)
  • Deep mapping with multiple mappings broken in 1.6.0 (#3667)
  • Two different constants are ignored in 1.6.0 (#3673)
  • Inconsistent ambiguous mapping method error: generic vs raw types in 1.6.0 (#3668)
  • Fix cross module records with interfaces not recognizing accessors (#3661)
  • @AfterMapping methods are called twice when using target with builder (#3678)
  • Compile error when using @AfterMapping method with Builder and TargetObject (#3703)

Behaviour change

Inverse Inheritance Strategy not working for ignored mappings only with target

Prior to this fix @Mapping(target = "myProperty", ignore = true) was being ignored when using @InheritInverseConfiguration.

e.g.

@Mapper
public interface ModelMapper {
@Mapping(target = &quot;creationDate&quot;, ignore = true)
Entity toEntity(Model model);    
@InheritInverseConfiguration
Model toModel(Entity entity);

</tr></table>

... (truncated)

Commits
  • b4e25e4 Releasing version 1.6.3
  • 772fae4 Prepare release notes for 1.6.3
  • efdf435 #3751 Improve readme to include support for Java 16+ records
  • c2bd847 #3732 Do not generate obsolete imports for LocalDateTime <-> LocalDate conver...
  • 21fdaa0 #3747 Do not generate redundant if condition with constructor mapping and RET...
  • 32f1fea #3370 Prevent stack overflow error for Immutables with custom builder
  • 26c5bcd Update readme with 1.6.2
  • 4e0d73d Next version 1.7.0-SNAPSHOT
  • 212607b Releasing version 1.6.2
  • 4fd22d6 Prepare release notes for 1.6.2
  • Additional commits viewable in compare view

Updates org.wiremock.integrations:wiremock-spring-boot from 4.1.0 to 4.2.1

Release notes

Sourced from org.wiremock.integrations:wiremock-spring-boot's releases.

4.2.1

🐛 Bug fixes

4.2.0

🚀 New features and improvements

Commits

Updates org.projectlombok:lombok from 1.18.40 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

  • FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
  • BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
  • BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

v1.18.42 (September 18th, 2025)

  • FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
  • BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.
Commits
  • 17c78fe [version] pre-release version bump
  • 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
  • e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
  • a54cecd [trivial][changelog]
  • 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
  • 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
  • 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
  • d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
  • d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
  • f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
  • Additional commits viewable in compare view

Updates org.springframework.boot from 4.0.3 to 4.0.4

Release notes

Sourced from org.springframework.boot's releases.

v4.0.4

⚠️ Attention Required

  • OpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. #49453
  • Jackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. #49389
  • Jackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. #49383
  • The default value for server.tomcat.max-part-count has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. #49311

🐞 Bug Fixes

  • EndpointRequest request matcher for health groups is too complex #49649
  • "/cloudfoundryapplication" web path is not limited to Actuator #49646
  • Fix EndpointRequest.toLinks() when base-path is '/' #49617
  • Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
  • RSocket exposes duplicate endpoint for websocket setups #49593
  • Failure analysis for a missing mail sender is misleading #49582
  • SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #49535
  • Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #49482
  • "spring.main.cloud-platform=none" does not disable cloud features #49479
  • SSL support with Docker Compose does not work as documented #49385
  • Auto-configuration overrides authorization server configuration applied by Customizer beans #49367
  • Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #49344
  • NoSuchMethodException when forcing the use of Log4J2LoggingSystem using org.springframework.boot.logging.LoggingSystem system property #49343
  • RouterFunctions descriptions in Actuator do not support nesting #49302
  • Maven plugin does not set '-parameters' option when processing AOT code #49295
  • HTTP Service Interface Client doesn't work in a native image due to missing property binding #49274
  • ErrorPageRegistrarBeanPostProcessor is not auto-configured in war deployments and the ErrorPageCustomizer is not applied #49176
  • Missing starter for spring-boot-restdocs #48289

📔 Documentation

  • Document support for Java 26 #49604
  • List all supported colors when describing color-coded log output #49562
  • Improve EndpointRequest matcher documentation #49520
  • Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #49514
  • Document security considerations for forwarded headers in cloud deployments #49507
  • Tutorial in the reference guide has outdated instructions #49429
  • Document additional repositories required for shibboleth.net #49392
  • Javadoc of JettyHttpClientBuilder refers to the wrong type #49387
  • Example spring-devtools.properties file is shown in the wrong format #49362
  • Clarify inferred relationships between OAuth 2 registrations and providers #49327
  • Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #49321
  • Remove superfluous semi-colon from read timeout configuration example for HTTP service interface clients #49306
  • Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #49298
  • JDK requirement for the CLI still refers to Java 8 #49293
  • Java and Kotlin samples of an environment post processor are inconsistent #49287

🔨 Dependency Upgrades

  • Upgrade to Commons Logging 1.3.6 #49545

... (truncated)

Commits
  • 8bdd6f8 Release v4.0.4
  • 79a3850 Merge branch '3.5.x' into 4.0.x
  • 3ebd147 Next development version (v3.5.13-SNAPSHOT)
  • 26edf79 Merge branch '3.5.x' into 4.0.x
  • 6620dea Polishing
  • 7151419 Upgrade to Testcontainers 2.0.4
  • cc6bb61 Merge branch '3.5.x' into 4.0.x
  • dd54841 Upgrade to Spring Batch 5.2.5
  • 2739427 Upgrade to Spring Batch 6.0.3
  • a6d8c48 Merge branch '3.5.x' into 4.0.x
  • Additional commits viewable in compare view

Updates org.cyclonedx.bom from 3.2.0 to 3.2.2

Updates gradle-wrapper from 9.0.0 to 9.4.1

Release notes

Sourced from gradle-wrapper's releases.

9.4.1

The Gradle team is excited to announce Gradle 9.4.1.

Here are the highlights of this release:

  • Java 26 support
  • Non-class-based JVM tests
  • Enhanced console progress bar

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: akankshaa-00, Attila Kelemen, Björn Kautler, dblood, Dennis Rieks, duvvuvenkataramana, John Burns, Julian, kevinstembridge, Niels Doucet, Philip Wedemann, ploober, Richard Hernandez, Roberto Perez Alcolea, Sebastian Lövdahl, stephan2405, Stephane Landelle, Ujwal Suresh Vanjare, Victor Merkulov, Vincent Potuček, Vladimir Sitnikov.

Upgrade instructions

Switch your build to use Gradle 9.4.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.4.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-dependencies group across 1 directory with …
0589283 
…9 updates

Bumps the all-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [net.logstash.logback:logstash-logback-encoder](https://github.com/logfellow/logstash-logback-encoder) | `8.1` | `9.0` |
| [org.owasp.encoder:encoder](https://github.com/owasp/owasp-java-encoder) | `1.2.3` | `1.4.0` |
| [org.mapstruct:mapstruct](https://github.com/mapstruct/mapstruct) | `1.5.5.Final` | `1.6.3` |
| [org.wiremock.integrations:wiremock-spring-boot](https://github.com/wiremock/wiremock-spring-boot) | `4.1.0` | `4.2.1` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.40` | `1.18.44` |
| [org.springframework.boot](https://github.com/spring-projects/spring-boot) | `4.0.3` | `4.0.4` |
| org.cyclonedx.bom | `3.2.0` | `3.2.2` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.0.0` | `9.4.1` |



Updates `net.logstash.logback:logstash-logback-encoder` from 8.1 to 9.0
- [Release notes](https://github.com/logfellow/logstash-logback-encoder/releases)
- [Commits](logfellow/logstash-logback-encoder@logstash-logback-encoder-8.1...logstash-logback-encoder-9.0)

Updates `org.owasp.encoder:encoder` from 1.2.3 to 1.4.0
- [Release notes](https://github.com/owasp/owasp-java-encoder/releases)
- [Commits](OWASP/owasp-java-encoder@v1.2.3...v1.4.0)

Updates `org.mapstruct:mapstruct` from 1.5.5.Final to 1.6.3
- [Release notes](https://github.com/mapstruct/mapstruct/releases)
- [Commits](mapstruct/mapstruct@1.5.5.Final...1.6.3)

Updates `org.mapstruct:mapstruct-processor` from 1.5.5.Final to 1.6.3
- [Release notes](https://github.com/mapstruct/mapstruct/releases)
- [Commits](mapstruct/mapstruct@1.5.5.Final...1.6.3)

Updates `org.wiremock.integrations:wiremock-spring-boot` from 4.1.0 to 4.2.1
- [Release notes](https://github.com/wiremock/wiremock-spring-boot/releases)
- [Commits](wiremock/wiremock-spring-boot@4.1.0...4.2.1)

Updates `org.projectlombok:lombok` from 1.18.40 to 1.18.44
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.40...v1.18.44)

Updates `org.springframework.boot` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v4.0.3...v4.0.4)

Updates `org.cyclonedx.bom` from 3.2.0 to 3.2.2

Updates `gradle-wrapper` from 9.0.0 to 9.4.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.0.0...v9.4.1)

---
updated-dependencies:
- dependency-name: net.logstash.logback:logstash-logback-encoder
  dependency-version: '9.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: org.owasp.encoder:encoder
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.mapstruct:mapstruct
  dependency-version: 1.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.mapstruct:mapstruct-processor
  dependency-version: 1.6.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.wiremock.integrations:wiremock-spring-boot
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.springframework.boot
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.cyclonedx.bom
  dependency-version: 3.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies java Pull requests that update java code labels Mar 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants