Commit 60a7426
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump the dependencies group across 1 directory with 4 updates (#2194)
Bumps the dependencies group with 4 updates in the / directory:
[com.github.luben:zstd-jni](https://github.com/luben/zstd-jni),
[org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire),
[org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) and
[ch.qos.logback:logback-classic](https://github.com/qos-ch/logback).
Updates `com.github.luben:zstd-jni` from 1.5.7-8 to 1.5.7-10
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/luben/zstd-jni/commits">compare view</a></li>
</ul>
</details>
<br />
Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to
3.5.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/apache/maven-surefire/releases">org.apache.maven.plugins:maven-surefire-plugin's
releases</a>.</em></p>
<blockquote>
<h2>3.5.6</h2>
<!-- raw HTML omitted -->
<h2>🚀 New features and improvements</h2>
<ul>
<li>Introduce reportTestTimestamp option and include timestamp for test
sets and test cases (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3261">#3261</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3302">#3302</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
</ul>
<h2>🐛 Bug Fixes</h2>
<ul>
<li>Issue <a
href="https://redirect.github.com/apache/maven-surefire/issues/2613">#2613</a>
Debugging failsafe tests: Message 'Listening for transport dt_socket at
address' is not displayed anymore when using maven.surefire.debug (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3353">#3353</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3354">#3354</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
<li>Ensure that the statistics filename is calculated only once. (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3326">#3326</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3327">#3327</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
<li>Add <code>flakes</code> attribute to use in <code>testsuite</code>
report (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3306">#3306</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3308">#3308</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
<li>[BACKPORT 3.5.x] <a
href="https://issues.apache.org/jira/browse/SUREFIRE-2049">[SUREFIRE-2049]</a>
- Fix SHUTDOWN type lost during command serialization. (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3270">#3270</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3289">#3289</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
<li>fix: null guard for context map (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3269">#3269</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/pull/3272">#3272</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
</ul>
<h2>👻 Maintenance</h2>
<ul>
<li>3.5.x/bug/cherry pick embedded mode its (<a
href="https://redirect.github.com/apache/maven-surefire/pull/3328">#3328</a>)
<a href="https://github.com/olamy"><code>@olamy</code></a></li>
<li>Use surefire 3.5.5 by project itself for testing (<a
href="https://redirect.github.com/apache/maven-surefire/pull/3324">#3324</a>)
<a
href="https://github.com/slawekjaranowski"><code>@slawekjaranowski</code></a></li>
<li>Follow Oracle javadoc guidelines (<a
href="https://redirect.github.com/apache/maven-surefire/pull/3177">#3177</a>)
<a href="https://github.com/elharo"><code>@elharo</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/3334">#3334</a>)
@<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li>
<li>Bump commons-io:commons-io from 2.21.0 to 2.22.0 (<a
href="https://redirect.github.com/apache/maven-surefire/pull/3350">#3350</a>)
@<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/apache/maven-surefire/commit/25ea054860a5c1e5932b360d8aa0a31944c2b841"><code>25ea054</code></a>
[maven-release-plugin] prepare release surefire-3.5.6</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/e5f374ccdefd5b40d75e0072a754708183d9ec5e"><code>e5f374c</code></a>
Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/dadd55b7a6a3a0336c253413f68c4f08092328c2"><code>dadd55b</code></a>
Issue <a
href="https://redirect.github.com/apache/maven-surefire/issues/2613">#2613</a>
Debugging failsafe tests: Message 'Listening for transport
dt_soc...</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/39dd250a44f1f2f1f18ea1881d78ac341222ea97"><code>39dd250</code></a>
Bump commons-io:commons-io from 2.21.0 to 2.22.0</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/27742739c8cc6e4676611ac4bfe42870f74fd0f3"><code>2774273</code></a>
Ensure that the statistics filename is calculated only once. (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3326">#3326</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/issues/3327">#3327</a>)</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/0d5df8a3b4606622a67922405488d4b182409893"><code>0d5df8a</code></a>
3.5.x/bug/cherry pick embedded mode its (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3328">#3328</a>)</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/04ad9a293f5cee5e95c5cd5a2e751723be66deff"><code>04ad9a2</code></a>
Use surefire 3.5.5 by project itself for testing</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/37e8f694c18ca664a8e45e934a43d4870e799c45"><code>37e8f69</code></a>
Add <code>flakes</code> attribute to use in <code>testsuite</code>
report (<a
href="https://redirect.github.com/apache/maven-surefire/issues/3306">#3306</a>)
(<a
href="https://redirect.github.com/apache/maven-surefire/issues/3308">#3308</a>)</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/a970fefe4dbc173acacf79389d812f91f6ef027a"><code>a970fef</code></a>
Introduce reportTestTimestamp option and include timestamp for test sets
and ...</li>
<li><a
href="https://github.com/apache/maven-surefire/commit/e838393bbb127a7798d13283b9af7cfa0afec3a8"><code>e838393</code></a>
deploy 3.5.x branch to nexus</li>
<li>Additional commits viewable in <a
href="https://github.com/apache/maven-surefire/compare/surefire-3.5.5...surefire-3.5.6">compare
view</a></li>
</ul>
</details>
<br />
Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jacoco/jacoco/releases">org.jacoco:jacoco-maven-plugin's
releases</a>.</em></p>
<blockquote>
<h2>0.8.15</h2>
<h2>New Features</h2>
<ul>
<li>JaCoCo now officially supports Java 26 (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2076">#2076</a>).</li>
<li>Experimental support for Java 27 class files (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2004">#2004</a>).</li>
<li>Compatibility methods generated by Kotlin compiler for functions
defined in interfaces are filtered out during generation of report
(GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/1905">#1905</a>).</li>
<li>Compatibility methods generated by Kotlin compiler for exposed boxed
inline value classes (JvmExposeBoxed annotation) are filtered out during
generation of report (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/1944">#1944</a>).</li>
<li>Methods generated by the Kotlin compiler for functions with
JvmStatic annotation are filtered out during generation of report
(GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2097">#2097</a>).</li>
<li>Improved filtering of bytecode generated by Kotlin compiler for when
expressions and statements with kotlin.String subject where first branch
condition contains string with largest hash (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2098">#2098</a>).</li>
<li>Part of bytecode that javac versions from 24 to 26 generate for
switch statements and expressions with selector expression of type
java.lang.String inside lambdas is filtered out during generation of
report (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2023">#2023</a>).</li>
<li>Improved performance of Kotlin files analysis by parsing SMAPs only
once per class (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2114">#2114</a>).</li>
<li>For better performance agent output methods tcpclient and tcpserver
use BufferedOutputStream to write execution data to socket. Maven
plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use
BufferedInputStream to read execution data from socket. Third-party
integrations should do the same to benefit from this change in agent
(GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2089">#2089</a>).</li>
</ul>
<h2>Fixed bugs</h2>
<ul>
<li>Fixed processing of Kotlin SMAP in synthetic classes (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/1985">#1985</a>).</li>
<li>Multiple JaCoCo runtimes within one JVM writing to the same output
file should not cause data corruption when running on JDK versions from
6 to 10 affected by <a
href="https://bugs.openjdk.org/browse/JDK-8166253">JDK-8166253</a>
(GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2065">#2065</a>,
<a
href="https://redirect.github.com/jacoco/jacoco/issues/2074">#2074</a>).</li>
<li>For better performance agent writes to output file via
BufferedOutputStream, this fixes regression introduced in version 0.6.2
(GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2073">#2073</a>).</li>
<li>Fixed NullPointerException when JaCoCo agent is loaded by non system
class loader, for example when loaded by JBoss Modules (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/1651">#1651</a>).</li>
</ul>
<h2>Non-functional Changes</h2>
<ul>
<li>JaCoCo now depends on ASM 9.10.1 (GitHub <a
href="https://redirect.github.com/jacoco/jacoco/issues/2134">#2134</a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jacoco/jacoco/commit/6c5260a192eaa535e4a519771d530781cbac9136"><code>6c5260a</code></a>
Prepare release v0.8.15</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/5c05141431a7f064a804a923fbae11271241f116"><code>5c05141</code></a>
Transfer of execution data through socket should use buffered stream (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2089">#2089</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/ab5efa9d63c06899b2aec1d4a6099fc856132a22"><code>ab5efa9</code></a>
Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2148">#2148</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/5f6ea38f20ff4583deb4ab976571c853231f97c2"><code>5f6ea38</code></a>
Use Windows 2025 image in GitHub Actions (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2130">#2130</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/35a8af2cfc168ce51f2a3ea2d55d65f31e61c513"><code>35a8af2</code></a>
Use Renovate instead of Dependabot for updates of ASM (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2137">#2137</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/85b8ddf530821f75b3b26f5f96d03252286b3ad6"><code>85b8ddf</code></a>
Upgrade ASM to 9.10.1 (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2134">#2134</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/2988647ac37c3ad35a77b51d01b10a916b85627b"><code>2988647</code></a>
AgentModule should use ClassLoader of agent instead of SystemClassLoader
(<a
href="https://redirect.github.com/jacoco/jacoco/issues/1651">#1651</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/75a4e31fed32f180fbe4593ad91ec5c176c0535b"><code>75a4e31</code></a>
Add filter for Kotlin <code>@JvmExposeBoxed</code> (<a
href="https://redirect.github.com/jacoco/jacoco/issues/1944">#1944</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/691fa1d6a0dffa91f45daf0714f28bfdaa367fc0"><code>691fa1d</code></a>
Use Renovate instead of Dependabot for updates of GitHub Actions (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2132">#2132</a>)</li>
<li><a
href="https://github.com/jacoco/jacoco/commit/3e18f17207bca0203b726ace460aa6be8d0f3dd4"><code>3e18f17</code></a>
Require at least JDK 21 for build (<a
href="https://redirect.github.com/jacoco/jacoco/issues/2128">#2128</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/jacoco/jacoco/compare/v0.8.14...v0.8.15">compare
view</a></li>
</ul>
</details>
<br />
Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/qos-ch/logback/releases">ch.qos.logback:logback-classic's
releases</a>.</em></p>
<blockquote>
<h2>Logback 1.5.34</h2>
<p><strong>2026-06-01 Release of logback version 1.5.34</strong></p>
<p>• In case certain StackTraceElement values returned by the
Throwable.getStackTrace method are null, StackTraceElementProxy
substitutes a dummy instance instead of throwing an
IllegalArgumentException. This resolves [issues <a
href="https://redirect.github.com/qos-ch/logback/issues/1040">#1040</a>](<a
href="https://redirect.github.com/qos-ch/logback/issues/1040">qos-ch/logback#1040</a>),
reported by Naotsugu Kobayashi.</p>
<p>• HardenedObjectInputStream will now throw an InvalidClassException
during deserialization attempts of Proxy classes. This change addresses
potential deserialization whitelist bypass vulnerability reported by <a
href="https://github.com/york-shen">York Shen</a> and registered as <a
href="https://www.cve.org/cverecord?id=CVE-2026-10532">CVE-2026-10532</a>.</p>
<p>• A bitwise identical binary of this version can be reproduced by
building from source code at commit
e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag
v_1.5.34. This release was built using Java "21" 2023-10-17
LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
<h2>Logback 1.5.33</h2>
<p><strong>2026-05-27 Release of logback version 1.5.33</strong></p>
<p>• <code>PropertiesConfiguratorModelHandler</code> now registers
properties file URLs to the <code>ConfigurationWatchList</code> when
scan is enabled (via local scan="true" attribute or top-level
configuration scan), ensuring changes are detected and reconfiguration
occurs. This problem was reported in <a
href="https://redirect.github.com/qos-ch/logback/issues/1034">issues/1034</a>.</p>
<p>• When processing <code><conversionRule></code> elements and
both <code>class</code> and <code>converterClass</code> attributes are
specified, silently use the class attribute without issuing a warning.
However, if the attribute values differ, a warning will be issued. This
change was requested in <a
href="https://redirect.github.com/qos-ch/logback/issues/1031">issues/1031</a>.</p>
<p>• <code>HardenedModelInputStream</code> will no longer accept to
deserialize all classes located under the "java.lang" and
"java.util" packages but a limited number of explicitly
authorized classes in those packages. This potential deserialization
whitelist bypass vulnerability was reported by <a
href="https://github.com/york-shen">York Shen</a> and registered as <a
href="https://www.cve.org/cverecord?id=CVE-2026-9828">CVE-2026-9828</a>.</p>
<p>• SSL parameters for <code>SSLSocketAppender</code> now enable
hostname verification by default. Moreover, the default protocol is now
"TLSv1.2". This potential vulnerability was reported by York
Shen.</p>
<p>• When printing the status message field,
<code>ViewStatusMessagesServletBase</code> now escapes special
characters such as "&" as character entities. This
potential vulnerability was reported by York Shen.</p>
<p>• A bit-wise identical binary of this version can be reproduced by
building from source code at commit
124e8b49b55ac34d08743a0646bd463410192647 associated with the tag
v_1.5.33. Release built using Java "21" 2023-10-17 LTS build
21.0.1.+12-LTS-29 under Linux Debian 11.6.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/qos-ch/logback/commit/e62272ac152469aec1ede056c3c7d0d7314e7bfe"><code>e62272a</code></a>
prepare release 1.5.34</li>
<li><a
href="https://github.com/qos-ch/logback/commit/1e9e926db1529b729a0e2d29fdee151c2aea0341"><code>1e9e926</code></a>
add resolveProxyClassRejectsDynamicProxies unit test</li>
<li><a
href="https://github.com/qos-ch/logback/commit/2de5cbe90b74fa284685304bc91321313b0d8e2f"><code>2de5cbe</code></a>
added StackTraceElementProxyTest, minor edits to AGENTS.md</li>
<li><a
href="https://github.com/qos-ch/logback/commit/0e9b9278b5d3f0b573762cd7b5482ed65244418e"><code>0e9b927</code></a>
in case StackTraceElement is null use a substitute, fixing
issues/1040</li>
<li><a
href="https://github.com/qos-ch/logback/commit/f7a0654c2b7e8e1c461e3d9e483e82ef969b5818"><code>f7a0654</code></a>
prevent resolveProxyClass bypass</li>
<li><a
href="https://github.com/qos-ch/logback/commit/249b81f3754f1fb58f8507f244a36c7a940854c0"><code>249b81f</code></a>
docs are no longer distributed</li>
<li><a
href="https://github.com/qos-ch/logback/commit/1c3b26a839f05b6bc1769e5a028ef326c711cec8"><code>1c3b26a</code></a>
start work on 1.5.34-SNAPSHOT</li>
<li><a
href="https://github.com/qos-ch/logback/commit/124e8b49b55ac34d08743a0646bd463410192647"><code>124e8b4</code></a>
prepare release 1.5.33</li>
<li><a
href="https://github.com/qos-ch/logback/commit/d8fd6f25c7f12282871164911fe423c86e2ef8f3"><code>d8fd6f2</code></a>
escapeTags in message field when printing status messages</li>
<li><a
href="https://github.com/qos-ch/logback/commit/95edbeb8dbf53494f36324aeb7bef1825aff6cc4"><code>95edbeb</code></a>
hostnameVerification default to true in SSLParametersConfiguration,
SSL.DEFAU...</li>
<li>Additional commits viewable in <a
href="https://github.com/qos-ch/logback/compare/v_1.5.32...v_1.5.34">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent d54911f commit 60a7426
1 file changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
51 | | - | |
52 | | - | |
| 51 | + | |
| 52 | + | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
| |||
338 | 338 | | |
339 | 339 | | |
340 | 340 | | |
341 | | - | |
| 341 | + | |
342 | 342 | | |
343 | 343 | | |
344 | 344 | | |
| |||
349 | 349 | | |
350 | 350 | | |
351 | 351 | | |
352 | | - | |
| 352 | + | |
353 | 353 | | |
354 | 354 | | |
355 | 355 | | |
| |||
0 commit comments