Bump the minor-java-dependencies group across 1 directory with 14 updates #10

dependabot · 2025-11-01T20:22:26Z

Bumps the minor-java-dependencies group with 14 updates in the / directory:

Package	From	To
com.fasterxml.jackson:jackson-bom	`2.20.0`	`2.20.1`
io.micrometer:micrometer-bom	`1.15.3`	`1.15.5`
com.google.cloud:libraries-bom	`26.67.0`	`26.71.0`
ch.qos.logback:logback-core	`1.5.18`	`1.5.20`
ch.qos.logback:logback-classic	`1.5.18`	`1.5.20`
ch.qos.logback.access:logback-access-common	`2.0.6`	`2.0.7`
org.yaml:snakeyaml	`2.4`	`2.5`
org.signal:libsignal-server	`0.79.0`	`0.85.2`
org.assertj:assertj-core	`3.27.4`	`3.27.6`
org.codehaus.mojo:versions-maven-plugin	`2.18.0`	`2.19.1`
org.apache.maven.plugins:maven-compiler-plugin	`3.14.0`	`3.14.1`
org.apache.maven.plugins:maven-dependency-plugin	`3.8.1`	`3.9.0`
org.apache.maven.plugins:maven-surefire-plugin	`3.5.3`	`3.5.4`
org.apache.maven.plugins:maven-enforcer-plugin	`3.6.1`	`3.6.2`

Updates com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1

Commits

5e24010 [maven-release-plugin] prepare release jackson-bom-2.20.1
59a2e4a Prep for 2.20.1 release
3fc3645 Merge branch '2.19' into 2.20
7539ecc Post-release dep version bump
21f04ba [maven-release-plugin] prepare for next development iteration
085b32f [maven-release-plugin] prepare release jackson-bom-2.19.4
f2a1f50 Prep for 2.19.4 release
ee69fcf ...
3735e1e ...
d405492 Add helper script for safekeeping
Additional commits viewable in compare view

Updates io.micrometer:micrometer-bom from 1.15.3 to 1.15.5

Release notes

Sourced from io.micrometer:micrometer-bom's releases.

1.15.5

🐞 Bug Fixes

Close scope in same thread in ObservedAspect #6727

Synchronize access of current connections in JettyConnectionMetrics #6578

🔨 Dependency Upgrades

Bump dropwizard-metrics from 4.2.36 to 4.2.37 #6733

❤️ Contributors

Thank you to all the contributors who worked on this release:

@deadok22 and @pema4

1.15.4

🐞 Bug Fixes

NettyAllocatorMetrics should not prevent collecting executors #6641

[JOOQ] MetricsDSLContext - fetchExists doesn't report provided tags #6583

📔 Documentation

add compatibility note for jOOQ overload delegation #6681

🔨 Dependency Upgrades

Bump dropwizard-metrics from 4.2.33 to 4.2.36 #6677

❤️ Contributors

Thank you to all the contributors who worked on this release:

@HeeChanN

Commits

ce3a9e0 Merge branch '1.14.x' into 1.15.x
bae31eb Close scope in same thread in ObservedAspect (#6728)
c6e10e3 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#6753)
9a614b9 Bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (#6749)
ac9dffa Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#6748)
b871654 Bump org.postgresql:postgresql from 42.7.7 to 42.7.8 (#6747)
98f64c3 Bump dropwizard-metrics from 4.2.36 to 4.2.37 (#6733)
238b901 Merge branch '1.14.x' into 1.15.x
64be1d6 Improve CurrentObservationTest
9548a1e Bump dropwizard-metrics from 4.2.36 to 4.2.37 (#6734)
Additional commits viewable in compare view

Updates com.google.cloud:libraries-bom from 26.67.0 to 26.71.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.71.0

26.71.0 (2025-10-27)

Notable Changes

This version of libraries-bom has been updated to use Protobuf v33.0 runtime. Notably, this version of Protobuf has Restored compatibility of runtime with gencode created with protoc <3.21.

All libraries managed by this BOM are now compatible with GraalVM for JDK 25.

Dependencies

update dependency com.google.cloud:first-party-dependencies to v3.53.0 (#7243) (22ff0f1)

update dependency com.google.cloud:gapic-libraries-bom to v1.71.0 (#7241) (c6d3b55)

update dependency com.google.cloud:gapic-libraries-bom to v1.72.0 (#7256) (43b27a3)

update dependency com.google.cloud:google-cloud-bigquery to v2.55.3 (#7252) (24111df)

update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.17.3 (#7244) (562db50)

update dependency com.google.cloud:google-cloud-bigtable-bom to v2.68.0 (#7258) (2d9916f)

update dependency com.google.cloud:google-cloud-datastore-bom to v2.32.3 (#7245) (45bc468)

update dependency com.google.cloud:google-cloud-firestore-bom to v3.33.3 (#7246) (b4029e6)

update dependency com.google.cloud:google-cloud-logging-bom to v3.23.7 (#7247) (1c8d9fa)

update dependency com.google.cloud:google-cloud-logging-logback to v0.132.18-alpha (#7253) (b1df096)

update dependency com.google.cloud:google-cloud-nio to v0.128.7 (#7255) (c13532a)

update dependency com.google.cloud:google-cloud-pubsub-bom to v1.143.0 (#7248) (ddfe793)

update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.15.18 (#7250) (74c338d)

update dependency com.google.cloud:google-cloud-spanner-bom to v6.102.1 (#7259) (49160d0)

update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.33.2 (#7260) (0d04af6)

update dependency com.google.cloud:google-cloud-storage-bom to v2.59.0 (#7254) (9920709)

update dependency com.google.protobuf:protobuf-bom to v4.33.0 (#7257) (4c33cf2)

v26.70.0

GCP Libraries BOM 26.70.0

Here are the differences from the previous version (26.69.0)

New Addition

com.google.cloud:google-cloud-locationfinder:0.1.0

The group ID of the following artifacts is com.google.cloud.

Notable Changes

google-cloud-pubsub 1.142.0 (prev: 1.141.5)

Support the protocol version in StreamingPullRequest (af40810)

google-cloud-spanner 6.102.0 (prev: 6.101.1)

Add connection property for gRPC interceptor provider (#4149) (deb8dff)

Support statement_timeout in connection url (#4103) (542c6aa)

Automatically set default_sequence_kind for CREATE SEQUENCE (#4105) (3beea6a)

Other libraries

... (truncated)

Commits

431245f chore: release main (#7251)
4c33cf2 deps: update dependency com.google.protobuf:protobuf-bom to v4.33.0 (#7257)
447090b chore: Update guava in tests to v33.5.0 (#7261)
0d04af6 deps: update dependency com.google.cloud:google-cloud-spanner-jdbc to v2.33.2...
49160d0 deps: update dependency com.google.cloud:google-cloud-spanner-bom to v6.102.1...
2d9916f deps: update dependency com.google.cloud:google-cloud-bigtable-bom to v2.68.0...
c13532a deps: update dependency com.google.cloud:google-cloud-nio to v0.128.7 (#7255)
43b27a3 deps: update dependency com.google.cloud:gapic-libraries-bom to v1.72.0 (#7256)
c6d3b55 deps: update dependency com.google.cloud:gapic-libraries-bom to v1.71.0 (#7241)
74c338d deps: update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.15...
Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Logback-classic's initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

930fb15 prepare release 1.5.20
0b4432a provide an alternative to Janino based conditional configuration processing -...
258558f provide an alternative to Janino based conditional configuration processing -...
ee77a70 provide an alternative to Janino based conditional configuration processing -...
5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
728803f fix typo
aa5eeb1 start work on version 1.5.20-SNAPSHOT
e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
4adae8b add plugin for Maven Central deployment
ee70cf4 prepare release 1.5.19
Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Logback-classic's initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

930fb15 prepare release 1.5.20
0b4432a provide an alternative to Janino based conditional configuration processing -...
258558f provide an alternative to Janino based conditional configuration processing -...
ee77a70 provide an alternative to Janino based conditional configuration processing -...
5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
728803f fix typo
aa5eeb1 start work on version 1.5.20-SNAPSHOT
e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
4adae8b add plugin for Maven Central deployment
ee70cf4 prepare release 1.5.19
Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Logback-classic's initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

930fb15 prepare release 1.5.20
0b4432a provide an alternative to Janino based conditional configuration processing -...
258558f provide an alternative to Janino based conditional configuration processing -...
ee77a70 provide an alternative to Janino based conditional configuration processing -...
5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
728803f fix typo
aa5eeb1 start work on version 1.5.20-SNAPSHOT
e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
4adae8b add plugin for Maven Central deployment
ee70cf4 prepare release 1.5.19
Additional commits viewable in compare view

Updates ch.qos.logback.access:logback-access-common from 2.0.6 to 2.0.7

Updates org.yaml:snakeyaml from 2.4 to 2.5

Commits

015ab57 [maven-release-plugin] prepare for next development iteration
4795519 Update info
9c36c69 Introduce devcontainer
0c5b3e5 fix: add debug level to internal logger
a65b131 Merge branch 'master' into devcontainers
788a98b Update changes
556b4bf Add info for devcontainer
0828c39 ops: migrate deployment from OSSRH to Central Portal
30d6a3a Add a test for issue 1108
2da4c6d Remove unrelated code
Additional commits viewable in compare view

Updates org.signal:libsignal-server from 0.79.0 to 0.85.2

Changelog

Sourced from org.signal:libsignal-server's changelog.

v0.85.2

Rust: All serializable zkgroup types are now marked as Clone, since you could get the same effect from serializing and deserializing.

Node: Remove a stray import from chai in a non-testing file.

Commits

57f2254 node: Use Node's assert rather than Chai's in FakeChat.ts
977b95f Add a script for skipping the build of BoringSSL
e335b8d net: Add ConnectionResources::connect_h2
bc50f80 keytrans: Update tests to account for the server change
d95b4b5 Add shellcheck, flake8, and mypy to just check-pre-commit
ce89b03 keytrans: Update the test data and enable integration tests in CI
68e764e net: ComposedConnector can always use the outer connector's Error
9cba9f1 backup_stats: Break out some more specific frame types
e77c332 net: Rework Http2Connector to be composable
19f850a backup: Add backup_stats example (quick and dirty statistics)
Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.4 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@duponter

v3.27.5

⚡ Improvements

Core

ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

Upgrade to Byte Buddy 1.17.7 #3947

Upgrade to JUnit BOM 5.13.4 #3947

Guava

Upgrade to Guava 33.4.8-jre #3947

Commits

716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
e189652 Add missing export for org.assertj.core.annotation (#3951)
0cb489e Update Maven Central URL
7286309 [maven-release-plugin] prepare for next development iteration
dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
1d0defc Add missing permission to release workflow
844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
bdd7106 Add CodeQL custom workflow
a93d7e6 Remove EOL Java 24
26ea866 Update production dependencies (#3947)
Additional commits viewable in compare view

Updates org.codehaus.mojo:versions-maven-plugin from 2.18.0 to 2.19.1

Release notes

Sourced from org.codehaus.mojo:versions-maven-plugin's releases.

2.19.1

🐛 Bug Fixes

Resolves #1270: Ensuring thread safety when creating VersionsHelper (#1273) @andrzejj0

Resolves #1266: Applying the include filter during association resolution (#1274) @andrzejj0

📝 Documentation updates

Resolves #1271: Fixed broken Site links (#1275) @andrzejj0

2.19.0

💥 Breaking changes

Removed numeric and mercury comparators, further refactoring (#1222) @andrzejj0

🚀 New features and improvements

Parallel version updates (#1207) @andrzejj0

Fixes #1140: Added showVersionless (default true) (#1187) @andrzejj0

🐛 Bug Fixes

Resolves #1227: revert working in case of a non-standard "pom.xml" filename (#1263) @andrzejj0

Resolves #1255: set-property special case when a property has no value (#1261) @andrzejj0

Resolves #1251: nextSnapshotIndexToIncrement should zeros on the right (#1262) @andrzejj0

Fixed #1233- set-property in profile without module property (#1234) @mcarlett

Fix closing code tags (#1206) @pzygielo

Resolves #1197: Handling a no-version case in dependencyManagement for CompareDependenciesMojo (#1198) @andrzejj0

Fixed the failed release build (#1194) @andrzejj0

Fixed #1191: Processes (all) profiles from original model if transitive is false (#1193) @andrzejj0

Fixes #1140 for reports (#1188) @andrzejj0

Fixes #1140: Added showVersionless (default true) (#1187) @andrzejj0

Fixes #1182 and #1184: Bug fixes (#1185) @andrzejj0

👻 Maintenance

Remove manual default from docs for parameters (#1264) @slawekjaranowski

Use default configuration for release-drafter (#1256) @slawekjaranowski

Bump project version to 2.19.0-SNAPSHOT (#1237) @slawekjaranowski

Exposing the problem causing artifact if Resolver throws an exception (#1224) @andrzejj0

Site fix for rule-2.1.0.xsd and rule-2.0.0.xsd; getOutputPath() for reports (#1223) @andrzejj0

Removed numeric and mercury comparators, further refactoring (#1222) @andrzejj0

Pom helper refactoring (#1221) @andrzejj0

PR Automation only on close event (#1220) @slawekjaranowski

Refactoring: ArtifactFactory and ArtifactVersionService (#1218) @andrzejj0

Versions refactor 2 (#1204) @andrzejj0

Refactoring: coalesce use-- goals. (#1202) @andrzejj0

PR Automation - must use pull_request_target (#1205) @slawekjaranowski

... (truncated)

Commits

804a5ab [maven-release-plugin] prepare release 2.19.1
4affd18 Resolves #1270: Ensuring thread safety when VersionsHelper (#1273)
6bd8d68 Resolves #1266: Applying the include filter while resolving property associat...
60d273c Resolves #1271: Fixed broken Site links (#1275)
4456751 Revert "Bump org.hibernate:hibernate-validator (#1267)"
3eee9f9 Bump org.hibernate:hibernate-validator (#1267)
9c43c1a [maven-release-plugin] prepare for next development iteration
b625a90 [maven-release-plugin] prepare release 2.19.0
ba67cf1 Bump actions/stale from 9 to 10
28ac80d Remove manual default from docs for parameters
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

Improve DeltaList behavior for large projects (#335) @gsmet

Allow to not use --module-version for the Java compiler (#331) @pzygielo

🐛 Bug Fixes

Add generatedSourcesPath back to the maven project (#312) @mensinda

[MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @mensinda

📦 Dependency updates

Enforce asm version used here, to not depend on brittle transitive (#964) @olamy

Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]

Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

Commits

0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
63846f1 Improve DeltaList behavior for large projects (#335)
ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
164bad4 Allow to not use --module-version for the Java compiler
0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
d44d1be Add generatedSourcesPath back to the maven project
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

Use Resolver API in go-offline for dependencies resolving (#1533) @slawekjaranowski

Use Resolver API in go-offline for plugins resolving (#1532) @slawekjaranowski

Fixes #1522, add render-dependencies mojo (#1523) @rmannibucau

Use Resolver API in resolve-plugin (#1521) @slawekjaranowski

[MEDP-964] - unconditionally ignore dependencies known to be loaded by reflection (#1492) @elharo

Update maven-dependency-analyzer to support Java24 (#528) @talios

[MDEP-972] - copy-dependencies: copy signatures alongside artifacts (#514) @Ndacyayisenga-droid

[MDEP-776] - Warn when multiple dependencies have the same file name (#463) @elharo

[MDEP-966] - Migrate AnalyzeDepMgt to Sisu (#473) @elharo

[MDEP-957] - By default, don't report slf4j-simple as unused (#433) @elharo

🐛 Bug Fixes

ProjectBuildingRequest should not be modified (#1520) @slawekjaranowski

Fix - markersDirectory is not working when unpack goal is executed from command line (#537) @vaibhavbatra15

Fix broken link for analyze-exclusions-mojo on usage-page (#521) @Bukama

[MDEP-839] - Avoid extra blank lines in file (#495) @elharo

Update collect URL (#510) @elharo

[MDEP-689] - Fixes ignored dependency filtering in go-offline goal (#417) @ldhardy

[MDEP-960] - Repair silent logging (#447) @elharo

📝 Documentation updates

[MDEP-933] - Document dependency tree output formats (#535) @Ndacyayisenga-droid

Add additional comment to clarify the minimal supported version of ou… (#465) @gluxhappy

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#511) @Bukama

Unix file separators (#507) @elharo

👻 Maintenance

Simplify usage of RepositoryManager and DependencyResolver (#1518) @slawekjaranowski

Use Resolver API in copy and unpack (#1514) @slawekjaranowski

Update site descriptor to 2.0.0 (#1508) @slawekjaranowski

Enable prevent branch protection rules (#1503) @slawekjaranowski

Fix [MDEP-931] - Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses (#530) @Ndacyayisenga-droid

Cleanups dependencies (#1496) @slawekjaranowski

Copy edit parameter descriptions (#1488) @elharo

Small Javadoc clarifications (#533) @elharo

[MDEP-967] - Change info to debug logging in AbstractFromConfigurationMojo (#529) @Ndacyayisenga-droid

fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml (#526) @Ndacyayisenga-droid

Enable GH issues (#522) @Bukama

Remove redundant/unneeded code (#519) @elharo

Add PR Automation and Stale actions (#513) @slawekjaranowski

Keep files in temporary directory to be deleted after test (#508) @pzygielo

Drop unnecessary call (#509) @pzygielo

Avoid deprecated ArtifactFactory (

…ates Bumps the minor-java-dependencies group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.20.0` | `2.20.1` | | [io.micrometer:micrometer-bom](https://github.com/micrometer-metrics/micrometer) | `1.15.3` | `1.15.5` | | [com.google.cloud:libraries-bom](https://github.com/googleapis/java-cloud-bom) | `26.67.0` | `26.71.0` | | [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.20` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.20` | | ch.qos.logback.access:logback-access-common | `2.0.6` | `2.0.7` | | [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) | `2.4` | `2.5` | | [org.signal:libsignal-server](https://github.com/signalapp/libsignal) | `0.79.0` | `0.85.2` | | [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.4` | `3.27.6` | | [org.codehaus.mojo:versions-maven-plugin](https://github.com/mojohaus/versions) | `2.18.0` | `2.19.1` | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.14.1` | | [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.8.1` | `3.9.0` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.6.1` | `3.6.2` | Updates `com.fasterxml.jackson:jackson-bom` from 2.20.0 to 2.20.1 - [Commits](FasterXML/jackson-bom@jackson-bom-2.20.0...jackson-bom-2.20.1) Updates `io.micrometer:micrometer-bom` from 1.15.3 to 1.15.5 - [Release notes](https://github.com/micrometer-metrics/micrometer/releases) - [Commits](micrometer-metrics/micrometer@v1.15.3...v1.15.5) Updates `com.google.cloud:libraries-bom` from 26.67.0 to 26.71.0 - [Release notes](https://github.com/googleapis/java-cloud-bom/releases) - [Changelog](https://github.com/googleapis/java-cloud-bom/blob/main/release-please-config.json) - [Commits](googleapis/java-cloud-bom@v26.67.0...v26.71.0) Updates `ch.qos.logback:logback-core` from 1.5.18 to 1.5.20 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.18...v_1.5.20) Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.20 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.18...v_1.5.20) Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.20 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.18...v_1.5.20) Updates `ch.qos.logback.access:logback-access-common` from 2.0.6 to 2.0.7 Updates `org.yaml:snakeyaml` from 2.4 to 2.5 - [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.5..snakeyaml-2.4) Updates `org.signal:libsignal-server` from 0.79.0 to 0.85.2 - [Release notes](https://github.com/signalapp/libsignal/releases) - [Changelog](https://github.com/signalapp/libsignal/blob/v0.85.2/RELEASE_NOTES.md) - [Commits](signalapp/libsignal@v0.79.0...v0.85.2) Updates `org.assertj:assertj-core` from 3.27.4 to 3.27.6 - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.27.4...assertj-build-3.27.6) Updates `org.codehaus.mojo:versions-maven-plugin` from 2.18.0 to 2.19.1 - [Release notes](https://github.com/mojohaus/versions/releases) - [Changelog](https://github.com/mojohaus/versions/blob/master/ReleaseNotes.md) - [Commits](mojohaus/versions@2.18.0...2.19.1) Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.14.1 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.14.1) Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.8.1 to 3.9.0 - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.8.1...maven-dependency-plugin-3.9.0) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.1 to 3.6.2 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.6.1...enforcer-3.6.2) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.20.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: io.micrometer:micrometer-bom dependency-version: 1.15.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: com.google.cloud:libraries-bom dependency-version: 26.71.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-java-dependencies - dependency-name: ch.qos.logback:logback-core dependency-version: 1.5.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.20 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: ch.qos.logback.access:logback-access-common dependency-version: 2.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: org.yaml:snakeyaml dependency-version: '2.5' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-java-dependencies - dependency-name: org.signal:libsignal-server dependency-version: 0.85.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-java-dependencies - dependency-name: org.assertj:assertj-core dependency-version: 3.27.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: org.codehaus.mojo:versions-maven-plugin dependency-version: 2.19.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-java-dependencies - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-version: 3.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-java-dependencies - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-java-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Nov 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the minor-java-dependencies group across 1 directory with 14 updates #10

Bump the minor-java-dependencies group across 1 directory with 14 updates #10

Uh oh!

dependabot bot commented on behalf of github Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the minor-java-dependencies group across 1 directory with 14 updates #10

Are you sure you want to change the base?

Bump the minor-java-dependencies group across 1 directory with 14 updates #10

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 1, 2025

1.15.5

🐞 Bug Fixes

🔨 Dependency Upgrades

❤️ Contributors

1.15.4

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

❤️ Contributors

v26.71.0

26.71.0 (2025-10-27)

Notable Changes

Dependencies

v26.70.0

New Addition

Notable Changes

google-cloud-pubsub 1.142.0 (prev: 1.141.5)

google-cloud-spanner 6.102.0 (prev: 6.101.1)

Other libraries

Logback 1.5.20

Logback 1.5.19

Logback 1.5.20

Logback 1.5.19

Logback 1.5.20

Logback 1.5.19

v3.27.6

🐛 Bug Fixes

Core

❤️ Contributors

v3.27.5

⚡ Improvements

Core

🔨 Dependency Upgrades

Core

Guava

2.19.1

🐛 Bug Fixes

📝 Documentation updates

2.19.0

💥 Breaking changes

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

3.9.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant