Skip to content

Bump the minor-patch group across 1 directory with 10 updates#849

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/minor-patch-fa410d5aff
Open

Bump the minor-patch group across 1 directory with 10 updates#849
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/minor-patch-fa410d5aff

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-patch group with 10 updates in the / directory:

Package From To
io.netty:netty-bom 4.2.14.Final 4.2.15.Final
org.apache.maven.plugins:maven-surefire-plugin 3.5.5 3.5.6
org.apache.maven.plugins:maven-failsafe-plugin 3.5.5 3.5.6
org.jacoco:jacoco-maven-plugin 0.8.14 0.8.15
com.diffplug.spotless:spotless-maven-plugin 3.5.1 3.6.0
com.github.spotbugs:spotbugs-annotations 4.9.8 4.10.1
ch.qos.logback:logback-classic 1.5.32 1.5.34
software.amazon.awssdk:s3 2.44.11 2.46.6
software.amazon.awssdk.crt:aws-crt 0.45.4 0.47.0
com.google.cloud:google-cloud-storage 2.68.0 2.69.0

Updates io.netty:netty-bom from 4.2.14.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.15.Final

Security fixes

  • CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
  • CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-50560: DDoS in io.netty:netty-codec-http2.
  • CVE-2026-50011: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-50009: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
  • CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
  • CVE-2026-50020: request smuggling in io.netty:netty-codec-http.
  • CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
  • CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
  • CVE-2026-50010: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
  • CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
  • CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
  • CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
  • CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
  • CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
  • CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

New Contributors

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

Commits
  • a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
  • 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
  • 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
  • 76291f5 Fix SCTP and Redis tests (#16893)
  • e067b6e Fix revapi warnings (#16885)
  • 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
  • 541add0 Merge commit from fork
  • 270800e Merge commit from fork
  • 3d45a1e Merge commit from fork
  • 75127ca Merge commit from fork
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

  • Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
  • e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
  • dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
  • 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
  • 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
  • 04ad9a2 Use surefire 3.5.5 by project itself for testing
  • 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
  • a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
  • e838393 deploy 3.5.x branch to nexus
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.6

🚀 New features and improvements

  • Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
  • e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
  • dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
  • 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
  • 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
  • 04ad9a2 Use surefire 3.5.5 by project itself for testing
  • 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
  • a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
  • e838393 deploy 3.5.x branch to nexus
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

  • JaCoCo now officially supports Java 26 (GitHub #2076).
  • Experimental support for Java 27 class files (GitHub #2004).
  • Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
  • Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
  • Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
  • Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
  • Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
  • Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
  • For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

  • Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
  • Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
  • For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
  • Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

  • JaCoCo now depends on ASM 9.10.1 (GitHub #2134).
Commits
  • 6c5260a Prepare release v0.8.15
  • 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
  • ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
  • 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
  • 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
  • 85b8ddf Upgrade ASM to 9.10.1 (#2134)
  • 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
  • 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
  • 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
  • 3e18f17 Require at least JDK 21 for build (#2128)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.6.0

Added

  • Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
  • EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

  • <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
  • spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
  • <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
  • forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

  • Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)
Commits
  • 71a433c Published maven/3.6.0
  • 3a0f101 Published gradle/8.6.0
  • 007e9d8 Published lib/4.6.2
  • a074d53 Allow setting the local P2 cache dir in the Spotless Gradle plugin (#2944)
  • a266fc2 Merge branch 'main' into add-cache-directory-dsl
  • e0d466e Fix: sort members treats record declarations as types (#2942)
  • 3936b6f Merge branch 'main' into main
  • 278765f fix: expandWildcardImports support pom type dependency, fix #2839 (#2935)
  • a18ddec Remove maxLineLength from versionCatalog step (#2949)
  • b91ad87 Add changelog entries for versionCatalog maxLineLength removal
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.9.8 to 4.10.1

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.10.1

SpotBugs 4.10.1

Note

SpotBugs 4.10.0 was superseded by 4.10.1 due to a release issue. Users should use 4.10.1. See the discussion below for additional details:

spotbugs/spotbugs#4155

CHANGELOG

Build

  • 4.10.0 was not released due to a release process error (artifacts were built from a -SNAPSHOT version). 4.10.1 is the corrected release and contains the intended 4.10.0 contents.

CHECKSUM

file checksum (sha256)
spotbugs-4.10.1-javadoc.jar 582dc49e95b080333b1025dc23e76630e5f6f1648b2f9fa71ee34918f6d9dd2c
spotbugs-4.10.1-sources.jar 76476f61ce6dc0eb0c38801e21da44e77043ba21226aef6c1b9d21df06d2395a
spotbugs-4.10.1.tgz 9264ee04afc8a3945c065916ffb5180d13b938245be91f90ef65c4a4cc1d4f5b
spotbugs-4.10.1.zip 010fdccc06430588a8eeab40db8c6708d836a4dd321623f785aee19343fd682f
spotbugs-annotations-4.10.1-javadoc.jar 1c878bc3dd98eff234149725a7acfaa2dcae11397d793b8d03cd8abf49f1f516
spotbugs-annotations-4.10.1-sources.jar 87974d23caffbc8c6e66c567747627267b5ed06573cee966d7af6d236b8d65bd
spotbugs-annotations.jar 3e2aa962f3099b55362483a6db3e92afa579dc1e030d967093bbcd0935fd67a1
spotbugs-ant-4.10.1-javadoc.jar c3b2376b23dbcd8a161c8b9e7e251d61dbcd9ecd34a835c5b3c59b239c6b79f6
spotbugs-ant-4.10.1-sources.jar 91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar 22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar 736a409ecfd5b86ec6746fd809ef4c75d507f6f6528810f165663d12564a2c20
test-harness-4.10.1-javadoc.jar 579974414765d90bd1fc0d1998de0a6a66e8566a1aaf34753f0243536c56c57c
test-harness-4.10.1-sources.jar 805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.10.1.jar bd10d1f11a1b93e4ca4db4d27772f611bd3407f9452dbbd2d1ba62584ddc171f
test-harness-core-4.10.1-javadoc.jar 6b7c82de6f040717d4557257d20886b086de20d57e184a7aa74d73768047f903
test-harness-core-4.10.1-sources.jar 043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.10.1.jar 1f9a0ee8f150dd71f960ca4f59dcf7912a45d0e9e6aefc4585fd44b975454bc0
test-harness-jupiter-4.10.1-javadoc.jar 2762335276588d3787d7940bfc65181d37b1629b7c579e01ddad81d184ea3fac
test-harness-jupiter-4.10.1-sources.jar 17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.10.1.jar a91146da3e993479cfefd2690781cbd102c6360ecc63a96d88995be3bd60fcbb

4.10.0

Note: SpotBugs 4.10.0 has been superseded by 4.10.1 due to a release issue. Please use 4.10.1 instead. See spotbugs/spotbugs#4155

SpotBugs 4.10.0-SNAPSHOT

CHANGELOG

Refactor

  • Move internal usage of 'javax.annotation.Nonnull' to 'jakarta.annotation.NonNull'. (#3858)
  • Move internal usage of 'javax.annotation.Nullable' to 'jakarta.annotation.Nullable'. (#3861)
  • Renamed methods from edu.umd.cs.findbugs.SwitchHandler to reflect that they return a PC, not an offset (#3869)
  • Make the progress bar more visually appealing by adding some borders (#3896)
  • Reuse DismantleBytecode.isIf introduced in (#3869)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.10.1 - 2026-06-08

Build

  • 4.10.0 was not released due to a release process error (artifacts were built from a -SNAPSHOT version). 4.10.1 is the corrected release and contains the intended 4.10.0 contents.

4.10.0 - 2026-06-07

Refactor

  • Move internal usage of 'javax.annotation.Nonnull' to 'jakarta.annotation.NonNull'. (#3858)
  • Move internal usage of 'javax.annotation.Nullable' to 'jakarta.annotation.Nullable'. (#3861)
  • Renamed methods from edu.umd.cs.findbugs.SwitchHandler to reflect that they return a PC, not an offset (#3869)
  • Make the progress bar more visually appealing by adding some borders (#3896)
  • Reuse DismantleBytecode.isIf introduced in (#3869)

Added

  • Add partial support for org.jspecify.annotations.Nullable, org.jspecify.annotations.NonNull, org.jspecify.annotations.NullUnmarked and org.jspecify.annotations.NullMarked annotations. These are aliased to the closest existing SpotBugs nullness annotations. This is not a complete implementation of the JSpecify spec; scope-level semantics of @NullMarked and @NullUnmarked are not yet supported. (#3996)
  • Recognize jakarta.annotation.Nonnull and jakarta.annotation.Nullable (#3780)
  • Detect use of sun.misc.Unsafe and jdk.internal.misc.Unsafe (#3804)
  • New bug type is introduced: NCR_NOT_PROPERLY_CHECKED_READ. Improper validation of the return value from the read() method in InputStream and Reader classes may result in an array not being fully filled. (#3766)
  • New detector FindImproperSynchronization and introduced new bug types:
    • USO_UNSAFE_METHOD_SYNCHRONIZATION is reported when using synchronized methods with the class' accessible intrinsic lock,
    • USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION is reported when using static synchronized methods with the class' exposed intrinsic lock,
    • USO_UNSAFE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is visible from the outside,
    • USO_UNSAFE_ACCESSIBLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is made accessible, with methods that update or return the lock, to the outside,
    • USO_UNSAFE_INHERITABLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is can be altered by subclasses,
    • USO_UNSAFE_EXPOSED_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is later exposed in the subclasses.
    • USBC_UNSAFE_SYNCHRONIZATION_WITH_BACKING_COLLECTION is reported when the backing collection of a lock is visible from the outside,
    • USBC_UNSAFE_SYNCHRONIZATION_WITH_ACCESSIBLE_BACKING_COLLECTION is reported when the backing collection of a lock is made accessible, with methods that update or return the lock, to the outside,
    • USBC_UNSAFE_SYNCHRONIZATION_WITH_INHERITABLE_BACKING_COLLECTION is reported when the backing collection of a lock can be altered by subclasses. (See SEI CERT rule LCK00-J and SEI CERT rule LCK04-J)
  • New detector FindIncreasedAccessibilityOfMethods for new bug type IAOM_DO_NOT_INCREASE_METHOD_ACCESSIBILITY. This detector reports a bug if a class increases the accessibility of overridden or hidden methods. (See SEI CERT rule MET04-J)

Fixed

  • Fix DM_STRING_TOSTRING false negative when toString() is chained before a method call (e.g., s.toString().toLowerCase()); multiple occurrences in the same method are now all reported (#3966)
  • Stop exposing JUnit BOM as a transitive dependency to consumers (#3908)
  • Fix incorrect bug counts and sizes when unioning reports (#3721)
  • Classes containing only methods throwing UnsupportedOperationException with setter-like names are no longer considered as mutable (#1601)
  • Enhanced SARIF output with full description sections - adding markdown is still an open issue (#2339)
  • Added missing null check to MultipleInstantiationsOfSingletons detector (#3823)
  • Fix invalid syntax in findbugsfilter.xsd (#3832)
  • Fix CT_CONSTRUCTOR_THROW FP with public and private constructors (#3822)
  • Fix tool name in usage info, (#3847)
  • Fix the building of relative chains of ./././ in filenames in fbp files (#3852)
  • Fix IllegalArgumentException initializing spotbugs when inside a fat jar on Java 25 (#3875)
  • Do not report DM_DEFAULT_ENCODING for classes compiled with target >= 18 (#3866)
  • Fix FS_BAD_DATE_FORMAT_FLAG_COMBO not suppressed by field-level annotation (#3838)
  • Fix SF_SWITCH_FALLTHROUGH false positives (#3767)
  • Recognize well-known exception-throwing utility methods when looking for exceptions thrown from constructors (#3821)
  • Fix RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE false negative when non-null value is on the left side of null comparison (#3920)
  • Fix IM_BAD_CHECK_FOR_ODD false negative when using Yoda-style comparison (1 == i % 2) (#3886)
  • Fix PluginLoader.close() to continue closing all URLClassLoaders when one close operation fails, suppressing subsequent IOExceptions. (#3958)
  • Fix broken bugDescriptions.html#TYPE links by restoring legacy bug type anchors in generated docs (#2113)

... (truncated)

Commits
  • 7460889 release v4.10.1
  • f6c4597 prepare for next release
  • 6e64d99 release v4.10.0
  • 73a6f59 feat: add partial JSpecify annotations support (from PR #3142) (#3996)
  • 85a0cba Add targeted tests for UI launch and class feature transformations (#4153)
  • 3404e1d Raise SpotBugs core coverage with focused unit tests for previously untested ...
  • 654c208 Add VS Code link to README
  • 70e5d15 Clarify detector-fix guidance for Copilot agents (#4151)
  • d6db565 chore(build): Update comments for commons-compress version details (#4150)
  • 9d7cc2f Update dependency jaxen:jaxen to v2.0.6 (#4145)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e62272a prepare release 1.5.34
  • 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
  • 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
  • 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
  • f7a0654 prevent resolveProxyClass bypass
  • 249b81f docs are no longer distributed
  • 1c3b26a start work on 1.5.34-SNAPSHOT
  • 124e8b4 prepare release 1.5.33
  • d8fd6f2 escapeTags in message field when printing status messages
  • 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.44.11 to 2.46.6

Updates software.amazon.awssdk.crt:aws-crt from 0.45.4 to 0.47.0

Release notes

Sourced from software.amazon.awssdk.crt:aws-crt's releases.

Support TLS 1.3 on macOS

What's Changed

Full Changelog: awslabs/aws-crt-java@v0.46.1...v0.47.0

submodule fix -- fix unknown checksum handling

What's Changed

Full Changelog: awslabs/aws-crt-java@v0.46.0...v0.46.1

v0.46.0

What's Changed

Full Changelog: awslabs/aws-crt-java@v0.45.4...v0.46.0

Commits

Updates com.google.cloud:google-cloud-storage from 2.68.0 to 2.69.0

Changelog

Sourced from com.google.cloud:google-cloud-storage's changelog.

2.69.0 (2025-06-16)

  • No change
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-patch group across 1 directory with 10 updates
f29ff00 
Bumps the minor-patch group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [io.netty:netty-bom](https://github.com/netty/netty) | `4.2.14.Final` | `4.2.15.Final` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.14` | `0.8.15` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `3.5.1` | `3.6.0` |
| [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) | `4.9.8` | `4.10.1` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` |
| software.amazon.awssdk:s3 | `2.44.11` | `2.46.6` |
| [software.amazon.awssdk.crt:aws-crt](https://github.com/awslabs/aws-crt-java) | `0.45.4` | `0.47.0` |
| [com.google.cloud:google-cloud-storage](https://github.com/googleapis/google-cloud-java) | `2.68.0` | `2.69.0` |



Updates `io.netty:netty-bom` from 4.2.14.Final to 4.2.15.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.14.Final...netty-4.2.15.Final)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.5.1 to 3.6.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/3.5.1...maven/3.6.0)

Updates `com.github.spotbugs:spotbugs-annotations` from 4.9.8 to 4.10.1
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](spotbugs/spotbugs@4.9.8...4.10.1)

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.34)

Updates `software.amazon.awssdk:s3` from 2.44.11 to 2.46.6

Updates `software.amazon.awssdk.crt:aws-crt` from 0.45.4 to 0.47.0
- [Release notes](https://github.com/awslabs/aws-crt-java/releases)
- [Commits](awslabs/aws-crt-java@v0.45.4...v0.47.0)

Updates `com.google.cloud:google-cloud-storage` from 2.68.0 to 2.69.0
- [Release notes](https://github.com/googleapis/google-cloud-java/releases)
- [Changelog](https://github.com/googleapis/google-cloud-java/blob/main/java-document-ai/CHANGELOG.md)
- [Commits](https://github.com/googleapis/google-cloud-java/commits)

---
updated-dependencies:
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-version: 4.10.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.34
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: software.amazon.awssdk:s3
  dependency-version: 2.46.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: software.amazon.awssdk.crt:aws-crt
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: com.google.cloud:google-cloud-storage
  dependency-version: 2.69.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 16, 2026 15:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants