chore(deps): bump the low-risk group across 1 directory with 24 updates

[dependabot]

Bumps the low-risk group with 24 updates in the /api-tests directory:

Package	From	To
ch.qos.logback:logback-classic	1.5.18	1.5.25
io.cucumber:cucumber-java	7.27.0	7.33.0
io.cucumber:cucumber-junit-platform-engine	7.27.0	7.33.0
org.assertj:assertj-core	3.27.4	3.27.6
net.bytebuddy:byte-buddy	1.17.6	1.18.4
com.fasterxml.jackson.core:jackson-databind	2.19.2	2.21.0
com.fasterxml.jackson.core:jackson-core	2.19.2	2.21.0
com.fasterxml.jackson.core:jackson-annotations	2.19.2	2.21.0
io.netty:netty-codec-http	4.2.8.Final	4.2.9.Final
io.netty:netty-codec-http2	4.2.3.Final	4.2.9.Final
io.netty:netty-transport-native-epoll	4.2.3.Final	4.2.9.Final
com.google.guava:guava	33.4.8-jre	33.5.0-jre
org.apache.httpcomponents.client5:httpclient5	5.5	5.6
org.projectlombok:lombok	1.18.38	1.18.42
commons-codec:commons-codec	1.19.0	1.20.0
com.github.spotbugs:spotbugs	4.9.4	4.9.8
org.owasp:dependency-check-maven	12.1.8	12.2.0
org.codehaus.mojo:exec-maven-plugin	3.5.1	3.6.3
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-failsafe-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-compiler-plugin	3.14.0	3.14.1
au.com.dius.pact.provider:maven	4.6.17	4.6.19
org.apache.maven.plugins:maven-pmd-plugin	3.27.0	3.28.0
com.github.spotbugs:spotbugs-maven-plugin	4.9.3.2	4.9.8.2

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.25

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.24

2026-01-06 Release of logback version 1.5.24

• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See the relevant documentation for further details.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.22

2025-12-11 Release of logback version 1.5.22

• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in issues/986.

• Logback now takes the overridden toString() method of Throwable subclasses into account when printing stack traces. This issue was reported in LOGBACK-543 by Alvin Chee, with a fix provided in PR 404 by Brett Kail.

• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

... (truncated)

Commits

• f426e00 prepare release of 1.5.25
• d28931f restrict object creation to expected supertype
• aa264f7 test default variable values in appender-ref ref attribute
• 8fb403a adjust copyright year
• b294a12 check optionList in start()
• b65040a Add EpochConverter for milliseconds/seconds since epoch (related to issue #96...
• 0690174 cla for Duncan Jauncey
• 71dc2af Removed email address for Tony.
• 1f97ae1 check for undeclared by referenced appenders
• b07355e Move the artifact version checking code to VersionUtil in logback-core.
• Additional commits viewable in compare view

Updates io.cucumber:cucumber-java from 7.27.0 to 7.33.0

Release notes

Sourced from io.cucumber:cucumber-java's releases.

v7.33.0

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-java's changelog.

[7.33.0] - 2025-12-09

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Commits

• 4224e67 Prepare release v7.33.0
• c2037cb Update CHANGELOG
• eda8a9b fix(deps): update dependency io.cucumber:cucumber-json-formatter to v0.3.2
• 8282a7c Link to Maven and Gradle starters and example projects
• b5c47fc Apply spotless
• b9c6865 Add documentation about localized transformers (#3125)
• 00e1ff0 Add default implementation to TestCaseState.getLanguage
• 33f6196 Apply spotless
• 94c99d2 Add default implementation to TestCase.getLanguage
• 5a7a317 Fix/naming within junit test (#3126)
• Additional commits viewable in compare view

Updates io.cucumber:cucumber-junit-platform-engine from 7.27.0 to 7.33.0

Release notes

Sourced from io.cucumber:cucumber-junit-platform-engine's releases.

v7.33.0

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-junit-platform-engine's changelog.

[7.33.0] - 2025-12-09

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Commits

• 4224e67 Prepare release v7.33.0
• c2037cb Update CHANGELOG
• eda8a9b fix(deps): update dependency io.cucumber:cucumber-json-formatter to v0.3.2
• 8282a7c Link to Maven and Gradle starters and example projects
• b5c47fc Apply spotless
• b9c6865 Add documentation about localized transformers (#3125)
• 00e1ff0 Add default implementation to TestCaseState.getLanguage
• 33f6196 Apply spotless
• 94c99d2 Add default implementation to TestCase.getLanguage
• 5a7a317 Fix/naming within junit test (#3126)
• Additional commits viewable in compare view

Updates io.cucumber:cucumber-junit-platform-engine from 7.27.0 to 7.33.0

Release notes

Sourced from io.cucumber:cucumber-junit-platform-engine's releases.

v7.33.0

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-junit-platform-engine's changelog.

[7.33.0] - 2025-12-09

Added

• [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

• [Core] Upload Cucumber Reports with Gzip encoding (#3115)
• [Core] Render the empty tag expression as an empty string (#222)
• [Core] Update dependency io.cucumber:html-formatter to v22.2.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

• [Core] Improve error message for missing operands in tag expressions (#221)
• [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

• [Core] Update dependency io.cucumber:gherkin to v36.1.0
• [Core] Update dependency io.cucumber:html-formatter to v22.1.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

• [Core] Add OS version to Meta message (#3108)
• [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

• [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

Changed

• [Core] Update dependency io.cucumber:ci-environment to v12.0.0
• [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.0
• [Core] Update dependency io.cucumber:gherkin to v36.0.0
• [Core] Update dependency io.cucumber:html-formatter to v22.0.0
• [Core] Update dependency io.cucumber:junit-xml-formatter to v0.10.0
• [Core] Update dependency io.cucumber:messages to v30.1.0
• [Core] Update dependency io.cucumber:pretty-formatter to v2.4.0
• [Core] Update dependency io.cucumber:query to v14.6.0
• [Core] Update dependency io.cucumber:tag-expressions to v8.0.0
• [Core] Update dependency io.cucumber:teamcity-formatter to v0.2.0
• [Core] Update dependency io.cucumber:testng-xml-formatter to v0.7.0
• [Core] Use a message based TimeLineFormatter (#3095 M.P. Korstanje)
• [Core] Use a message based UsageFormatter (#3086 M.P. Korstanje)
• [Core] Use a message based UnusedFormatter (#3086 M.P. Korstanje)

Fixed

• [Core] Prefer URIs with authority (#3098 M.P. Korstanje)
• [Core] Reduce classpath scanner logging (#3099 M.P. Korstanje)

... (truncated)

Commits

• 4224e67 Prepare release v7.33.0
• c2037cb Update CHANGELOG
• eda8a9b fix(deps): update dependency io.cucumber:cucumber-json-formatter to v0.3.2
• 8282a7c Link to Maven and Gradle starters and example projects
• b5c47fc Apply spotless
• b9c6865 Add documentation about localized transformers (#3125)
• 00e1ff0 Add default implementation to TestCaseState.getLanguage
• 33f6196 Apply spotless
• 94c99d2 Add default implementation to TestCase.getLanguage
• 5a7a317 Fix/naming within junit test (#3126)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.4 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.17.7 #3947
• Upgrade to JUnit BOM 5.13.4 #3947

Guava

• Upgrade to Guava 33.4.8-jre #3947

Commits

• 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
• e189652 Add missing export for org.assertj.core.annotation (#3951)
• 0cb489e Update Maven Central URL
• 7286309 [maven-release-plugin] prepare for next development iteration
• dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
• 1d0defc Add missing permission to release workflow
• 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
• bdd7106 Add CodeQL custom workflow
• a93d7e6 Remove EOL Java 24
• 26ea866 Update production dependencies (#3947)
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.6 to 1.18.4

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Commits

• c080180 [maven-release-plugin] prepare release byte-buddy-1.18.4
• 3e40080 [release] Release new version
• e94974f [release] Release new version
• b09ee41 Android 9 (#1881)
• 647b6d0 Update checksums.
• c6169a2 Do not run multi-release target on JDK8 publish.
• e049d8f Add profile for Java 8 release.
• 887ca37 Update internal Byte Buddy
• cdcbb65 [maven-release-plugin] prepare for next development iteration
• 6f358c8 [maven-release-plugin] prepare release byte-buddy-1.18.3
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.21.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.19.2 to 2.21.0

Commits

• 80fb536 [maven-release-plugin] prepare release jackson-core-2.21.0
• 9097789 Prep for 2.21.0 release
• d678c69 Javadoc fix for StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION (defaults to `...
• 67912b2 Minor improvement to UTF32Reader.read() bounds-checks
• ecf5de2 ...
• dbb1765 Merge branch '2.20' into 2.x
• 66a9467 Merge branch '2.19' into 2.20
• b46c0bd Merge branch '2.18' into 2.19
• fae2542 release notes update
• 70c99ba Update UTF8DataInputJsonParser.java (#1512)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.2 to 2.21.0

Updates com.fasterxml.jackson.core:jackson-core from 2.19.2 to 2.21.0

Commits

• 80fb536 [maven-release-plugin] prepare release jackson-core-2.21.0
• 9097789 Prep for 2.21.0 release
• d678c69 Javadoc fix for StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION (defaults to `...
• 67912b2 Minor improvement to UTF32Reader.read() bounds-checks
• ecf5de2 ...
• dbb1765 Merge branch '2.20' into 2.x
• 66a9467 Merge branch '2.19' into 2.20
• b46c0bd Merge branch '2.18' into 2.19
• fae2542 release notes update
• 70c99ba Update UTF8DataInputJsonParser.java (#1512)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.2 to 2.21.0

Updates io.netty:netty-codec-http from 4.2.8.Final to 4.2.9.Final

Commits

• a853a39 [maven-release-plugin] prepare release netty-4.2.9.Final
• 6d29a4f Add missing publishing config for the bom module
• ea911de Optimize HTTP startline validation (#16030)
• d7108a3 LocalChannel: Reduce GC by re-using same Runnable (#16014)
• 207afcb Fix MpscIntQueue bug (#16023)
• 27bfd56 Fix HTTP startline validation (#16022)
• 40ab418 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates io.netty:netty-codec-http2 from 4.2.3.Final to 4.2.9.Final

Commits

• a853a39 [maven-release-plugin] prepare release netty-4.2.9.Final
• 6d29a4f Add missing publishing config for the bom module
• ea911de Optimize HTTP startline validation (#16030)
• d7108a3 LocalChannel: Reduce GC by re-using same Runnable (#16014)
• 207afcb Fix MpscIntQueue bug (#16023)
• 27bfd56 Fix HTTP startline validation (#16022)
• 40ab418 [maven-release-plugin] prepare for next development iteration
• e2d9d11 [maven-release-plugin] prepare release netty-4.2.8.Final
• 2f2e437 Merge commit from fork
• d011634 Build fixes to allow using the epoll native transport on Android (#16016)
• Additional commits viewable in compare view

Updates io.netty:netty-transport-native-epoll from 4.2.3.Final to 4.2.9.Final

Commits

• a853a39 [maven-release-plugin] prepare release netty-4.2.9.Final
• 6d29a4f Add missing publishing config for the bom module
• ea911de Optimize HTTP startline validation (#16030)
• d7108a3 LocalChannel: Reduce GC by re-using same Runnable (#16014)
• 207afcb Fix MpscIntQueue bug (#16023)
• 27bfd56 Fix HTTP startline validation (#16022)
• 40ab418 [maven-release-plugin] prepare for next development iteration
• e2d9d11 [maven-release-plugin] prepare release netty-4.2.8.Final
• 2f2e437 Merge commit from fork
• d011634 Build fixes to allow using the epoll native transport on Android (#16016)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.6

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6 ALPHA1

This is the first ALPHA release in the 5.6 release series. It adds several features such as transport content decompression and content compression for the async transport, support for Unix sockets, experimental support for SCRAM-SHA-256 authentication scheme, and Micrometer/OTel observations & metrics.

Commons Compress, Brotli codec, and ZStd codec are optional dependencies and get wired into the execution pipeline only if present on the classpath.

Notable changes and features included in the 5.6 series:

• Unix domain socket support.

• Support for pluggable content codecs via Commons-Compress in the classic transport. (optional).

• Support for transparent content decompression and content compression with deflate, gzip, zstd (optional), and brotli (optional) codecs in the async transport.

• Micrometer/OTel observations & metrics (optinal).

• Description has been truncated

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

Minor version bumps, standard pre-approved change.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #825.