Bump the maven-dependencies group across 1 directory with 37 updates

[dependabot]

Bumps the maven-dependencies group with 37 updates in the / directory:

Package	From	To
org.apache.logging.log4j:log4j-slf4j2-impl	2.24.3	2.25.3
org.apache.logging.log4j:log4j-core	2.24.3	2.25.3
org.ehcache:ehcache	3.10.8	3.11.1
org.hibernate.orm:hibernate-core	6.6.15.Final	7.2.0.Final
com.mysql:mysql-connector-j	9.3.0	9.5.0
org.postgresql:postgresql	42.7.5	42.7.8
net.bytebuddy:byte-buddy	1.17.5	1.18.3
net.bytebuddy:byte-buddy-agent	1.17.5	1.18.3
commons-io:commons-io	2.19.0	2.21.0
io.projectreactor:reactor-core	3.7.6	3.8.1
io.projectreactor:reactor-test	3.7.6	3.8.1
org.jobrunr:jobrunr	7.5.1	8.3.1
org.quartz-scheduler:quartz	2.4.0	2.4.1
org.dom4j:dom4j	2.1.4	2.2.0
com.google.code.gson:gson	2.13.1	2.13.2
com.fasterxml.jackson:jackson-bom	2.19.0	2.20.1
org.junit:junit-bom	5.12.2	6.0.2
org.hibernate.validator:hibernate-validator	8.0.2.Final	9.1.0.Final
org.jacoco:jacoco-maven-plugin	0.8.13	0.8.14
org.apache.maven.plugins:maven-clean-plugin	3.4.1	3.5.0
org.apache.maven.plugins:maven-enforcer-plugin	3.5.0	3.6.2
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-failsafe-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-compiler-plugin	3.14.0	3.14.1
org.apache.maven.plugins:maven-assembly-plugin	3.7.1	3.8.0
org.apache.maven.plugins:maven-jar-plugin	3.4.2	3.5.0
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-release-plugin	3.1.1	3.3.1
org.apache.maven.plugins:maven-resources-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.11.2	3.12.0
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
io.axoniq:axonserver-connector-java	2024.2.2	2025.2.1
com.oracle.database.jdbc:ojdbc8	23.8.0.25.04	23.26.0.0.0
org.axonframework.extensions.mongo:axon-mongo	4.11.1	4.12.0
io.dropwizard.metrics:metrics-core	4.2.30	4.2.37
io.micrometer:micrometer-core	1.15.0	1.16.1
io.opentelemetry:opentelemetry-api	1.50.0	1.58.0

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3

Updates org.ehcache:ehcache from 3.10.8 to 3.11.1

Release notes

Sourced from org.ehcache:ehcache's releases.

3.11.1

Getting started

This new minor release of Ehcache 3 is the first new release under IBM ownership. It adds support for shared resource pools between unclustered caches. It also contains a fix for a hashing denial of service performance regression (#3268).

[!NOTE] Ehcache 3.11 with be the last minor release line to support Java 8. The next release line will advance the Java baseline to 17.

Ehcache 3.11.1 has been released to maven central under the following coordinates:

Main module

<dependency>
  <groupId>org.ehcache</groupId>
  <artifactId>ehcache</artifactId>
  <version>3.11.1</version>
  <!-- <classifier>jakarta</classifier> -->
</dependency>

or

implementation('org.ehcache:ehcache:3.11.1') {
//  capabilities {
//    requireCapability('org.ehcache:ehcache-jakarta')
//  }
}

Transactions module

<dependency>
  <groupId>org.ehcache</groupId>
  <artifactId>ehcache-transactions</artifactId>
  <version>3.11.1</version>
  <!-- <classifier>jakarta</classifier> -->
</dependency>

or

implementation('org.ehcache:ehcache-transactions:3.11.1') {
//  capabilities {
//    requireCapability('org.ehcache:ehcache-transactions-jakarta')
//  }
}

Clustering module

... (truncated)

Commits

• d07c3b4 Set ehcacheVersion to 3.11.1
• f5d1a7e Merge pull request #3274 from chrisdennis/issue-2494-refix
• c85a888 Fixes #2494 : Move to drive the jcache map from the underlying Ehcache manage...
• b02f2e7 Revert "Merge branch 'issue-2494-daggy' into issue-2494-daggy-integrate"
• be0e98c Merge pull request #3271 from chrisdennis/publishing-fix
• 7316d46 Set packageGroup once and override with stagingProfileId when necessary
• 2716091 Merge pull request #3270 from ehcache/sonatype-central-url
• 3a21733 Use new Central Repository URL in sonatype publishing
• 962f2d0 Merge pull request #3268 from chrisdennis/eviction-security-fix
• d97adf7 Traversers start at the start and are recycled
• Additional commits viewable in compare view

Updates org.hibernate.orm:hibernate-core from 6.6.15.Final to 7.2.0.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Release 7.2.0

Hibernate ORM 7.2.0.Final released

Today, we published a new release of Hibernate ORM 7.2: 7.2.0.Final.

You can find the full list of 7.2.0.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide
• the API docs

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Release 7.2.0.CR4

Hibernate ORM 7.2.0.CR4 released

Today, we published a new release of Hibernate ORM 7.2: 7.2.0.CR4.

You can find the full list of 7.2.0.CR4 changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

... (truncated)

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 7.2.0.Final (December 12, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36806

Changes in 7.2.0.CR4 (December 10, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36476

** Bug * HHH-19980 In JTA after-completion callbacks may get ignored * HHH-19979 processor should handle @​NamedEntityGraph with defaulted name * HHH-19975 Calling entityManager.find(clazz, id) with null id throws NullPointerException * HHH-19972 OptionalTableUpdateOperation can fail on PostgreSQL < 15 and CockroachDB * HHH-19963 Wrong references in entity fields with circular associations * HHH-19958 <generated> tag in orm.xml is not implemented * HHH-19955 Thread-safety issue in EntityEntryContext resulting in NullPointerException for Session.contains() calls. * HHH-19843 Bean Validation may fail on operations with stateless session * HHH-18871 Nested NativeQuery mappings causing 'Could not locate TableGroup' exception after migration * HHH-18217 StatelessSession.upsert() for entity with all-null non-id fields, or no non-id field

** Improvement * HHH-19943 Comparison of generic nested EmbeddedId's fails for JPQL and Criteria API * HHH-19215 Extends Dialect#addQueryHints to support straight_join syntax

Changes in 7.2.0.CR3 (November 25, 2025)

https://hibernate.atlassian.net/projects/HHH/versions/36014

** Bug * HHH-19939 broken caching for MERGE and REFRESH load plans * HHH-19937 duplicate version check after refresh * HHH-19936 Parameter casts for by-id lookups don't take column definition into account * HHH-19932 NullPointerException in SqmInterpretationsKey::toString * HHH-19926 NullPointerException when executing JPQL IN clause with null parameter on entity association * HHH-19925 Locking root(s) should be based on select-clause, not from-clause * HHH-19924 Session#find with LockMode.UPGRADE_NOWAIT casues AssetionError when no entity with the provided id exists in the database * HHH-19922 org.hibernate.orm:hibernate-platform:pom:7.1.7.Final is missing * HHH-19918 Avoid reflection when instantiating known FormatMapper * HHH-19910 EntityInitializer#resolveInstance wrongly initializes existing detached instance * HHH-19906 JsonGeneratingVisitor#visit doesn't handle plural types correctly * HHH-19905 Implicit join re-use with nested inner and left joins causes ParsingException * HHH-19895 hibernate-core 6.6.30.Final breaks compatibility on entities with composite keys for multiple variants of DB2 * HHH-19758 HQL parse failure with SLL can lead to wrong parse * HHH-19749 [Oracle] Merge with @​SecondaryTable may generate invalid NUMERIC type casts

... (truncated)

Commits

• 6f77c21 [Jenkins release job] Preparing release 7.2.0.Final
• 6f9e75e [Jenkins release job] changelog.txt updated by release build 7.2.0.Final
• a182a10 Revert "HHH-7287 - Problem in caching proper natural-id-values when obtaining...
• 6a7ba40 Revert "HHH-7287 - Problem in caching proper natural-id-values when obtaining...
• 1c98c9e Revert "HHH-3192 - SchemaValidator column nullability check"
• 5612c9b Revert "Workaround JDK 17 javac bug for switch expression compilation"
• 6e1ae87 Revert "HHH-19976 Don't adopt AdjustableBasicType name to create derived type"
• 4328313 HHH-19976 Don't adopt AdjustableBasicType name to create derived type
• 64a86dc Workaround JDK 17 javac bug for switch expression compilation
• 3b8dc32 HHH-3192 - SchemaValidator column nullability check
• Additional commits viewable in compare view

Updates com.mysql:mysql-connector-j from 9.3.0 to 9.5.0

Changelog

Sourced from com.mysql:mysql-connector-j's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/en/

Version 9.5.0

• Fix for Bug#72036 (Bug#18403804), XA isSameRM() shouldn't take database into account.

• Fix for Bug#62693 (Bug#16722068), XAConnection savepoint capability.

• Fix for Bug#81128 (Bug#23146631), Master host list overwritten by slave list when loadBalanceConnectionGroup used.

• Fix for Bug#19887224, RUNNING THE TEST SUITE WITH SOCKSPROXY* PROPERTIES HANGS IN TEST TESTBUG56429.

• Fix for Bug#98699 (Bug#30932850), Allow empty keyStore file for keyStoreTypes that do not require files. Thanks to Kolbe Kegel for his contribution.

• Fix for Bug#118938 (Bug#38396227), DatabaseMetaDataInformationSchema#getSchemas has a bug.

• Fix for Bug#99292 (Bug#31195955), Contribution: Support Windows time zone 'Coordinated Universal Time'. Thanks to Frédéric Barrière for his contribution.

• Fix for Bug#107094 (Bug#34104230), NullPointerException when calling equals with null on MultiHostConnectionProxy.

• Fix for Bug#107543 (Bug#34464351), Cannot execute a SELECT statement that writes to an OUTFILE.

• Fix for Bug#17881458, BEHAVIOR OF SETBINARYSTREAM() METHOD IS DIFFERENT WHEN USESERVERPREPSTMTS=TRUE.

• Fix for Bug#45554 (Bug#11754018), Connector/J does not encode binary data if useServerPrepStatements=false.

• Fix for Bug#114974 (Bug#36614381), the SQL in batch will not clear after statement close. Thanks to Chengyi Dong for his contribution.

• Fix for Bug#118688 (Bug#38222681), com.mysql.cj.protocol.a.StringValueEncoder#getString does not handle string escaping. Thanks to Feng Shen for his contribution.

• Fix for Bug#118329 (Bug#38022329), Contribution: Optimize BigDecimal zero value handling to reduce memory footprint. Thanks to Chengjun Huang for his contribution.

• Fix for Bug#42777 (Bug#11751788), loadBalanceStrategy and roundRobinLoadBalance should be consolidated.

• Fix for Bug#112090 (Bug#35716608), SHOW ENGINE command runs forever when using cursor fetch.

Version 9.4.0

• Fix for Bug#116120 (Bug#37079448), Inappropriate charset selected for connection when jdk.charsets not included.

• Fix for Bug#98620 (Bug#31503893), Using DatabaseMetaData.getColumns() gives collation mix error.

• Fix for Bug#118389 (Bug#38044940), OCI ephemeral keys not working after change in OCI CLI.

... (truncated)

Commits

• a7b3c94 Update for GPL license book.
• a17a256 Fix for StatementRegressionTest.testBug107543_IntoFile() failing when
• 0d642f5 Fix for Bug#72036 (Bug#18403804), XA isSameRM() shouldn't take database into ...
• cdb5880 Fix for Bug#62693 (Bug#16722068), XAConnection savepoint capability.
• 2ce8cb2 Fix for Bug#81128 (Bug#23146631), Master host list overwritten by slave list ...
• f889dec Fix for Bug#19887224, RUNNING THE TEST SUITE WITH SOCKSPROXY* PROPERTIES HANG...
• b62afb2 Fix for Bug#98699 (Bug#30932850), Allow empty keyStore file for keyStoreTypes...
• 1470742 Fix for typo.
• af1348a Update build instructions to use protoc for consistency; perform minor cleanups.
• 29a877b Fix for Bug#118938 (Bug#38396227), DatabaseMetaDataInformationSchema#getSchem...
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.5 to 42.7.8

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.8

Notable changes:

• Releases are signed with a new PGP key which is generated at GitHub Actions and stored only there @​vlsi (#3701)

Changes

• fix: Update release plugin config to use .set(...) for props and inject nexus secrets via props @​sehrope (#3802)
• update version to 42.7.8 @​davecramer (#3801)
• change logs for version 42.7.8 @​davecramer (#3797)
• Fix getNotifications() documentation @​pdewacht (#3800)
• fix(deps): update dependency om.ongres.scram:scram-client to 3.2 @​jorsol (#3799)
• Add configurable boolean-to-numeric conversion for ResultSet getters @​vwassan (#3796)
• Update CONTRIBUTING.md @​davecramer (#3794)
• perf: remove QUERY_ONESHOT flag when calling getMetaData @​ShenFeng312 (#3783)
• test: add bench for batch insert via unnest with arrays @​lantalex (#3782)
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" @​simon-greatrix (#3774)
• Use BufferedInputStream with FileInputStream @​jgardn3r (#3750)
• Fix #3747: Incorrect class comparison in PGXmlFactoryFactory validation @​eitch (#3748)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength @​sly461 (#3746)
• test: add channelBinding to SslTest @​vlsi (#3665)
• fix: remove excessive ReentrantLock.lock usages @​vlsi (#3703)
• test: add ossf-scorecard security scanning @​vlsi (#3695)
• fix indentation to let CI pass @​mohitsatr (#3682)
• test: extract pgjdbc/testFixtures to testkit project @​vlsi (#3666)
• fix: make sure getImportedExportedKeys returns columns in consistent order @​vlsi (#3663)
• feat: use PreparedStatement for DatabaseMetaData.getCrossReference, getImportedKeys, getExportedKeys @​vlsi (#3641)
• Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException @​SophiahHo (#3660)

🐛 Bug Fixes

• fix: avoid IllegalStateException: Timer already cancelled when StatementCancelTimerTask.run throws a runtime error @​vlsi (#3778)
• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet @​vlsi (#3780)
• fix: unable to open replication connection to servers < 12 @​vlsi (#3678)

🧰 Maintenance

• chore: fix published project name @​vlsi (#3809)
• chore: update publish to Central Portal task name after bumping nmcp @​vlsi (#3808)
• fix(deps): update com.gradleup.nmcp to 1.1.0 @​vlsi (#3807)
• Revert "fix: Update release plugin config to use .set(...) for props and inject nexus creds via gradle props" @​vlsi (#3803)
• chore: group com.gradleup.nmcp version updates @​vlsi (#3805)
• chore: use bump org.apache.bcel:bcel test dependency in testCompileClasspath as well @​vlsi (#3775)
• Fix typo in PGReplicationStream.java @​atorik (#3758)
• chore: remove JDK versions from the key workflow names @​vlsi (#3759)
• chore: add GitHub Actions workflow for generating release PGP key @​vlsi (#3701)
• chore: replace StandardCharsets with Charsets to simplify code @​vlsi (#3751)
• chore: migrate publish workflow to Central Portal publishing via com.gradleup.nmcp @​vlsi (#3686)
• chore: adjust the default branch name for ossf scorecard scan @​vlsi (#3697)
• chore: add top-level read-only permissions for GitHub Actions when missing @​vlsi (#3696)
• chore: use config:best-practices preset for Renovate @​vlsi (#3687)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.8] (2025-09-18)

Added

• feat: Add configurable boolean-to-numeric conversion for ResultSet getters [PR #3796](pgjdbc/pgjdbc#3796)

Changed

• perf: remove QUERY_ONESHOT flag when calling getMetaData [PR #3783](pgjdbc/pgjdbc#3783)
• perf: use BufferedInputStream with FileInputStream [PR #3750](pgjdbc/pgjdbc#3750)
• perf: enable server-prepared statements for DatabaseMetaData

Fixed

• fix: avoid NullPointerException when cancelling a query if cancel key is not known yet
• fix: Change "PST" timezone in TimestampTest to "Pacific Standard Time" [PR #3774](pgjdbc/pgjdbc#3774)
• fix: traverse the current dimension to get the correct pos in PgArray#calcRemainingDataLength [PR #3746](pgjdbc/pgjdbc#3746)
• fix: make sure getImportedExportedKeys returns columns in consistent order
• fix: Add "SELF_REFERENCING_COL_NAME" field to getTables' ResultSetMetaData to fix NullPointerException [PR #3660](pgjdbc/pgjdbc#3660)
• fix: unable to open replication connection to servers < 12
• fix: avoid closing statement caused by driver's internal ResultSet#close()
• fix: return empty metadata for empty catalog names as it was before
• fix: Incorrect class comparison in PGXmlFactoryFactory validation

[42.7.7] (2025-06-10)

Security

• security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

• test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

• fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

• performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)
• feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

... (truncated)

Commits

• 9a5492d chore: fix published project name
• ca064f8 chore: update publish to Central Portal task name after bumping nmcp
• 3d97bb8 fix: avoid IllegalStateException: Timer already cancelled when StatementCanc...
• faa7dfc test: move BaseTest4 to testkit module
• dbf2847 fix(deps): update com.gradleup.nmcp to 1.1.0
• 9245e26 Revert "fix: Update release plugin config to use .set(...) for props and inje...
• 8e833c3 chore: group com.gradleup.nmcp version updates
• ec5a088 fix: Update release plugin config to use .set(...) for props and inject nexus...
• c03db58 update version to 42.7.8 (#3801)
• 50ff169 change logs for version 42.7.8 (#3797)
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.5 to 1.18.3

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Byte Buddy 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

16. June 2025: version 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Commits

• 6f358c8 [maven-release-plugin] prepare release byte-buddy-1.18.3
• 57df2c7 [release] Release new version.
• 1111a18 [release] Release new version.
• 6698c45 [release] Release new version
• 04a89c6 Avoid using class file API when loaded on the boot path as multi release jar ...
• ba05f0d Remove unused import.
• ec50316 Adds safety for illegally compiled parameters.
• e720b5e Update README.md
• a966b04 Update README.md
• dfa50ad Update release notes and internal Byte Buddy.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.17.5 to 1.18.3

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Byte Buddy 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

16. June 2025: version 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Commits

• 6f358c8 [maven-release-plugin] prepare release byte-buddy-1.18.3
• 57df2c7 [release] Release new version.
• 1111a18 [release] Release new version.
• 6698c45 [release] Release new version
• 04a89c6 Avoid using class file API when loaded on the boot path as multi release jar ...
• ba05f0d Remove unused import.
• ec50316 Adds safety for illegally compiled parameters.
• e720b5e Update README.md
• a966b04 Update README.md
• dfa50ad Update release notes and internal Byte Buddy.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.17.5 to 1.18.3

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Byte Buddy 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

16. June 2025: version 1.17.6

• Add convenience wrapper for ResettableClassFileTransformer that implicitly delegates to correct transformer method.
• Add filter for deduplicate fields and methods in class file.
• Add missing static requirement of Spotbugs annotations to module descriptors.
• Add LazinessMode for TypePool and add convenience support to AgentBuilder.
• Fix source jars for multi-version release to contain duplicated source.

Commits

• 6f358c8 [maven-release-plugin] prepare release byte-buddy-1.18.3
• 57df2c7 [release] Release new version.
• 1111a18 [release] Release new version.
• 6698c45 [release] Release new version
• 04a89c6 Avoid using class file API when loaded on the boot path as multi release jar ...
• ba05f0d Remove unused import.
• ec50316 Adds safety for illegally compiled parameters.
• e720b5e Update README.md
• a966b04 Update README.md
• dfa50ad Update release notes and internal Byte Buddy.
• Additional commits viewable in compare view

Updates commons-io:commons-io from 2.19.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.21.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.21.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.21.0: Java 8 or later is required.

New features

o FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_RB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_QB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], int, int, long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(int, long). Thanks to Gary Gregory. o Add length unit support in FileSystem limits. Thanks to Piotr P. Karwasz. o Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation. Thanks to Piotr P. Karwasz. o Add org.apache.commons.io.file.PathUtils.getPath(String, String). Thanks to Gary Gregory. o Add org.apache.commons.io.channels.ByteArraySeekableByteChannel. Thanks to Gary Gregory. o Add IOIterable.asIterable(). Thanks to Gary Gregory. o Add NIO channel support to AbstractStreamBuilder. Thanks to Piotr P. Karwasz. o Add CloseShieldChannel to close-shielded NIO Channels #786. Thanks to Piotr P. Karwasz. o Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize #790. Thanks to Piotr P. Karwasz.

Fixed Bugs

o When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading. Thanks to Gary Gregory. o When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE. Thanks to Gary Gregory. o ValidatingObjectInputStream does not validate dynamic proxy interfaces. Thanks to Stanislav Fort, Gary Gregory. o BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set. Thanks to Piotr P. Karwasz. o BoundedInputStream.available() correctly accounts for the maximum read limit. Thanks to Piotr P. Karwasz. o Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int). Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow. Thanks to Piotr P. Karwasz. o Javadoc general improvements. Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray() now throws EOFException when not enough data is available #796. Thanks to Piotr P. Karwasz. o Fix IOUtils.skip() usage in concurrent scenarios. Thanks to Piotr P. Karwasz. o [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built #806. Thanks to J Hawkins.

Changes

o Bump org.apache.commons:commons-parent from 85 to 91 #774, #783, #808. Thanks to Gary Gregory, Dependabot.

... (truncated)

Commits

• 54073d3 Prepare for the release candidate 2.21.0 RC1
• f141f09 Prepare for the next release candidate
• adcf135 Add license header
• 0f499d0 Use new oak logo
• 34a961c Use HTTPS in URL
• 9e51118 Use HTTPS in URL
• d715865 Add dependabot email [skip ci]
• 3d6a7e1 Javadoc
• ad875d5 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#810)
• bc01dee Bump github/codeql-action from 4.30.9 to 4.31.2 (#811)
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-core from 3.7.6 to 3.8.1

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.8.1

Reactor Core 3.8.1 is part of 2025.0.1 Release Train.

What's Changed

✨ New features and improvements

• Bump ByteBuddy from 1.17.8 to 1.18.2 by @​dependabot[bot] in #4144 and #4149
• Bump Micrometer to v1.16.1 by @​chemicL in #4164

🐞 Bug fixes

• Refine Mono#doOnSuccess Consumer nullability by @​chemicL in #4155

...

Description has been truncated

[dependabot]

Milestone

The specified milestone could not be found on this repository. If you view a milestone, the final part of the page URL, after milestone, is the identifier. For example: https://github.com/<org>/<repo>/milestone/3.

Labels

The following labels could not be found: Priority 1: Must, Type: Dependency Upgrade. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.