Bump the maven group across 39 directories with 37 updates

[dependabot]

Bumps the maven group with 2 updates in the /apache-kafka directory: org.apache.kafka:kafka-clients and ch.qos.logback:logback-core.
Bumps the maven group with 2 updates in the /apache-kafka-2 directory: org.apache.kafka:kafka-clients and ch.qos.logback:logback-core.
Bumps the maven group with 5 updates in the /apache-libraries directory:

Package	From	To
ch.qos.logback:logback-core	1.2.7	1.3.15
org.apache.avro:avro	1.8.2	1.11.4
com.fasterxml.jackson.core:jackson-core	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-databind	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-annotations	2.15.2	2.20.0

Bumps the maven group with 2 updates in the /apache-poi directory: ch.qos.logback:logback-core and org.apache.poi:poi-ooxml.
Bumps the maven group with 2 updates in the /apache-poi-2 directory: ch.qos.logback:logback-core and org.apache.poi:poi-ooxml.
Bumps the maven group with 4 updates in the /atomikos directory: ch.qos.logback:logback-core, org.springframework:spring-context, org.hibernate:hibernate-core and org.hibernate.validator:hibernate-validator.
Bumps the maven group with 3 updates in the /couchbase directory: ch.qos.logback:logback-core, org.springframework:spring-context and org.apache.commons:commons-lang3.
Bumps the maven group with 2 updates in the /custom-pmd directory: ch.qos.logback:logback-core and net.sourceforge.pmd:pmd-core.
Bumps the maven group with 2 updates in the /drools directory: ch.qos.logback:logback-core and org.apache.poi:poi-ooxml.
Bumps the maven group with 6 updates in the /ethereum directory:

Package	From	To
ch.qos.logback:logback-core	1.2.7	1.3.15
com.fasterxml.jackson.core:jackson-core	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-databind	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-annotations	2.15.2	2.20.0
org.springframework:spring-context	5.3.28	6.1.20
com.jayway.jsonpath:json-path	2.4.0	2.9.0

Bumps the maven group with 2 updates in the /javax-sound directory: ch.qos.logback:logback-core and org.openjfx:javafx-media.
Bumps the maven group with 3 updates in the /jetbrains directory: ch.qos.logback:logback-core, org.apache.commons:commons-lang3 and commons-io:commons-io.
Bumps the maven group with 3 updates in the /jgit directory: ch.qos.logback:logback-core, commons-io:commons-io and org.eclipse.jgit:org.eclipse.jgit.
Bumps the maven group with 2 updates in the /jsf directory: ch.qos.logback:logback-core and org.springframework:spring-web.
Bumps the maven group with 4 updates in the /libraries directory: ch.qos.logback:logback-core, org.apache.commons:commons-lang3, org.springframework:spring-web and commons-io:commons-io.
Bumps the maven group with 2 updates in the /libraries-2 directory: ch.qos.logback:logback-core and org.springframework:spring-context.
Bumps the maven group with 3 updates in the /libraries-4 directory: ch.qos.logback:logback-core, com.fasterxml.jackson.core:jackson-core and org.springframework:spring-web.
Bumps the maven group with 4 updates in the /libraries-apache-commons directory: ch.qos.logback:logback-core, org.apache.commons:commons-lang3, commons-io:commons-io and commons-beanutils:commons-beanutils.
Bumps the maven group with 2 updates in the /libraries-apache-commons-2 directory: ch.qos.logback:logback-core and org.apache.commons:commons-vfs2.
Bumps the maven group with 5 updates in the /libraries-data directory:

Package	From	To
org.apache.kafka:kafka-clients	3.3.1	3.9.1
ch.qos.logback:logback-core	1.2.7	1.3.15
commons-io:commons-io	2.13.0	2.14.0
org.apache.ignite:ignite-core	2.14.0	2.17.0
com.thoughtworks.xstream:xstream	1.4.16	1.4.21

Bumps the maven group with 3 updates in the /libraries-data-2 directory: ch.qos.logback:logback-core, org.springframework:spring-web and org.infinispan:infinispan-core.
Bumps the maven group with 2 updates in the /libraries-data-db directory: ch.qos.logback:logback-core and io.debezium:debezium-connector-mysql.
Bumps the maven group with 5 updates in the /libraries-data-io directory:

Package	From	To
ch.qos.logback:logback-core	1.2.7	1.3.15
com.fasterxml.jackson.core:jackson-databind	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-core	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-annotations	2.15.2	2.20.0
com.google.protobuf:protobuf-java	3.17.3	3.25.5

Bumps the maven group with 5 updates in the /libraries-files directory:

Package	From	To
ch.qos.logback:logback-core	1.2.7	1.3.15
com.fasterxml.jackson.core:jackson-annotations	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-core	2.15.2	2.20.0
com.fasterxml.jackson.core:jackson-databind	2.15.2	2.20.0
org.apache.commons:commons-configuration2	2.8.0	2.10.1

Bumps the maven group with 4 updates in the /libraries-http directory: ch.qos.logback:logback-core, com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-core and org.asynchttpclient:async-http-client.
Bumps the maven group with 3 updates in the /libraries-http-2 directory: ch.qos.logback:logback-core, org.eclipse.jetty:jetty-server and org.springframework:spring-webflux.
Bumps the maven group with 2 updates in the /libraries-io directory: ch.qos.logback:logback-core and org.apache.commons:commons-vfs2.
Bumps the maven group with 4 updates in the /libraries-security directory: ch.qos.logback:logback-core, org.springframework.security.oauth:spring-security-oauth2, org.bouncycastle:bcprov-jdk15on and org.bouncycastle:bcpkix-jdk15on.
Bumps the maven group with 5 updates in the /libraries-server directory:

Package	From	To
ch.qos.logback:logback-core	1.2.7	1.3.15
commons-io:commons-io	2.13.0	2.14.0
org.eclipse.jetty:jetty-server	9.4.27.v20200227	9.4.56.v20240826
io.netty:netty-all	4.1.20.Final	4.2.5.Final
org.apache.tomcat:tomcat-catalina	8.5.24	9.0.107

Bumps the maven group with 2 updates in the /libraries-server-2 directory: ch.qos.logback:logback-core and org.eclipse.jetty:jetty-server.
Bumps the maven group with 2 updates in the /libraries-testing directory: ch.qos.logback:logback-core and org.springframework:spring-web.
Bumps the maven group with 2 updates in the /mapstruct directory: ch.qos.logback:logback-core and org.springframework:spring-context.
Bumps the maven group with 2 updates in the /mustache directory: ch.qos.logback:logback-core and org.webjars:bootstrap.
Bumps the maven group with 1 update in the /parent-boot-2 directory: ch.qos.logback:logback-core.
Bumps the maven group with 1 update in the /parent-boot-3 directory: ch.qos.logback:logback-core.
Bumps the maven group with 3 updates in the /pdf directory: ch.qos.logback:logback-core, org.apache.poi:poi-ooxml and org.apache.poi:poi-scratchpad.
Bumps the maven group with 2 updates in the /protobuffer directory: ch.qos.logback:logback-core and com.google.protobuf:protobuf-java.
Bumps the maven group with 2 updates in the /testing-modules/spring-testing directory: ch.qos.logback:logback-core and org.springframework:spring-context.
Bumps the maven group with 1 update in the /vaadin directory: ch.qos.logback:logback-core.

Updates org.apache.kafka:kafka-clients from 3.4.0 to 3.9.1

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.apache.kafka:kafka-clients from 2.8.0 to 3.9.1

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.apache.avro:avro from 1.8.2 to 1.11.4

Updates com.fasterxml.jackson.core:jackson-core from 2.15.2 to 2.20.0

Commits

• ea0830a [maven-release-plugin] prepare release jackson-core-2.20.0
• e16733a Prep for 2.20.0
• 93deb38 Drop RC from version pre-2.20.0 release
• f0bcc3c Handle deprecation warnings
• 6e70d08 Fix #1462: deprecate JsonFactory.createParser(URL) (#1464)
• 588cc76 Post release version bump
• 018f9e1 [maven-release-plugin] prepare for next development iteration
• 360e498 [maven-release-plugin] prepare release jackson-core-2.20.0-rc1
• 538ac44 Prep for 2.20.0-rc1
• dfbf47b Merge branch '2.19' into 2.x
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.15.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.15.2 to 2.20.0

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.apache.poi:poi-ooxml from 5.2.0 to 5.4.0

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.apache.poi:poi-ooxml from 5.2.3 to 5.4.0

Updates org.apache.poi:poi-scratchpad from 5.2.3 to 5.4.0

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.springframework:spring-context from 5.1.6.RELEASE to 6.1.20

Release notes

Sourced from org.springframework:spring-context's releases.

v6.1.20

⭐ New Features

• Add option for case-insensitive match to PatternMatchUtils #34802

🐞 Bug Fixes

• HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34854
• Accidental ClassLoader defineClass enforcement after #34677 #34839

📔 Documentation

• Clarify CompositePropertySource behavior for EnumerablePropertySource contract #34887

🔨 Dependency Upgrades

• Upgrade to Reactor 2023.0.18 #34899

v6.1.19

⭐ New Features

• Suggest compilation with -parameters when AspectJAdviceParameterNameDiscoverer fails against ambiguity #34618

🐞 Bug Fixes

• PropertyBatchUpdateException: causes of nested PropertyAccessExceptions not shown in output #34698
• Change in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed #34694
• Startup performance regression due to CGLIB class load attempts in Spring 6.1.x #34693
• IllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere #34690
• @Configuration classes can no longer be abstract without @Bean methods #34689
• Generated-code for LinkedHashMap is missing static keyword #34661
• AbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt #34619

📔 Documentation

• Add javadoc notes on potential exception suppression in ListableBeanFactory#getBeansOfType #34631
• Remove remaining references to Forwarded headers in MvcUriComponentsBuilder #34626
• MvcUriComponentsBuilder javadocs inaccurately reflects usage of forwarded headers #34620

v6.1.18

⭐ New Features

• Avoid unnecessary CGLIB processing on configuration classes #34487
• Inconsistent default class loaders in hint classes #34473

🐞 Bug Fixes

• DefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks #34515
• Endless loop with DataSourceUtils in spring-jdbc #34497
• MockHttpServletResponse - handle multiple values for Content-Language header #34491

... (truncated)

Commits

• 1f9c59b Release v6.1.20
• edfcc6f Make use of PatternMatchUtils ignoreCase option
• f93132b Add missing @​since tags in PatternMatchUtils
• 6ab4c84 Upgrade to Reactor 2023.0.18
• d5fca0d Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...
• cbb9419 Clarify CompositePropertySource behavior for EnumerablePropertySource contract
• 5b5e2b6 Fix HttpClient 5.3.x request config compatibility
• a5b0399 Polishing
• 71f2725 Try loadClass on LinkageError in case of same ClassLoader as well
• daee9f1 Reinstate the @⁠Inject Technology Compatibility Kit (TCK)
• Additional commits viewable in compare view

Updates org.hibernate:hibernate-core from 5.4.3.Final to 5.6.15.Final

Changelog

Sourced from org.hibernate:hibernate-core's changelog.

Changes in 5.6.15.Final (February 06, 2023)

https://hibernate.atlassian.net/projects/HHH/versions/32121

** Bug * [HHH-16049] - Setting a property to its current value with bytecode enhancement enabled results in unnecessary SQL Update in some (many) cases * [HHH-15665] - Mariadb is missing identifier quote on SEQUENCE QUERY * [HHH-15618] - Procedure should accept TypedParameterValue as parameter

** Improvement * [HHH-15693] - Introduce a fast-path access for ClassLoaderService being retrieved from ServiceRegistry * [HHH-15690] - HQLQueryPlan to have a direct reference to QueryTranslatorFactory * [HHH-15685] - Improve efficiency of Dialect lookup in Loader and HqlSqlWalker

** Patch * [HHH-15792] - Explicitly add JavaDoc to make @​deprecated hint for createSQLQuery visible in Eclipse

Changes in 5.6.14.Final (November 04, 2022)

https://hibernate.atlassian.net/projects/HHH/versions/32120

** Improvement * [HHH-15662] - ClasscastException caused by check for Managed rather than ManagedEntity

Changes in 5.6.13.Final (November 03, 2022)

https://hibernate.atlassian.net/projects/HHH/versions/32112

** Bug * [HHH-15634] - Lazy basic property does not get updated on change * [HHH-15561] - Function "IDENTITY" not found when inserting audited revision using Hibernate Envers * [HHH-15554] - Merge of an Entity with an immutable composite user type throws Exception

** Improvement * [HHH-15649] - Additional performance fixes relating to Klass's _secondary_super_cache interaction with entity enhancement * [HHH-15639] - Upgrade to ByteBuddy 1.12.18 * [HHH-15637] - Upgrade to Byteman 4.0.20 * [HHH-15616] - Mitigate performance impact of entity enhancement on Klass's _secondary_super_cache * [HHH-15585] - Add support for DB2 aliases for schema validation * [HHH-15575] - Make getter org.hibernate.criterion.SimpleExpression#getOp() public

** Task * [HHH-15594] - Remove Oracle RDS and all test matrix uses

... (truncated)

Commits

• e924c27 5.6.15.Final
• 38ec412 HHH-15665 - Fix and added test for issue
• 1078caa HHH-16049 Setting a property to its current value with bytecode enhancement e...
• 802fc76 HHH-16049 Test setting a property to its current value with bytecode enhancem...
• ac55bb2 HHH-16049 Test setting a property to its current value with bytecode enhancem...
• 84662bf HHH-16049 Restructure lazy-basic tests for easier re-execution and better tes...
• 49fbe84 HHH-15618 Accept TypedParameterValue for procedure
• 45c7fc5 Add TCK build throttling
• cc3b389 Switch from LGTM to CodeQL
• d7fa18a HHH-15792: Explicitly add JavaDoc to make @​deprecated hint for createSQLQuery...
• Additional commits viewable in compare view

Updates org.hibernate.validator:hibernate-validator from 6.1.2.Final to 6.2.0.Final

Changelog

Sourced from org.hibernate.validator:hibernate-validator's changelog.

6.2.0.Final (23-12-2020)

** Bug * HV-1821 - engine - HV-1755 introduces NPE in org.hibernate.validator.internal.engine.ValidatorFactoryImpl constructor

** New Feature * HV-1822 - validators - Add Russian specific validator for russian taxpayer identification number

6.2.0.CR1 (07-12-2020)

** Improvement * HV-1812 - engine - Avoid reflection-based metadata extraction for built-in value extractors

** New Feature * HV-1816 - engine - Disable Expression Language by default for custom constraint violations

** Remove Feature * HV-1790 - engine, validators - Remove the SafeHtml constraint

** Task * HV-1820 - engine - Upgrade JBoss Logging to 3.4.1.Final * HV-1819 - engine - Upgrade Classmate to 1.5.1 * HV-1817 - build - Upgrade to checkstyle 8.38

6.1.6.Final (30-09-2020)

** Bug * HV-1804 - translations - Fix Dutch translation for @​Size constraint * HV-1797 - validators - Validation on classes with a bidirectional relationship cause stack overflow on 6.1.x * HV-1761 - engine - Interpolation of primitive arrays causes a ClassCastException

** Improvement * HV-1782 - translations - Remove trailing dot from @​Max constraint German translation

** New Feature * HV-1780 - validators - Add @​Normalized contraint that validates if text is normalized in a given form

** Task * HV-1803 - tests - Move the tests to log4j2 * HV-1802 - tests - Update ByteBuddy test dependency to 1.10.16 * HV-1795 - build - Remove link to JavaMoney javadoc

6.1.5.Final (06-05-2020)

** Bug * HV-1774 - engine - Invalid parsing of EL expression can lead to invalid EL expressions considered valid

... (truncated)

Commits

• a883dcd [Jenkins release job] Preparing release 6.2.0.Final
• badcc8f [Jenkins release job] changelog.txt updated by release build 6.2.0.Final
• ff4faab [Jenkins release job] README.md updated by release build 6.2.0.Final
• d8c8faa HV-1822 add russian specific INN annotation
• 3304647 HV-1821 Support using a non-Hibernate Validator configuration class
• 9c61b95 [Jenkins release job] Preparing next development iteration
• 02ed74e [Jenkins release job] Preparing release 6.2.0.CR1
• 401a85d [Jenkins release job] changelog.txt updated by release build 6.2.0.CR1
• 7232226 [Jenkins release job] README.md updated by release build 6.2.0.CR1
• 1785054 HV-1820 Upgrade JBoss Logging to 3.4.1.Final
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.springframework:spring-context from 5.3.25 to 6.1.20

Release notes

Sourced from org.springframework:spring-context's releases.

v6.1.20

⭐ New Features

• Add option for case-insensitive match to PatternMatchUtils #34802

🐞 Bug Fixes

• HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34854
• Accidental ClassLoader defineClass enforcement after #34677 #34839

📔 Documentation

• Clarify CompositePropertySource behavior for EnumerablePropertySource contract #34887

🔨 Dependency Upgrades

• Upgrade to Reactor 2023.0.18 #34899

v6.1.19

⭐ New Features

• Suggest compilation with -parameters when AspectJAdviceParameterNameDiscoverer fails against ambiguity #34618

🐞 Bug Fixes

• PropertyBatchUpdateException: causes of nested PropertyAccessExceptions not shown in output #34698
• Change in Jar usecache behavior with Spring 6.1.x causing java.lang.IllegalStateException: zip file closed #34694
• Startup performance regression due to CGLIB class load attempts in Spring 6.1.x #34693
• IllegalAccessError for package-private member of AzureStorageConfiguration on WebSphere #34690
• @Configuration classes can no longer be abstract without @Bean methods #34689
• Generated-code for LinkedHashMap is missing static keyword #34661
• AbstractReactiveTransactionManager throws IllegalStateException when rollback fails after commit attempt #34619

📔 Documentation

• Add javadoc notes on potential exception suppression in ListableBeanFactory#getBeansOfType #34631
• Remove remaining references to Forwarded headers in MvcUriComponentsBuilder #34626
• MvcUriComponentsBuilder javadocs inaccurately reflects usage of forwarded headers #34620

v6.1.18

⭐ New Features

• Avoid unnecessary CGLIB processing on configuration classes #34487
• Inconsistent default class loaders in hint classes #34473

🐞 Bug Fixes

• DefaultManagedTaskExecutor throws java.lang.UnsupportedOperationException: isShutdown when rejecting tasks #34515
• Endless loop with DataSourceUtils in spring-jdbc #34497
• MockHttpServletResponse - handle multiple values for Content-Language header #34491

... (truncated)

Commits

• 1f9c59b Release v6.1.20
• edfcc6f Make use of PatternMatchUtils ignoreCase option
• f93132b Add missing @​since tags in PatternMatchUtils
• 6ab4c84 Upgrade to Reactor 2023.0.18
• d5fca0d Upgrade to Jetty 12.0.21, Netty 4.1.121, Apache HttpClient 5.4.4, Checkstyle ...
• cbb9419 Clarify CompositePropertySource behavior for EnumerablePropertySource contract
• 5b5e2b6 Fix HttpClient 5.3.x request config compatibility
• a5b0399 Polishing
• 71f2725 Try loadClass on LinkageError in case of same ClassLoader as well
• daee9f1 Reinstate the @⁠Inject Technology Compatibility Kit (TCK)
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.13.0 to 3.18.0

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-core from 6.53.0 to 7.10.0

Release notes

Sourced from net.sourceforge.pmd:pmd-core's releases.

PMD 7.10.0 (31-January-2025)

31-January-2025 - 7.10.0

The PMD team is pleased to announce PMD 7.10.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • 🚀 New: Java 24 Support
  • New GPG Release Signing Key
  • Updated PMD Designer
• 🌟 New and changed rules
  • New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Removed Experimental API
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🚀 New: Java 24 Support

This release of PMD brings support for Java 24. There are no new standard language features, but a couple of preview language features:

• JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview)
• JEP 492: Flexible Constructor Bodies (Third Preview)
• JEP 494: Module Import Declarations (Second Preview)
• JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview)

In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 24-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-24-preview ...

Note: Support for Java 22 preview language features have been removed. The version "22-preview" is no longer available.

New GPG Release Signing Key

Since January 2025, we switched the GPG Key we use for signing releases in Maven Central to be A0B5CA1A4E086838. The full fingerprint is 2EFA 55D0 785C 31F9 56F2 F87E A0B5 CA1A 4E08 6838.

... (truncated)

Commits

• db70a20 [release] prepare release pmd_releases/7.10.0
• 672dfd0 Prepare pmd release 7.10.0
• d16a2d0 [java] Fix tests
• 42fc62c Add @​caiocarvalhotero as a contributor
• f8f81e4 Add @​esc-sbarden as a contributor
• 5be481e [java] Support Java 24 (#5471)
• d8886e3 [java] Support exhaustive switches (#5412)
• 64c52c8 [doc] Update release notes (#5412)
• e6561a6 [apex] Fix #3158: Recognize Named Credentials merge fields in ApexSuggestUsin...
• 2a3d8cb [doc] Update release notes (#3158, #5488)
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates org.apache.poi:poi-ooxml from 5.2.3 to 5.4.0

Updates ch.qos.logback:logback-core from 1.2.7 to 1.3.15

Commits

• 81f8c25 remove Stax related code
• 7cb4834 prepare release 1.3.15
• ad9c5e0 StaxEventRecorder was experimental and was never used nor referenced, removing
• 4cb1053 remove unused package
• 2863a49 prevent Server-Side Request Forgery (SSRF) attacks by ignoring external DTD f...
• b44b940 remove JaninoEventEvaluator
• c17e588 remove JaninoEventEvaluator
• c84e7d8 update license in some old files not part of the ditributed binary
• dc2fbb6 start work on 1.3.15-SNAPSHOT
• 39fc546 remove unused import
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.15.2 to 2.20.0

Commits

• ea0830a [maven-release-plugin] prepare release jackson-core-2.20.0
• e16733a Prep for 2.20.0
• 93deb38 Drop RC from version pre-2.20.0 release
• f0bcc3c Handle deprecation warnings
• 6e70d08 Fix #1462: deprecate JsonFactory.createParser(URL) (#1464)
• 588cc76 Post release version bump
• 018f9e1 [maven-release-plugin] prepare for next development iteration
• 360e498 [maven-release-plugin] prepare release jackson-core-2.20.0-rc1
• 538ac44 Prep for 2.20.0-rc1
• dfbf47b Merge branch '2.19' into 2.x
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.15.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.15.2 to 2.20.0

Updates org.springframework:spring-context from 5.3.28 to 6.1.20

Release notes

Sourced from org.springframework:spring-context's releases.

v6.1.20

⭐ New Features

• Add option for case-insensitive match to PatternMatchUtils #34802

🐞 Bug Fixes

• HttpComponentsClientHttpRequestFactory setConnectionRequestTimeout not working with httpclient 5.3.1 #34854
• Accidental ClassLoader defineClass enforcement after #34677 #34839

📔...

Description has been truncated

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.