[CORE-69]: Bump the minor-patch-dependencies group across 1 directory with 21 updates

[dependabot]

Bumps the minor-patch-dependencies group with 20 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-test	3.5.3	3.5.4
org.springframework.boot:spring-boot-starter-data-jdbc	3.5.3	3.5.4
org.springframework.boot:spring-boot-starter-web	3.5.3	3.5.4
org.springframework.boot:spring-boot-configuration-processor	3.5.3	3.5.4
org.springframework.boot	3.5.3	3.5.4
com.nimbusds:nimbus-jose-jwt	10.3.1	10.4.1
io.projectreactor.netty:reactor-netty-http	1.2.7	1.2.8
com.fasterxml.jackson:jackson-bom	2.19.1	2.19.2
org.apache.commons:commons-compress	1.27.1	1.28.0
bio.terra:terra-common-lib	1.1.42-SNAPSHOT	1.1.43-SNAPSHOT
bio.terra:terra-cloud-resource-lib	1.2.34-SNAPSHOT	1.2.39-SNAPSHOT
net.javacrumbs.shedlock:shedlock-spring	6.9.0	6.9.2
com.google.cloud:google-cloud-pubsub	1.140.2	1.141.2
org.liquibase:liquibase-core	4.32.0	4.33.0
org.apache.commons:commons-lang3	3.17.0	3.18.0
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.19.1	2.19.2
io.swagger.core.v3:swagger-annotations	2.2.34	2.2.35
org.webjars.npm:swagger-ui-dist	5.26.0	5.27.1
com.diffplug.spotless	7.0.4	7.2.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.19.1	2.19.2

Updates org.springframework.boot:spring-boot-starter-test from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-starter-test's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-data-jdbc from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-starter-data-jdbc's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-web from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-starter-web's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-configuration-processor from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-configuration-processor's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.springframework.boot from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 10.3.1 to 10.4.1

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.3.1 (2025-07-01) * OctetKeyPairGenerator with Curve.Ed25519 should use the provided SecureRandom (iss #590).

10.4 (2025-07-19) * Creates a hierarchy of Option interfaces, extended by JWSSignerOption, JWEEncrypterOption and JWEDecrypterOption. Intended to provide optional configuration parameters to RSASSASigner, ECDSASigner, RSADecrypter, etc. * Introduces CipherMode implementing JWEEncrypterOption and JWEDecrypterOption, to specify a preferred JCA Cipher mode, such as MODE_ENCRYPT / MODE_DECRYPT when the default MODE_WRAP / MODE_UNWRAP is not supported by the JCA provider (iss #576). * Updates RSAEncrypter and RSADecrypter to support the JWEEncrypterOption CipherMode.ENCRYPT_DECRYPT (iss #576). * Factors out OptionUtils.ensureMinRSAPrivateKeySize. * Deprecates OptionUtils.optionIsPresent.

10.4.1 (2025-08-05) * Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595).

Commits

• 63b1101 [maven-release-plugin] prepare for next development iteration
• cd1345b Introduces CipherMode to specify a preferred JCA Cipher mode when the default...
• 9799fd5 Fixes compile errors - generics (iss #576)
• 73a8489 [maven-release-plugin] prepare release 10.4
• adf2576 [maven-release-plugin] prepare for next development iteration
• d4137db Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595)
• c6c8025 [maven-release-plugin] prepare release 10.4.1
• See full diff in compare view

Updates io.projectreactor.netty:reactor-netty-http from 1.2.7 to 1.2.8

Release notes

Sourced from io.projectreactor.netty:reactor-netty-http's releases.

v1.2.8

Reactor Netty 1.2.8 is part of 2024.0.8 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.7.8 by @​chemicL in 79468f613c936d7d694a6c92907f04af17a36edc, see release notes
• Depend on Netty QUIC Codec v0.0.73.Final by @​violetagg in #3811
• Depend on Netty HTTP/3 Codec v0.0.30.Final by @​dependabot[bot] in #3812
• Remove the usage of deprecated functionality by @​violetagg in #3819
• Improve protocol validation in Forwarded/X-Forwarded-Proto header parsing by @​violetagg in #3823 and #3824
• Remove trailer header pre-declaration requirement by @​violetagg in #3825

🐞 Bug fixes

• Ensure the connection is invalidated when a connection close happens before HTTP/1.1 to HTTP/2 upgrade operation by @​violetagg in #3806
• When HTTP/2 apply always the trailer headers by @​violetagg in #3808
• Trailers must not include pseudo-header fields by @​violetagg in #3810
• Add the HTTP/2 connection to the channel group for a proper graceful shutdown in case no active streams by @​violetagg in #3827
• Add proper initialisation of maxConcurrentStreams when successful HTTP/1.1 to HTTP/2 upgrade by @​violetagg in #3832
• Ensure the HTTP/2 upgrade stream inherits the proper state from the original HTTP/1.1 connection when successful upgrade from HTTP/1.1 to HTTP/2 by @​violetagg in #3838

New Contributors

• @​jkonicki made their first contribution in #3829 and #3830

Full Changelog: reactor/reactor-netty@v1.2.7...v1.2.8

Commits

• 79468f6 [release] Prepare and release 1.2.8
• 61e6799 Bump @​springio/antora-extensions from 1.14.5 to 1.14.6 in /docs (#3839)
• 4ed9cb2 [test] Deregister the metrics repository as soon as possible
• ab67d7f Polish
• c53e1bb [test] Move the check to try block
• 5228923 Ensure the HTTP/2 upgrade stream inherits the proper state from the original ...
• a60f640 Bump @​springio/antora-extensions from 1.14.4 to 1.14.5 in /docs (#3837)
• 4a7eb75 Bump org.junit.platform:junit-platform-launcher from 1.13.2 to 1.13.3 (#3836)
• 502e385 Bump junitVersion from 5.13.2 to 5.13.3 (#3835)
• 9d2c795 Bump org.apache.tomcat.embed:tomcat-embed-core from 9.0.106 to 9.0.107 (#3834)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

Commits

• d36caaf [maven-release-plugin] prepare release jackson-bom-2.19.2
• 53b24d1 Prep for 2.19.2 release
• 833ee01 Merge pull request #107 from FasterXML/tatu/2.19/backport-106-from-2.20
• c146c75 Backport #106 from 2.20 to 2.19(.2)
• e7c8ef3 Update jackson-parent dep
• ec00ff9 Merge branch '2.18' into 2.19
• 4e23492 Update jackson-parent version
• 6417767 Back to snapshot dep
• 4f37a5c [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.commons:commons-compress from 1.27.1 to 1.28.0

Changelog

Sourced from org.apache.commons:commons-compress's changelog.

Apache Commons Compress 1.28.0 Release Notes

The Apache Commons Compress team is pleased to announce the release of Apache Commons Compress 1.28.0.

Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This is a feature and maintenance release. Java 8 or later is required.

This release updates Apache Commons Lang to 3.18.0 to pick up the fix for CVE-2025-48924 (https://nvd.nist.gov/vuln/detail/CVE-2025-48924), but is not affected by it.

Changes in this version

Changes in this version include the following.

New Features

•        Add GzipParameters.getModificationInstant(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.setModificationInstant(Instant). Thanks to Gary Gregory. 
  

•        Add GzipParameters.OS, setOS(OS), getOS(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.toString(). Thanks to Gary Gregory. 
  

• COMPRESS-638: Add GzipParameters.setFileNameCharset(Charset) and getFileNameCharset() to override the default ISO-8859-1 Charset #602. Thanks to vincexjl, Gary Gregory, Piotr P. Karwasz.

•        Add support for gzip extra subfields, see GzipParameters.setExtra(HeaderExtraField) [#604](https://github.com/apache/commons-compress/issues/604). Thanks to ddeschenes-1, Gary Gregory. 
  

•        Add CompressFilterOutputStream and refactor to use. Thanks to Gary Gregory. 
  

•        Add ZipFile.stream(). Thanks to Gary Gregory. 
  

•        GzipCompressorInputStream reads the modification time (MTIME) and stores its value incorrectly multiplied by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        GzipCompressorInputStream writes the modification time (MTIME) the value incorrectly divided by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add optional FHCRC to GZIP header [#627](https://github.com/apache/commons-compress/issues/627). Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder allowing to customize the file name and comment Charsets. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberStart(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberEnd(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add PMD check to default Maven goal. Thanks to Gary Gregory. 
  

•        Add SevenZFile.Builder.setMaxMemoryLimitKiB(int). Thanks to Gary Gregory. 
  

•        Add MemoryLimitException.MemoryLimitException(long, int, Throwable) and deprecate MemoryLimitException.MemoryLimitException(long, int, Exception). Thanks to Gary Gregory. 
  

• COMPRESS-692: Add support for zstd compression in zip archives. Thanks to Mehmet Karaman, Andrey Loskutov, Gary Gregory.

•        Add support for XZ compression in ZIP archives. Thanks to Gary Gregory. 
  

• COMPRESS-695: Add ZipArchiveInputStream.createZstdInputStream(InputStream) to provide a different InputStream implementation for Zstandard (Zstd) #649. Thanks to Gary Gregory.

•        Add org.apache.commons.compress.harmony.pack200.Pack200Exception.Pack200Exception(String, Throwable). Thanks to Gary Gregory. 
  

• COMPRESS-697: Move BitStream.nextBit() method to BitInputStream #663. Thanks to Fredrik Kjellberg, Gary Gregory.

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdCompressorOutputStream.builder/Builder() [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdConstants [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

... (truncated)

Commits

• 852d9c2 Prepare for the release candidate 1.28.0 RC1
• f5eb9e2 Prepare for the next release candidate
• 36f204c Camel case parameter name
• 4c04e4a Use final
• 6cb7da1 Javadoc
• 563c9d2 Javadoc
• ce73bd8 Javadoc
• a464ae9 Better parameter names
• c0b2b84 Add TODO for next major version
• c76bc97 Use OpenVEX to document that we are not affected by CVE-2025-48924 in
• Additional commits viewable in

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud