[12.1.x Integrations] Bump the dev-dependencies group in /jetty-integrations with 40 updates

[dependabot]

Bumps the dev-dependencies group in /jetty-integrations with 40 updates:

Package	From	To
org.bouncycastle:bcprov-jdk18on	1.81	1.82
org.bouncycastle:bcpkix-jdk18on	1.81	1.82
org.bouncycastle:bctls-jdk18on	1.81	1.82
org.bouncycastle:bcutil-jdk18on	1.81	1.82
com.google.protobuf:protobuf-java	3.25.5	3.25.8
com.google.code.gson:gson	2.13.1	2.13.2
commons-codec:commons-codec	1.18.0	1.19.0
com.fasterxml.jackson:jackson-bom	2.18.3	2.20.0
io.netty:netty-bom	4.2.0.Final	4.2.6.Final
org.junit:junit-bom	5.13.2	5.14.0
org.ow2.asm:asm-bom	9.8	9.9
org.ow2.asm:asm	9.8	9.9
org.ow2.asm:asm-commons	9.8	9.9
ch.qos.logback:logback-core	1.5.18	1.5.19
com.google.guava:guava	33.4.8-jre	33.5.0-jre
commons-io:commons-io	2.19.0	2.20.0
io.grpc:grpc-core	1.72.0	1.76.0
io.smallrye.common:smallrye-common-cpu	2.8.0	2.13.9
net.java.dev.jna:jna	5.17.0	5.18.1
net.java.dev.jna:jna-jpms	5.17.0	5.18.1
net.minidev:json-smart	2.5.2	2.6.0
org.apache.commons:commons-compress	1.27.1	1.28.0
org.apache.commons:commons-lang3	3.18.0	3.19.0
org.apache.logging.log4j:log4j-api	2.25.0	2.25.2
org.apache.maven.resolver:maven-resolver-api	1.9.22	1.9.24
org.apache.maven.resolver:maven-resolver-supplier	1.9.22	1.9.24
org.eclipse.jdt:ecj	3.42.0	3.43.0
org.eclipse.jetty.toolchain:jetty-test-helper	6.3	6.4
org.eclipse.sisu:org.eclipse.sisu.plexus	0.9.0.M3	0.9.0.M4
org.jboss.logging:jboss-logging-annotations	3.0.3.Final	3.0.4.Final
org.jboss.logging:jboss-logging-processor	3.0.3.Final	3.0.4.Final
org.jboss.threads:jboss-threads	3.8.0.Final	3.9.1
org.mariadb.jdbc:mariadb-java-client	3.5.4	3.5.6
org.junit.platform:junit-platform-engine	1.13.2	1.14.0
com.puppycrawl.tools:checkstyle	10.23.0	10.26.1
eu.maveniverse.maven.njord:extension3	0.8.2	0.8.4
eu.maveniverse.maven.plugins:njord	0.8.2	0.8.4
org.apache.maven.shared:maven-filtering	3.3.0	3.4.0
org.cyclonedx:cyclonedx-maven-plugin	2.8.0	2.9.1
org.eclipse.cbi.maven.plugins:eclipse-jarsigner-plugin	1.4.3	1.5.2

Updates org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates org.bouncycastle:bctls-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bctls-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates org.bouncycastle:bcutil-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bcutil-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.protobuf:protobuf-java from 3.25.5 to 3.25.8

Commits

• a4cbdd3 Updating version.json and repo version numbers to: 25.8
• 29445be Merge pull request #21880 from shaod2/py-25
• cc13b69 Remove debugging code and add EOLs
• d31100c Manually backport recursion limit enforcement to 25.x
• 88a3b90 Change pre-22 poison pill to only log once per affected message type. (#21754)
• 320eafa Weaken vulnerable gencode poison pills to warning by default.
• f584fe3 Merge branch 'protocolbuffers:25.x' into 25.x
• c710036 Update test_upb.yml to use ubuntu-22
• 9721758 Fix missing trailing newline.
• cca7b28 Update test_upb.yml to use ubuntu-22
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

• Improved packaging of JPMS module declaration in Gson jar
  This fixes an issue where Eclipse and VS Code users could not refer to the Gson module name com.google.gson. See issue google/gson#2679.
• Remove internal class GsonPreconditions by @​Marcono1234 in google/gson#2879
• Switch to using central-publishing-maven-plugin by @​eamonnmcmanus in google/gson#2900

New Contributors

• @​MukjepScarlet made their first contribution in google/gson#2852
• @​ChrisCraik made their first contribution in google/gson#2856

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Commits

• 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
• c2d252a Switch to using central-publishing-maven-plugin. (#2900)
• 69cb755 Bump the github-actions group with 5 updates (#2894)
• ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
• fdc616d Set top-level permissions for CodeQL workflow (#2889)
• 9334715 Create scorecard.yml (#2888)
• f7de5c2 Bump the maven group with 8 updates (#2885)
• 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
• 5eab3ed Bump the github-actions group with 2 updates (#2886)
• 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.
  

•         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.
  

•         Add PMD check to the default Maven goal. Thanks to Gary Gregory.
  

•         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.
  

Fixed Bugs

•         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.
  

•         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  

• CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.

•         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.
  

•         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.
  

•         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.
  

•         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.
  

•         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.
  

•         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.
  

•         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.
  

•         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  

• CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
• CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.
  

•         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.
  

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.
  

•         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.
  

•         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.
  

•         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.
  

•         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.
  

Changes

... (truncated)

Commits

• 351cb22 Prepare for the release candidate 1.19.0 RC1
• 0d501b6 Prepare for the next release candidate
• d6d4b82 Refactor duplicate code
• 6d6456c No need to exclude abstract test classes from Surefire runs
• 22d62e4 No need to specify the default value for linkXref
• c4daf34 No longer need to override the version of the Jacoco Maven plugin
• 8f2b673 Remove workaround for [SUREFIRE-2253]
• 466a61d Fix Javadoc
• ca27bd3 Fix Checkstyle
• 1dfb4e5 Better internal method name
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.18.3 to 2.20.0

Commits

• 54f854b [maven-release-plugin] prepare release jackson-bom-2.20.0
• 9cc68d4 Prep for 2.20.0
• cbef800 Version sync for 2.20.0 release (in near future)
• 79bc4ed Back to snapshot deps
• 94947a0 [maven-release-plugin] prepare for next development iteration
• 369dffe [maven-release-plugin] prepare release jackson-bom-2.20.0-rc1
• c5caaf2 Prep for 2.20.0-rc1
• 8ad6e0a Move to 2.20.0-rc1-SNAPSHOT
• 500ef4d Merge branch '2.19' into 2.x
• 274f228 Back to snapshot deps
• Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.2.0.Final to 4.2.6.Final

Commits

• 255ad95 [maven-release-plugin] prepare release netty-4.2.6.Final
• bbacc6b BouncyCastleAlpnSslUtils needs to use the correct SSLEngine class as … (#15630)
• d28a0fc Make ResourceLeakDetector.track not final (#15620)
• 7134f60 [refactor] add error message to all new Error() calls (#15609)
• f7f5b48 Add test for OpenJdkSelfSignedCertGenerator (#15619)
• 9e4bb29 IoUring: Allow to create IoHandlerFactory that supports changing the (#15608)
• 22d414b Skip huge decompression test with leak detection (#15616)
• 77661e7 Update the CentOS devcontainer (#15615)
• ea90268 Don't try to generate aggregated javadocs for the stubs as otherwise it will ...
• b54f47e [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.2 to 5.14.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8545c93 Release 5.14.0
• 1d405a0 Polish release notes for 5.14 GA
• c1f78f6 Prepare 5.14.0 release notes and link to migration guide
• a6f666c Allow new classes to be added
• f728dfa Disable compatibility checks for all aggregator projects
• 72b34aa Validate list of accepted breaking changes
• bc62d27 Only track module-specific lines in accepted-breaking-changes.txt
• 1d95a3c Clear custom initialize-at-build-time lists
• 513be32 Update plugin org.graalvm.buildtools.native to v0.11.1
• 174d8de Back to snapshots for further development
• Additional commits viewable in compare view

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates org.ow2.asm:asm from 9.8 to 9.9

Updates org.ow2.asm:asm-commons from 9.8 to 9.9

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• 20802cf mindor javadoc changes
• 8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
• 7f65340 minor changes
• 8d2262d soften warning on using ConsoleAppender
• c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
• 61f6a25 disallow new in if condition attribute in config files
• a07cfd5 logback-core: fix spelling errors (#956)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

• c224bce Prepare for the release candidate 2.20.0 RC1
• 8981a5c Remove workaround for
• 4ef481f Prepare for the next release candidate
• d23228f Merge branch 'master' of https://github.com/apache/commons-io.git
• 5d2737f Add @​SuppressWarnings
• e5c80d6 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 #761
• 2017ac0 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#761)
• 07ce798 Javadoc
• a828efa Add ciManagement element to POM
• 46bd1c2 Javadoc
• Additional commits viewable in compare view

Updates io.grpc:grpc-core from 1.72.0 to 1.76.0

Release notes

Sourced from io.grpc:grpc-core's releases.

v1.76.0

Bug Fixes

• xds: ClusterResolverLb has been converted to use XdsDepManager, which finishes the changes for gRFC A74 xDS Config Tears. This change should resolve some unnecessary reconnections introduced in v1.75.0 when using weighted_round_robin and maybe other policies.
• compiler: A fix has been implemented for the blockingV2 stub to mangle generated method names that conflict with java.lang.Object methods.
• servlet: A race condition in AsyncServletOutputStreamWriter has been fixed to prevent threads from getting stuck.
• servlet: An issue where AsyncContext.complete() was called multiple times, causing an IllegalStateException, has been resolved.
• binder: The REMOTE_UID is now required to hold the exact UID passed to the SecurityPolicy.
• binder: The server will now only accept post-setup transactions from the authorized server UID.
• util: AdvancedTlsX509TrustManager now errors with a message to say that files don’t exist instead of the previous “Files were unmodified before their initial update. Probably a bug.”
• android: A fix has been implemented for network change handling on API levels below 24.

Improvements

• api: Allocations of Attributes.Builder have been reduced. This mostly benefits attributes.toBuilder(), but that’s not expected to be visible in regular workloads.
• api: An empty array allocation in LoadBalancer.CreateSubchannelArgs.Builder has been avoided. It is a small optimization and is not expected to have any performance impact.
• servlet: A configurable methodNameResolver has been added to configure the mapping from servlet request paths to gRPC method name
• servlet: Avoid a race by increasing the AsyncContext timeout by 5 seconds. The gRPC Context timeout should trigger first
• xds: Pretty-print envoy.service.discovery.v3.Resource in debug logs
• bazel: The java/proto rules from rules_java/rules_proto are now used instead of native rules.
• bazel: Unnecessary direct build dependencies were removed from some targets
• netty: Support for the BCJSSE provider has been added in GrpcSslContexts.
• netty: Huffman coding in server response headers has been disabled; it was already disabled for client request headers
• netty: Include allow header for HTTP response code 405
• okhttp: Include allow header for HTTP response code 405
• binder: Error descriptions for ServiceConnection callbacks have been improved
• binder: Apps can now call SecurityPolicy.checkAuthorization() by PeerUid.

New Features

• stub: Trailers are now propagated in StatusException when thrown by BlockingClientCall.
• compiler: Support for macOS aarch64 with a universal binary has been added.
• opentelemetry: grpc.subchannel.* metrics as described in gRFC A94 OTel metrics for Subchannels have been added. grpc.disconnect_error will show as “unknown” until transports implement support
• binder: A NameResolver for Android's intent: URIs has been introduced.
• binder: A basic SocketStats with just the local and remote addresses has been added for channelz.

Documentation

• SECURITY.md: The documentation now describes how to use gcompat with LD_PRELOAD for Alpine.
• examples: The documentation now explains Bazel BCR releases and the git_override option.

Dependencies

• Upgraded Guava version to 33.4.8.
• The org.apache.tomcat:annotations-api dependency has been removed from the examples.

Thanks to

@JoeCqupt @Sangamesh1997

... (truncated)

Commits

• d0db129 Bump version to 1.76.0
• aa672ca Update README etc to reference 1.76.0
• 70b7249 netty: Unconditionally disable adaptive cumulator (#12390)
• f89d1d8 api: remove nullable from StatusOr value methods (#12338)
• 040665f examples: Explain Bazel BCR releases and git_override option
• 4995700 xds: Remove verify TODO for onResult2 error status
• afe7222 SECURITY.md: Mention gcompat for Alpine (#12365)
• 1a7042a android: fix network change handling on API levels < 24
• 8f0db07 api: Avoid allocating empty array in LoadBalancer (#12337)
• 0c179e3 xds: Convert ClusterResolverLb to XdsDepManager
• Additional commits viewable in compare view

Updates io.smallrye.common:smallrye-common-cpu from 2.8.0 to 2.13.9

Release notes

Sourced from io.smallrye.common:smallrye-common-cpu's releases.

2.13.9

No release notes provided.

2.13.8

No release notes provided.

2.13.7

No release notes provided.

2.13.6

No release notes provided.

2.13.5

No release notes provided.

2.13.4

No release notes provided.

2.13.3

No release notes provided.

2.13.2

No release notes provided.

2.13.1

No release notes provided.

2.13.0

No release notes provided.

2.13.beta2

No release notes provided.

2.13.beta1

No release notes provided.

2.12.0

No release notes provided.

2.11.0

• #402 Introduce parent-child structure for duplication context

2.10.0

• #394 Release 2.10.0
• #393 Bump io.smallrye:smallrye-parent from 46 to 47
• #392 Javadoc fixes
• #391 Bump version.vertx from 4.5.11 to 4.5.12
• #390 Bump org.graalvm.sdk:nativeimage from 24.1.1 to 24.1.2
• #389 Make CPU cache interrogation an opt-in feature
• #388 Slightly reduce the startup cost of the modules used in Quarkus

... (truncated)

Commits

• fb23335 [maven-release-plugin] prepare release 2.13.9
• a6bff5b Merge pull request #480 from smallrye/release
• b4c7b8b Release 2.13.9
• 14a2061 Merge pull request #479 from dmlloyd/fix-nanos
• 199f099 Fix duration conversion error
• 3af34aa Merge pull request #477 from dmlloyd/fix-timeout
• 6c3ccae Allow null for process timeout
• 2719c1e Bump io.sundr:sundr-maven-plugin from 0.220.0 to 0.220.1 (#474)
• 0b3edcb Merge pull request #472 from smallrye/dependabot/maven/io.sundr-sundr-maven-p...
• b164212 Bump io.sundr:sundr-maven-plugin from 0.210.0 to 0.220.0
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna from 5.17.0 to 5.18.1

Changelog

Sourced from net.java.dev.jna:jna's changelog.

Release 5.18.1

Bug Fixes

• #1686: Fix sortFields race condition while getting fields - @​bendk.

Release 5.18.0

Features

• #1671: Add isRISCV to c.s.j.Platform - @​Glavo.
• #1672: Add CFLocale, CFLocaleCopyCurrent, CFCFDateFormatter, CFDateFormatterStyle, CFDateFormatterCreate and CFDateFormatterGetFormat to c.s.j.p.mac.CoreFoundation - @​dbwiddis.
• #1669: Document requirement for running on JDK 24+ - @​matthiasblaesing.

Bug Fixes

• #1681: Fix deadlock in Structure constructor introduced in 5.16.0 - @​brettwooldridge.
• #1683: Fix native build error on Xcode 16.3 / Apple Clang 17 - @​brettwooldridge.

Commits

• 3c493c1 Release 5.18.1
• e3838d5 Merge pull request #1680 from java-native-access/dependabot/github_actions/gi...
• 5cac361 Bump the github-actions group with 2 updates
• 5511f28 Merge pull request #1687 from bendk/push-yyprxvvrrttk
• c401bca Merge pull request #1690 from jonalmeida/patch-1
• 6e7e828 Update recommended Android proguard rules
• b665e9e Avoid threading issues in sortFields (#1686)
• 0da700d Prepare next development iteration
• 285632f Release 5.18.0
• 77fe152 Support/Prepare deployment to new maven central repository
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna-jpms from 5.17.0 to 5.18.1

Changelog

Sourced from net.java.dev.jna:jna-jpms's changelog.

Release 5.18.1

Bug Fixes

• #1686: Fix sortFields race condition while getting fields - @​bendk.

Release 5.18.0

Features

• #1671: Add isRISCV to c.s.j.Platform - @​Glavo.
• #1672: Add CFLocale, CFLocaleCopyCurrent, CFCFDateFormatter, CFDateFormatterStyle, CFDateFormatterCreate and CFDateFormatterGetFormat to c.s.j.p.mac.CoreFoundation - @​dbwiddis.
• #1669: Document requirement for running on JDK 24+ - @​matthiasblaesing.

Bug Fixes

• #1681: Fix deadlock in Structure constructor introduced in 5.16.0 - @​brettwooldridge.
• #1683: Fix native build error on Xcode 16.3 / Apple Clang 17 - @​brettwooldridge.

Commits

• 3c493c1 Release 5.18.1
• e3838d5 Merge pull request #1680 from java-native-access/dependabot/github_actions/gi...
• 5cac361 Bump the github-actions group with 2 updates
• 5511f28 Merge pull request #1687 from bendk/push-yyprxvvrrttk
• c401bca Merge pull request #1690 from jonalmeida/patch-1

[olamy]

@dependabot recreate

[dependabot]

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml