Bump the dependencies group with 98 updates

[dependabot]

Bumps the dependencies group with 98 updates:

Package	From	To
org.apache.logging:logging-parent	9	12.1.1
org.apache.groovy:groovy-bom	4.0.6	5.0.5
com.fasterxml.jackson:jackson-bom	2.14.1	2.21.2
jakarta.platform:jakarta.jakartaee-bom	9.0.0	9.1.0
org.junit:junit-bom	5.9.1	6.0.3
io.fabric8:kubernetes-client-bom	5.12.2	7.6.1
io.netty:netty-bom	4.1.86.Final	4.2.12.Final
org.springframework:spring-framework-bom	5.3.25	7.0.7
org.apache.activemq:activemq-broker	5.17.3	6.2.5
org.assertj:assertj-core	3.23.1	3.27.7
org.awaitility:awaitility	4.2.0	4.3.0
org.mongodb:bson	4.5.0	5.6.5
org.mongodb:mongodb-driver-legacy	4.5.0	5.6.5
org.mongodb:mongodb-driver-sync	4.5.0	5.6.5
com.datastax.cassandra:cassandra-driver-core	3.11.3	3.11.5
org.apache.cassandra:cassandra-all	3.11.14	3.11.19
org.apache.cassandra:cassandra-thrift	3.11.14	3.11.19
commons-codec:commons-codec	1.15	1.22.0
org.apache.commons:commons-compress	1.22	1.28.0
org.apache.commons:commons-csv	1.9.0	1.14.1
org.apache.commons:commons-dbcp2	2.9.0	2.14.0
commons-io:commons-io	2.11.0	2.22.0
org.apache.commons:commons-lang3	3.12.0	3.20.0
commons-logging:commons-logging	1.2	1.3.6
org.apache.commons:commons-pool2	2.11.1	2.13.1
de.flapdoodle.embed:de.flapdoodle.embed.mongo	3.5.1	4.24.0
com.lmax:disruptor	3.4.4	4.0.0
org.elasticsearch.client:elasticsearch-rest-high-level-client	7.17.8	7.17.29
com.google.guava:guava-testlib	31.1-jre	33.6.0-jre
com.h2database:h2	2.1.214	2.4.240
org.hamcrest:hamcrest	2.2	3.0
org.hamcrest:hamcrest-core	2.2	3.0
org.hamcrest:hamcrest-library	2.2	3.0
org.hdrhistogram:HdrHistogram	2.1.12	2.2.2
org.hsqldb:hsqldb	2.5.2	2.7.4
org.fusesource.jansi:jansi	2.4.0	2.4.3
com.google.code.java-allocation-instrumenter:java-allocation-instrumenter	3.3.0	3.3.5
org.jctools:jctools-core	3.3.0	4.0.6
org.zeromq:jeromq	0.5.3	0.6.0
org.jmdns:jmdns	3.5.8	3.6.3
org.openjdk.jmh:jmh-core	1.36	1.37
org.openjdk.jmh:jmh-generator-annprocess	1.36	1.37
net.java.dev.jna:jna	5.12.1	5.18.1
net.javacrumbs.json-unit:json-unit	2.36.0	5.1.1
org.junit-pioneer:junit-pioneer	1.9.1	2.3.0
org.apache.kafka:kafka-clients	1.1.1	4.2.0
org.liquibase:liquibase-core	3.5.5	5.0.2
co.elastic.logging:log4j2-ecs-layout	1.5.0	1.8.0
com.vlkan.log4j2:log4j2-logstash-layout	0.18	1.0.5
ch.qos.logback:logback-classic	1.2.11	1.5.32
ch.qos.logback:logback-core	1.2.11	1.5.32
org.apache.maven:maven-core	3.8.6	3.9.15
org.mockito:mockito-core	4.11.0	5.2.0
org.mockito:mockito-inline	4.11.0	5.2.0
org.mockito:mockito-junit-jupiter	4.11.0	5.2.0
org.openjdk.nashorn:nashorn-core	15.3	15.7
org.opentest4j:opentest4j	1.2.0	1.3.0
org.eclipse.platform:org.eclipse.osgi	3.16.200	3.24.100
org.eclipse.persistence:org.eclipse.persistence.jpa	2.7.11	5.0.0
org.ops4j.pax.exam:pax-exam	4.13.5	4.14.0
org.ops4j.pax.exam:pax-exam-container-native	4.13.5	4.14.0
org.ops4j.pax.exam:pax-exam-junit4	4.13.5	4.14.0
org.ops4j.pax.exam:pax-exam-link-assembly	4.13.5	4.14.0
org.ops4j.pax.exam:pax-exam-spi	4.13.5	4.14.0
org.codehaus.plexus:plexus-utils	3.5.0	3.6.1
org.slf4j:slf4j-api	1.7.36	2.0.17
org.slf4j:slf4j-ext	1.7.36	2.0.17
com.sun.mail:smtp	2.0.1	2.0.2
org.springframework.boot:spring-boot	2.7.9	4.0.6
org.springframework.boot:spring-boot-starter-test	2.7.9	4.0.6
org.springframework.boot:spring-boot-dependencies	2.7.9	4.0.6
uk.org.webcompere:system-stubs-core	2.0.2	2.1.8
uk.org.webcompere:system-stubs-jupiter	2.0.2	2.1.8
org.apache.tomcat:tomcat-juli	10.0.23	11.0.21
org.graalvm.truffle:truffle-api	21.3.0	25.0.3
com.github.tomakehurst:wiremock-jre8	2.35.0	2.35.2
com.fasterxml.woodstox:woodstox-core	6.5.0	7.1.1
org.xmlunit:xmlunit-core	2.9.0	2.11.0
org.xmlunit:xmlunit-matchers	2.9.0	2.11.0
org.tukaani:xz	1.9	1.12
com.google.errorprone:error_prone_core	2.7.1	2.49.0
org.asciidoctor:asciidoctor-maven-plugin	2.2.4	3.2.0
org.codehaus.mojo:build-helper-maven-plugin	3.3.0	3.6.1
io.fabric8:docker-maven-plugin	0.40.2	0.48.1
org.ops4j.pax.exam:exam-maven-plugin	4.13.5	4.14.0
org.apache.logging.log4j:log4j-changelog-maven-plugin	0.3.0	0.9.0
org.apache.maven.plugins:maven-artifact-plugin	3.4.0	3.6.1
org.apache.felix:maven-bundle-plugin	5.1.8	6.0.2
org.apache.maven.plugins:maven-checkstyle-plugin	3.2.0	3.6.0
org.apache.maven.plugins:maven-dependency-plugin	3.3.0	3.10.0
org.apache.maven.plugins:maven-pmd-plugin	3.19.0	3.28.0
org.apache.maven.plugins:maven-scm-plugin	1.12.2	2.2.1
org.apache.maven.plugins:maven-source-plugin	3.2.1	3.4.0
com.github.spotbugs:spotbugs-maven-plugin	4.7.2.1	4.9.8.3
org.codehaus.mojo:xml-maven-plugin	1.0.2	1.2.1
com.h3xstream.findsecbugs:findsecbugs-plugin	1.12.0	1.14.0
org.apache.maven.surefire:surefire-junit47	3.0.0-M7	3.5.5
org.springframework.cloud:spring-cloud-dependencies	2021.0.6	2025.1.1

Updates org.apache.logging:logging-parent from 9 to 12.1.1

Release notes

Sourced from org.apache.logging:logging-parent's releases.

12.1.1

This patch release addresses a blocker issue with the creation of a release distribution and enhances the reliability of our caching and reproducibility mechanisms.

Fixed

• Fix staging of binary distribution archive. (#400)
• Improve Node.js caching using package-lock.json. (#366, #408)
• Improve reliability of reproducibility verification. (#388)

Updated

• Update actions/setup-java to version 4.7.1 (#376)
• Update com.diffplug.spotless:spotless-maven-plugin to version 2.44.5 (#397)
• Update com.google.errorprone:error_prone_core to version 2.38.0 (#381)
• Update com.gradle:common-custom-user-data-maven-extension to version 2.0.3 (#407)
• Update com.gradle:develocity-maven-extension to version 2.0.1 (#398)
• Update com.h3xstream.findsecbugs:findsecbugs-plugin to version 1.14.0 (#380)
• Update com.palantir.javaformat:palantir-java-format to version 2.68.0 (#410)
• Update dependabot/fetch-metadata to version 2.4.0 (#386)
• Update github/codeql-action to version 3.28.19 (#402)
• Update gradle/develocity-actions to version 1.4 (#404)
• Update org.apache.groovy:groovy to version 4.0.27 (#395)
• Update org.codehaus.gmavenplus:gmavenplus-plugin to version 4.2.0 (#383)
• Update org.codehaus.mojo:build-helper-maven-plugin to version 3.6.1 (#403)
• Update org.codehaus.mojo:exec-maven-plugin to version 3.5.1 (#396)
• Update org.eclipse.jgit:org.eclipse.jgit to version 7.3.0.202506031305-r (#405)
• Update org.jacoco:jacoco-maven-plugin to version 0.8.13 (#368)
• Update ossf/scorecard-action to version 2.4.2 (#399)

12.1.0

This minor release adds CodeQL checks for GitHub Actions. It also fixes a breaking change in Error Prone that prevented projects from migrating to version 12.0.0.

Added

• Add "GitHub Actions" to the list of languages analyzed by CodeQL. (#343)

Fixed

• Use the maven.deploy.skip Maven property in nexus-staging-maven-plugin. This effectively fixes the skipping of test artifacts' deployments. (#360)
• Fix Error Prone arguments breaking maven-compiler-plugin:compile.
• Fix inheritance of url elements in children POMs.(#330)

Updated

• Update actions/cache to version 4.2.3 (#357)
• Update actions/upload-artifact to version 4.6.2 (#359)
• Update com.diffplug.spotless:spotless-maven-plugin to version 2.44.3 (#333)

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.groovy:groovy-bom from 4.0.6 to 5.0.5

Commits

• See full diff in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.14.1 to 2.21.2

Commits

• 10e12a5 [maven-release-plugin] prepare release jackson-bom-2.21.2
• d754903 Prep for 2.21.2 release
• 63e1b3b Post-release dep version bump
• 716ab0d [maven-release-plugin] prepare for next development iteration
• 08a5a9a [maven-release-plugin] prepare release jackson-bom-2.21.1
• 5b03376 Prep for 2.21.1 release
• 1d78778 Merge branch '2.20' into 2.21
• cd46b24 Post-release dep version bump
• 17179ff [maven-release-plugin] prepare for next development iteration
• 2a26844 [maven-release-plugin] prepare release jackson-bom-2.20.2
• Additional commits viewable in compare view

Updates jakarta.platform:jakarta.jakartaee-bom from 9.0.0 to 9.1.0

Updates org.junit:junit-bom from 5.9.1 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates io.fabric8:kubernetes-client-bom from 5.12.2 to 7.6.1

Release notes

Sourced from io.fabric8:kubernetes-client-bom's releases.

7.6.1 (2026-03-05)

Bugs

• Fix #7460: Add explicit Automatic-Module-Name to all httpclient modules to fix invalid auto-derived JPMS module names and vertx/vertx-5 collision

New Contributors

• @​UniZKTech made their first contribution in fabric8io/kubernetes-client#7461

Full Changelog: fabric8io/kubernetes-client@v7.6.0...v7.6.1

7.6.0 (2026-03-02)

Bugs

• Fix #5292: Cluster() configuration should use tlsServerName
• Fix #7174: (httpclient) Fix HTTP client factory priority - VertxHttpClientFactory (default) now has priority -1, OkHttpClientFactory restored to priority 0
• Fix #7174: (httpclient-vertx-5) Add runtime check for Vert.x 5 classes to provide clear error when Vert.x 4/5 conflict occurs
• Fix #7174: (chaos-tests) Fix classpath conflict when testing with Vert.x 5 HTTP client
• Fix #7415: (java-generator) Fix generic type erasure for array of enums with default values
• Fix #7422: (okhttp) Remove internal API usage and fix deprecated OkHttp 5 calls
• Fix #7446: making the timeout of BaseOperation.createOrReplace() configurable

Improvements

• Fix #1105: Add javadoc cross-linking for Fabric8 modules and external dependencies
• Fix #5756: Use Editable interface instead of reflection to instantiate resource builders
• Fix #7422: bump okhttp from 4.12.0 to 5.3.2
• Fix #7252: call additionalConfig when building Vert.x HTTP clients with VertxHttpClientFactory

Dependency Upgrade

• Fix #7374: bump snakeyaml-engine from 2.10 to 3.0.1

New Features

• Fix #7385: Support for Kubernetes v1.35 (Timbernetes)
• Fix #7174: Added Vert.x 5 HTTP client implementation with improved async handling and WebSocket separation
• Fix #7402: Added Byte code level semver API compatibility report generation using Revapi

Note: Breaking changes

• Fix #5756: Resources edited with visitors must now implement io.fabric8.kubernetes.api.builder.Editable. All model classes provided by the client already implement this interface. User-provided custom resources that use visitor-based editing will need to implement Editable (trivial when a builder already exists).
• Fix #7422: bump okhttp from 4.12.0 to 5.3.2. The versions are binary compatible, but the major version upgrade might cause side effects.

Note: Vert.x HTTP Client Compatibility (Issue #7174)

The kubernetes-httpclient-vertx (Vert.x 4.x) and kubernetes-httpclient-vertx-5 (Vert.x 5.x) modules are mutually exclusive. They must not be included together in your project dependencies. Both modules provide an implementation of HttpClient.Factory and use the same io.vertx artifact coordinates but with incompatible major versions.

-Problem*: If both modules are present on the classpath, Maven's dependency resolution may pick Vert.x 4.x JARs while the Vertx5HttpClientFactory is selected at runtime. This causes NoClassDefFoundError for Vert.x 5-specific classes like io.vertx.core.impl.SysProps.

-Solution*: Ensure your project includes only ONE of these modules:

• kubernetes-httpclient-vertx (default, uses Vert.x 4.x) - included transitively via kubernetes-client
• kubernetes-httpclient-vertx-5 (optional, uses Vert.x 5.x) - requires explicit dependency and exclusion of vertx-4

... (truncated)

Changelog

Sourced from io.fabric8:kubernetes-client-bom's changelog.

7.6.1 (2026-03-05)

Bugs

• Fix #7460: Add explicit Automatic-Module-Name to all httpclient modules to fix invalid auto-derived JPMS module names and vertx/vertx-5 collision

7.6.0 (2026-03-02)

Bugs

• Fix #5292: Cluster() configuration should use tlsServerName
• Fix #7174: (httpclient) Fix HTTP client factory priority - VertxHttpClientFactory (default) now has priority -1, OkHttpClientFactory restored to priority 0
• Fix #7174: (httpclient-vertx-5) Add runtime check for Vert.x 5 classes to provide clear error when Vert.x 4/5 conflict occurs
• Fix #7174: (chaos-tests) Fix classpath conflict when testing with Vert.x 5 HTTP client
• Fix #7415: (java-generator) Fix generic type erasure for array of enums with default values
• Fix #7422: (okhttp) Remove internal API usage and fix deprecated OkHttp 5 calls
• Fix #7446: making the timeout of BaseOperation.createOrReplace() configurable

Improvements

• Fix #1105: Add javadoc cross-linking for Fabric8 modules and external dependencies
• Fix #5756: Use Editable interface instead of reflection to instantiate resource builders
• Fix #7422: bump okhttp from 4.12.0 to 5.3.2
• Fix #7252: call additionalConfig when building Vert.x HTTP clients with VertxHttpClientFactory

Dependency Upgrade

• Fix #7374: bump snakeyaml-engine from 2.10 to 3.0.1

New Features

• Fix #7385: Support for Kubernetes v1.35 (Timbernetes)
• Fix #7174: Added Vert.x 5 HTTP client implementation with improved async handling and WebSocket separation
• Fix #7402: Added Byte code level semver API compatibility report generation using Revapi

Note: Breaking changes

• Fix #5756: Resources edited with visitors must now implement io.fabric8.kubernetes.api.builder.Editable. All model classes provided by the client already implement this interface. User-provided custom resources that use visitor-based editing will need to implement Editable (trivial when a builder already exists).
• Fix #7422: bump okhttp from 4.12.0 to 5.3.2. The versions are binary compatible, but the major version upgrade might cause side effects.

Note: Vert.x HTTP Client Compatibility (Issue #7174)

The kubernetes-httpclient-vertx (Vert.x 4.x) and kubernetes-httpclient-vertx-5 (Vert.x 5.x) modules are mutually exclusive. They must not be included together in your project dependencies. Both modules provide an implementation of HttpClient.Factory and use the same io.vertx artifact coordinates but with incompatible major versions.

Problem: If both modules are present on the classpath, Maven's dependency resolution may pick Vert.x 4.x JARs while the Vertx5HttpClientFactory is selected at runtime. This causes NoClassDefFoundError for Vert.x 5-specific classes like io.vertx.core.impl.SysProps.

Solution: Ensure your project includes only ONE of these modules:

• kubernetes-httpclient-vertx (default, uses Vert.x 4.x) - included transitively via kubernetes-client
• kubernetes-httpclient-vertx-5 (optional, uses Vert.x 5.x) - requires explicit dependency and exclusion of vertx-4

When using Vert.x 5, exclude the default Vert.x 4 client and set the vertx.version property:

<properties>
</tr></table> 

... (truncated)

Commits

• 6e7f78b [RELEASE] Updated project version to v7.6.1
• 1c865f1 chore(ci): cancel PR workflows when prerequisite checks fail
• e18bf76 fix(ci): use lax checksums in MAVEN_ARGS for snapshot workflow
• aff7b67 chore(deps): bump central-publishing-maven-plugin from 0.9.0 to 0.10.0
• c65ea82 fix(ci): exclude target directory from Dependabot Maven scanning
• 1c90ff8 fix(ci): use lax checksums for snapshot deploy step
• 921fbfc fix(httpclient): add reactor dependencies to JPMS test module
• 6423874 fix(ci): deploy BOMs separately in snapshot workflow
• 9c786af fix(httpclient): add explicit Automatic-Module-Name to all httpclient modules
• c0d6691 fix: add explicit Automatic-Module-Name to httpclient modules (#7461)
• Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.1.86.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.12.Final

What's Changed

• Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" by @​chrisvest in netty/netty#16550

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

• CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service
• CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

What's Changed

• Update to latest JDK 26 EA release by @​normanmaurer in netty/netty#16230
• HTTP3: Allow to support non-standard HTTP3 settings by @​normanmaurer in netty/netty#16171
• Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry loop by @​adwsingh in netty/netty#16245
• Allocate one large segment and slice for each MsgHdrMemory by @​dreamlike-ocean in netty/netty#16234
• Make RefCntOpenSslContext.deallocate more robust by @​chrisvest in netty/netty#16253
• Epoll: Fix excessive CPU usage when Channel is only registered but no… by @​normanmaurer in netty/netty#16250
• Update to gcc for arm 10.3-2021.07 by @​m1ngyuan in netty/netty#16255
• Add acmeIdentifier extension support to pkitesting by @​chrisvest in netty/netty#16256
• Update JDK versions to latest patch releases by @​m1ngyuan in netty/netty#16254
• Avoid allocation in HttpObjectEncoder.addEncodedLengthHex method by @​doom369 in netty/netty#16241
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16269
• Revert "Automatic backporting workflow from 4.1 to 4.2" by @​chrisvest in netty/netty#16270
• HTTP2: Correctly account for padding when decompress by @​normanmaurer in netty/netty#16264
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16271
• Automatic backporting workflow from 4.1 to 4.2 by @​chrisvest in netty/netty#16273
• Backport PRs must be created with personal access tokens by @​chrisvest in netty/netty#16276
• Expose QuicSslContextBuilder::sni by @​ZeroErrors in netty/netty#16178
• Add more porting workflows by @​chrisvest in netty/netty#16275
• Add more porting workflows by @​chrisvest in netty/netty#16283
• Remove the unpooled allocator from test permutations by @​chrisvest in netty/netty#16282
• Some polishing of the porting workflows by @​chrisvest in netty/netty#16288
• Allow to set destination connection id when creating a client side QuicheChannel by @​normanmaurer in netty/netty#16286
• Update to latest JDK26 EA build by @​normanmaurer in netty/netty#16295
• Add javadoc to clarify responsibility of the user when generating the remote connection id by @​normanmaurer in netty/netty#16293
• Make the build run faster by @​chrisvest in netty/netty#16290
• Fix IDE warnings in SslHandler by @​doom369 in netty/netty#16237
• Decrease Long allocations and map.put calls in ReferenceCountedOpenSllEngine in handshake() method by @​doom369 in netty/netty#16242
• Support boringssl SSLCredential API by @​jmcrawford45 in netty/netty#15919
• Fix high-order bit aliasing in HttpUtil.validateToken by @​furkanvarol in netty/netty#16279
• Improve multi-byte access performance when UNALIGNED availability is unknown by @​Songdoeon in netty/netty#16207
• Avoid unnecessary SSL.getVersion() call and string allocation in ReferenceCountedOpenSslEngine by @​doom369 in netty/netty#16278
• Support more branch freedom for auto-porting by @​chrisvest in netty/netty#16300
• fix: the precedence of + is higher than >> by @​cuiweixie in netty/netty#16312
• AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater than byteBuf.maxCapacity() by @​laosijikaichele in netty/netty#16309
• Fix flaky PooledByteBufAllocatorTest by @​chrisvest in netty/netty#16313
• Fix pooled arena accounting tests by @​chrisvest in netty/netty#16321

... (truncated)

Commits

• 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
• 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
• c3b0a43 [maven-release-plugin] prepare for next development iteration
• c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
• 3b76df1 Merge commit from fork
• aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
• 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
• a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
• 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
• 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
• Additional commits viewable in compare view

Updates org.springframework:spring-framework-bom from 5.3.25 to 7.0.7

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v7.0.7

⭐ New Features

• Improve SpringValidatorAdapter and MethodValidationAdapter performance #36621
• Support JSON array decoding to Flux in KotlinSerializationJsonDecoder #36597
• Deprecate methodIdentification() in CacheAspectSupport for removal #36575
• Add MockRestServiceServer#createServer variant for RestClient #36572
• Create RestClientXhrTransport variant replacing RestTemplateXhrTransport #36566
• Improve error handling in multipart codecs #36563
• Make ApplicationListenerMethodAdapter#getTargetMethod() public #36558
• ApiVersionConfigurer.setSupportedVersionPredicate() returns void instead of ApiVersionConfigurer #36551
• LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #36527
• Add registerManagedResource variant with bean key argument to MBeanExporter #36520
• Handle blank Accept-Language header in AcceptHeaderLocaleResolver #36513
• Make AbstractStreamingClientHttpRequest and AbstractBufferingClientHttpRequest public #36501
• MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #36499
• Add PreFlightRequestFilter #36482
• Support configuration of extension context scope for SpringExtension via Spring or JUnit properties #36460
• Lower log level of "Cache miss for REQUEST dispatch" in HandlerMappingIntrospector #36309

🐞 Bug Fixes

• WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #36625
• Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #36609
• MergedAnnotation does not use ClassLoader for method or field #36606
• @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #36611
• AnnotatedTypeMetadata no longer retains source declaration order on Java 24+ #36598
• MergedAnnotation.asMap() fails when an attribute references a non-existent class #36586
• FileSystemResource does not strictly follow the Resource#isReadable() contract #36584
• Converter overrides in HttpMessageConverters only apply when defaults are registered #36579
• Invalid method return type metadata for ClassFile variant on JDK 24+ #36577
• Fix Writer lifecycle for AbstractJsonHttpMessageConverter.writeInternal(Object, Type, Writer) #36565
• Flushing-related regression in SseServerResponse #36537
• LazyConnectionDataSourceProxy does not pass on holdability to target Connection #36528
• AnnotationBeanNameGenerator fails when an annotation references a non-existent class #36524
• Perserve default API version in RestClientAdapter #36514
• Inconsistent codings resolution in resource resolvers #36507
• DefaultJmsListenerContainer may hang in an endless loop in doShutdown #36506
• Query not hidden in DefaultClientResponse checkpoint #36502
• RestClient closes stream for ResponseEntity responses #36492
• IllegalStateException when using websocket handshake headers with Tomcat #36486
• Invalid nullness information for ParameterizedTypeReference #36477
• WebTestClient cannot assert null list elements #36476
• Handle Kotlin nullable value class param correctly in CoroutineUtils #36449
• Remove RFC 2047 encoding from Content-Disposition filename #36328

📔 Documentation

• Clarify semantics of HttpMethod.valueOf() #36652
• Document whitespace semantics in SpEL expressions #36628

... (truncated)

Commits

• c997d40 Release v7.0.7
• 9185254 Upgrade to Reactor 2025.0.5 and Micrometer 1.16.5
• 802fa4d Refine RetryListener example
• 7052da4 Add doOnDiscard in MultipartHttpMessageReader
• 63817ce Add missing tests for WebRequestDataBinder
• 61bd790 Polish WebRequestDataBinderTests
• ab6637c Completely extract ServletRequestParameterPropertyValuesTests
• c9b88b4 Extract ServletRequestParameterPropertyValuesTests
• 68c575a Revise "Skip binding entirely when field is not allowed"
• cb32046 Further clarify semantics of HttpMethod.valueOf()
• Additional commits viewable in compare view

Updates org.apache.activemq:activemq-broker from 5.17.3 to 6.2.5

Release notes

Sourced from org.apache.activemq:activemq-broker's releases.

Apache ActiveMQ 6.2.5

What's Changed

• Bump to 6.2.5-SNAPSHOT version by @​jbonofre in apache/activemq#1892
• [6.2.x] SSL handshake write timeout enforcement (#1883) by @​cshannon in apache/activemq#1894
• [6.2.x] Minor bug fix for BrokerView#validateAllowedUri (#1900) by @​cshannon in apache/activemq#1902
• [6.2.x] Restrict URL protocol types loaded by XBeanBrokerFactory (#1910) by @​cshannon in apache/activemq#1915
• compilation-fix by @​cshannon in apache/activemq#1919
• [6.2.x] Make brokerName immutable in RegionBroker (#1917) by @​cshannon in apache/activemq#1923
• [6.2.x] Add Http discovery transport to denied list for JMX (#1918) by @​cshannon in apache/activemq#1925
• [6.2.x] Update resource cleanup on queueBrowse servlet (#1912) by @​cshannon in apache/activemq#1928
• [6.2.x] Update DestinationView uri resolution (#1914) by @​cshannon in apache/activemq#1930
• fix(webconsole): the webconsole now redirect to the slave.jsp when required (slave broker with startAsync="true") [6.2.x] by @​jbonofre in apache/activemq#1934
• [6.2.x] Queue browse improvements in webconsole (#1938) by @​cshannon in apache/activemq#1942
• [6.2.x] Add more transport types to the denied list for JMX (#1949) by @​cshannon in apache/activemq#1952
• [6.2.x] Add remote file filtering for XBeanBrokerFactory (#1950) by @​cshannon in apache/activemq#1954

Full Changelog: apache/activemq@activemq-6.2.4...activemq-6.2.5

Apache ActiveMQ 6.2.4

What's Changed

• [6.2.x] Bump version to 6.2.4-SNAPSHOT by @​jbonofre in apache/activemq#1868
• [6.2.x] Ensure AMQP protocol marshals messages before passing to broker (#1859) by @​cshannon in apache/activemq#1860
• [6.2.x] Backport MQTT fixes by @​cshannon in apache/activemq#1884
• [6.2.x] Properly handle SSL handshake updates by @​cshannon in apache/activemq#1886

Full Changelog: apache/activemq@activemq-6.2.3...activemq-6.2.4

Apache ActiveMQ 6.2.3

What's Changed

• [6.2.x] Update copyright year in the bin distribution NOTICE by @​jbonofre in apache/activemq#1817
• Bump version to 6.2.3-SNAPSHOT by @​cshannon in apache/act...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.