FINERACT-2421: Update all non-major dependencies by renovate-bot · Pull Request #5109 · apache/fineract

renovate-bot · 2025-10-20T00:44:37Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/cache	action	patch	`v5.0.3` → `v5.0.4`
apache/kafka		minor	`4.1.1-rc2` → `4.2.0-rc2`
gradle (source)		patch	`8.14.3` → `8.14.4`
mysql	service	minor	`9.1` → `9.6`
org.apache.tomcat.embed:tomcat-embed-websocket	devDependencies	patch	`10.1.49` → `10.1.52`
org.apache.tomcat.embed:tomcat-embed-el	devDependencies	patch	`10.1.49` → `10.1.52`
org.apache.tomcat.embed:tomcat-embed-core	devDependencies	patch	`10.1.49` → `10.1.52`
at.yawk.lz4:lz4-java	devDependencies	patch	`1.10.1` → `1.10.4`
io.netty:netty-codec-http (source)	devDependencies	minor	`4.1.129.Final` → `4.2.10.Final`
io.netty:netty-codec (source)	devDependencies	minor	`4.1.129.Final` → `4.2.10.Final`
org.springframework.security:spring-security-core (source)	devDependencies	patch	`6.5.4` → `6.5.9`
org.springframework:spring-core	devDependencies	patch	`6.2.11` → `6.2.17`
com.nimbusds:nimbus-jose-jwt	devDependencies	minor	`10.0.2` → `10.8`
org.apache.commons:commons-lang3 (source)	devDependencies	minor	`3.18.0` → `3.20.0`
org.yakworks:spring-icu4j	devDependencies	minor	`0.4.2` → `0.5.2`
org.springframework.restdocs:spring-restdocs-restassured	devDependencies	patch	`3.0.3` → `3.0.5`
org.springframework.restdocs:spring-restdocs-webtestclient	devDependencies	patch	`3.0.3` → `3.0.5`
org.springframework.restdocs:spring-restdocs-mockmvc	devDependencies	patch	`3.0.3` → `3.0.5`
org.springframework.restdocs:spring-restdocs-asciidoctor	devDependencies	patch	`3.0.3` → `3.0.5`
io.cucumber:cucumber-spring (source)	devDependencies	minor	`7.20.1` → `7.34.3`
io.cucumber:cucumber-junit-platform-engine (source)	devDependencies	minor	`7.20.1` → `7.34.3`
io.cucumber:cucumber-java8 (source)	devDependencies	minor	`7.20.1` → `7.34.3`
io.cucumber:cucumber-java (source)	devDependencies	minor	`7.20.1` → `7.34.3`
org.apache.sshd:sshd-core (source)	devDependencies	minor	`2.15.0` → `2.17.1`
org.apache.sshd:sshd-common (source)	devDependencies	minor	`2.15.0` → `2.17.1`
org.wiremock:wiremock-standalone (source)	devDependencies	patch	`3.13.0` → `3.13.2`
com.mysql:mysql-connector-j (source)	devDependencies	minor	`9.3.0` → `9.6.0`
org.postgresql:postgresql (source)	devDependencies	patch	`42.7.9` → `42.7.10`
org.apache.avro:avro (source)	devDependencies	patch	`1.12.0` → `1.12.1`
org.apache.groovy:groovy-json (source)	devDependencies	patch	`5.0.2` → `5.0.4`
org.apache.groovy:groovy-xml (source)	devDependencies	patch	`5.0.2` → `5.0.4`
io.rest-assured:xml-path (source)	devDependencies	patch	`5.5.1` → `5.5.7`
io.rest-assured:json-path (source)	devDependencies	patch	`5.5.1` → `5.5.7`
io.rest-assured:rest-assured (source)	devDependencies	patch	`5.5.1` → `5.5.7`
org.apache.poi:poi-ooxml	devDependencies	minor	`5.4.1` → `5.5.1`
org.apache.poi:poi	devDependencies	minor	`5.4.1` → `5.5.1`
org.awaitility:awaitility (source)	devDependencies	minor	`4.2.2` → `4.3.0`
org.dom4j:dom4j (source)	devDependencies	minor	`2.1.4` → `2.2.0`
org.hibernate.validator:hibernate-validator (source)	devDependencies	minor	`9.0.1.Final` → `9.1.0.Final`
jakarta.xml.bind:jakarta.xml.bind-api	devDependencies	patch	`4.0.2` → `4.0.5`
jakarta.activation:jakarta.activation-api	devDependencies	patch	`2.1.3` → `2.1.4`
io.swagger.core.v3:swagger-core-jakarta	devDependencies	patch	`2.2.22` → `2.2.45`
io.swagger.core.v3:swagger-jaxrs2-jakarta	devDependencies	patch	`2.2.22` → `2.2.45`
io.swagger.core.v3:swagger-annotations-jakarta	devDependencies	patch	`2.2.22` → `2.2.45`
org.apache.activemq:activemq-client (source)	devDependencies	minor	`6.1.6` → `6.2.1`
com.google.cloud.sql:mysql-socket-factory-connector-j-8	devDependencies	minor	`1.23.1` → `1.28.2`
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	devDependencies	minor	`2.6.0` → `2.8.16`
com.tmatesoft.svnkit:svnkit (source)	devDependencies	patch	`1.10.12` → `1.10.13`
org.eclipse.jgit:org.eclipse.jgit.ssh.apache	devDependencies	minor	`7.2.1.202505142326-r` → `7.6.0.202603022253-r`
org.eclipse.jgit:org.eclipse.jgit.gpg.bc	devDependencies	minor	`7.2.1.202505142326-r` → `7.6.0.202603022253-r`
org.eclipse.jgit:org.eclipse.jgit	devDependencies	minor	`7.2.1.202505142326-r` → `7.6.0.202603022253-r`
org.bouncycastle:bcpg-jdk18on (source)	devDependencies	minor	`1.81` → `1.83`
org.bouncycastle:bcutil-jdk18on (source)	devDependencies	minor	`1.81` → `1.83`
org.bouncycastle:bcprov-jdk18on (source)	devDependencies	minor	`1.81` → `1.83`
org.bouncycastle:bcpkix-jdk18on (source)	devDependencies	minor	`1.81` → `1.83`
org.projectlombok:lombok (source)	devDependencies	patch	`1.18.36` → `1.18.44`
commons-codec:commons-codec (source)	devDependencies	minor	`1.17.1` → `1.21.0`
com.squareup.retrofit2:converter-protobuf	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-gson	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-scalars	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-java8	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-jaxb	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-simplexml	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-jackson	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:converter-wire	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:adapter-guava	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:adapter-rxjava3	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:adapter-rxjava2	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:adapter-java8	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:retrofit-mock	devDependencies	minor	`2.11.0` → `2.12.0`
com.squareup.retrofit2:retrofit	devDependencies	minor	`2.11.0` → `2.12.0`
com.github.spotbugs:spotbugs-annotations (source)	devDependencies	minor	`4.8.6` → `4.9.8`
io.github.classgraph:classgraph	devDependencies	patch	`4.8.179` → `4.8.184`
joda-time:joda-time (source)	devDependencies	minor	`2.13.1` → `2.14.1`
org.cyclonedx.bom	plugin	minor	`3.1.0` → `3.2.2`
me.champeau.jmh	plugin	patch	`0.7.1` → `0.7.3`
com.gradleup.shadow	plugin	minor	`9.3.2` → `9.4.0`
org.openapi.generator	plugin	minor	`7.8.0` → `7.20.0`
se.thinkcode.cucumber-runner	plugin	patch	`0.0.11` → `0.0.14`
com.github.spotbugs	plugin	minor	`6.0.26` → `6.4.8`
com.github.andygoossens.modernizer	plugin	minor	`1.10.0` → `1.12.0`
org.sonarqube	plugin	minor	`6.0.1.5171` → `6.3.1.5724`
com.google.cloud.tools.jib	plugin	minor	`3.4.5` → `3.5.3`
com.gorylenko.gradle-git-properties	plugin	minor	`2.4.2` → `2.5.7`
io.swagger.core.v3.swagger-gradle-plugin	plugin	patch	`2.2.23` → `2.2.45`
net.ltgt.errorprone	plugin	minor	`4.1.0` → `4.4.0`
org.springframework.boot	plugin	patch	`3.5.6` → `3.5.11`
org.zeroturnaround.gradle.jrebel	plugin	patch	`1.2.0` → `1.2.2`
org.barfuin.gradle.taskinfo	plugin	patch	`2.2.0` → `2.2.1`
com.jayway.jsonpath:json-path	devDependencies	minor	`2.9.0` → `2.10.0`
org.ehcache:ehcache (source)	devDependencies	minor	`3.10.8` → `3.11.1`
org.quartz-scheduler:quartz (source)	devDependencies	patch	`2.5.0` → `2.5.2`
org.apache.commons:commons-csv (source)	devDependencies	minor	`1.12.0` → `1.14.1`
com.github.librepdf:openpdf	devDependencies	patch	`3.0.0` → `3.0.3`
commons-io:commons-io (source)	devDependencies	minor	`2.18.0` → `2.21.0`
software.amazon.msk:aws-msk-iam-auth (source)	devDependencies	minor	`2.2.0` → `2.3.5`
org.apache.commons:commons-collections4 (source)	devDependencies	minor	`4.4` → `4.5.0`
com.google.googlejavaformat:google-java-format	devDependencies	minor	`1.24.0` → `1.35.0`
com.google.code.gson:gson	devDependencies	minor	`2.11.0` → `2.13.2`
com.google.guava:guava	devDependencies	minor	`33.1.0-jre` → `33.5.0-jre`
org.eclipse.persistence:org.eclipse.persistence.jpa (source)	devDependencies	patch	`4.0.2` → `4.0.9`
ch.qos.logback:logback-classic (source, changelog)	devDependencies	patch	`1.5.19` → `1.5.32`
ch.qos.logback:logback-core (source, changelog)	devDependencies	patch	`1.5.19` → `1.5.32`
org.glassfish.jersey:jersey-bom (source)	devDependencies	patch	`3.1.10` → `3.1.11`
org.testcontainers:testcontainers-bom (source)	devDependencies	minor	`1.20.4` → `1.21.4`
io.github.resilience4j:resilience4j-bom (source)	devDependencies	minor	`2.2.0` → `2.4.0`
software.amazon.awssdk:bom	devDependencies	minor	`2.29.9` → `2.42.15`
org.mockito:mockito-bom	devDependencies	minor	`5.14.2` → `5.23.0`
io.cucumber:cucumber-bom (source)	devDependencies	minor	`7.20.1` → `7.34.3`
com.fasterxml.jackson:jackson-bom	devDependencies	minor	`2.19.2` → `2.21.1`
org.junit:junit-bom (source)	devDependencies	minor	`5.11.3` → `5.14.3`
org.jetbrains.kotlin:kotlin-bom (source)	devDependencies	minor	`2.0.21` → `2.3.20`
io.opentelemetry:opentelemetry-bom	devDependencies	minor	`1.44.1` → `1.60.1`
io.awspring.cloud:spring-cloud-aws-dependencies (source)	devDependencies	minor	`3.2.1` → `3.4.2`
org.springframework.boot:spring-boot-dependencies (source)	devDependencies	patch	`3.5.6` → `3.5.11`
io.micrometer:micrometer-bom	devDependencies	minor	`1.13.6` → `1.16.4`
com.gradle.common-custom-user-data-gradle-plugin	plugin	minor	`2.0.2` → `2.4.0`

Release Notes

actions/cache (actions/cache)

`v5.0.4`

Compare Source

apache/kafka (apache/kafka)

`v4.2.0`

Compare Source

`v4.1.2`

Compare Source

gradle/gradle (gradle)

`v8.14.4`

Compare Source

yawkat/lz4-java (at.yawk.lz4:lz4-java)

`v1.10.4`: lz4-java v1.10.4

What's Changed

Tune Linux native build flags and xxhash compilation by @yawkat in #41
Fix Linux native flags for non-x86 CI builds by @yawkat in #42

These changes attempt to fix the native performance regression in 1.9+. They should have no functional or security impact.

Full Changelog: yawkat/lz4-java@v1.10.3...v1.10.4

`v1.10.3`: lz4-java v1.10.3

What's Changed

github-pages documentation by @yawkat in #32
Improve README formatting by @Marcono1234 in #37
fix NPE in LZ4FrameInputStream#available by @dldnhf in #40

New Contributors

@dldnhf made their first contribution in #40

Full Changelog: yawkat/lz4-java@v1.10.2...v1.10.3

`v1.10.2`: lz4-java v1.10.2

What's Changed

Reproducible build by @yawkat in #15
Run tests for pull requests again by @Marcono1234 in #17
Add .git-versioned-pom.xml to .gitignore by @Marcono1234 in #16
Fix source code formatting by @Marcono1234 in #18
Improve publish workflow by @Marcono1234 in #19
Migrate to macOS 15 x86_64 for release build by @Marcono1234 in #21
Use gcc included in Windows image for release build by @Marcono1234 in #22
Improve LZ4FrameIOStreamTest test by @Marcono1234 in #23
Rename windows JNI lib to liblz4-java.dll by @HTHou in #25
Use bnd-maven-plugin to fix osgi manifest headers by @aptmac in #28

New Contributors

@HTHou made their first contribution in #25
@aptmac made their first contribution in #28

Full Changelog: yawkat/lz4-java@v1.10.1...v1.10.2

spring-projects/spring-security (org.springframework.security:spring-security-core)

`v6.5.9`

Compare Source

⭐ New Features

Update Link to CSRF Docs in FAQ #18616

🪲 Bug Fixes

Fix GrantedAuthority.authority null in AuthoritiesAuthorizationManager #18544
saveAuthenticationRequest should read relayState from authenticationRequest #18872
Add Missing OnCommitedResponseWrapper Header Overrides #18798
Clarify Resource Server startup expectations #18518
Correct Reference to Clear-Site-Data Directive enum #18273
Fix CookieRequestCache parameters #18857
Fix Flaky Crypto Tests #18841
Fix Jackson Deserializer for AuthenticationExtensionsClientOutputs #18896

🔨 Dependency Upgrades

Bump @antora/collector-extension from 1.0.2 to 1.0.3 in /docs #18854
Bump actions/upload-artifact from 6.0.0 to 7.0.0 #18809
Bump ch.qos.logback:logback-classic from 1.5.29 to 1.5.32 #18749
Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 #18779
Bump io.projectreactor:reactor-bom from 2024.0.15 to 2024.0.16 #18876
Bump org-apache-maven-resolver from 1.9.25 to 1.9.26 #18750
Bump org-apache-maven-resolver from 1.9.26 to 1.9.27 #18791
Bump org.apache.maven:maven-resolver-provider from 3.9.12 to 3.9.13 #18860
Bump org.apache.maven:maven-resolver-provider from 3.9.13 to 3.9.14 #18886
Bump org.hibernate.orm:hibernate-core from 6.6.42.Final to 6.6.43.Final #18780
Bump org.hibernate.orm:hibernate-core from 6.6.43.Final to 6.6.44.Final #18829
Bump org.springframework:spring-framework-bom from 6.2.16 to 6.2.17 #18903

❤️ Contributors

Thank you to all the contributors who worked on this release:

@Hann244, @Khyojae, @ghusta, @itsmevichu, @qihaiyan, @rwinch, @therepanic, and @ziqin

`v6.5.8`

Compare Source

⭐ New Features

Add @FunctionalInterface to RequestMatcher #18337
Spring Security 7 should provide migration path from request-matcher="ant" #18211
Stop deploying JavaDoc outside of Antora #18199

🪲 Bug Fixes

Add Missing Migration Pages to Navigation #18313
Create SHA-1 MessageDigest for every new check request in Compromised Password Checker #18235
Fix typo in "Preparing for 7.0" in reference to PathPatternRequestMatcher #18336
Fix typo in AnnotationTemplateExpressionDefaults documentation [#18176](https://redire

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

forking-renovate bot added the renovate https://renovate.whitesourcesoftware.com [FINERACT-962] label Oct 20, 2025

renovate-bot force-pushed the renovate/all-minor-patch branch 12 times, most recently from f3c0e3f to f9abc1b Compare October 27, 2025 18:58

renovate-bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from 7b1803f to 2d603c8 Compare November 1, 2025 08:41

renovate-bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from 1c9bf7b to ca353ec Compare November 7, 2025 21:40

renovate-bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 841619a to 3d60c01 Compare November 16, 2025 13:56

galovics approved these changes Nov 17, 2025

View reviewed changes

renovate-bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 8508ddf to c51043a Compare November 22, 2025 02:42

renovate-bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 300d814 to acf9d45 Compare December 1, 2025 10:15

renovate-bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 6197c8a to 42d07f0 Compare December 5, 2025 10:13

FINERACT-2421: Update all non-major dependencies

d0eddad

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FINERACT-2421: Update all non-major dependencies#5109

FINERACT-2421: Update all non-major dependencies#5109
renovate-bot wants to merge 1 commit intoapache:developfrom
renovate-bot:renovate/all-minor-patch

renovate-bot commented Oct 20, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

renovate-bot commented Oct 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v5.0.4

v4.2.0

v4.1.2

v8.14.4

v1.10.4: lz4-java v1.10.4

What's Changed

v1.10.3: lz4-java v1.10.3

What's Changed

New Contributors

v1.10.2: lz4-java v1.10.2

What's Changed

New Contributors

v6.5.9

⭐ New Features

🪲 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

v6.5.8

⭐ New Features

🪲 Bug Fixes

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

renovate-bot commented Oct 20, 2025 •

edited

Loading

`v5.0.4`

`v4.2.0`

`v4.1.2`

`v8.14.4`

`v1.10.4`: lz4-java v1.10.4

`v1.10.3`: lz4-java v1.10.3

`v1.10.2`: lz4-java v1.10.2

`v6.5.9`

`v6.5.8`