Skip to content

[12.1.x EE9] Bump the dev-dependencies group across 1 directory with 10 updates #14243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

[12.1.x EE9] Bump the dev-dependencies group across 1 directory with 10 updates #14243

dependabot wants to merge 1 commit into from
+6 −6

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 25, 2025
edited
Loading

Bumps the dev-dependencies group with 10 updates in the /jetty-ee9 directory:

Package From To
com.sun.mail:jakarta.mail 2.0.1 2.0.2
org.glassfish.jersey.containers:jersey-container-servlet 3.0.17 3.1.0
org.glassfish.jersey.inject:jersey-hk2 3.0.17 3.1.0
org.glassfish.jersey.media:jersey-media-json-binding 3.0.17 3.1.0
org.apache.openwebbeans:openwebbeans-jetty9 2.0.27 2.0.28
org.apache.openwebbeans:openwebbeans-web 2.0.27 2.0.28
org.hibernate.search:hibernate-search-bom 7.2.4.Final 7.2.5.Final
ch.qos.logback:logback-core 1.5.22 1.5.23
io.grpc:grpc-core 1.77.0 1.78.0
io.grpc:grpc-netty-shaded 1.77.0 1.78.0

Updates com.sun.mail:jakarta.mail from 2.0.1 to 2.0.2

Updates org.glassfish.jersey.containers:jersey-container-servlet from 3.0.17 to 3.1.0

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.0.17 to 3.1.0

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.0.17 to 3.1.0

Updates org.glassfish.jersey.inject:jersey-hk2 from 3.0.17 to 3.1.0

Updates org.glassfish.jersey.media:jersey-media-json-binding from 3.0.17 to 3.1.0

Updates org.apache.openwebbeans:openwebbeans-jetty9 from 2.0.27 to 2.0.28

Commits
  • 09181d5 [maven-release-plugin] prepare release openwebbeans-2.0.28
  • ab45ce6 fix(#OWB-1450): Interceptor proxy memory leak. Add caching at an higher level
  • f93bfea fix(#OWB-1450): remove non working cache on proxies per AT
  • cdc9a57 fix: maven dependency to Gradle not found and NPE in previous plugin version
  • 3feacc6 Merge pull request #127 from jgallimore/owb_2.0.x-owb-cdi-junit
  • 129a538 OWB-1448 remove wildcard import
  • 9bbd3f7 OWB-1448 rework following feedback
  • eb4b4c6 OWB-1448 removing left over e.printStackTrace()
  • 41a5596 OWB-1448 Fix Issue with Cdi annotation and alternatives
  • 0376bd7 upgrade to apache-parent 29
  • Additional commits viewable in compare view

Updates org.apache.openwebbeans:openwebbeans-web from 2.0.27 to 2.0.28

Commits
  • 09181d5 [maven-release-plugin] prepare release openwebbeans-2.0.28
  • ab45ce6 fix(#OWB-1450): Interceptor proxy memory leak. Add caching at an higher level
  • f93bfea fix(#OWB-1450): remove non working cache on proxies per AT
  • cdc9a57 fix: maven dependency to Gradle not found and NPE in previous plugin version
  • 3feacc6 Merge pull request #127 from jgallimore/owb_2.0.x-owb-cdi-junit
  • 129a538 OWB-1448 remove wildcard import
  • 9bbd3f7 OWB-1448 rework following feedback
  • eb4b4c6 OWB-1448 removing left over e.printStackTrace()
  • 41a5596 OWB-1448 Fix Issue with Cdi annotation and alternatives
  • 0376bd7 upgrade to apache-parent 29
  • Additional commits viewable in compare view

Updates org.apache.openwebbeans:openwebbeans-web from 2.0.27 to 2.0.28

Commits
  • 09181d5 [maven-release-plugin] prepare release openwebbeans-2.0.28
  • ab45ce6 fix(#OWB-1450): Interceptor proxy memory leak. Add caching at an higher level
  • f93bfea fix(#OWB-1450): remove non working cache on proxies per AT
  • cdc9a57 fix: maven dependency to Gradle not found and NPE in previous plugin version
  • 3feacc6 Merge pull request #127 from jgallimore/owb_2.0.x-owb-cdi-junit
  • 129a538 OWB-1448 remove wildcard import
  • 9bbd3f7 OWB-1448 rework following feedback
  • eb4b4c6 OWB-1448 removing left over e.printStackTrace()
  • 41a5596 OWB-1448 Fix Issue with Cdi annotation and alternatives
  • 0376bd7 upgrade to apache-parent 29
  • Additional commits viewable in compare view

Updates org.hibernate.search:hibernate-search-bom from 7.2.4.Final to 7.2.5.Final

Release notes

Sourced from org.hibernate.search:hibernate-search-bom's releases.

Release 7.2.5.Final

Hibernate Search 7.2.5.Final released

We are pleased to announce the release of Hibernate Search 7.2: 7.2.5.Final.

You can find the full list of 7.2.5.Final changes here.

What's new

This release introduces a few minor improvements as well as bug fixes.

Conclusion

For additional details, see:

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.search:hibernate-search-bom's changelog.

7.2.5.Final (2025-12-22)

https://hibernate.atlassian.net/projects/HSEARCH/versions/33736

** Improvement * HSEARCH-5552 Update to Hibernate ORM 6.6.40.Final * HSEARCH-5534 Update to Hibernate ORM 6.6.38.Final * HSEARCH-5494 Update to Hibernate ORM 6.6.31.Final * HSEARCH-5490 Update to Hibernate ORM 6.6.30.Final * HSEARCH-5475 Update to Hibernate ORM 6.6.29.Final * HSEARCH-5473 Include license file in the META-INF of published artifacts * HSEARCH-5469 Update to Hibernate ORM 6.6.28.Final * HSEARCH-5462 Update to Hibernate ORM 6.6.27.Final * HSEARCH-5458 Update to Hibernate ORM 6.6.26.Final * HSEARCH-5450 Update to Hibernate ORM 6.6.25.Final * HSEARCH-5445 Update to Hibernate ORM 6.6.24.Final * HSEARCH-5434 Update to Hibernate ORM 6.6.23.Final * HSEARCH-5424 Upgrade to Hibernate ORM 6.6.22.Final * HSEARCH-5419 Upgrade to Hibernate ORM 6.6.21.Final * HSEARCH-5414 Upgrade to Hibernate ORM 6.6.20.Final

** Task * HSEARCH-5486 Stage documentation and javadocs to projectroot/target/staging-deploy/documentation

Commits
  • e110134 [Jenkins release job] Preparing release 7.2.5.Final
  • c91c245 [Jenkins release job] changelog.txt updated by release build 7.2.5.Final
  • 47de470 HSEARCH-5552 Update to Hibernate ORM 6.6.40.Final
  • abf05a7 HSEARCH-5534 Update to Hibernate ORM 6.6.38.Final
  • bd916e9 Stop testing on EOLed JDKs
  • f481d6e Switch main job to run with a cron trigger
  • 912d4fa Do not run dependency update job on cron
  • f1d1769 HSEARCH-5532 Point to docs.hibernate.org instead of docs.jboss.org/hibernate ...
  • 54e0b0a HSEARCH-5494 Update to Hibernate ORM 6.6.31.Final
  • 21708a3 HSEARCH-5490 Update to Hibernate ORM 6.6.30.Final
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.22 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • 0bcc3fe prepare release 1.5.23
  • 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
  • 299f091 add collision test in presence of conditional processing
  • b446f3f In Context, remove collision map
  • a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
  • 681b2be remove unused method, minor comment edits
  • 17a3edf start work on 1.5.23-SNAPSHOT
  • See full diff in compare view

Updates io.grpc:grpc-core from 1.77.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-core's releases.

V1.78.0

Bug Fixes

  • core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
  • okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
  • binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
  • rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

  • xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
  • rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
  • core: simplify DnsNameResolver.resolveAddresses() (4843256af)
  • netty: Run handshakeCompleteRunnable in success cases (283f1031f)
  • api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
  • binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
  • compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
  • core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
  • Upgrade gson to 2.12.1 (6dab2ceab)
  • Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
  • compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
  • binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

  • compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
  • util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
  • xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
  • xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
  • xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
    As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
  • xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

  • api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
  • core: Fix AbstractClientStream Javadoc (28a6130e8)
  • examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

Commits

Updates io.grpc:grpc-netty-shaded from 1.77.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

V1.78.0

Bug Fixes

  • core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
  • okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
  • binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
  • rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

  • xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
  • rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
  • core: simplify DnsNameResolver.resolveAddresses() (4843256af)
  • netty: Run handshakeCompleteRunnable in success cases (283f1031f)
  • api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
  • binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
  • compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
  • core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
  • Upgrade gson to 2.12.1 (6dab2ceab)
  • Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
  • compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
  • binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

  • compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
  • util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
  • xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
  • xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
  • xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
    As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
  • xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

  • api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
  • core: Fix AbstractClientStream Javadoc (28a6130e8)
  • examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

Commits

Updates io.grpc:grpc-netty-shaded from 1.77.0 to 1.78.0

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

V1.78.0

Bug Fixes

  • core: Fix shutdown failing accepted RPCs during channel startup (02e98a806). This fixes a race where RPCs could fail with "UNAVAILABLE: Channel shutdown invoked" even though they were created before channel.shutdown()
  • okhttp: Fix race condition overwriting MAX_CONCURRENT_STREAMS (#12548) (8d49dc1c9)
  • binder: Stop leaking this from BinderServerTransport's ctor (#12453) (89d77e062)
  • rls: Avoid missed config update from reentrancy (55ae1d054). This fixes a regression since 1.75.0 triggered by CdsLb being converted to XdsDepManager. Without this fix, a second channel to the same target may hang when starting, causing DEADLINE_EXCEEDED, and unhang when the control plane delivers an update (e.g., endpoint address update)

Improvements

  • xds: gRFC A88 - Changes to XdsClient Watcher APIs (#12446) (f385add31). We now have improved xDS error handling and this provides a clearer mechanism for the xDS server to report per-resource errors to the client, resulting in better error messages for debugging and faster detection of non-existent resources. This also improves the handling of all xDS-related data errors and the behavior of the xDS resource timer.
  • rls: Control plane channel monitor state and back off handling (#12460) (26c1c1341). Resets RLS request backoff timers when the Control plane channel state transitions to READY. Also when the backoff timer expires, instead of making a RLS request immediately, it just causes a picker update to allow making rpc again to the RLS target.
  • core: simplify DnsNameResolver.resolveAddresses() (4843256af)
  • netty: Run handshakeCompleteRunnable in success cases (283f1031f)
  • api,netty: Add custom header support for HTTP CONNECT proxy (bbc0aa369)
  • binder: Pre-factor out the guts of the BinderClientTransport handshake. (9313e87df)
  • compiler: Add RISC-V 64-bit architecture support to compiler build configuration (725ab22f3)
  • core: Release lock before closing shared resource (cb73f217e). Shared resources are internal to gRPC for sharing expensive objects across channels and servers, like threads. This reduces the chances of forming a deadlock, like seen with s2a in d50098f
  • Upgrade gson to 2.12.1 (6dab2ceab)
  • Upgrade dependencies (f36defa2d). proto-google-common-protos to 2.63.1, google-auth-library to 1.40.0, error-prone annotations to 2.44.0, guava to 33.5.0-android, opentelemetry to 1.56.0
  • compiler: Update maximum supported protobuf edition to EDITION_2024 (2f64092b8)
  • binder: Introduce server authorization strategy v2 (d9710725d). Adds support for android:isolatedProcess Services and moves all security checks to the handshake, making subsequent transactions more efficient.

New Features

  • compiler: Upgrade to C++ protobuf 33.1 (#12534) (58ae5f808).
  • util: Add gRFC A68 random subsetting LB (48a42889d). The policy uses the name random_subsetting_experimental. If it is working for you, tell us so we can gauge marking it stable. While the xDS portions haven’t yet landed, it is possible to use with xDS with JSON-style Structs as supported by gRFC A52
  • xds: Support for System Root Certs (#12499) (51611bad1). Most service mesh workloads use mTLS, as described in gRFC A29. However, there are cases where it is useful for applications to use normal TLS rather than using certificates for workload identity, such as when a mesh wants to move some workloads behind a reverse proxy. The xDS CertificateValidationContext message (see envoyproxy/envoy#34235) has a system_root_certs field. In the gRPC client, if this field is present and the ca_certificate_provider_instance field is unset, system root certificates will be used for validation. This implements gRFC A82.
  • xds: Support for GCP Authentication Filter (#12499) (51611bad1). In service mesh environments, there are cases where intermediate proxies make it impossible to rely on mTLS for end-to-end authentication. These cases can be addressed instead by the use of service account identity JWT tokens. The xDS GCP Authentication filter provides a mechanism for attaching such JWT tokens as gRPC call credentials on GCP. gRPC already supports a framework for xDS HTTP filters, as described in gRFC A39. This release supports the GCP Authentication filter under this framework as described in gRFC A83.
  • xds: Support for xDS-based authority rewriting (#12499) (51611bad1). gRPC supports getting routing configuration from an xDS server, as described in gRFCs A27 and A28. The xDS configuration can configure the client to rewrite the authority header on requests. This functionality can be useful in cases where the server is using the authority header to make decisions about how to process the request, such as when multiple hosts are handled via a reverse proxy. Note that this feature is solely about rewriting the authority header on data plane RPCs; it does not affect the authority used in the TLS handshake.
    As mentioned in gRFC A29, there are use-cases for gRPC that prohibit trusting the xDS server to control security-centric configuration. The authority rewriting feature falls under the same umbrella as mTLS configuration. As a result, the authority rewriting feature will only be enabled when the bootstrap config for the xDS server has trusted_xds_server in the server_features field.
  • xds: xDS based SNI setting and SAN validation (#12378) (0567531). When using xDS credentials make SNI for the Tls handshake to be configured via xDS, rather than use the channel authority as the SNI, and make SAN validation to be able to use the SNI sent when so instructed via xDS. Implements gRFC A101.

Documentation

  • api: Document gRFC A18 TCP_USER_TIMEOUT handling for keepalive (da7038782)
  • core: Fix AbstractClientStream Javadoc (28a6130e8)
  • examples: Document how to preserve META-INF/services in uber jars (97695d523)

Thanks to

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 25, 2025
@dependabot
[12.1.x EE9] Bump the dev-dependencies group across 1 directory with …
ef94a52 
…10 updates

Bumps the dev-dependencies group with 10 updates in the /jetty-ee9 directory:

| Package | From | To |
| --- | --- | --- |
| com.sun.mail:jakarta.mail | `2.0.1` | `2.0.2` |
| org.glassfish.jersey.containers:jersey-container-servlet | `3.0.17` | `3.1.0` |
| org.glassfish.jersey.inject:jersey-hk2 | `3.0.17` | `3.1.0` |
| org.glassfish.jersey.media:jersey-media-json-binding | `3.0.17` | `3.1.0` |
| [org.apache.openwebbeans:openwebbeans-jetty9](https://github.com/apache/openwebbeans) | `2.0.27` | `2.0.28` |
| [org.apache.openwebbeans:openwebbeans-web](https://github.com/apache/openwebbeans) | `2.0.27` | `2.0.28` |
| [org.hibernate.search:hibernate-search-bom](https://github.com/hibernate/hibernate-search) | `7.2.4.Final` | `7.2.5.Final` |
| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.22` | `1.5.23` |
| [io.grpc:grpc-core](https://github.com/grpc/grpc-java) | `1.77.0` | `1.78.0` |
| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.77.0` | `1.78.0` |



Updates `com.sun.mail:jakarta.mail` from 2.0.1 to 2.0.2

Updates `org.glassfish.jersey.containers:jersey-container-servlet` from 3.0.17 to 3.1.0

Updates `org.glassfish.jersey.inject:jersey-hk2` from 3.0.17 to 3.1.0

Updates `org.glassfish.jersey.media:jersey-media-json-binding` from 3.0.17 to 3.1.0

Updates `org.glassfish.jersey.inject:jersey-hk2` from 3.0.17 to 3.1.0

Updates `org.glassfish.jersey.media:jersey-media-json-binding` from 3.0.17 to 3.1.0

Updates `org.apache.openwebbeans:openwebbeans-jetty9` from 2.0.27 to 2.0.28
- [Commits](apache/openwebbeans@openwebbeans-2.0.27...openwebbeans-2.0.28)

Updates `org.apache.openwebbeans:openwebbeans-web` from 2.0.27 to 2.0.28
- [Commits](apache/openwebbeans@openwebbeans-2.0.27...openwebbeans-2.0.28)

Updates `org.apache.openwebbeans:openwebbeans-web` from 2.0.27 to 2.0.28
- [Commits](apache/openwebbeans@openwebbeans-2.0.27...openwebbeans-2.0.28)

Updates `org.hibernate.search:hibernate-search-bom` from 7.2.4.Final to 7.2.5.Final
- [Release notes](https://github.com/hibernate/hibernate-search/releases)
- [Changelog](https://github.com/hibernate/hibernate-search/blob/7.2.5.Final/changelog.txt)
- [Commits](hibernate/hibernate-search@7.2.4.Final...7.2.5.Final)

Updates `ch.qos.logback:logback-core` from 1.5.22 to 1.5.23
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.22...v_1.5.23)

Updates `io.grpc:grpc-core` from 1.77.0 to 1.78.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.77.0...v1.78.0)

Updates `io.grpc:grpc-netty-shaded` from 1.77.0 to 1.78.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.77.0...v1.78.0)

Updates `io.grpc:grpc-netty-shaded` from 1.77.0 to 1.78.0
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](grpc/grpc-java@v1.77.0...v1.78.0)

---
updated-dependencies:
- dependency-name: com.sun.mail:jakarta.mail
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: org.glassfish.jersey.containers:jersey-container-servlet
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.glassfish.jersey.inject:jersey-hk2
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.glassfish.jersey.media:jersey-media-json-binding
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.glassfish.jersey.inject:jersey-hk2
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.glassfish.jersey.media:jersey-media-json-binding
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.apache.openwebbeans:openwebbeans-jetty9
  dependency-version: 2.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: org.apache.openwebbeans:openwebbeans-web
  dependency-version: 2.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: org.apache.openwebbeans:openwebbeans-web
  dependency-version: 2.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: org.hibernate.search:hibernate-search-bom
  dependency-version: 7.2.5.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: io.grpc:grpc-core
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: io.grpc:grpc-netty-shaded
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: io.grpc:grpc-netty-shaded
  dependency-version: 1.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/jetty-ee9/jetty-12.1.x/dev-dependencies-bc37c495be branch from 6fe24a4 to ef94a52 Compare December 27, 2025 00:17
@olamy
Copy link
Member

olamy commented Dec 27, 2025

@dependabot recreate

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 27, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 27, 2025
@dependabot dependabot bot deleted the dependabot/maven/jetty-ee9/jetty-12.1.x/dev-dependencies-bc37c495be branch December 27, 2025 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@olamy