From 21c45464db2cf52a95d75d6352cfdb6eccb62edc Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Feb 2026 10:40:58 +0800 Subject: [PATCH 01/39] Change target branch from 'dependabot' to 'dependa' --- .github/dependabot.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6534e7a2..36cbab10 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,7 @@ updates: interval: "daily" time: "03:00" # 每天 UTC 时间 3:00 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 reviewers: # 自动添加审阅者 - "ACANX" @@ -45,7 +45,7 @@ updates: interval: "daily" time: "21:00" # 每天 UTC 时间 5:00 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 assignees: # 自动分配负责人 - "maintainer" @@ -65,7 +65,7 @@ updates: interval: "daily" time: "21:10" # 每天 UTC 时间 5:00 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 assignees: # 自动分配负责人 - "dependabot" @@ -86,7 +86,7 @@ updates: interval: "daily" time: "22:35" # 每周 UTC 时间 22:30 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 assignees: # 自动分配负责人 - "dependabot[bot]" @@ -106,7 +106,7 @@ updates: interval: "daily" time: "22:40" # 每周 UTC 时间 22:30 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 assignees: # 自动分配负责人 - "dependabot[bot]" @@ -126,7 +126,7 @@ updates: interval: "daily" time: "22:50" # 每周 UTC 时间 22:30 检查 timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependabot" + target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 assignees: # 自动分配负责人 - "dependabot[bot]" From a0ecf17a8bfc848abb71f357aba4d51b89084c89 Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Feb 2026 10:43:39 +0800 Subject: [PATCH 02/39] Fix condition for Dependabot PR title renaming --- .github/workflows/RenameDependabotBumpPRTitle.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/RenameDependabotBumpPRTitle.yml b/.github/workflows/RenameDependabotBumpPRTitle.yml index 13d58bff..d988626a 100644 --- a/.github/workflows/RenameDependabotBumpPRTitle.yml +++ b/.github/workflows/RenameDependabotBumpPRTitle.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest # 检查PR作者和分支 if: | # - github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.base.ref == 'dependabot' + github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.base.ref == 'dependa' steps: # 1. 获取元数据 - name: Get dependency metadata From 50ad29223d49846772a00005317eb996e9a45c28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:44:26 +0800 Subject: [PATCH 03/39] chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /meta-bom/bom-sdk (#887) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 87adb7b1..b19cf51b 100644 --- a/pom.xml +++ b/pom.xml @@ -45,7 +45,7 @@ 21 3.15.0 3.1.4 - 3.5.4 + 3.5.5 3.4.0 3.12.0 3.2.8 From 53576ce5c0cb458b160f3e96361ab7f7af8d524a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:44:45 +0800 Subject: [PATCH 04/39] chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /meta-component (#888) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-component/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-component/pom.xml b/meta-component/pom.xml index 06150644..0263dbc3 100644 --- a/meta-component/pom.xml +++ b/meta-component/pom.xml @@ -196,7 +196,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.4 + 3.5.5 From 1ee92936aeb592d45aafe6d4d40d76903f2f0c21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:45:03 +0800 Subject: [PATCH 05/39] chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /meta-model (#889) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 70d854887eef6b68741ac4eeafa95b03530dcd5c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:45:20 +0800 Subject: [PATCH 06/39] chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /meta-bom/bom-graalvm (#890) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From c3050ded84b50a8d60618420d2fabc9a7835acbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:45:42 +0800 Subject: [PATCH 07/39] chore(deps): bump com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.0 to 2.21.1 in /meta-component (#891) Bumps [com.fasterxml.jackson.dataformat:jackson-dataformat-xml](https://github.com/FasterXML/jackson-dataformat-xml) from 2.21.0 to 2.21.1.
Commits
  • da4b3fc [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.1
  • 4326690 Prep for 2.21.1 release
  • 035d3a4 Merge branch '2.20' into 2.21
  • d7b2cdc Merge branch '2.19' into 2.20
  • ed65237 Merge branch '2.18' into 2.19
  • ee8f476 Post-release dep version bump
  • 5cc35e3 [maven-release-plugin] prepare for next development iteration
  • fec242b [maven-release-plugin] prepare release jackson-dataformat-xml-2.18.6
  • 9a6ef3f Prep for 2.18.6 release
  • 3762321 Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.fasterxml.jackson.dataformat:jackson-dataformat-xml&package-manager=maven&previous-version=2.21.0&new-version=2.21.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b19cf51b..85ecccc1 100644 --- a/pom.xml +++ b/pom.xml @@ -54,7 +54,7 @@ acanx 0.4.3 - 2.21.0 + 2.21.1 2.0.60 1.18.42 6.0.3 From 5777f9171af6502a5aee623b8173c025d551526f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:46:12 +0800 Subject: [PATCH 08/39] chore(deps): bump awssdk.version from 2.41.33 to 2.42.3 in /meta-bom/bom-sdk (#892) Bumps `awssdk.version` from 2.41.33 to 2.42.3. Updates `software.amazon.awssdk:s3` from 2.41.33 to 2.42.3 Updates `software.amazon.awssdk:lambda` from 2.41.33 to 2.42.3 Updates `software.amazon.awssdk:ses` from 2.41.33 to 2.42.3 Updates `software.amazon.awssdk:cloudwatch` from 2.41.33 to 2.42.3 Updates `software.amazon.awssdk:costexplorer` from 2.41.33 to 2.42.3 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index e785325b..22d3dbdc 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.41.33 + 2.42.3 From 09294df1d0211ca616b368dcd84a1c764700ae03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:46:28 +0800 Subject: [PATCH 09/39] chore(deps): bump com.google.protobuf:protobuf-java from 4.33.5 to 4.34.0 in /os-dependencies (#893) Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 4.33.5 to 4.34.0.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java&package-manager=maven&previous-version=4.33.5&new-version=4.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 58946abd..731ee3ad 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -62,7 +62,7 @@ 4.2.10.Final 3.8.3 - 4.33.5 + 4.34.0 11.0.18 From 035698d77cf147f2825bf1a7ec72bb9ccf8fb7cc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:47:00 +0800 Subject: [PATCH 10/39] chore(deps): bump jackson3.version from 3.0.4 to 3.1.0 in /os-dependencies (#894) Bumps `jackson3.version` from 3.0.4 to 3.1.0. Updates `tools.jackson.core:jackson-core` from 3.0.4 to 3.1.0
Commits
  • f59c106 [maven-release-plugin] prepare release jackson-core-3.1.0
  • a916a01 Prep for 3.1.0 release
  • 754caf7 Merge branch '2.x' into 3.x
  • 8ed2593 Merge branch '2.21' into 2.x
  • 5184c75 Post-release dep version bump
  • 4beeb3f [maven-release-plugin] prepare for next development iteration
  • f319790 [maven-release-plugin] prepare release jackson-core-2.21.1
  • 1b741b1 Prep for 2.21.1 release
  • 0f02cd7 Merge branch '2.21' into 2.x
  • 79f789e Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

Updates `tools.jackson.core:jackson-databind` from 3.0.4 to 3.1.0
Commits

Updates `tools.jackson.dataformat:jackson-dataformat-xml` from 3.0.4 to 3.1.0
Commits
  • ba16ff4 [maven-release-plugin] prepare release jackson-dataformat-xml-3.1.0
  • a722ce4 Prep for 3.1.0 release
  • 2dac5e8 Merge branch '2.x' into 3.x
  • 460b5c0 Merge branch '2.21' into 2.x
  • 3503394 Post-release dep version bump
  • b19143d [maven-release-plugin] prepare for next development iteration
  • da4b3fc [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.1
  • 4326690 Prep for 2.21.1 release
  • 6a46263 Merge branch '2.21' into 2.x
  • 035d3a4 Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

Updates `tools.jackson.dataformat:jackson-dataformat-yaml` from 3.0.4 to 3.1.0
Commits
  • 52ac028 [maven-release-plugin] prepare release jackson-dataformats-text-3.1.0
  • 58219d3 Prep for 3.1.0 release
  • 192c98c Merge branch '2.x' into 3.x
  • 49d8f0e Merge branch '2.21' into 2.x
  • efb186c Post-release dep version bump
  • c3b81c5 [maven-release-plugin] prepare for next development iteration
  • 499c5b0 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.1
  • 06ffd1d Prep for 2.21.1 release
  • 06b95c2 Merge branch '2.21' into 2.x
  • c824883 Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

Updates `tools.jackson.dataformat:jackson-dataformat-csv` from 3.0.4 to 3.1.0
Commits
  • 52ac028 [maven-release-plugin] prepare release jackson-dataformats-text-3.1.0
  • 58219d3 Prep for 3.1.0 release
  • 192c98c Merge branch '2.x' into 3.x
  • 49d8f0e Merge branch '2.21' into 2.x
  • efb186c Post-release dep version bump
  • c3b81c5 [maven-release-plugin] prepare for next development iteration
  • 499c5b0 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.1
  • 06ffd1d Prep for 2.21.1 release
  • 06b95c2 Merge branch '2.21' into 2.x
  • c824883 Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 731ee3ad..d9bc70b1 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -82,7 +82,7 @@ 2.0.60 2.21.0 - 3.0.4 + 3.1.0 2.5 3.2.3 From ddd301ee5b2ebf6351e899fb8f993eb12f41df3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:47:21 +0800 Subject: [PATCH 11/39] chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /os-dependencies (#895) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index d9bc70b1..8db752b3 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -308,7 +308,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.4 + 3.5.5 org.apache.maven.plugins From 5bc7c289ff010751406c7a9f40a0a5b28545420a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:47:42 +0800 Subject: [PATCH 12/39] chore(deps): bump com.jayway.jsonpath:json-path from 2.10.0 to 3.0.0 in /os-dependencies (#896) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.jayway.jsonpath:json-path](https://github.com/jayway/JsonPath) from 2.10.0 to 3.0.0.
Release notes

Sourced from com.jayway.jsonpath:json-path's releases.

json-path-3.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/json-path/JsonPath/compare/json-path-2.10.0...json-path-3.0.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.jayway.jsonpath:json-path&package-manager=maven&previous-version=2.10.0&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 8db752b3..7e97c91d 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -863,7 +863,7 @@ com.jayway.jsonpath json-path - 2.10.0 + 3.0.0 provided true From fbabf540f0f36cc3c3c7089f185e8663fdebc116 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:47:58 +0800 Subject: [PATCH 13/39] chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /meta-bom/bom-deamon (#897) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 4c4cfb088d14ca2b354b6c8c823c49b84bc99fc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:48:15 +0800 Subject: [PATCH 14/39] chore(deps): bump org.yaml:snakeyaml from 2.5 to 2.6 in /os-dependencies (#901) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 2.5 to 2.6.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.yaml:snakeyaml&package-manager=maven&previous-version=2.5&new-version=2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 7e97c91d..e7d6c542 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -83,7 +83,7 @@ 2.0.60 2.21.0 3.1.0 - 2.5 + 2.6 3.2.3 2.3.34 From adfa2ec428865d386356ab2f42679c05321af620 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:48:34 +0800 Subject: [PATCH 15/39] chore(deps): bump org.elasticsearch:elasticsearch from 9.3.0 to 9.3.1 in /os-dependencies (#903) Bumps [org.elasticsearch:elasticsearch](https://github.com/elastic/elasticsearch) from 9.3.0 to 9.3.1.
Release notes

Sourced from org.elasticsearch:elasticsearch's releases.

Elasticsearch 9.3.1

Downloads: https://elastic.co/downloads/elasticsearch Release notes: https://www.elastic.co/docs/release-notes/elasticsearch#elasticsearch-9.3.1-release-notes

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.elasticsearch:elasticsearch&package-manager=maven&previous-version=9.3.0&new-version=9.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index e7d6c542..cd92416a 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -102,7 +102,7 @@ 3.1.1 10.3.2 - 9.3.0 + 9.3.1 1.17.2 3.3.6 From 16a5501fc1b7e9e60226e22fb715b852e4f33dde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:48:50 +0800 Subject: [PATCH 16/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.hibernate.orm:hibernate-core][7?= =?UTF-8?q?.2.4.Final=20=3D>=207.2.5.Final]=20(#904)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.4.Final to 7.2.5.Final.
Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Release 7.2.5

Hibernate ORM 7.2.5.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.5.Final.

You can find the full list of 7.2.5.Final changes here.

What's new

  • See the website for requirements and compatibilities.
  • See the What's New guide for details about new features and capabilities.
  • See the Migration Guide for details about migration.

Conclusion

For additional details, see:

See also the following resources related to supported APIs:

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 7.2.5.Final (February 22, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/37807

** Bug * HHH-20187 NPE in BeanValidationEventListener with StatelessSession * HHH-20165 Hibernate processor: Panache Next generated repository name conflicts * HHH-20164 Hibernate processor: @​Delete methods not working outside of Jakarta Data repository * HHH-20163 Hibernate processor: nested types are visited twice * HHH-20162 MySQL timeout based on innodb_lock_timeout has incorrect units * HHH-20151 Metamodel geneartor: allow implicit repositories for Panache Next * HHH-20143 Attempting to lock an entity not associated with the persistence context should rollback the active transaction

Commits
  • 23f1ea4 [Jenkins release job] Preparing release 7.2.5.Final
  • dc2faf6 [Jenkins release job] changelog.txt updated by release build 7.2.5.Final
  • 7b926de HHH-20165 Processor: avoid generating conflicting names for repositories
  • e03b94e HHH-20164 Metamodel processor: Fixed bug with missing catch clause for @​Delet...
  • 484505a HHH-20163 Metamodel generator: do not visit nested types twice
  • 10c9e44 HHH-20151 Metamodel geneartor: allow implicit repositories for Panache Next
  • 27fc137 HHH-20130 add test
  • 7114315 HHH-20130 fix bug in imported vs qualified type logic in Processor
  • 2c5e335 HHH-20187 fix NPE in BeanValidationEventListener with SS
  • e0a8251 HHH-20162: Correctly handle units for innodb_lock_wait_timeout in MySQL
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.hibernate.orm:hibernate-core&package-manager=maven&previous-version=7.2.4.Final&new-version=7.2.5.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index cd92416a..0bad7004 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -69,7 +69,7 @@ 9.6.0 42.7.10 3.5.19 - 7.2.4.Final + 7.2.5.Final 2.6.0 3.20.0 From beb9eba609ae9076ffb03073262414a1ed68c83d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:49:08 +0800 Subject: [PATCH 17/39] chore(deps): bump org.seleniumhq.selenium:selenium-api from 4.40.0 to 4.41.0 in /os-dependencies (#899) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.seleniumhq.selenium:selenium-api](https://github.com/SeleniumHQ/selenium) from 4.40.0 to 4.41.0.
Release notes

Sourced from org.seleniumhq.selenium:selenium-api's releases.

Selenium 4.41.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits
  • 9fc754f [build] Prepare for release of selenium-4.41.0 (#17098)
  • d5f22ec [java] mark tests passing in latest chrome beta
  • 89c5993 [build] fix auto-updating of browsers
  • 4592f1b [build] ci-python jobs not currently matching by default
  • 755d44c [build] put cdp version support in changelogs
  • 9aff5c7 [build] cannot invoke a rake task twice by default
  • 3a680a3 [build] ignore the staging branch for the PR and apply all patches in order
  • 20de9b9 [build] stage changes to an ephemeral staging branch since not all updates ar...
  • aac9a28 [py] Update test to check it's an integer rather than a value (#17114)
  • 02ec15f [rb] Update dependencies (#17111)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.seleniumhq.selenium:selenium-api&package-manager=maven&previous-version=4.40.0&new-version=4.41.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 0bad7004..4daa6098 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -939,7 +939,7 @@ org.seleniumhq.selenium selenium-api - 4.40.0 + 4.41.0 org.thymeleaf From c3cde7620638d9bf7a7d85e9697ab1b4d02b897c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:49:25 +0800 Subject: [PATCH 18/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[jackson.version][2.21.0=20=3D>=202.?= =?UTF-8?q?21.1]=20(#898)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `jackson.version` from 2.21.0 to 2.21.1. Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.0 to 2.21.1
Commits

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-xml` from 2.21.0 to 2.21.1
Commits
  • da4b3fc [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.1
  • 4326690 Prep for 2.21.1 release
  • 035d3a4 Merge branch '2.20' into 2.21
  • d7b2cdc Merge branch '2.19' into 2.20
  • ed65237 Merge branch '2.18' into 2.19
  • ee8f476 Post-release dep version bump
  • 5cc35e3 [maven-release-plugin] prepare for next development iteration
  • fec242b [maven-release-plugin] prepare release jackson-dataformat-xml-2.18.6
  • 9a6ef3f Prep for 2.18.6 release
  • 3762321 Merge branch '2.20' into 2.21
  • Additional commits viewable in compare view

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.21.0 to 2.21.1
Commits
  • 499c5b0 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.1
  • 06ffd1d Prep for 2.21.1 release
  • c824883 Merge branch '2.20' into 2.21
  • 887d7cb Merge branch '2.19' into 2.20
  • ddd9d68 Merge branch '2.18' into 2.19
  • e2df4d2 Fix 2.18 pom.xml
  • f45225a Merge branch '2.20' into 2.21
  • f6e636c Merge branch '2.19' into 2.20
  • cd8aa78 Merge branch '2.18' into 2.19
  • 957a0fd Post-release dep version bump
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 4daa6098..17b495d4 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -81,7 +81,7 @@ 1.6.3 2.0.60 - 2.21.0 + 2.21.1 3.1.0 2.6 From bbbe2861462f0a247730b6934f0872b8554e90b8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:49:41 +0800 Subject: [PATCH 19/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.apache.lucene:lucene-core][10.3?= =?UTF-8?q?.2=20=3D>=2010.4.0]=20(#900)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps org.apache.lucene:lucene-core from 10.3.2 to 10.4.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.lucene:lucene-core&package-manager=maven&previous-version=10.3.2&new-version=10.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 17b495d4..c00d9e09 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -101,7 +101,7 @@ 3.3.6 3.1.1 - 10.3.2 + 10.4.0 9.3.1 1.17.2 From 87103bdb5c79529e20f06e38f1586f195950f008 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:49:54 +0800 Subject: [PATCH 20/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.apache.maven.plugins:maven-fail?= =?UTF-8?q?safe-plugin][3.5.4=20=3D>=203.5.5]=20(#905)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5.
Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-failsafe-plugin&package-manager=maven&previous-version=3.5.4&new-version=3.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index c00d9e09..f877426e 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -368,7 +368,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.4 + 3.5.5 org.apache.maven.plugins From 7e0ca0842c137b48754eecf45efccc48ead01045 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 13:06:37 +0000 Subject: [PATCH 21/39] chore(deps): bump com.acanx.meta:os-dependencies in /meta-model Bumps [com.acanx.meta:os-dependencies](https://github.com/ACANX/MetaOpen) from 0.6.6 to 0.6.7. - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) --- updated-dependencies: - dependency-name: com.acanx.meta:os-dependencies dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85ecccc1..99bb76db 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ - 0.6.6 + 0.6.7 UTF-8 21 From 8e2982b05afd85213dae2480759ec524869a7dc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 13:14:35 +0000 Subject: [PATCH 22/39] chore(deps): bump revision from 0.6.6 to 0.6.7 in /meta-component Bumps `revision` from 0.6.6 to 0.6.7. Updates `com.acanx.meta:os-dependencies` from 0.6.6 to 0.6.7 - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) Updates `com.acanx.meta.model:model-maven` from 0.6.6 to 0.6.7 - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) Updates `com.acanx.meta.model:model-sonatype` from 0.6.6 to 0.6.7 - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) --- updated-dependencies: - dependency-name: com.acanx.meta:os-dependencies dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.acanx.meta.model:model-maven dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.acanx.meta.model:model-sonatype dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85ecccc1..99bb76db 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ - 0.6.6 + 0.6.7 UTF-8 21 From c591bcad92ddf50392adb3456ff19d907a6ba4c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 14:36:43 +0000 Subject: [PATCH 23/39] chore(deps): bump com.acanx.meta:os-dependencies Bumps [com.acanx.meta:os-dependencies](https://github.com/ACANX/MetaOpen) from 0.6.6 to 0.6.7. - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) --- updated-dependencies: - dependency-name: com.acanx.meta:os-dependencies dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85ecccc1..99bb76db 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ - 0.6.6 + 0.6.7 UTF-8 21 From f7594f04782c6fc3cf1e7a6b5a93addc5538c085 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 14:45:05 +0000 Subject: [PATCH 24/39] chore(deps): bump com.acanx.meta:os-dependencies in /meta-bom/bom-sdk Bumps [com.acanx.meta:os-dependencies](https://github.com/ACANX/MetaOpen) from 0.6.6 to 0.6.7. - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) --- updated-dependencies: - dependency-name: com.acanx.meta:os-dependencies dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85ecccc1..99bb76db 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ - 0.6.6 + 0.6.7 UTF-8 21 From 54cb7e650c72c1d52ccc1b0d175ae75fa660c20f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 14:56:40 +0000 Subject: [PATCH 25/39] chore(deps): bump com.acanx.meta:os-dependencies in /meta-bom/bom-deamon Bumps [com.acanx.meta:os-dependencies](https://github.com/ACANX/MetaOpen) from 0.6.6 to 0.6.7. - [Release notes](https://github.com/ACANX/MetaOpen/releases) - [Commits](https://github.com/ACANX/MetaOpen/commits) --- updated-dependencies: - dependency-name: com.acanx.meta:os-dependencies dependency-version: 0.6.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 85ecccc1..99bb76db 100644 --- a/pom.xml +++ b/pom.xml @@ -38,7 +38,7 @@ - 0.6.6 + 0.6.7 UTF-8 21 From d776ea9f102fd098efc509ddc44c599204d411ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:08:45 +0800 Subject: [PATCH 26/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[meta-open.version][0.6.6=20=3D>=200?= =?UTF-8?q?.6.7]=20(#915)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `meta-open.version` from 0.6.6 to 0.6.7. Updates `com.acanx.meta.model:model-quote` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-security` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-sonatype` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-deepseek` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-test` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-dingtalk` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-wechat-work` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-rss` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.model:model-gemini` from 0.6.6 to 0.6.7
Commits

Updates `com.acanx.meta.component:sdk-maven-artifact` from 0.6.6 to 0.6.7
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index f877426e..01fb3765 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -51,7 +51,7 @@ 0.10.0 0.1.4.5 - 0.6.6 + 0.6.7 0.4.3 0.4.2 From 61986921cfe5c2adb71cccc294433677a0c67e74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:09:09 +0800 Subject: [PATCH 27/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.hibernate.orm:hibernate-core][7?= =?UTF-8?q?.2.5.Final=20=3D>=207.2.6.Final]=20(#916)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.hibernate.orm:hibernate-core](https://github.com/hibernate/hibernate-orm) from 7.2.5.Final to 7.2.6.Final.
Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Release 7.2.6

Hibernate ORM 7.2.6.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.6.Final.

You can find the full list of 7.2.6.Final changes here.

What's new

  • See the website for requirements and compatibilities.
  • See the What's New guide for details about new features and capabilities.
  • See the Migration Guide for details about migration.

Conclusion

For additional details, see:

See also the following resources related to supported APIs:

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 7.2.6.Final (March 01, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/37978

** Bug * HHH-20176 Native Query cache causing ArrayIndexOutOfBoundsException with extra columns * HHH-19917 Bytecode-enhanced dirty tracking fails for mixed access properties

Commits
  • c549a5c [Jenkins release job] Preparing release 7.2.6.Final
  • f56de01 [Jenkins release job] changelog.txt updated by release build 7.2.6.Final
  • d6195b4 Add missing create domain privilege
  • 6f35e2d Reduce Oracle database user permissions to avoid leaking sequences to other u...
  • 27714d9 Improve QueryParameterBindingValidator error messages
  • c79943b HHH-19917: Fix Bytecode enhanced dirty checking for mixed access
  • b2703c7 HHH-20176 Fix cache indexes based on native query result type
  • 45fc87b HHH-20176 Add reproducer test case
  • 36ed8a8 [Jenkins release job] Preparing next development iteration
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.hibernate.orm:hibernate-core&package-manager=maven&previous-version=7.2.5.Final&new-version=7.2.6.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 01fb3765..5125e4d0 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -69,7 +69,7 @@ 9.6.0 42.7.10 3.5.19 - 7.2.5.Final + 7.2.6.Final 2.6.0 3.20.0 From 7a1f08611937ec5f44d055f79816fbdd43038dc2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:09:25 +0800 Subject: [PATCH 28/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[io.lettuce:lettuce-core][7.4.0.RELE?= =?UTF-8?q?ASE=20=3D>=207.5.0.RELEASE]=20(#919)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.lettuce:lettuce-core&package-manager=maven&previous-version=7.4.0.RELEASE&new-version=7.5.0.RELEASE)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 5125e4d0..e39b9ef4 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -952,7 +952,7 @@ io.lettuce lettuce-core - 7.4.0.RELEASE + 7.5.0.RELEASE provided true From 973947309ed69f567081e930e5bca4d735183a4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:09:41 +0800 Subject: [PATCH 29/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.redisson:redisson][4.2.0=20=3D>?= =?UTF-8?q?=204.3.0]=20(#918)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.redisson:redisson](https://github.com/redisson/redisson) from 4.2.0 to 4.3.0.
Release notes

Sourced from org.redisson:redisson's releases.

redisson-4.3.0

Feature - JMS API implemented
Feature - RCuckooFilter object added
Feature - Local cached Reactive Spring Session implemented
Feature - RBitSet.bitField() method added (thanks to @​bandalgomsu)
Feature - RBatch.getBloomFilterNative() method added
Feature - StreamAddArgs.idempotentProducerId() method added
Feature - hashCode()/equlas() methods added to StreamRangeParams object (thanks to @​bandalgomsu)
Feature - Message.getDeliveries() method added

Improvement - tcpKeepAlive setting is true by default

Fixed - RReliablePubSubTopic.setConfigIfAbsent() throws NPE
Fixed - Message.getCreationTime() returns null for messages stored in RReliableQueue
Fixed - corrupted Input object shouldn't be returned to the pool in Kryo5Codec
Fixed - increased char array in Kryo5Codec isn't cleared when the Input.reset() method is invoked
Fixed - traffic burst may block RRateLimiter indefinitely
Fixed - attempt to unlock lock, not locked by current thread by node id error (thanks to @​seakider)
Fixed - RTopicPattern resubscription after failover (thanks to @​peterhalicky)
Fixed - RBloomFilterNative's add(), exists(), count() return type
Fixed - Spring Data ReactiveKeyCommands.scan() method throws NPE if count setting isn't defined

Changelog

Sourced from org.redisson:redisson's changelog.

2-Mar-2025 - 4.3.0 released

Feature - JMS API implemented
Feature - RCuckooFilter object added
Feature - Local cached Reactive Spring Session implemented
Feature - RBitSet.bitField() method added (thanks to @​bandalgomsu)
Feature - RBatch.getBloomFilterNative() method added
Feature - StreamAddArgs.idempotentProducerId() method added
Feature - hashCode()/equlas() methods added to StreamRangeParamsobject (thanks to @bandalgomsu) Feature -Message.getDeliveries()` method added

Improvement - tcpKeepAlive setting is true by default

Fixed - RReliablePubSubTopic.setConfigIfAbsent() throws NPE
Fixed - Message.getCreationTime() returns null for messages stored in RReliableQueue
Fixed - corrupted Input object shouldn't be returned to the pool in Kryo5Codec
Fixed - increased char array in Kryo5Codec isn't cleared when the Input.reset() method is invoked
Fixed - traffic burst may block RRateLimiter indefinitely
Fixed - attempt to unlock lock, not locked by current thread by node id error (thanks to @​seakider)
Fixed - RTopicPattern resubscription after failover (thanks to @​peterhalicky)
Fixed - RBloomFilterNative's add(), exists(), count() return type
Fixed - Spring Data ReactiveKeyCommands.scan() method throws NPE if count setting isn't defined

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.redisson:redisson&package-manager=maven&previous-version=4.2.0&new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index e39b9ef4..65ba8ab1 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -89,7 +89,7 @@ 2.3.34 1.22.1 9.1.0.Final - 4.2.0 + 4.3.0 2.0.17 1.0.0 From 8e7a701ca76a5dee73da61a6c10c251b9ee10c0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:09:58 +0800 Subject: [PATCH 30/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[net.bytebuddy:byte-buddy][1.18.5=20?= =?UTF-8?q?=3D>=201.18.7]=20(#920)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) from 1.18.5 to 1.18.7.
Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

1. March 2026: version 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

Commits
  • 9d76434 Releasing Byte Buddy 1.18.7
  • 06498df [release] Release new version
  • c74eae4 Fix pipeline and add note on accidental release.
  • bc1c23a [release] Release new version
  • 19a2ea4 Fix build profile.
  • 33d544d Update Maven checksum extension.
  • 2023f8a [release] Release new version
  • bc535ba Complete reworked build script.
  • 70f6a21 Add missing checksums for GPG.
  • 2080329 Avoid release plugin altogether.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=net.bytebuddy:byte-buddy&package-manager=maven&previous-version=1.18.5&new-version=1.18.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 65ba8ab1..d8bc1976 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -58,7 +58,7 @@ 25.0.1 3.30.2-GA 1.9.25.1 - 1.18.5 + 1.18.7 4.2.10.Final 3.8.3 From 118d70a29af4eaedb9df0a84161d5219e5fb51c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:10:18 +0800 Subject: [PATCH 31/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.graalvm.buildtools:utils][0.11.?= =?UTF-8?q?4=20=3D>=200.11.5]=20(#921)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.graalvm.buildtools:utils](https://github.com/graalvm/native-build-tools) from 0.11.4 to 0.11.5.
Release notes

Sourced from org.graalvm.buildtools:utils's releases.

0.11.5

What's Changed

Full Changelog: https://github.com/graalvm/native-build-tools/compare/0.11.4...0.11.5

Commits
  • ffd094d Release 0.11.5
  • 1d7c2f7 Merge pull request #842 from graalvm/update-metadata-to-0.3.34
  • ba1c2e8 Update reachability metadata to 0.3.34
  • 790fa05 Merge pull request #822 from graalvm/vj/compatibility-mode
  • 0631241 Implement Compatibility Mode detection
  • 1844654 Use JDK 21 Graal in the CI (#839)
  • 6315677 Revert "Remove the usage of the global metadata/index.json from the nbt plugi...
  • fe065ce Remove the usage of the global metadata/index.json from the nbt plugins (#829)
  • 94b5b54 Fix JUnit 6 not working correctly with JDK 21 by expanding the initialize-at-...
  • 086cfdf Add fallback for jarless artifacts in the native-maven-plugin (#824)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.graalvm.buildtools:utils&package-manager=maven&previous-version=0.11.4&new-version=0.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-graalvm/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-graalvm/pom.xml b/meta-bom/bom-graalvm/pom.xml index 447c1d46..2ab2b04b 100644 --- a/meta-bom/bom-graalvm/pom.xml +++ b/meta-bom/bom-graalvm/pom.xml @@ -81,7 +81,7 @@ org.graalvm.buildtools utils - 0.11.4 + 0.11.5 runtime From 52ad616baf34442087e8e57e598aed193585e405 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:10:35 +0800 Subject: [PATCH 32/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.graalvm.buildtools:native-maven?= =?UTF-8?q?-plugin][0.11.4=20=3D>=200.11.5]=20(#922)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools) from 0.11.4 to 0.11.5.
Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.11.5

What's Changed

Full Changelog: https://github.com/graalvm/native-build-tools/compare/0.11.4...0.11.5

Commits
  • ffd094d Release 0.11.5
  • 1d7c2f7 Merge pull request #842 from graalvm/update-metadata-to-0.3.34
  • ba1c2e8 Update reachability metadata to 0.3.34
  • 790fa05 Merge pull request #822 from graalvm/vj/compatibility-mode
  • 0631241 Implement Compatibility Mode detection
  • 1844654 Use JDK 21 Graal in the CI (#839)
  • 6315677 Revert "Remove the usage of the global metadata/index.json from the nbt plugi...
  • fe065ce Remove the usage of the global metadata/index.json from the nbt plugins (#829)
  • 94b5b54 Fix JUnit 6 not working correctly with JDK 21 by expanding the initialize-at-...
  • 086cfdf Add fallback for jarless artifacts in the native-maven-plugin (#824)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.graalvm.buildtools:native-maven-plugin&package-manager=maven&previous-version=0.11.4&new-version=0.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-graalvm/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-graalvm/pom.xml b/meta-bom/bom-graalvm/pom.xml index 2ab2b04b..5a05aec7 100644 --- a/meta-bom/bom-graalvm/pom.xml +++ b/meta-bom/bom-graalvm/pom.xml @@ -75,7 +75,7 @@ org.graalvm.buildtools native-maven-plugin - 0.11.4 + 0.11.5 From 077d93dca61563522dfa21f823ba9b9bf01a324b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:10:50 +0800 Subject: [PATCH 33/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.graalvm.buildtools:graalvm-reac?= =?UTF-8?q?hability-metadata][0.11.4=20=3D>=200.11.5]=20(#923)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.graalvm.buildtools:graalvm-reachability-metadata](https://github.com/graalvm/native-build-tools) from 0.11.4 to 0.11.5.
Release notes

Sourced from org.graalvm.buildtools:graalvm-reachability-metadata's releases.

0.11.5

What's Changed

Full Changelog: https://github.com/graalvm/native-build-tools/compare/0.11.4...0.11.5

Commits
  • ffd094d Release 0.11.5
  • 1d7c2f7 Merge pull request #842 from graalvm/update-metadata-to-0.3.34
  • ba1c2e8 Update reachability metadata to 0.3.34
  • 790fa05 Merge pull request #822 from graalvm/vj/compatibility-mode
  • 0631241 Implement Compatibility Mode detection
  • 1844654 Use JDK 21 Graal in the CI (#839)
  • 6315677 Revert "Remove the usage of the global metadata/index.json from the nbt plugi...
  • fe065ce Remove the usage of the global metadata/index.json from the nbt plugins (#829)
  • 94b5b54 Fix JUnit 6 not working correctly with JDK 21 by expanding the initialize-at-...
  • 086cfdf Add fallback for jarless artifacts in the native-maven-plugin (#824)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.graalvm.buildtools:graalvm-reachability-metadata&package-manager=maven&previous-version=0.11.4&new-version=0.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-graalvm/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-graalvm/pom.xml b/meta-bom/bom-graalvm/pom.xml index 5a05aec7..2be5d9fe 100644 --- a/meta-bom/bom-graalvm/pom.xml +++ b/meta-bom/bom-graalvm/pom.xml @@ -88,7 +88,7 @@ org.graalvm.buildtools graalvm-reachability-metadata - 0.11.4 + 0.11.5 runtime From 5b23e8f091187dafc14be16e09760a26b0412ab7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:11:09 +0800 Subject: [PATCH 34/39] chore(deps): bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 in /os-dependencies (#926) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) from 3.4.0 to 3.5.0.
Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

🚀 New features and improvements

👻 Maintenance

📦 Dependency updates

Commits
  • ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
  • bfadfff Use maven-filtering 3.5.0 (staged)
  • 3f74ba2 Drop commons-io; unused
  • caefcde Bug: use change detecton strategies (#462)
  • 38534e3 Cleanup deps (#463)
  • 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
  • e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
  • a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
  • 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
  • ad31b55 Add IT for #444 issue
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-resources-plugin&package-manager=maven&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index d8bc1976..c7f44225 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -313,7 +313,7 @@ org.apache.maven.plugins maven-resources-plugin - 3.4.0 + 3.5.0 org.apache.maven.plugins From 6f6e67f3b3b1c8c17defb2bf7f871c3bf659a30d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:11:25 +0800 Subject: [PATCH 35/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.apache.maven.plugins:maven-shad?= =?UTF-8?q?e-plugin][3.6.1=20=3D>=203.6.2]=20(#927)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) from 3.6.1 to 3.6.2.
Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.2

🐛 Bug Fixes

  • Bug: Extra JARs and Artifacts were not subjected to filtering (#785) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • ad8de59 [maven-release-plugin] prepare release maven-shade-plugin-3.6.2
  • 8eb19dc Drop unneeded dependencies (#788)
  • 397b2cd Drop excessive dependencies (#786)
  • eca6398 Bug: Extra JARs and Artifacts were not subjected to filtering (#785)
  • 7edce17 Update to parent POM v 47 (#781)
  • 3171a34 Mockito improvements (#783)
  • 678844b Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#782)
  • 73ec909 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780)
  • 5f7a877 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#778)
  • 73c5247 chore: remove junit3 reference (#762)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-shade-plugin&package-manager=maven&previous-version=3.6.1&new-version=3.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index c7f44225..d5ab2f8c 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -303,7 +303,7 @@ org.apache.maven.plugins maven-shade-plugin - 3.6.1 + 3.6.2 org.apache.maven.plugins From 1fb2a97c7c5e7b4b607d62726cad1540d00ba23c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:11:55 +0800 Subject: [PATCH 36/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.apache.maven:maven-model][3.9.1?= =?UTF-8?q?2=20=3D>=203.9.13]=20(#928)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps org.apache.maven:maven-model from 3.9.12 to 3.9.13. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven:maven-model&package-manager=maven&previous-version=3.9.12&new-version=3.9.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-model/model-maven/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-model/model-maven/pom.xml b/meta-model/model-maven/pom.xml index 66bb7777..f2712194 100644 --- a/meta-model/model-maven/pom.xml +++ b/meta-model/model-maven/pom.xml @@ -50,7 +50,7 @@ org.apache.maven maven-model - 3.9.12 + 3.9.13 org.junit.jupiter From 6c45a485f1d03aa6f996acb2a7a3288c21d4190a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:12:27 +0800 Subject: [PATCH 37/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[httpcore5.version][5.4.1=20=3D>=205?= =?UTF-8?q?.4.2]=20(#931)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `httpcore5.version` from 5.4.1 to 5.4.2. Updates `org.apache.httpcomponents.core5:httpcore5` from 5.4.1 to 5.4.2
Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5's changelog.

Release 5.4.2

This maintenance release fixes a bug in the lax connection pool where expired connection cleanup fails to update the number of available connections, potentially causing the client to eventually deadlock. Two other fixes are included as well, one for a memory leak in the implementation of HTTP/2 stream priority and one in the parseLenient method, which should ignore illegal character names.

Change Log

  • Bug fix: Decrement pool entry count in LaxConnPool upon discarding an expired connection. Contributed by Ryan Schmitt

  • Bug fix: Fix HTTP/2 stream priority memory leak. (#617) Contributed by Arturo Bernal

  • Bug fix: Fix parseLenient to ignore illegal charset names. (#618) Contributed by Arturo Bernal

Commits
  • 4ee5b2a HttpCore 5.4.2 release
  • fb3b743 Update release notes for HttpCore 5.4.2 release
  • 02ac686 LaxConnPool: Deallocate pool entry upon discarding expired connection
  • 9a641bd Fix HTTP/2 stream priority memory leak by dropping unused PriorityValue cache...
  • dbc8788 HTTPCORE-794 - Fix parseLenient to ignore illegal charset names (#618)
  • 95d7182 Upgraded HttpCore version to 5.4.2-SNAPSHOT
  • See full diff in compare view

Updates `org.apache.httpcomponents.core5:httpcore5-h2` from 5.4.1 to 5.4.2
Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5-h2's changelog.

Release 5.4.2

This maintenance release fixes a bug in the lax connection pool where expired connection cleanup fails to update the number of available connections, potentially causing the client to eventually deadlock. Two other fixes are included as well, one for a memory leak in the implementation of HTTP/2 stream priority and one in the parseLenient method, which should ignore illegal character names.

Change Log

  • Bug fix: Decrement pool entry count in LaxConnPool upon discarding an expired connection. Contributed by Ryan Schmitt

  • Bug fix: Fix HTTP/2 stream priority memory leak. (#617) Contributed by Arturo Bernal

  • Bug fix: Fix parseLenient to ignore illegal charset names. (#618) Contributed by Arturo Bernal

Commits
  • 4ee5b2a HttpCore 5.4.2 release
  • fb3b743 Update release notes for HttpCore 5.4.2 release
  • 02ac686 LaxConnPool: Deallocate pool entry upon discarding expired connection
  • 9a641bd Fix HTTP/2 stream priority memory leak by dropping unused PriorityValue cache...
  • dbc8788 HTTPCORE-794 - Fix parseLenient to ignore illegal charset names (#618)
  • 95d7182 Upgraded HttpCore version to 5.4.2-SNAPSHOT
  • See full diff in compare view

Updates `org.apache.httpcomponents.core5:httpcore5-reactive` from 5.4.1 to 5.4.2
Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5-reactive's changelog.

Release 5.4.2

This maintenance release fixes a bug in the lax connection pool where expired connection cleanup fails to update the number of available connections, potentially causing the client to eventually deadlock. Two other fixes are included as well, one for a memory leak in the implementation of HTTP/2 stream priority and one in the parseLenient method, which should ignore illegal character names.

Change Log

  • Bug fix: Decrement pool entry count in LaxConnPool upon discarding an expired connection. Contributed by Ryan Schmitt

  • Bug fix: Fix HTTP/2 stream priority memory leak. (#617) Contributed by Arturo Bernal

  • Bug fix: Fix parseLenient to ignore illegal charset names. (#618) Contributed by Arturo Bernal

Commits
  • 4ee5b2a HttpCore 5.4.2 release
  • fb3b743 Update release notes for HttpCore 5.4.2 release
  • 02ac686 LaxConnPool: Deallocate pool entry upon discarding expired connection
  • 9a641bd Fix HTTP/2 stream priority memory leak by dropping unused PriorityValue cache...
  • dbc8788 HTTPCORE-794 - Fix parseLenient to ignore illegal charset names (#618)
  • 95d7182 Upgraded HttpCore version to 5.4.2-SNAPSHOT
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index a652d0da..17ea0f52 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -179,7 +179,7 @@ 5.6 - 5.4.1 + 5.4.2 4.4.16 4.5.14 From 05e5e94b7f78266ae671e8f21b3ed81f27977d7d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:12:42 +0800 Subject: [PATCH 38/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[awssdk.version][2.42.3=20=3D>=202.4?= =?UTF-8?q?2.7]=20(#929)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `awssdk.version` from 2.42.3 to 2.42.7. Updates `software.amazon.awssdk:s3` from 2.42.3 to 2.42.7 Updates `software.amazon.awssdk:lambda` from 2.42.3 to 2.42.7 Updates `software.amazon.awssdk:ses` from 2.42.3 to 2.42.7 Updates `software.amazon.awssdk:cloudwatch` from 2.42.3 to 2.42.7 Updates `software.amazon.awssdk:costexplorer` from 2.42.3 to 2.42.7 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index 22d3dbdc..06dacead 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.3 + 2.42.7 From 06c528190ac4a5a72adcdeb460fcaf3338811f0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Mar 2026 16:13:01 +0800 Subject: [PATCH 39/39] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[de.codecentric:spring-boot-admin-de?= =?UTF-8?q?pendencies][4.0.1=20=3D>=204.0.2]=20(#930)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [de.codecentric:spring-boot-admin-dependencies](https://github.com/codecentric/spring-boot-admin) from 4.0.1 to 4.0.2.
Commits
  • 15b8a29 fix(deps): update dependency axios to v1.13.6 (#5135)
  • a960932 chore(deps): update storybook monorepo to v10.2.13 (#5133)
  • 1e64c95 chore(deps): update actions/upload-artifact action to v7 (#5131)
  • 40890ee chore(deps): update dependency cronstrue to v3.13.0 (#5132)
  • 0185317 chore(deps): update dependency autoprefixer to v10.4.27 (#5130)
  • 1d0cb37 chore(deps): update dependency autoprefixer to v10.4.25 (#5129)
  • 154659e fix(deps): update dependency vue to v3.5.29 (#5127)
  • 3522695 chore(deps): update storybook monorepo to v10.2.12 (#5126)
  • 76c1e84 chore(deps): update node.js to v24.14.0 (#5124)
  • 60821de chore(deps): update typescript-eslint monorepo to v8.56.1 (#5123)
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=de.codecentric:spring-boot-admin-dependencies&package-manager=maven&previous-version=4.0.1&new-version=4.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index 17ea0f52..cc964c93 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -73,7 +73,7 @@ 7.0.5 4.0.3 - 4.0.1 + 4.0.2 2025.0.0 4.2.0 4.2.0