[12.0.x Root pom] Bump the dev-dependencies group across 1 directory with 17 updates by dependabot[bot] · Pull Request #15336 · jetty/jetty.project

dependabot · 2026-06-27T00:11:59Z

Bumps the dev-dependencies group with 17 updates in the / directory:

Package	From	To
ch.qos.logback:logback-core	`1.5.34`	`1.5.37`
ch.qos.logback:logback-classic	`1.5.34`	`1.5.37`
com.github.jnr:jffi	`1.3.15`	`1.4.0`
io.grpc:grpc-core	`1.82.0`	`1.82.1`
io.grpc:grpc-netty-shaded	`1.82.0`	`1.82.1`
org.apache.kerby:kerb-simplekdc	`2.1.1`	`2.1.2`
org.eclipse.sisu:org.eclipse.sisu.inject	`1.0.0`	`1.0.1`
org.eclipse.sisu:org.eclipse.sisu.plexus	`1.0.0`	`1.0.1`
eu.maveniverse.maven.njord:extension3	`0.9.8`	`0.9.9`
eu.maveniverse.maven.plugins:njord	`0.9.8`	`0.9.9`
org.cyclonedx:cyclonedx-maven-plugin	`2.9.1`	`2.9.2`
org.apache.directory.api:api-asn1-api	`2.1.7`	`2.1.8`
org.apache.directory.api:api-ldap-model	`2.1.7`	`2.1.8`
org.apache.directory.api:api-ldap-schema-data	`2.1.7`	`2.1.8`
org.apache.directory.api:api-util	`2.1.7`	`2.1.8`
com.google.protobuf:protobuf-java	`4.35.0`	`4.35.1`
eu.maveniverse.maven.mimir:extension3	`0.11.4`	`0.12.0`

Updates ch.qos.logback:logback-core from 1.5.34 to 1.5.37

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.37

2026-06-26 Release of logback version 1.5.37

• Given the numerous vulnerabilities related to conditional configuration processing based on the evaluation of Java expressions using the Janino library, support for such expressions has been removed. Users are offered the an online migration service or the element introduced in version 1.5.20. See the relevant documentation for more details.

• A bitwise identical binary of this version can be reproduced by building from source code at commit c1df7f522e648eec7b4ef6a12c8758fec0f00048 associated with the tag v_1.5.37. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

• ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

• JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

c1df7f5 prepare release 1.5.37
a189967 remove conditional based on janino
aaa9052 start work on 1.5.37-SNAPSHOT
9b94c37 prepare release 1.5.36
e6a8280 prevent attacks using disallowed references
24c4b63 start work on 1.5.36-SNAPSHOT
08bd159 preapre release 1.5.35
37d256b indentation changes only
d3d7307 minor comment
fa0411a radomize file location
Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.34 to 1.5.37

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.37

2026-06-26 Release of logback version 1.5.37

• Given the numerous vulnerabilities related to conditional configuration processing based on the evaluation of Java expressions using the Janino library, support for such expressions has been removed. Users are offered the an online migration service or the element introduced in version 1.5.20. See the relevant documentation for more details.

• A bitwise identical binary of this version can be reproduced by building from source code at commit c1df7f522e648eec7b4ef6a12c8758fec0f00048 associated with the tag v_1.5.37. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.36

2026-06-25 Release of logback version 1.5.36

• The 'condition' attribute in <if> elements now reject certain references that are associated with ACE attacks. This issue was reported by "yulate" (yulate531@gmail.com.com) and registered as CVE-2026-13006.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 9b94c37562bf25a6a944146701d42ee6c4eee888 associated with the tag v_1.5.36. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.35

026-06-23 Release of logback version 1.5.35

• The 'condition' attribute in <if> elements now rejects unicode escape sequences (\u and \U). This closes a bypass of the existing prohibition on the new operator in Janino-evaluated conditions. This issue was reported by IcySun (icysun@qq.com) and registered as CVE-2026-13006.

• Added ConfiguratorRank.AUTHENTICATING (rank 100), the highest configurator rank, for certified/authenticating configurators discovered via the ServiceLoader mechanism. ContextInitializer now requires that at most one such configurator exist on the classpath; if more than one is found, initialization aborts with an error.

• ConsoleCharsetPropertyDefiner is no longer shipped. The Java 21 multi-release compilation of logback-core has been disabled, which removes this class from the published artifact. Configurations that referenced ch.qos.logback.core.property.ConsoleCharsetPropertyDefiner will need an alternative approach for console charset detection.

• The logback-examples module is now included in artifacts published to Maven Central.

• JoranConfigurator.makeAnotherInstance() and DefaultJoranConfigurator.performMultiStepConfigurationFileSearch() are now protected, allowing derived configurators to override these methods.

• A bitwise identical binary of this version can be reproduced by building from source code at commit 08bd1598d565d83444f72983935e7da4746783b7 associated with the tag v_1.5.35. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

c1df7f5 prepare release 1.5.37
a189967 remove conditional based on janino
aaa9052 start work on 1.5.37-SNAPSHOT
9b94c37 prepare release 1.5.36
e6a8280 prevent attacks using disallowed references
24c4b63 start work on 1.5.36-SNAPSHOT
08bd159 preapre release 1.5.35
37d256b indentation changes only
d3d7307 minor comment
fa0411a radomize file location
Additional commits viewable in compare view

Updates com.github.jnr:jffi from 1.3.15 to 1.4.0

Commits

3a2aa58 Bump the major minor for new Maven structure before release
3da7efb Add bare relativePath to always resolve parent
4621e14 Update version for release
2b02140 Merge pull request #195 from headius/jnr-parent
ea18e48 Remove snapshot repository inherited from parent
f761f8d Update to release version of parent
5c1077e Install prerequisites to compile tests on macOS
2a8b56a Tweaks for toolchain use in jffi
86a1774 Disable fail-fast
45269c3 Update for toolchain and parent defaults
Additional commits viewable in compare view

Updates io.grpc:grpc-core from 1.82.0 to 1.82.1

Release notes

Sourced from io.grpc:grpc-core's releases.

v1.82.1

protoc-gen-grpc-java: Fix missing osx-x86_64 binary (grpc/grpc-java#12878). This fixes a regression in v1.82.0

Commits

7b5e9ff Bump version to 1.82.1
20768f1 Update README etc to reference 1.82.1
5ab5eba kokoro: Remove extra / in architecture replacement
6726caf buildscripts: add regional td config for psm-interop (v1.82.x backport) (#12864)
022256f Bump version to 1.82.1-SNAPSHOT
See full diff in compare view

Updates io.grpc:grpc-netty-shaded from 1.82.0 to 1.82.1

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

v1.82.1

protoc-gen-grpc-java: Fix missing osx-x86_64 binary (grpc/grpc-java#12878). This fixes a regression in v1.82.0

Commits

7b5e9ff Bump version to 1.82.1
20768f1 Update README etc to reference 1.82.1
5ab5eba kokoro: Remove extra / in architecture replacement
6726caf buildscripts: add regional td config for psm-interop (v1.82.x backport) (#12864)
022256f Bump version to 1.82.1-SNAPSHOT
See full diff in compare view

Updates io.grpc:grpc-netty-shaded from 1.82.0 to 1.82.1

Release notes

Sourced from io.grpc:grpc-netty-shaded's releases.

v1.82.1

protoc-gen-grpc-java: Fix missing osx-x86_64 binary (grpc/grpc-java#12878). This fixes a regression in v1.82.0

Commits

7b5e9ff Bump version to 1.82.1
20768f1 Update README etc to reference 1.82.1
5ab5eba kokoro: Remove extra / in architecture replacement
6726caf buildscripts: add regional td config for psm-interop (v1.82.x backport) (#12864)
022256f Bump version to 1.82.1-SNAPSHOT
See full diff in compare view

Updates org.apache.kerby:kerb-simplekdc from 2.1.1 to 2.1.2

Updates org.eclipse.sisu:org.eclipse.sisu.inject from 1.0.0 to 1.0.1

Release notes

Sourced from org.eclipse.sisu:org.eclipse.sisu.inject's releases.

1.0.1

Slight dependency updates and addition of automatic module names.

What's Changed

Add 1.0.0 to New&Noteworthy by @kwin in eclipse-sisu/sisu-project#239

Hide version in site header by @kwin in eclipse-sisu/sisu-project#244

Fix formatting and enhance documentation in conversion-to-jsr330.md by @kwin in eclipse-sisu/sisu-project#247

Build and dependency updates by @cstamas in eclipse-sisu/sisu-project#249

deps: updates to build and deps by @cstamas in eclipse-sisu/sisu-project#256

Feat: add auto module names to inject and plexus JAR manifests by @cstamas in eclipse-sisu/sisu-project#250

Migrate tests to Junit5 by @kamilkrzywanski in eclipse-sisu/sisu-project#252

Update build by @cstamas in eclipse-sisu/sisu-project#257

chore: JUnit clean and tidy up by @cstamas in eclipse-sisu/sisu-project#259

Bump actions/checkout from 6 to 7 by @dependabot[bot] in eclipse-sisu/sisu-project#262

Update build plugins by @cstamas in eclipse-sisu/sisu-project#263

New Contributors

@kamilkrzywanski made their first contribution in eclipse-sisu/sisu-project#252

Full Changelog: eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1

Commits

b3745fe | prepare release releases/1.0.1
7370046 Update build plugins (#263)
fee8d5d Bump actions/checkout from 6 to 7 (#262)
0ced2f3 chore: JUnit clean and tidy up (#259)
d959911 Update build (#257)
832b069 Migrate tests to Junit5 (#252)
3f80a38 Feat: add auto module names to inject and plexus JAR manifests (#250)
1c5bae0 deps: updates to build and deps (#256)
a2d1d99 Build and dependency updates (#249)
86bd2eb Fix formatting and enhance documentation in conversion-to-jsr330.md (#247)
Additional commits viewable in compare view

Updates org.eclipse.sisu:org.eclipse.sisu.plexus from 1.0.0 to 1.0.1

Release notes

Sourced from org.eclipse.sisu:org.eclipse.sisu.plexus's releases.

1.0.1

Slight dependency updates and addition of automatic module names.

What's Changed

Add 1.0.0 to New&Noteworthy by @kwin in eclipse-sisu/sisu-project#239

Hide version in site header by @kwin in eclipse-sisu/sisu-project#244

Fix formatting and enhance documentation in conversion-to-jsr330.md by @kwin in eclipse-sisu/sisu-project#247

Build and dependency updates by @cstamas in eclipse-sisu/sisu-project#249

deps: updates to build and deps by @cstamas in eclipse-sisu/sisu-project#256

Feat: add auto module names to inject and plexus JAR manifests by @cstamas in eclipse-sisu/sisu-project#250

Migrate tests to Junit5 by @kamilkrzywanski in eclipse-sisu/sisu-project#252

Update build by @cstamas in eclipse-sisu/sisu-project#257

chore: JUnit clean and tidy up by @cstamas in eclipse-sisu/sisu-project#259

Bump actions/checkout from 6 to 7 by @dependabot[bot] in eclipse-sisu/sisu-project#262

Update build plugins by @cstamas in eclipse-sisu/sisu-project#263

New Contributors

@kamilkrzywanski made their first contribution in eclipse-sisu/sisu-project#252

Full Changelog: eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1

Commits

b3745fe | prepare release releases/1.0.1
7370046 Update build plugins (#263)
fee8d5d Bump actions/checkout from 6 to 7 (#262)
0ced2f3 chore: JUnit clean and tidy up (#259)
d959911 Update build (#257)
832b069 Migrate tests to Junit5 (#252)
3f80a38 Feat: add auto module names to inject and plexus JAR manifests (#250)
1c5bae0 deps: updates to build and deps (#256)
a2d1d99 Build and dependency updates (#249)
86bd2eb Fix formatting and enhance documentation in conversion-to-jsr330.md (#247)
Additional commits viewable in compare view

Updates org.eclipse.sisu:org.eclipse.sisu.plexus from 1.0.0 to 1.0.1

Release notes

Sourced from org.eclipse.sisu:org.eclipse.sisu.plexus's releases.

1.0.1

Slight dependency updates and addition of automatic module names.

What's Changed

Add 1.0.0 to New&Noteworthy by @kwin in eclipse-sisu/sisu-project#239

Hide version in site header by @kwin in eclipse-sisu/sisu-project#244

Fix formatting and enhance documentation in conversion-to-jsr330.md by @kwin in eclipse-sisu/sisu-project#247

Build and dependency updates by @cstamas in eclipse-sisu/sisu-project#249

deps: updates to build and deps by @cstamas in eclipse-sisu/sisu-project#256

Feat: add auto module names to inject and plexus JAR manifests by @cstamas in eclipse-sisu/sisu-project#250

Migrate tests to Junit5 by @kamilkrzywanski in eclipse-sisu/sisu-project#252

Update build by @cstamas in eclipse-sisu/sisu-project#257

chore: JUnit clean and tidy up by @cstamas in eclipse-sisu/sisu-project#259

Bump actions/checkout from 6 to 7 by @dependabot[bot] in eclipse-sisu/sisu-project#262

Update build plugins by @cstamas in eclipse-sisu/sisu-project#263

New Contributors

@kamilkrzywanski made their first contribution in eclipse-sisu/sisu-project#252

Full Changelog: eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1

Commits

b3745fe | prepare release releases/1.0.1
7370046 Update build plugins (#263)
fee8d5d Bump actions/checkout from 6 to 7 (#262)
0ced2f3 chore: JUnit clean and tidy up (#259)
d959911 Update build (#257)
832b069 Migrate tests to Junit5 (#252)
3f80a38 Feat: add auto module names to inject and plexus JAR manifests (#250)
1c5bae0 deps: updates to build and deps (#256)
a2d1d99 Build and dependency updates (#249)
86bd2eb Fix formatting and enhance documentation in conversion-to-jsr330.md (#247)
Additional commits viewable in compare view

Updates eu.maveniverse.maven.njord:extension3 from 0.9.8 to 0.9.9

Release notes

Sourced from eu.maveniverse.maven.njord:extension3's releases.

0.9.9

What's Changed

WriteBundleMojo to support file as a target by @olamy in maveniverse/njord#313

Jreleaser by @cstamas in maveniverse/njord#314

Improve logging for NjordSessionLifecycleParticipant by @kwin in maveniverse/njord#316

New Contributors

@olamy made their first contribution in maveniverse/njord#313

Full Changelog: maveniverse/njord@release-0.9.8...release-0.9.9

Commits

e97235e [maven-release-plugin] prepare release release-0.9.9 [skip ci]
7dc7a6a Update parent
96580e6 Improve logging for NjordSessionLifecycleParticipant (#316)
a99ff51 README update
e357f01 Jreleaser (#314)
03f1bd7 WriteBundleMojo to support file as a target (#313)
3b33b18 [maven-release-plugin] prepare for next development iteration
See full diff in compare view

Updates eu.maveniverse.maven.plugins:njord from 0.9.8 to 0.9.9

Release notes

Sourced from eu.maveniverse.maven.plugins:njord's releases.

0.9.9

What's Changed

WriteBundleMojo to support file as a target by @olamy in maveniverse/njord#313

Jreleaser by @cstamas in maveniverse/njord#314

Improve logging for NjordSessionLifecycleParticipant by @kwin in maveniverse/njord#316

New Contributors

@olamy made their first contribution in maveniverse/njord#313

Full Changelog: maveniverse/njord@release-0.9.8...release-0.9.9

Commits

e97235e [maven-release-plugin] prepare release release-0.9.9 [skip ci]
7dc7a6a Update parent
96580e6 Improve logging for NjordSessionLifecycleParticipant (#316)
a99ff51 README update
e357f01 Jreleaser (#314)
03f1bd7 WriteBundleMojo to support file as a target (#313)
3b33b18 [maven-release-plugin] prepare for next development iteration
See full diff in compare view

Updates eu.maveniverse.maven.plugins:njord from 0.9.8 to 0.9.9

Release notes

Sourced from eu.maveniverse.maven.plugins:njord's releases.

0.9.9

What's Changed

WriteBundleMojo to support file as a target by @olamy in maveniverse/njord#313

Jreleaser by @cstamas in maveniverse/njord#314

Improve logging for NjordSessionLifecycleParticipant by @kwin in maveniverse/njord#316

New Contributors

@olamy made their first contribution in maveniverse/njord#313

Full Changelog: maveniverse/njord@release-0.9.8...release-0.9.9

Commits

e97235e [maven-release-plugin] prepare release release-0.9.9 [skip ci]
7dc7a6a Update parent
96580e6 Improve logging for NjordSessionLifecycleParticipant (#316)
a99ff51 README update
e357f01 Jreleaser (#314)
03f1bd7 WriteBundleMojo to support file as a target (#313)
3b33b18 [maven-release-plugin] prepare for next development iteration
See full diff in compare view

Updates org.cyclonedx:cyclonedx-maven-plugin from 2.9.1 to 2.9.2

Release notes

Sourced from org.cyclonedx:cyclonedx-maven-plugin's releases.

2.9.2

🚀 New features and improvements

chore: upgrade maven-dependency-analyzer/asm, support Java 25 (#630) @shihyuho

📦 Dependency updates

Bump commons-codec:commons-codec from 1.17.1 to 1.22.0 (#650) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 (#622) @dependabot[bot]

chore: upgrade maven-dependency-analyzer/asm, support Java 25 (#630) @shihyuho

🔧 Build

update scm urls (#662) @hboutemy

switch to Central Publishing Portal (#659) @hboutemy

Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.8.0 to 3.9.0 (#655) @dependabot[bot]

Bump plugin-tools.version from 3.15.0 to 3.15.2 (#654) @dependabot[bot]

Bump io.takari.maven.plugins:takari-plugin-integration-testing from 3.0.1 to 3.1.1 (#616) @dependabot[bot]

Bump org.apache.maven.plugins:maven-invoker-plugin from 3.7.0 to 3.9.1 (#617) @dependabot[bot]

Bump io.takari.maven.plugins:takari-plugin-testing from 3.0.0 to 3.1.1 (#618) @dependabot[bot]

Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.1 (#621) @dependabot[bot]

Bump actions/checkout from 6.0.1 to 6.0.2 (#639) @dependabot[bot]

Bump actions/setup-java from 4 to 5 (#620) @dependabot[bot]

use shields.io badge (#648) @hboutemy

Bump actions/checkout from 6.0.0 to 6.0.1 (#635) @dependabot[bot]

Bump actions/checkout from 4.2.2 to 6.0.0 (#633) @dependabot[bot]

chore: GH workflow permissions (#606) @jkowalleck

simplify compiler release configuration (#518) @hboutemy

Bump JamesIves/github-pages-deploy-action from 4.7.1 to 4.7.3 (#590) @dependabot[bot]

upgrade to Doxia 2: m-site-p and skin (#593) @hboutemy

add Reproducible Central report (#592) @hboutemy

Commits

0fe189d [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.9.2
96c218c update scm urls
0fe08b4 Revert "Bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.8.0"
6779e48 Revert "Bump release-drafter/release-drafter from 6 to 7"
955fead switch to Central Publishing Portal
50dbac7 Bump release-drafter/release-drafter from 6 to 7
d50bc58 Bump org.apache.maven.plugins:maven-project-info-reports-plugin
1034644 Bump plugin-tools.version from 3.15.0 to 3.15.2
018ab8e Bump commons-codec:commons-codec from 1.17.1 to 1.22.0
e359705 Bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.8.0
Additional commits viewable in compare view

Updates org.apache.directory.api:api-asn1-api from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-ldap-model from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-ldap-schema-data from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-util from 2.1.7 to 2.1.8

Release notes

Sourced from org.apache.directory.api:api-util's releases.

2.1.8

What's Changed

Bump actions/upload-artifact from 4.3.4 to 4.3.5 by @dependabot[bot] in apache/directory-ldap-api#116

Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.0 to 2.8.1 by @dependabot[bot] in apache/directory-ldap-api#115

Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot[bot] in apache/directory-ldap-api#120

Bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot[bot] in apache/directory-ldap-api#122

Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot[bot] in apache/directory-ldap-api#121

Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0 by @dependabot[bot] in apache/directory-ldap-api#118

Bump github/codeql-action from 3.26.0 to 3.26.5 by @dependabot[bot] in apache/directory-ldap-api#128

Bump actions/setup-java from 4.2.1 to 4.2.2 by @dependabot[bot] in apache/directory-ldap-api#127

Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot[bot] in apache/directory-ldap-api#131

Bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot[bot] in apache/directory-ldap-api#130

Bump actions/setup-java from 4.2.2 to 4.3.0 by @dependabot[bot] in apache/directory-ldap-api#133

Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot[bot] in apache/directory-ldap-api#132

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot[bot] in apache/directory-ldap-api#139

Bump github/codeql-action from 3.26.7 to 3.26.9 by @dependabot[bot] in apache/directory-ldap-api#141

Bump actions/setup-java from 4.3.0 to 4.4.0 by @dependabot[bot] in apache/directory-ldap-api#140

Bump org.junit.platform:junit-platform-runner from 1.11.0 to 1.11.1 by @dependabot[bot] in apache/directory-ldap-api#138

Bump junit.engine.version from 5.11.0 to 5.11.1 by @dependabot[bot] in apache/directory-ldap-api#137

Bump github/codeql-action from 3.26.9 to 3.26.13 by @dependabot[bot] in apache/directory-ldap-api#149

Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot[bot] in apache/directory-ldap-api#148

Bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot[bot] in apache/directory-ldap-api#147

Bump org.cyclonedx:cyclonedx-maven-plugin from 2.8.1 to 2.9.0 by @dependabot[bot] in apache/directory-ldap-api#145

Bump org.junit.platform:junit-platform-runner from 1.11.1 to 1.11.2 by @dependabot[bot] in apache/directory-ldap-api#143

Bump org.junit.platform:junit-platform-runner from 1.11.2 to 1.11.3 by @dependabot[bot] in apache/directory-ldap-api#150

Bump junit.engine.version from 5.11.1 to 5.11.3 by @dependabot[bot] in apache/directory-ldap-api#151

Bump de.thetaphi:forbiddenapis from 3.7 to 3.8 by @dependabot[bot] in apache/directory-ldap-api#152

Bump actions/setup-java from 4.4.0 to 4.5.0 by @dependabot[bot] in apache/directory-ldap-api#155

Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot[bot] in apache/directory-ldap-api#154

Bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot[bot] in apache/directory-ldap-api#153

Bump github/codeql-action from 3.27.0 to 3.27.1 by @dependabot[bot] in apache/directory-ldap-api#156

Bump github/codeql-action from 3.27.1 to 3.27.5 by @dependabot[bot] in apache/directory-ldap-api#158

Bump org.cyclonedx:cyclonedx-maven-plugin from 2.9.0 to 2.9.1 by @dependabot[bot] in apache/directory-ldap-api#159

Bump github/codeql-action from 3.27.5 to 3.27.6 by @dependabot[bot] in apache/directory-ldap-api#161

Bump github/codeql-action from 3.27.6 to 3.27.9 by @dependabot[bot] in apache/directory-ldap-api#163

Bump org.apache.commons:commons-collections4 from 4.5.0-M2 to 4.5.0-M3 by @dependabot[bot] in apache/directory-ldap-api#164

Bump org.apache.mina:mina-core from 2.2.3 to 2.2.4 by @dependabot[bot] in apache/directory-ldap-api#170

Bump actions/setup-java from 4.5.0 to 4.6.0 by @dependabot[bot] in apache/directory-ldap-api#168

Bump actions/upload-artifact from 4.4.3 to 4.5.0 by @dependabot[bot] in apache/directory-ldap-api#166

Bump github/codeql-action from 3.27.9 to 3.28.0 by @dependabot[bot] in apache/directory-ldap-api#167

Checkstyle fix by @coheigea in apache/directory-ldap-api#172

Bump commons-codec:commons-codec from 1.17.1 to 1.17.2 by @dependabot[bot] in apache/directory-ldap-api#171

Bump actions/upload-artifact from 4.5.0 to 4.6.0 by @dependabot[bot] in apache/directory-ldap-api#174

Bump github/codeql-action from 3.28.0 to 3.28.1 by @dependabot[bot] in apache/directory-ldap-api#173

Bump org.ops4j.pax.url:pax-url-aether from 2.6.14 to 2.6.16 by @dependabot[bot] in apache/directory-ldap-api#175

Bump org.apache.directory.project:project from 50-SNAPSHOT to 50 by @dependabot[bot] in apache/directory-ldap-api#176

Bump github/codeql-action from 3.28.1 to 3.28.5 by @dependabot[bot] in apache/directory-ldap-api...
Description has been truncated

…with 17 updates Bumps the dev-dependencies group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.34` | `1.5.37` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.34` | `1.5.37` | | [com.github.jnr:jffi](https://github.com/jnr/jffi) | `1.3.15` | `1.4.0` | | [io.grpc:grpc-core](https://github.com/grpc/grpc-java) | `1.82.0` | `1.82.1` | | [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.82.0` | `1.82.1` | | org.apache.kerby:kerb-simplekdc | `2.1.1` | `2.1.2` | | [org.eclipse.sisu:org.eclipse.sisu.inject](https://github.com/eclipse-sisu/sisu-project) | `1.0.0` | `1.0.1` | | [org.eclipse.sisu:org.eclipse.sisu.plexus](https://github.com/eclipse-sisu/sisu-project) | `1.0.0` | `1.0.1` | | [eu.maveniverse.maven.njord:extension3](https://github.com/maveniverse/njord) | `0.9.8` | `0.9.9` | | [eu.maveniverse.maven.plugins:njord](https://github.com/maveniverse/njord) | `0.9.8` | `0.9.9` | | [org.cyclonedx:cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) | `2.9.1` | `2.9.2` | | org.apache.directory.api:api-asn1-api | `2.1.7` | `2.1.8` | | org.apache.directory.api:api-ldap-model | `2.1.7` | `2.1.8` | | org.apache.directory.api:api-ldap-schema-data | `2.1.7` | `2.1.8` | | [org.apache.directory.api:api-util](https://github.com/apache/directory-ldap-api) | `2.1.7` | `2.1.8` | | [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `4.35.0` | `4.35.1` | | [eu.maveniverse.maven.mimir:extension3](https://github.com/maveniverse/mimir) | `0.11.4` | `0.12.0` | Updates `ch.qos.logback:logback-core` from 1.5.34 to 1.5.37 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.34...v_1.5.37) Updates `ch.qos.logback:logback-classic` from 1.5.34 to 1.5.37 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.34...v_1.5.37) Updates `com.github.jnr:jffi` from 1.3.15 to 1.4.0 - [Commits](jnr/jffi@jffi-1.3.15...1.4.0) Updates `io.grpc:grpc-core` from 1.82.0 to 1.82.1 - [Release notes](https://github.com/grpc/grpc-java/releases) - [Commits](grpc/grpc-java@v1.82.0...v1.82.1) Updates `io.grpc:grpc-netty-shaded` from 1.82.0 to 1.82.1 - [Release notes](https://github.com/grpc/grpc-java/releases) - [Commits](grpc/grpc-java@v1.82.0...v1.82.1) Updates `io.grpc:grpc-netty-shaded` from 1.82.0 to 1.82.1 - [Release notes](https://github.com/grpc/grpc-java/releases) - [Commits](grpc/grpc-java@v1.82.0...v1.82.1) Updates `org.apache.kerby:kerb-simplekdc` from 2.1.1 to 2.1.2 Updates `org.eclipse.sisu:org.eclipse.sisu.inject` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/eclipse-sisu/sisu-project/releases) - [Changelog](https://github.com/eclipse-sisu/sisu-project/blob/main/RELEASE.md) - [Commits](eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1) Updates `org.eclipse.sisu:org.eclipse.sisu.plexus` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/eclipse-sisu/sisu-project/releases) - [Changelog](https://github.com/eclipse-sisu/sisu-project/blob/main/RELEASE.md) - [Commits](eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1) Updates `org.eclipse.sisu:org.eclipse.sisu.plexus` from 1.0.0 to 1.0.1 - [Release notes](https://github.com/eclipse-sisu/sisu-project/releases) - [Changelog](https://github.com/eclipse-sisu/sisu-project/blob/main/RELEASE.md) - [Commits](eclipse-sisu/sisu-project@releases/1.0.0...releases/1.0.1) Updates `eu.maveniverse.maven.njord:extension3` from 0.9.8 to 0.9.9 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.9.8...release-0.9.9) Updates `eu.maveniverse.maven.plugins:njord` from 0.9.8 to 0.9.9 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.9.8...release-0.9.9) Updates `eu.maveniverse.maven.plugins:njord` from 0.9.8 to 0.9.9 - [Release notes](https://github.com/maveniverse/njord/releases) - [Commits](maveniverse/njord@release-0.9.8...release-0.9.9) Updates `org.cyclonedx:cyclonedx-maven-plugin` from 2.9.1 to 2.9.2 - [Release notes](https://github.com/CycloneDX/cyclonedx-maven-plugin/releases) - [Commits](CycloneDX/cyclonedx-maven-plugin@cyclonedx-maven-plugin-2.9.1...cyclonedx-maven-plugin-2.9.2) Updates `org.apache.directory.api:api-asn1-api` from 2.1.7 to 2.1.8 Updates `org.apache.directory.api:api-ldap-model` from 2.1.7 to 2.1.8 Updates `org.apache.directory.api:api-ldap-schema-data` from 2.1.7 to 2.1.8 Updates `org.apache.directory.api:api-util` from 2.1.7 to 2.1.8 - [Release notes](https://github.com/apache/directory-ldap-api/releases) - [Commits](apache/directory-ldap-api@2.1.7...2.1.8) Updates `org.apache.directory.api:api-ldap-model` from 2.1.7 to 2.1.8 Updates `org.apache.directory.api:api-ldap-schema-data` from 2.1.7 to 2.1.8 Updates `org.apache.directory.api:api-util` from 2.1.7 to 2.1.8 - [Release notes](https://github.com/apache/directory-ldap-api/releases) - [Commits](apache/directory-ldap-api@2.1.7...2.1.8) Updates `com.google.protobuf:protobuf-java` from 4.35.0 to 4.35.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `ch.qos.logback:logback-classic` from 1.5.34 to 1.5.37 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.34...v_1.5.37) Updates `eu.maveniverse.maven.mimir:extension3` from 0.11.4 to 0.12.0 - [Release notes](https://github.com/maveniverse/mimir/releases) - [Commits](maveniverse/mimir@release-0.11.4...release-0.12.0) --- updated-dependencies: - dependency-name: ch.qos.logback:logback-core dependency-version: 1.5.37 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.37 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.github.jnr:jffi dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies - dependency-name: io.grpc:grpc-core dependency-version: 1.82.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: io.grpc:grpc-netty-shaded dependency-version: 1.82.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: io.grpc:grpc-netty-shaded dependency-version: 1.82.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.kerby:kerb-simplekdc dependency-version: 2.1.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.eclipse.sisu:org.eclipse.sisu.inject dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.eclipse.sisu:org.eclipse.sisu.plexus dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.eclipse.sisu:org.eclipse.sisu.plexus dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.njord:extension3 dependency-version: 0.9.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.plugins:njord dependency-version: 0.9.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.plugins:njord dependency-version: 0.9.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.cyclonedx:cyclonedx-maven-plugin dependency-version: 2.9.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-asn1-api dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-ldap-model dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-ldap-schema-data dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-util dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-ldap-model dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-ldap-schema-data dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: org.apache.directory.api:api-util dependency-version: 2.1.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.google.protobuf:protobuf-java dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.37 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: eu.maveniverse.maven.mimir:extension3 dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[12.0.x Root pom] Bump the dev-dependencies group across 1 directory with 17 updates#15336

[12.0.x Root pom] Bump the dev-dependencies group across 1 directory with 17 updates#15336
dependabot[bot] wants to merge 1 commit into
jetty-12.0.xfrom
dependabot/maven/jetty-12.0.x/dev-dependencies-e8b479ffbf

dependabot Bot commented on behalf of github Jun 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 27, 2026

Logback 1.5.37

Logback 1.5.36

Logback 1.5.35

Logback 1.5.37

Logback 1.5.36

Logback 1.5.35

v1.82.1

v1.82.1

v1.82.1

1.0.1

What's Changed

New Contributors

1.0.1

What's Changed

New Contributors

1.0.1

What's Changed

New Contributors

0.9.9

What's Changed

New Contributors

0.9.9

What's Changed

New Contributors

0.9.9

What's Changed

New Contributors

2.9.2

🚀 New features and improvements

📦 Dependency updates

🔧 Build

2.1.8

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants