Skip to content

chore: [DevOps] bump the test group with 4 updates #731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bot-sdk-js merged 1 commit into from
Jan 27, 2026
Merged

chore: [DevOps] bump the test group with 4 updates #731

bot-sdk-js merged 1 commit into from
Jan 27, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2026

Bumps the test group with 4 updates: ch.qos.logback:logback-classic, org.openapitools:openapi-generator-maven-plugin, com.diffplug.spotless:spotless-maven-plugin and org.springframework.boot:spring-boot-maven-plugin.

Updates ch.qos.logback:logback-classic from 1.5.24 to 1.5.25

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.25

2026-01-17 Release of logback version 1.5.25

• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as CVE-2026-1225.

• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in issues/997.

• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.

• Added EpochConverter to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in issues/1000 who also provided the relevant implementation PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • f426e00 prepare release of 1.5.25
  • d28931f restrict object creation to expected supertype
  • aa264f7 test default variable values in appender-ref ref attribute
  • 8fb403a adjust copyright year
  • b294a12 check optionList in start()
  • b65040a Add EpochConverter for milliseconds/seconds since epoch (related to issue #96...
  • 0690174 cla for Duncan Jauncey
  • 71dc2af Removed email address for Tony.
  • 1f97ae1 check for undeclared by referenced appenders
  • b07355e Move the artifact version checking code to VersionUtil in logback-core.
  • Additional commits viewable in compare view

Updates org.openapitools:openapi-generator-maven-plugin from 7.18.0 to 7.19.0

Updates com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.2.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.2.0

Added

  • Support for idea (#2020, #2535)
  • Add support for removing wildcard imports via removeWildcardImports step. (#2517)
  • scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

  • SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
  • Fix biome formatter for new major release 2.x of biome (#2537)
  • Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

  • Bump internal dependencies for npm-based formatters (#2542)

Maven Plugin v3.2.0

Added

  • Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Changes

  • Dramatic (~100x) performance improvement when using git ratchetFrom. (#2805)

Fixed

  • [fix] NPE due to workingTreeIterator being null for git ignored files. #911 (#2771)
  • Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)

Changes

  • Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
  • Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
  • Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Lib v3.1.2

Fixed

  • Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
  • pgp key had expired, this and future releases will be signed by new key (details)

Changed

  • Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
  • Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

Lib v3.1.1

Changed

  • Use palantir-java-format 2.57.0 on Java 21. (#2447)
  • Re-try npm install with --prefer-online after ERESOLVE error. (#2448)
Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.2.0] - 2025-07-07

Added

  • Support for idea (#2020, #2535)
  • Add support for removing wildcard imports via removeWildcardImports step. (#2517)
  • scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

  • SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
  • Fix biome formatter for new major release 2.x of biome (#2537)
  • Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

  • Bump internal dependencies for npm-based formatters (#2542)

[3.1.2] - 2025-05-27

Fixed

  • Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
  • pgp key had expired, this and future releases will be signed by new key (details)

Changed

  • Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
  • Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

[3.1.1] - 2025-04-07

Changed

  • Use palantir-java-format 2.57.0 on Java 21. (#2447)
  • Re-try npm install with --prefer-online after ERESOLVE error. (#2448)
  • Allow multiple npm-based formatters having the same module dependencies, to share a node_modules dir without race conditions. #2462)
Commits
  • 10c6069 Published lib/3.2.0
  • 5a7f075 Publish to Central Portal (#2539)
  • 2f4ef38 Revert "Use palantir-java-format as default formatter in RemoveUnused. (#2546)
  • 62b12ca spotlessApply
  • cb202b1 Revert "Use palantir-java-format as default formatter in RemoveUnusedImportsS...
  • 86d65b0 feat: Disable expandEmptyElements, to avoid empty body warnings (#2520)
  • 694eb30 Add the changes to the plugin-maven/CHANGES.md
  • 34be7eb Merge branch 'main' into patch-1
  • 38989da Update for biome 2.x (#2538 fixes #2537)
  • dc969c1 Merge branch 'main' into update-for-biome-2.x
  • Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.9 to 3.5.10

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.5.10

🐞 Bug Fixes

  • Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
  • When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
  • Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
  • DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
  • Application JAR created by extract command is not reproductible #48664
  • AOT processing of tests should not be disabled when 'skipTests' is set #48661
  • Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

  • Update documentation for Buildpack's AOT Cache support #48768
  • Document support for configuring arguments passed to Docker Compose #48657
  • Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
  • Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

  • Upgrade to Classmate 1.7.3 #48775
  • Upgrade to Hibernate 6.6.41.Final #48881
  • Upgrade to HttpClient5 5.5.2 #48777
  • Upgrade to Logback 1.5.25 #48882
  • Upgrade to Micrometer 1.15.8 #48705
  • Upgrade to Micrometer Tracing 1.5.8 #48706
  • Upgrade to Pooled JMS 3.1.9 #48779
  • Upgrade to Postgresql 42.7.9 #48883
  • Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
  • Upgrade to Reactor Bom 2024.0.14 #48707
  • Upgrade to REST Assured 5.5.7 #48884
  • Upgrade to Spring AMQP 3.2.9 #48909
  • Upgrade to Spring Data Bom 2025.0.8 #48708
  • Upgrade to Spring Integration 6.5.6 #48921
  • Upgrade to Spring Kafka 3.3.12 #48709
  • Upgrade to Spring Pulsar 1.2.14 #48710
  • Upgrade to Undertow 2.3.22.Final #48848
  • Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

Commits
  • 1b4e78f Release v3.5.10
  • 650236d Remove breaking and unnecessary Undertow TLS with RSA test
  • 877d59b Upgrade to Spring Kafka 3.3.12
  • ce650b1 Upgrade to Spring Integration 6.5.6
  • 30b5b73 Upgrade to Develocity Conventions 0.0.25
  • 413ec6c Upgrade to Spring Pulsar 1.2.14
  • 3f86432 Upgrade to Spring AMQP 3.2.9
  • 2fa3aaa Merge pull request #48902 from dependabot[bot]
  • 37e0cbc Polish "Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1"
  • ad51def Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: [DevOps] bump the test group with 4 updates
7b2032c 
Bumps the test group with 4 updates: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback), org.openapitools:openapi-generator-maven-plugin, [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) and [org.springframework.boot:spring-boot-maven-plugin](https://github.com/spring-projects/spring-boot).


Updates `ch.qos.logback:logback-classic` from 1.5.24 to 1.5.25
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.24...v_1.5.25)

Updates `org.openapitools:openapi-generator-maven-plugin` from 7.18.0 to 7.19.0

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@lib/3.1.0...lib/3.2.0)

Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.9 to 3.5.10
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.9...v3.5.10)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.25
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: test
- dependency-name: org.openapitools:openapi-generator-maven-plugin
  dependency-version: 7.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test
- dependency-name: org.springframework.boot:spring-boot-maven-plugin
  dependency-version: 3.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 22, 2026
@bot-sdk-js bot-sdk-js enabled auto-merge (squash) January 27, 2026 01:29
@bot-sdk-js bot-sdk-js merged commit a70e89e into main Jan 27, 2026
5 checks passed
@bot-sdk-js bot-sdk-js deleted the dependabot/maven/main/test-22fb49f48f branch January 27, 2026 01:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bot-sdk-js bot-sdk-js bot-sdk-js approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bot-sdk-js