Bump the safe-patch-updates group across 1 directory with 22 updates by dependabot[bot] · Pull Request #512 · datasharingframework/dsf

dependabot · 2026-05-31T05:15:34Z

Bumps the safe-patch-updates group with 22 updates in the / directory:

Package	From	To
org.slf4j:slf4j-api	`2.0.17`	`2.0.18`
org.slf4j:slf4j-simple	`2.0.17`	`2.0.18`
org.slf4j:jcl-over-slf4j	`2.0.17`	`2.0.18`
org.slf4j:jul-to-slf4j	`2.0.17`	`2.0.18`
org.postgresql:postgresql	`42.7.10`	`42.7.11`
com.auth0:java-jwt	`4.5.1`	`4.5.2`
com.fasterxml.jackson.core:jackson-databind	`2.21.2`	`2.21.4`
com.fasterxml.jackson.core:jackson-core	`2.21.2`	`2.21.4`
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	`2.21.2`	`2.21.4`
com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations	`2.21.2`	`2.21.4`
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	`2.21.2`	`2.21.4`
org.glassfish.jaxb:jaxb-runtime	`4.0.7`	`4.0.9`
org.thymeleaf:thymeleaf	`3.1.4.RELEASE`	`3.1.5.RELEASE`
org.operaton.bpm:operaton-engine	`1.1.1`	`1.1.3`
org.operaton.bpm:operaton-engine-spring	`1.1.1`	`1.1.3`
org.operaton.bpm.model:operaton-bpmn-model	`1.1.1`	`1.1.3`
org.apache.tika:tika-core	`3.3.0`	`3.3.1`
org.apache.maven:maven-core	`3.9.15`	`3.9.16`
org.apache.maven:maven-plugin-api	`3.9.15`	`3.9.16`
org.apache.maven.plugins:maven-surefire-plugin	`3.5.5`	`3.5.6`
org.apache.maven.plugins:maven-failsafe-plugin	`3.5.5`	`3.5.6`
org.apache.maven.plugins:maven-enforcer-plugin	`3.6.2`	`3.6.3`

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates org.slf4j:jcl-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jul-to-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates org.slf4j:jcl-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jul-to-slf4j from 2.0.17 to 2.0.18

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

fix: Add sources and javadocs to shaded published lib generation @sehrope (#4043)

update Changelog and website for release of 42.7.11 @davecramer (#4042)

Fix scram fix location in changelog and update published artifact developer list @sehrope (#4041)

Restrict test with scram_iterations to v16+ and release notes @sehrope (#4040)

chore(deps): update ubuntu:24.04 docker digest to 84e77de @renovate-bot (#4017)

test: add tests for QueryExecutor#getTransactionState @vlsi (#4006)

chore(deps): update actions/create-github-app-token action to v2.2.2 @renovate-bot (#3983)

fix: fix flaky CopyBothResponseTest by using WAL flush LSN @vlsi (#3979)

fix: fix flaky replication restart tests by waiting for confirmed_flush_lsn @vlsi (#3975)

test: fix flaky LogicalReplicationStatusTest by polling pg_stat_replication @vlsi (#3974)

chore: replace Appveyor with ikalnytskyi/action-setup-postgres @vlsi (#3966)

test: move test table creation from @BeforeEach to @BeforeAll @vlsi (#3967)

Return jsonb as PGObject fixes Issue #3926 @davecramer (#3956)

Update docker scripts @davecramer (#3958)

implement require_auth, this is pretty much how libpq does this. @davecramer (#3895)

docs: add SCRAM authentication test setup section to TESTING.md @emmaeng700 (#3945)

Add RequireServerVersion annotation for tests @sehrope (#3939)

🐛 Bug Fixes

fix: ensure extended protocol messages end with Sync message @vlsi (#3728)

fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @vlsi (#3996)

fix: retry with SSL on IOException when sslMode=ALLOW @vlsi (#3973)

fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @vlsi (#3968)

fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @vlsi (#3962)

fix: use compareTo for LogSequenceNumber comparison @vlsi (#3961)

fix: release COPY lock on IOException to prevent connection hang (#3957) @vlsi (#3960)

🧰 Maintenance

style: replace @exception with @throws in getBoolean javadoc @vlsi (#4035)

chore: use @vlsi/github-actions-random-matrix npm package @vlsi (#4008)

chore: use tag names for pinning github actions, pin ikalnytskyi/action-setup-postgres @vlsi (#4007)

chore: bump errorprone to 2.48.0 @vlsi (#4005)

test: add @DisableLogger annotation to suppress expected log warnings in tests @vlsi (#3971)

chore: suppress deprecations in test code to reduce build verbosity @vlsi (#3972)

chore: replace log warning in ConnectionFactory.closeStream with Throwable.addSuppressed @vlsi (#3970)

chore: use greedy pairwise coverage for CI matrix generation @vlsi (#3965)

chore: use full version tags in GitHub Actions comments @vlsi (#3963)

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

feat: implement require_auth connection property, aligning with libpq behavior [PR #3895](pgjdbc/pgjdbc#3895)

Changed

chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres [PR #3966](pgjdbc/pgjdbc#3966)

chore: upgrade Gradle to v9 [PR #3978](pgjdbc/pgjdbc#3978)

Fixed

fix: ensure extended protocol messages end with Sync message [PR #3728](pgjdbc/pgjdbc#3728)

fix: enable cursor-based fetching in extended protocol when transaction started via SQL command [PR #3996](pgjdbc/pgjdbc#3996)

fix: retry with SSL on IOException when sslMode=ALLOW [PR #3973](pgjdbc/pgjdbc#3973)

fix: make sure the driver honours connectTimeout when retrying the connection [PR #3968](pgjdbc/pgjdbc#3968)

fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in [PR #3968](pgjdbc/pgjdbc#3968)

fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers [PR #3962](pgjdbc/pgjdbc#3962)

fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly [PR #3961](pgjdbc/pgjdbc#3961)

fix: release COPY lock on IOException to prevent connection hang [PR #3957](pgjdbc/pgjdbc#3957)

fix: return jsonb as PGObject instead of String [PR #3956](pgjdbc/pgjdbc#3956)

fix: align SSL key file permission check with libpq [PR #3952](pgjdbc/pgjdbc#3952)

fix: guard connection closed flag with a reentrant lock to protect against concurrent close [PR #3905](pgjdbc/pgjdbc#3905)

Commits

78e261f fix: Add sources and javadocs to shaded published lib generation
1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
d479fa5 Fix scram fix location in changelog and update published artifact developer l...
b04fc46 docs: Add scram max iters fix to changelog
cf54822 test: Disable scram test on older version without scram_iterations GUC
7dbcc79 test: Add SCRAM max iteration tests
c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
a340cb2 style: replace @exception with @throws in getBoolean javadoc
77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
23af03b chore(deps): update actions/checkout action to v6
Additional commits viewable in compare view

Updates com.auth0:java-jwt from 4.5.1 to 4.5.2

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.2

Added

Chore: Bump update commons-beanutils dependency #761 (tanya732)

Chore: Update Readme with Java 21 #760 (tanya732)

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.2 (2026-04-29)

Full Changelog

Added

Chore: Bump update commons-beanutils dependency #761 (tanya732)

Chore: Update Readme with Java 21 #760 (tanya732)

Commits

695fd2b Release 4.5.2 (#765)
4ac3178 Release 4.5.2
d056a79 Bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3 in /li...
37f195a Bump com.fasterxml.jackson.core:jackson-databind in /lib
dba4c93 Chore: Bump update commons-beanutils dependency (#761)
84d4c8f Merge branch 'master' into chore/bump-commons-beanutils
5c923d4 Chore: Add SCA scan workflow (#762)
09a4da5 Merge branch 'master' into chore/add-sca-scan
ef47e64 Chore: Add SCA scan workflow
3fcfbcb Chore: Bump update commons-beanutils dependency
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.4

Commits

See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.21.2 to 2.21.4

Commits

f17a4f7 [maven-release-plugin] prepare release jackson-core-2.21.4
c6411e1 Prep for 2.21.4 release
52633da Merge branch '2.20' into 2.21
1fa7bb9 Merge branch '2.19' into 2.20
6dea8a8 Merge branch '2.18' into 2.19
ada244d Post-release dep version bump
52f69d3 [maven-release-plugin] prepare for next development iteration
899d70a [maven-release-plugin] prepare release jackson-core-2.18.8
a006b52 Prep for 2.18.8 release
4c05816 Merge branch '2.20' into 2.21
Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.21.2 to 2.21.4

Updates com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations from 2.21.2 to 2.21.4

Commits

99fa94d [maven-release-plugin] prepare release jackson-modules-base-2.21.4
0a954e0 Prep for 2.21.4 release
77d374c Merge branch '2.20' into 2.21
49cdf00 Merge branch '2.19' into 2.20
1a4f661 Merge branch '2.18' into 2.19
43351df Post-release dep version bump
2fbe62c [maven-release-plugin] prepare for next development iteration
9cd7990 [maven-release-plugin] prepare release jackson-modules-base-2.18.8
c5f4d61 Prep for 2.18.8 release
a93855a Post-release dep version bump
Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.21.2 to 2.21.4

Commits

95debb7 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.4
c426a04 Prep for 2.21.4 release
6350258 Merge branch '2.20' into 2.21
bdcc3eb Merge branch '2.19' into 2.20
48242e9 Merge branch '2.18' into 2.19
6d9da0d Post-release dep version bump
fd07764 [maven-release-plugin] prepare for next development iteration
906a1ba [maven-release-plugin] prepare release jackson-dataformats-text-2.18.8
673d805 Prep for 2.18.8 release
3f9b8be Merge branch '2.20' into 2.21
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.21.2 to 2.21.4

Commits

f17a4f7 [maven-release-plugin] prepare release jackson-core-2.21.4
c6411e1 Prep for 2.21.4 release
52633da Merge branch '2.20' into 2.21
1fa7bb9 Merge branch '2.19' into 2.20
6dea8a8 Merge branch '2.18' into 2.19
ada244d Post-release dep version bump
52f69d3 [maven-release-plugin] prepare for next development iteration
899d70a [maven-release-plugin] prepare release jackson-core-2.18.8
a006b52 Prep for 2.18.8 release
4c05816 Merge branch '2.20' into 2.21
Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.21.2 to 2.21.4

Updates com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations from 2.21.2 to 2.21.4

Commits

99fa94d [maven-release-plugin] prepare release jackson-modules-base-2.21.4
0a954e0 Prep for 2.21.4 release
77d374c Merge branch '2.20' into 2.21
49cdf00 Merge branch '2.19' into 2.20
1a4f661 Merge branch '2.18' into 2.19
43351df Post-release dep version bump
2fbe62c [maven-release-plugin] prepare for next development iteration
9cd7990 [maven-release-plugin] prepare release jackson-modules-base-2.18.8
c5f4d61 Prep for 2.18.8 release
a93855a Post-release dep version bump
Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.21.2 to 2.21.4

Commits

95debb7 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.4
c426a04 Prep for 2.21.4 release
6350258 Merge branch '2.20' into 2.21
bdcc3eb Merge branch '2.19' into 2.20
48242e9 Merge branch '2.18' into 2.19
6d9da0d Post-release dep version bump
fd07764 [maven-release-plugin] prepare for next development iteration
906a1ba [maven-release-plugin] prepare release jackson-dataformats-text-2.18.8
673d805 Prep for 2.18.8 release
3f9b8be Merge branch '2.20' into 2.21
Additional commits viewable in compare view

Updates org.glassfish.jaxb:jaxb-runtime from 4.0.7 to 4.0.9

Updates org.thymeleaf:thymeleaf from 3.1.4.RELEASE to 3.1.5.RELEASE

Updates org.operaton.bpm:operaton-engine from 1.1.1 to 1.1.3

Updates org.operaton.bpm:operaton-engine-spring from 1.1.1 to 1.1.3

Updates org.operaton.bpm.model:operaton-bpmn-model from 1.1.1 to 1.1.3

Updates org.operaton.bpm:operaton-engine-spring from 1.1.1 to 1.1.3

Updates org.operaton.bpm.model:operaton-bpmn-model from 1.1.1 to 1.1.3

Updates org.apache.tika:tika-core from 3.3.0 to 3.3.1

Changelog

Sourced from org.apache.tika:tika-core's changelog.

Release 3.3.1 - 5/20/2026

Dependency upgrades (TIKA-4695).

Use the IANA-registered text/markdown as the primary media type, with text/x-web-markdown and text/x-markdown kept as aliases (TIKA-4724).

Fix several potential resource/file-handle leaks across the OOXML and ODF parsers, the HTTP fetcher, the gRPC server, and ForkClient (TIKA-4704).

The resourceName of a nested tarball no longer includes the parent directories of its parent gzip file, and fix a typo in the .gz extension (TIKA-4705).

Release 3.3.0 - 3/18/2026

Switch to poi-ooxml-full (TIKA-4563).

Users need to add "allowAbsolutePaths=true" for the FileSystemFetcher to fetch an absolute path (TIKA-4649).

Add a markdown option for content handlers (TIKA-4563).

Improve zip parsing (TIKA-4650).

Add detection of compressed bmp (TIKA-4511).

Allow per file timeouts in tika-pipes (TIKA-4497).

Add matroska detector (TIKA-1180).

Allow multiple values for many Dublin Core keys (TIKA-4466).

Extract macros by default in tika-app's commandline and gui (TIKA-4472).

Improve extraction of Javascript from PDFs (TIKA-4465).

Release 3.2.3 - 9/11/2025

Allow backwards compatibility with versions of commons-compress before 1.28.0 (TIKA-4469).

Fix XFA parsing within PDFs when woodstox is on the classpath as in tika-server (TIKA-4482).

Dependency updates.

Release 3.2.2 - 8/6/2025

Improve detection of encrypted ODT files (TIKA-4459)

Dependency updates (TIKA-4455).

... (truncated)

Commits

bf9aa92 [maven-release-plugin] prepare release 3.3.1-rc1
bc80738 TIKA-4729 - prep for 3.3.1 release
5a2e4a7 TIKA-4695: update aws, jbig2
75dbf68 TIKA-4695: update aws, enforcer plugin, azure
3b6e1f6 TIKA-4695: update plexus-classworlds
1de9eb9 TIKA-4695: update maven-model
90b43fe TIKA-4695: update aws, junrar
2485c0d TIKA-4695: update aws, asm
687006f TIKA-4695: update slf4j
bdaa2af [TIKA-4724] Use IANA-registered text/markdown as primary type (#2806)
Additional commits viewable in compare view

Updates org.apache.maven:maven-core from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-plugin-api from 3.9.15 to 3.9.16

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.16

🐛 Bug Fixes

Trim threadConfiguration to accept input surrounded with spaces (#12042) @slawekjaranowski

Backport: Maven 3.10.x fixed plugin resolution (#12022) @cstamas

📦 Dependency updates

Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]

[3.9.x] Bump to parent POM 48 (#12024) @cstamas

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]

Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]

Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]

Commits

2bdd9fd [maven-release-plugin] prepare release maven-3.9.16
229e9d7 Trim threadConfiguration to accept input surrounded with spaces
7d5fd94 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039)
0d100e5 [3.9.x] Bump to parent POM 48 (#12024)
7ae7935 Backport: Maven 3.10.x fixes plugin resolution, by putting user in charge (#1...
86fc95b Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980)
029557a Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951)
b5250f2 Bump actions/cache from 5.0.4 to 5.0.5 (#11943)
7ef2c23 [maven-release-plugin] prepare for next development iteration
See full diff in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @olamy

🐛 Bug Fixes

Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @olamy

Ensure that the statistics filename is calculated only once. (#3326) (#3327) @olamy

Add flakes attribute to use in testsuite report (#3306) (#3308) @olamy

[BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @olamy

fix: null guard for context map (#3269) (#3272) @olamy

👻 Maintenance

3.5.x/bug/cherry pick embedded mode its (#3328) @olamy

Use surefire 3.5.5 by project itself for testing (#3324) @slawekjaranowski

Follow Oracle javadoc guidelines (#3177) @elharo

📦 Dependency updates

Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

25ea054 [maven-release-plugin] prepare release surefire-3.5.6
e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
04ad9a2 Use surefire 3.5.5 by project itself for testing
37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
e838393 deploy 3.5.x branch to nexus
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.6

🚀 New features and improvements

Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @olamy

🐛 Bug Fixes

Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @olamy

Ensure that the statistics filename is calculated only once. (#3326) (#3327) @olamy

Add flakes attribute to use in testsuite report (#3306) (#3308) @olamy

[BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @olamy

fix: null guard for context map (#3269) (#3272) @olamy

👻 Maintenance

3.5.x/bug/cherry pick embedded mode its (#3328) @olamy

Use surefire 3.5.5 by project itself for testing (#3324) @slawekjaranowski

Follow Oracle javadoc guidelines (#3177) @elharo

📦 Dependency updates

Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

25ea054 [maven-release-plugin] prepare release surefire-3.5.6
e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
04ad9a2 Use surefire 3.5.5 by project itself for testing
37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
e838393 deploy 3.5.x branch to nexus
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @hvoynov

Add enforceBytecodeVersion rule based on mojohaus (#968) @cstamas

Improve formatting of deprecated API warning (#951) @mthmulders

🐛 Bug Fixes

Fix handling of Java versions like 21.0.10.0.1 (#967) @parttimenerd

Add null checks for modelId in PluginWrapper (#974) @cpfeiffer

📝 Documentation updates

Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @rpkrajewski

👻 Maintenance

PlexusStringUtils Refaster recipes (#943) @slachiewicz

JUnit Jupiter migration from JUnit 4.x (#941) @slachiewicz

📦 Dependency updates

Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /maven-enforcer-plugin/src/it/projects/MENFORCER-434 (#970) @dependabot[bot]

Deps: Parent POM 48 and align deps (#979) @cstamas

Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975) @dependabot[bot]

Bump mavenVersion from 3.9.14 to 3.9.15 (#973) @dependabot[bot]

Bump mavenVersion from 3.9.13 to 3.9.14 (#965) @dependabot[bot]

Bump mavenVersion from 3.9.12 to 3.9.13 (#964) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#963) @dependabot[bot]

Update log4j in test to avoid CVE (#961) @Bukama

Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 (#962) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#960) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#959) @dependabot[bot]

Bump org.apache.maven:maven-parent from 46 to 47 (#958) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#957) @dependabot[bot]

Update to 46 including fixes (#955) @Bukama

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.5.0 (#956) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#948) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#947) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#946) @dependabot[bot]

Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#945) @dependabot[bot]

Commits

c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
fd4b148 Add fix for 21.0.10.0.1 issue (#967)
f32d597 Deps: Parent POM 48 and align deps (#979)
df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
2da7a68 Add null checks for modelId in PluginWrapper
91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close ...

Description has been truncated

Bumps the safe-patch-updates group with 22 updates in the / directory: | Package | From | To | | --- | --- | --- | | org.slf4j:slf4j-api | `2.0.17` | `2.0.18` | | org.slf4j:slf4j-simple | `2.0.17` | `2.0.18` | | org.slf4j:jcl-over-slf4j | `2.0.17` | `2.0.18` | | org.slf4j:jul-to-slf4j | `2.0.17` | `2.0.18` | | [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.10` | `42.7.11` | | [com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.5.1` | `4.5.2` | | [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.21.2` | `2.21.4` | | [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.21.2` | `2.21.4` | | com.fasterxml.jackson.datatype:jackson-datatype-jsr310 | `2.21.2` | `2.21.4` | | [com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations](https://github.com/FasterXML/jackson-modules-base) | `2.21.2` | `2.21.4` | | [com.fasterxml.jackson.dataformat:jackson-dataformat-yaml](https://github.com/FasterXML/jackson-dataformats-text) | `2.21.2` | `2.21.4` | | org.glassfish.jaxb:jaxb-runtime | `4.0.7` | `4.0.9` | | org.thymeleaf:thymeleaf | `3.1.4.RELEASE` | `3.1.5.RELEASE` | | org.operaton.bpm:operaton-engine | `1.1.1` | `1.1.3` | | org.operaton.bpm:operaton-engine-spring | `1.1.1` | `1.1.3` | | org.operaton.bpm.model:operaton-bpmn-model | `1.1.1` | `1.1.3` | | [org.apache.tika:tika-core](https://github.com/apache/tika) | `3.3.0` | `3.3.1` | | org.apache.maven:maven-core | `3.9.15` | `3.9.16` | | [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.15` | `3.9.16` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.6.2` | `3.6.3` | Updates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18 Updates `org.slf4j:slf4j-simple` from 2.0.17 to 2.0.18 Updates `org.slf4j:jcl-over-slf4j` from 2.0.17 to 2.0.18 Updates `org.slf4j:jul-to-slf4j` from 2.0.17 to 2.0.18 Updates `org.slf4j:slf4j-simple` from 2.0.17 to 2.0.18 Updates `org.slf4j:jcl-over-slf4j` from 2.0.17 to 2.0.18 Updates `org.slf4j:jul-to-slf4j` from 2.0.17 to 2.0.18 Updates `org.postgresql:postgresql` from 42.7.10 to 42.7.11 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.10...REL42.7.11) Updates `com.auth0:java-jwt` from 4.5.1 to 4.5.2 - [Release notes](https://github.com/auth0/java-jwt/releases) - [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md) - [Commits](auth0/java-jwt@4.5.1...4.5.2) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.2 to 2.21.4 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-core@jackson-core-2.21.2...jackson-core-2.21.4) Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.21.2 to 2.21.4 Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-modules-base@jackson-modules-base-2.21.2...jackson-modules-base-2.21.4) Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.21.2...jackson-dataformats-text-2.21.4) Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-core@jackson-core-2.21.2...jackson-core-2.21.4) Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.21.2 to 2.21.4 Updates `com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-modules-base@jackson-modules-base-2.21.2...jackson-modules-base-2.21.4) Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.21.2 to 2.21.4 - [Commits](FasterXML/jackson-dataformats-text@jackson-dataformats-text-2.21.2...jackson-dataformats-text-2.21.4) Updates `org.glassfish.jaxb:jaxb-runtime` from 4.0.7 to 4.0.9 Updates `org.thymeleaf:thymeleaf` from 3.1.4.RELEASE to 3.1.5.RELEASE Updates `org.operaton.bpm:operaton-engine` from 1.1.1 to 1.1.3 Updates `org.operaton.bpm:operaton-engine-spring` from 1.1.1 to 1.1.3 Updates `org.operaton.bpm.model:operaton-bpmn-model` from 1.1.1 to 1.1.3 Updates `org.operaton.bpm:operaton-engine-spring` from 1.1.1 to 1.1.3 Updates `org.operaton.bpm.model:operaton-bpmn-model` from 1.1.1 to 1.1.3 Updates `org.apache.tika:tika-core` from 3.3.0 to 3.3.1 - [Changelog](https://github.com/apache/tika/blob/3.3.1/CHANGES.txt) - [Commits](apache/tika@3.3.0...3.3.1) Updates `org.apache.maven:maven-core` from 3.9.15 to 3.9.16 Updates `org.apache.maven:maven-plugin-api` from 3.9.15 to 3.9.16 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.9.15...maven-3.9.16) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6) Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.5 to 3.5.6 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.2 to 3.6.3 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3) --- updated-dependencies: - dependency-name: org.slf4j:slf4j-api dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:slf4j-simple dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:jcl-over-slf4j dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:jul-to-slf4j dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:slf4j-simple dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:jcl-over-slf4j dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.slf4j:jul-to-slf4j dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.postgresql:postgresql dependency-version: 42.7.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.auth0:java-jwt dependency-version: 4.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-yaml dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.glassfish.jaxb:jaxb-runtime dependency-version: 4.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.thymeleaf:thymeleaf dependency-version: 3.1.5.RELEASE dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.operaton.bpm:operaton-engine dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.operaton.bpm:operaton-engine-spring dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.operaton.bpm.model:operaton-bpmn-model dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.operaton.bpm:operaton-engine-spring dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.operaton.bpm.model:operaton-bpmn-model dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.tika:tika-core dependency-version: 3.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.maven:maven-core dependency-version: 3.9.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.maven:maven-plugin-api dependency-version: 3.9.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-version: 3.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: safe-patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 31, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the safe-patch-updates group across 1 directory with 22 updates#512

Bump the safe-patch-updates group across 1 directory with 22 updates#512
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/maven/develop/safe-patch-updates-6ddd7ae710

dependabot Bot commented on behalf of github May 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 31, 2026

v42.7.11

Security

Changes

🐛 Bug Fixes

🧰 Maintenance

⬆️ Dependencies

[42.7.11] (2026-04-28)

Security

Added

Changed

Fixed

4.5.2

4.5.2 (2026-04-29)

3.9.16

🐛 Bug Fixes

📦 Dependency updates

3.5.6

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.6

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.6.3

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants