Skip to content

chore(deps): bump the low-risk group across 1 directory with 24 updates#825

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/api-tests/low-risk-e101e7420b
Open

chore(deps): bump the low-risk group across 1 directory with 24 updates#825
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/api-tests/low-risk-e101e7420b

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026
edited
Loading

Bumps the low-risk group with 24 updates in the /api-tests directory:

Package From To
ch.qos.logback:logback-classic 1.5.18 1.5.32
io.cucumber:cucumber-java 7.27.0 7.34.2
io.cucumber:cucumber-junit-platform-engine 7.27.0 7.34.2
org.assertj:assertj-core 3.27.4 3.27.7
net.bytebuddy:byte-buddy 1.17.6 1.18.5
com.fasterxml.jackson.core:jackson-databind 2.19.2 2.21
com.fasterxml.jackson.core:jackson-core 2.19.2 2.21
com.fasterxml.jackson.core:jackson-annotations 2.19.2 2.21
io.netty:netty-codec-http 4.2.8.Final 4.2.10.Final
io.netty:netty-codec-http2 4.2.3.Final 4.2.10.Final
io.netty:netty-transport-native-epoll 4.2.3.Final 4.2.10.Final
com.google.guava:guava 33.4.8-jre 33.5.0-jre
org.apache.httpcomponents.client5:httpclient5 5.5 5.6
org.projectlombok:lombok 1.18.38 1.18.42
commons-codec:commons-codec 1.19.0 1.21.0
com.github.spotbugs:spotbugs 4.9.4 4.9.8
org.owasp:dependency-check-maven 12.1.8 12.2.0
org.codehaus.mojo:exec-maven-plugin 3.5.1 3.6.3
org.apache.maven.plugins:maven-surefire-plugin 3.5.3 3.5.5
org.apache.maven.plugins:maven-failsafe-plugin 3.5.3 3.5.5
org.apache.maven.plugins:maven-compiler-plugin 3.14.0 3.15.0
au.com.dius.pact.provider:maven 4.6.17 4.6.20
org.apache.maven.plugins:maven-pmd-plugin 3.27.0 3.28.0
com.github.spotbugs:spotbugs-maven-plugin 4.9.3.2 4.9.8.2

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits
  • e807335 prepare release 1.5.32
  • dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
  • 8e32278 added simple test for appender definitiob via file inclusion
  • 834dbed start work on 1.5.32-SNAPSHOT
  • 168e42f add test to check that Logback SLF4J provider can be activated
  • ed45362 prepare release 1.5.31
  • 609dae7 fix missing META-INF directory
  • 7739739 start work on 1.5.31-SNAPSHOT
  • 44164f1 prepare release 1.5.30
  • 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
  • Additional commits viewable in compare view

Updates io.cucumber:cucumber-java from 7.27.0 to 7.34.2

Release notes

Sourced from io.cucumber:cucumber-java's releases.

v7.34.2

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

v7.34.1

Fixed

  • Ensure dependencies converge (#3157

v7.34.0

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

v7.33.0

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-java's changelog.

[7.34.2] - 2026-01-29

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

[7.34.1] - 2026-01-28

Fixed

  • Ensure dependencies converge (#3157

[7.34.0] - 2026-01-28

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

[7.33.0] - 2025-12-09

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Commits

Updates io.cucumber:cucumber-junit-platform-engine from 7.27.0 to 7.34.2

Release notes

Sourced from io.cucumber:cucumber-junit-platform-engine's releases.

v7.34.2

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

v7.34.1

Fixed

  • Ensure dependencies converge (#3157

v7.34.0

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

v7.33.0

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-junit-platform-engine's changelog.

[7.34.2] - 2026-01-29

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

[7.34.1] - 2026-01-28

Fixed

  • Ensure dependencies converge (#3157

[7.34.0] - 2026-01-28

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

[7.33.0] - 2025-12-09

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Commits

Updates io.cucumber:cucumber-junit-platform-engine from 7.27.0 to 7.34.2

Release notes

Sourced from io.cucumber:cucumber-junit-platform-engine's releases.

v7.34.2

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

v7.34.1

Fixed

  • Ensure dependencies converge (#3157

v7.34.0

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

v7.33.0

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

v7.32.0

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

v7.31.0

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Changelog

Sourced from io.cucumber:cucumber-junit-platform-engine's changelog.

[7.34.2] - 2026-01-29

Fixed

  • [Core] Reverted: Early filtering of anonymous classes for glue (#3158)

[7.34.1] - 2026-01-28

Fixed

  • Ensure dependencies converge (#3157

[7.34.0] - 2026-01-28

Added

  • [Core] Hide successful hooks by default in HTML report (cucumber/react-components#415)
  • [Java] Support Provider instances with Pico Container (#2879, #3128 Stefan Gasterstädt)
  • [Java] Add Step info to @BeforeStep and @AfterStep hooks (#3139, Menelaos Mamouzellos)

Changed

  • [Core] Refactor internals to use messages-ndjson for serialization (#3138)
  • [Core] Early filtering of anonymous classes for glue (#3150, Julien Kronegg)

Fixed

  • [Core] Ignore all potential class loading issues (#3135, Christoph Läubrich)

[7.33.0] - 2025-12-09

Added

  • [Java] Add Scenario.getLanguage() to return the current language (#3124 Stefan Gasterstädt)

Changed

  • [Core] Upload Cucumber Reports with Gzip encoding (#3115)
  • [Core] Render the empty tag expression as an empty string (#222)
  • [Core] Update dependency io.cucumber:html-formatter to v22.2.0
  • [Core] Update dependency io.cucumber:tag-expressions to v8.1.0
  • [Core] Update dependency io.cucumber:cucumber-json-formatter to v0.3.2

Fixed

  • [Core] Improve error message for missing operands in tag expressions (#221)
  • [Core] Include empty scenarios and backgrounds in json report (#34)

[7.32.0] - 2025-11-21

Changed

  • [Core] Update dependency io.cucumber:gherkin to v36.1.0
  • [Core] Update dependency io.cucumber:html-formatter to v22.1.0
  • [Core] Update dependency io.cucumber:junit-xml-formatter to v0.11.0
  • [Core] Update dependency io.cucumber:pretty-formatter to v2.4.1

Fixed

  • [Core] Add OS version to Meta message (#3108)
  • [Core] Fix interpolated data tables and doc string arguments in Json report (#29)

[7.31.0] - 2025-10-27

Added

  • [Core] Add a UsageJsonFormatter, use with --plugin usage-json (#3086 M.P. Korstanje)

... (truncated)

Commits

Updates org.assertj:assertj-core from 3.27.4 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

  • Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

  • Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.18.3
  • Upgrade to JUnit BOM 5.14.1

Guava

  • Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

  • Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

  • ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits
  • e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
  • 85ca7eb Deprecate XmlStringPrettyFormatter
  • 77081dc Merge commit from fork
  • b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
  • 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
  • d393ef1 Abort tests when symbolic links cannot be created (#3788)
  • 2212433 Add IntelliJ custom inspection for test class names
  • 5717d02 Update JetBrains icon
  • a8ec20b Add icon for JetBrains products
  • c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
  • Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.6 to 1.18.5

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

  • Add support for new build description in Android 9.

Byte Buddy 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

Byte Buddy 1.18.2

  • Support modifiers for value classes in Valhalla builds.
  • Improve use of build cache in Gradle.

Byte Buddy 1.18.1

  • Fix generated module-info to include new package.

Byte Buddy 1.18.0

  • Add support for module-info class files and ModuleDescriptions.
  • Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

  • Avoid use of types that are deprecated as of Java 26.
  • Include ASM 9.9 that offers ASM support for Java 26.
  • Make sure that generated code internal to Byte Buddy supports CDS if available.
  • Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

  • Specify correct JVM environment for Android builds when using the Gradle plugin.
  • Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
  • Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.
Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

15. February 2026: version 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

  • Add support for new build description in Android 9.

26. November 2025: version 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

26. November 2025: version 1.18.2

  • Support modifiers for value classes in Valhalla builds.
  • Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

  • Fix generated module-info to include new package.

11. November 2025: version 1.18.0

  • Add support for module-info class files and ModuleDescriptions.
  • Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

  • Avoid use of types that are deprecated as of Java 26.
  • Include ASM 9.9 that offers ASM support for Java 26.
  • Make sure that generated code internal to Byte Buddy supports CDS if available.
  • Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

  • Specify correct JVM environment for Android builds when using the Gradle plugin.
  • Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
  • Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.
Commits
  • e01d09a [maven-release-plugin] prepare release byte-buddy-1.18.5
  • 0cef4be [release] Release new version
  • c880bab Fix hashcode equals generation.
  • 05dc85e Instana attachpid file removal handling (#1884)
  • 71448e3 Add ASM URL for copyright note.
  • 9689261 Update checksums and internal Byte Buddy.
  • 87c1368 [maven-release-plugin] prepare for next development iteration
  • c080180 [maven-release-plugin] prepare release byte-buddy-1.18.4
  • 3e40080 [release] Release new version
  • e94974f [release] Release new version
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.21

Updates com.fasterxml.jackson.core:jackson-core from 2.19.2 to 2.21

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.2 to 2.21

Commits

Updates io.netty:netty-codec-http from 4.2.8.Final to 4.2.10.Final

Commits
  • 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
  • 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
  • 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
  • 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
  • b918042 Update some dependencies (#16198) (#16215)
  • 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
  • e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
  • 1b0636b Move default compression options into static variable in HttpContentCompresso...
  • 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
  • f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
  • Additional commits viewable in compare view

Updates io.netty:netty-codec-http2 from 4.2.3.Final to 4.2.10.Final

Commits
  • 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
  • 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
  • 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
  • 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
  • b918042 Update some dependencies (#16198) (#16215)
  • 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
  • e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
  • 1b0636b Move default compression options into static variable in HttpContentCompresso...
  • 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
  • f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
  • Additional commits viewable in compare view

Updates io.netty:netty-transport-native-epoll from 4.2.3.Final to 4.2.10.Final

Commits
  • 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
  • 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
  • 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
  • 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
  • b918042 Update some dependencies (#16198) (#16215)
  • 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
  • e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
  • 1b0636b Move default compression options into static variable in HttpContentCompresso...
  • 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
  • f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
  • For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
  • Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
  • Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
  • cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
  • collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
  • math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
  • net: Added image/avif to MediaType. (53344caba6)
  • testing: Made CollectorTester available to Android users. (294c251079)
  • util.concurrent: Added Striped.custom. (1586eb271d)
Commits

Updates org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.6

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6 ALPHA1

This is the first ALPHA release in the 5.6 release series. It adds several features such as transport content decompression and content compression for the async transport, support for Unix sockets, experimental support for SCRAM-SHA-256 authentication scheme, and Micrometer/OTel observations & metrics.

Commons Compress, Brotli codec, and ZStd codec are optional dependencies and get wired into the execution pipeline only if present on the classpath.

Notable changes and features included in the 5.6 series:

  • Unix domain socket support.

  • Support for pluggable content codecs via Commons-Compress in the classic transport. (optional).

  • Support for transparent content decompression and content compression with deflate, gzip, zstd (optional), and brotli (optional) codecs in the async transport.

  • Micrometer/OTel observations & metrics (optinal).

  • Off-lock connection disposal by the classic pooling connection manager. Experimental.

  • SCRAM-SHA-256 authentication scheme (RFC 7804). Experimental.

  • Request Priority support (RFC 9218). Experimental.

Compatibility notes:

  • As of this version, HttpClient uses BUILTIN HostnameVerificationPolicy by default, delegating host verification to JSSE security manager. One must explicitly configure the TLS strategy to continue using the hostname verifier shipped with HttpClient.

  • Five-second TCP keep-alive is now enabled by default.

Change Log

  • RequestConfig: Un-deprecate #setProxy. Contributed by Ryan Schmitt

  • Stale connection check support in PoolingAsyncClientConnectionManager. Contributed by Ryan Schmitt

  • ConnectionConfig: #idleTimeout support. Contributed by Ryan Schmitt

... (truncated)

Commits
  • decd193 HttpClient 5.6 release
  • 11ea8e5 Updated release notes for HttpClient 5.6 release
  • 77fa61a Limit the length of content codec list that can be processed automatically
  • 81b7971 Upgraded HttpCore to version 5.4
  • 2c7fe0f Add OFFLOCK pool concurrency policy backed by RouteSegmentedConnPool (#765)

@dependabot
chore(deps): bump the low-risk group across 1 directory with 24 updates
24ac26d 
Bumps the low-risk group with 24 updates in the /api-tests directory:

| Package | From | To |
| --- | --- | --- |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.32` |
| [io.cucumber:cucumber-java](https://github.com/cucumber/cucumber-jvm) | `7.27.0` | `7.34.2` |
| [io.cucumber:cucumber-junit-platform-engine](https://github.com/cucumber/cucumber-jvm) | `7.27.0` | `7.34.2` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.4` | `3.27.7` |
| [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) | `1.17.6` | `1.18.5` |
| com.fasterxml.jackson.core:jackson-databind | `2.19.2` | `2.21` |
| com.fasterxml.jackson.core:jackson-core | `2.19.2` | `2.21` |
| [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.19.2` | `2.21` |
| [io.netty:netty-codec-http](https://github.com/netty/netty) | `4.2.8.Final` | `4.2.10.Final` |
| [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.2.3.Final` | `4.2.10.Final` |
| [io.netty:netty-transport-native-epoll](https://github.com/netty/netty) | `4.2.3.Final` | `4.2.10.Final` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.4.8-jre` | `33.5.0-jre` |
| [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) | `5.5` | `5.6` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.38` | `1.18.42` |
| [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.19.0` | `1.21.0` |
| [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) | `4.9.4` | `4.9.8` |
| [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.1.8` | `12.2.0` |
| [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) | `3.5.1` | `3.6.3` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.5` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.5` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.15.0` |
| [au.com.dius.pact.provider:maven](https://github.com/pact-foundation/pact-jvm) | `4.6.17` | `4.6.20` |
| [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) | `3.27.0` | `3.28.0` |
| [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.3.2` | `4.9.8.2` |



Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.32
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.32)

Updates `io.cucumber:cucumber-java` from 7.27.0 to 7.34.2
- [Release notes](https://github.com/cucumber/cucumber-jvm/releases)
- [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-jvm@v7.27.0...v7.34.2)

Updates `io.cucumber:cucumber-junit-platform-engine` from 7.27.0 to 7.34.2
- [Release notes](https://github.com/cucumber/cucumber-jvm/releases)
- [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-jvm@v7.27.0...v7.34.2)

Updates `io.cucumber:cucumber-junit-platform-engine` from 7.27.0 to 7.34.2
- [Release notes](https://github.com/cucumber/cucumber-jvm/releases)
- [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-jvm@v7.27.0...v7.34.2)

Updates `org.assertj:assertj-core` from 3.27.4 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.4...assertj-build-3.27.7)

Updates `net.bytebuddy:byte-buddy` from 1.17.6 to 1.18.5
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.17.6...byte-buddy-1.18.5)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.19.2 to 2.21

Updates `com.fasterxml.jackson.core:jackson-core` from 2.19.2 to 2.21

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.19.2 to 2.21
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `io.netty:netty-codec-http` from 4.2.8.Final to 4.2.10.Final
- [Commits](netty/netty@netty-4.2.8.Final...netty-4.2.10.Final)

Updates `io.netty:netty-codec-http2` from 4.2.3.Final to 4.2.10.Final
- [Commits](netty/netty@netty-4.2.3.Final...netty-4.2.10.Final)

Updates `io.netty:netty-transport-native-epoll` from 4.2.3.Final to 4.2.10.Final
- [Commits](netty/netty@netty-4.2.3.Final...netty-4.2.10.Final)

Updates `com.google.guava:guava` from 33.4.8-jre to 33.5.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.apache.httpcomponents.client5:httpclient5` from 5.5 to 5.6
- [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-client@rel/v5.5...rel/v5.6)

Updates `org.projectlombok:lombok` from 1.18.38 to 1.18.42
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.38...v1.18.42)

Updates `commons-codec:commons-codec` from 1.19.0 to 1.21.0
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-codec@rel/commons-codec-1.19.0...rel/commons-codec-1.21.0)

Updates `com.github.spotbugs:spotbugs` from 4.9.4 to 4.9.8
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.4...4.9.8)

Updates `org.owasp:dependency-check-maven` from 12.1.8 to 12.2.0
- [Release notes](https://github.com/dependency-check/DependencyCheck/releases)
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.1.8...v12.2.0)

Updates `org.codehaus.mojo:exec-maven-plugin` from 3.5.1 to 3.6.3
- [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases)
- [Commits](mojohaus/exec-maven-plugin@3.5.1...3.6.3)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.5)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.3 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.5)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.15.0)

Updates `au.com.dius.pact.provider:maven` from 4.6.17 to 4.6.20
- [Release notes](https://github.com/pact-foundation/pact-jvm/releases)
- [Changelog](https://github.com/pact-foundation/pact-jvm/blob/master/CHANGELOG.md)
- [Commits](https://github.com/pact-foundation/pact-jvm/commits)

Updates `org.apache.maven.plugins:maven-pmd-plugin` from 3.27.0 to 3.28.0
- [Release notes](https://github.com/apache/maven-pmd-plugin/releases)
- [Commits](apache/maven-pmd-plugin@maven-pmd-plugin-3.27.0...maven-pmd-plugin-3.28.0)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.3.2 to 4.9.8.2
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.3.2...spotbugs-maven-plugin-4.9.8.2)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.cucumber:cucumber-java
  dependency-version: 7.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: io.cucumber:cucumber-junit-platform-engine
  dependency-version: 7.34.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: io.cucumber:cucumber-junit-platform-engine
  dependency-version: 7.34.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: net.bytebuddy:byte-buddy
  dependency-version: 1.18.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: '2.21'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: '2.21'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-version: '2.21'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: io.netty:netty-codec-http
  dependency-version: 4.2.10.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-codec-http2
  dependency-version: 4.2.10.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-transport-native-epoll
  dependency-version: 4.2.10.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: com.google.guava:guava
  dependency-version: 33.5.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: '5.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.42
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.github.spotbugs:spotbugs
  dependency-version: 4.9.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: org.codehaus.mojo:exec-maven-plugin
  dependency-version: 3.6.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: au.com.dius.pact.provider:maven
  dependency-version: 4.6.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-pmd-plugin
  dependency-version: 3.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.9.8.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 23, 2026
@dependabot dependabot bot mentioned this pull request Feb 23, 2026
Closed
@RichardSlater
Copy link
Contributor

RichardSlater commented Mar 20, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Mar 20, 2026

Azure Pipelines successfully started running 1 pipeline(s).

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@VitalinaVZdrobau VitalinaVZdrobau

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RichardSlater @VitalinaVZdrobau