Skip to content

Bump the dependencies group across 1 directory with 29 updates#2374

Open
dependabot[bot] wants to merge 1 commit into
v2.7.xfrom
dependabot/maven/v2.7.x/dependencies-645b876133
Open

Bump the dependencies group across 1 directory with 29 updates#2374
dependabot[bot] wants to merge 1 commit into
v2.7.xfrom
dependabot/maven/v2.7.x/dependencies-645b876133

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 28 updates in the / directory:

Package From To
ch.qos.logback:logback-classic 1.5.32 1.5.34
com.fasterxml.jackson.core:jackson-annotations 2.21 2.22
com.fasterxml.jackson.core:jackson-core 2.21.1 2.22.0
com.fasterxml.jackson.dataformat:jackson-dataformat-xml 2.21.1 2.22.0
com.github.dasniko:testcontainers-keycloak 4.1.1 4.2.1
com.google.guava:guava 33.5.0-jre 33.6.0-jre
commons-io:commons-io 2.21.0 2.22.0
de.fraunhofer.iosb.ilt:Configurable 0.37 0.38
io.prometheus:prometheus-metrics-bom 1.5.0 1.7.0
org.eclipse.jetty.ee10:jetty-ee10-servlet 12.1.7 12.1.10
org.jooq:jooq 3.20.11 3.21.5
org.jooq:jooq-codegen 3.20.11 3.21.5
org.jooq:jooq-meta 3.20.11 3.21.5
org.junit:junit-bom 6.0.3 6.1.0
org.junit.platform:junit-platform-suite 6.0.3 6.1.0
org.mariadb.jdbc:mariadb-java-client 3.5.7 3.5.8
org.postgresql:postgresql 42.7.10 42.7.11
org.slf4j:jul-to-slf4j 2.0.17 2.0.18
org.slf4j:slf4j-api 2.0.17 2.0.18
org.testcontainers:testcontainers-bom 2.0.3 2.0.5
io.github.git-commit-id:git-commit-id-maven-plugin 9.0.2 10.0.0
org.apache.maven.plugins:maven-dependency-plugin 3.10.0 3.11.0
com.diffplug.spotless:spotless-maven-plugin 3.3.0 3.6.0
org.owasp:dependency-check-maven 12.2.0 12.2.2
org.apache.maven.plugins:maven-surefire-plugin 3.5.5 3.5.6
org.jacoco:jacoco-maven-plugin 0.8.14 0.8.15
de.fraunhofer.iosb.io.moquette:moquette-broker 0.18.3 0.18.4
de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus 0.18.3 0.18.4

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e62272a prepare release 1.5.34
  • 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
  • 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
  • 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
  • f7a0654 prevent resolveProxyClass bypass
  • 249b81f docs are no longer distributed
  • 1c3b26a start work on 1.5.34-SNAPSHOT
  • 124e8b4 prepare release 1.5.33
  • d8fd6f2 escapeTags in message field when printing status messages
  • 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.21 to 2.22

Commits

Updates com.fasterxml.jackson.core:jackson-core from 2.21.1 to 2.22.0

Commits
  • d763562 [maven-release-plugin] prepare release jackson-core-2.22.0
  • e5c69fe Re-do 2.22.0 release
  • 0ba6a36 Bump version after release
  • b106011 [maven-release-plugin] prepare for next development iteration
  • 18a7fe4 [maven-release-plugin] prepare release jackson-core-2.22.0
  • 503a14f Re-do 2.22.0 release
  • ab95bc0 ...
  • 0a4b8de Post-release dep version bump
  • 719a42f [maven-release-plugin] prepare for next development iteration
  • 9248848 [maven-release-plugin] prepare release jackson-core-2.22.0
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.1 to 2.22.0

Commits
  • 4c702ae [maven-release-plugin] prepare release jackson-dataformat-xml-2.22.0
  • e6a9a50 Prep for 2.22.0 release
  • 80735f2 Merge branch '2.21' into 2.x
  • 5e5f3fa Post-release dep version bump
  • 4c482a6 [maven-release-plugin] prepare for next development iteration
  • e29dfd9 [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.4
  • 5d81f46 Prep for 2.21.4 release
  • 5db34fe Merge branch '2.20' into 2.21
  • a12b8df Merge branch '2.19' into 2.20
  • 7ae7fdb Merge branch '2.18' into 2.19
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.1 to 2.22.0

Commits

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.1 to 2.22.0

Commits
  • 4c702ae [maven-release-plugin] prepare release jackson-dataformat-xml-2.22.0
  • e6a9a50 Prep for 2.22.0 release
  • 80735f2 Merge branch '2.21' into 2.x
  • 5e5f3fa Post-release dep version bump
  • 4c482a6 [maven-release-plugin] prepare for next development iteration
  • e29dfd9 [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.4
  • 5d81f46 Prep for 2.21.4 release
  • 5db34fe Merge branch '2.20' into 2.21
  • a12b8df Merge branch '2.19' into 2.20
  • 7ae7fdb Merge branch '2.18' into 2.19
  • Additional commits viewable in compare view

Updates com.github.dasniko:testcontainers-keycloak from 4.1.1 to 4.2.1

Release notes

Sourced from com.github.dasniko:testcontainers-keycloak's releases.

v4.2.1

What's Changed

  • update Keycloak admin client to version 26.0.9

Full Changelog: dasniko/testcontainers-keycloak@v4.2.0...v4.2.1

v4.2.0

Noteable Changes

I've deprecated the default no-args constructor, as the behavior will most likely change in future (starting with KC v27). So, it's recommended that you always specify explicitly the image which you are running your tests against!

Additionally, I've also deprecated for removal some more-or-less internal methods (withNightly and getKeycloakDefaultVersion), they were never officially documented. Most likely they will be removed in the future.

What's Changed

Full Changelog: dasniko/testcontainers-keycloak@v4.1.1...v4.2.0

Commits
  • 7dbffab update Keycloak admin client to version 26.0.9
  • bdf18fd don't publish generated release notes automatically
  • f0d6de5 prepare for 4.2 release by updating keycloak dependencies and version
  • c3b1893 chore: bump testcontainers.version to 2.0.4
  • f1b3241 improve Maven deploy configuration
  • 2f0ca0c chore: bump crazy-max/ghaction-import-gpg from 6 to 7 (#290)
  • b9f52dd add pull request template
  • ce04109 add CONTRIBUTING.md
  • a687df5 add customizable image pull policy with 24h default refresh (#289)
  • be3b434 improve README SEO: richer intro and clearer feature flags heading
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)
Commits

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates de.fraunhofer.iosb.ilt:Configurable from 0.37 to 0.38

Changelog

Sourced from de.fraunhofer.iosb.ilt:Configurable's changelog.

Version 0.38

Updates

  • [FX] Hide options dropdown in map (class) editor when its empty.
  • Updated dependencies.
Commits
  • fd42353 Release v0.38
  • 1f4410d [FX] Hide options dropdown in map (class) editor when its empty
  • 5edf948 Bump the dependencies group across 1 directory with 7 updates (#178)
  • e54d5f6 Bump the dependencies group across 1 directory with 2 updates (#173)
  • 0b1d067 Bump the dependencies group with 2 updates (#165)
  • 5e3654a Bump the dependencies group across 1 directory with 7 updates (#170)
  • 26df65e Bump the dependencies group across 1 directory with 2 updates (#164)
  • 5d7485b Bumped dependencies
  • af77ab1 Prepare for next development iteration
  • See full diff in compare view

Updates io.prometheus:prometheus-metrics-bom from 1.5.0 to 1.7.0

Release notes

Sourced from io.prometheus:prometheus-metrics-bom's releases.

v1.7.0

1.7.0 (2026-06-03)

Features

  • Add StableApi marker and API diff check (#2168) (768fd3a)
  • add typed metric family descriptors (#2114) (9c3b097)
  • track api-diff baseline via Renovate and store diffs in docs/apidiffs (#2174) (3adb890)

Bug Fixes

  • deps: update dependency com.github.ben-manes.caffeine:caffeine to v3.2.4 (#2088) (144eb61)
  • deps: update dependency io.dropwizard.metrics:metrics-core to v4.2.39 (#2139) (5817d13)
  • deps: update dependency io.dropwizard.metrics5:metrics-core to v5.0.7 (#2140) (261c451)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.0-alpha (#2126) (b62b5d0)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.0-alpha (#2127) (e11ce3d)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.1-alpha (#2132) (b09be38)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.1-alpha (#2133) (a241c16)
  • deps: update dependency org.apache.tomcat.embed:tomcat-embed-core to v11.0.22 (#2099) (22125c5)
  • deps: update jetty monorepo to v12.1.10 (#2169) (ddd3991)
  • deps: update jetty monorepo to v12.1.9 (#2102) (04bee70)
  • deps: update protobuf (#2129) (320538a)
  • Reduce allocations for classic histogram buckets (#2081) (edd160a)
  • restore legacy suffix compatibility (#2100) (b2ae70f)
  • restore reserved suffix stripping in PrometheusNaming.sanitizeMetricName() (#2124) (2d0f508)

Performance Improvements

  • Refactored sorting to use optimized sort algorithms (#2161) (25b94fc)

Documentation

v1.6.1

1.6.1 (2026-04-27)

[!WARNING] Wait for next bug fix release to fix prometheus/client_java#2100

Note: With the OM2 metric-name preservation fix in this release, OpenMetrics 2.0 can now be tested. It is still in progress and not ready for general use yet.

Bug Fixes

... (truncated)

Changelog

Sourced from io.prometheus:prometheus-metrics-bom's changelog.

1.7.0 (2026-06-03)

Features

  • Add StableApi marker and API diff check (#2168) (768fd3a)
  • add typed metric family descriptors (#2114) (9c3b097)
  • track api-diff baseline via Renovate and store diffs in docs/apidiffs (#2174) (3adb890)

Bug Fixes

  • deps: update dependency com.github.ben-manes.caffeine:caffeine to v3.2.4 (#2088) (144eb61)
  • deps: update dependency io.dropwizard.metrics:metrics-core to v4.2.39 (#2139) (5817d13)
  • deps: update dependency io.dropwizard.metrics5:metrics-core to v5.0.7 (#2140) (261c451)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.0-alpha (#2126) (b62b5d0)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.0-alpha (#2127) (e11ce3d)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.1-alpha (#2132) (b09be38)
  • deps: update dependency io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha to v2.28.1-alpha (#2133) (a241c16)
  • deps: update dependency org.apache.tomcat.embed:tomcat-embed-core to v11.0.22 (#2099) (22125c5)
  • deps: update jetty monorepo to v12.1.10 (#2169) (ddd3991)
  • deps: update jetty monorepo to v12.1.9 (#2102) (04bee70)
  • deps: update protobuf (#2129) (320538a)
  • Reduce allocations for classic histogram buckets (#2081) (edd160a)
  • restore legacy suffix compatibility (#2100) (b2ae70f)
  • restore reserved suffix stripping in PrometheusNaming.sanitizeMetricName() (#2124) (2d0f508)

Performance Improvements

  • Refactored sorting to use optimized sort algorithms (#2161) (25b94fc)

Documentation

1.6.1 (2026-04-27)

Note: With the OM2 metric-name preservation fix in this release, OpenMetrics 2.0 can now be tested. It is still in progress and not ready for general use yet.

Bug Fixes

  • Preserve original metric names in OM2 output (#2058) (59a7a6d)

Documentation

... (truncated)

Commits
  • 574fb73 chore(main): release 1.7.0 (#2092)
  • 4f4e8a7 test: validate Micrometer typed-descriptor compatibility (#2123)
  • 82d3c46 test: run JMX Exporter quick test configuration (#2178)
  • ab37635 chore(deps): update actions/checkout action to v6.0.3 (#2175)
  • 9a5d1d5 chore(deps): update grafana monorepo to v13.0.2 (#2176)
  • 3adb890 feat: track api-diff baseline via Renovate and store diffs in docs/apidiffs (...
  • ddd3991 fix(deps): update jetty monorepo to v12.1.10 (#2169)
  • 5b1b6bd chore(deps): update dependency grafana/docker-otel-lgtm to v0.28.0 (#2172)
  • 6f20381 chore(deps): update github/codeql-action action to v4.36.1 (#2171)
  • 62ce9dc test: validate JMX Exporter compatibility (#2167)
  • Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.7 to 12.1.10

Updates org.jooq:jooq from 3.20.11 to 3.21.5

Updates org.jooq:jooq-codegen from 3.20.11 to 3.21.5

Updates org.jooq:jooq-meta from 3.20.11 to 3.21.5

Updates org.jooq:jooq-codegen from 3.20.11 to 3.21.5

Updates org.jooq:jooq-meta from 3.20.11 to 3.21.5

Updates org.junit:junit-bom from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

Updates org.junit.platform:junit-platform-suite from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit.platform:junit-platform-suite's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.7 to 3.5.8

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.8

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

  • CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
  • CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

  • CONJ-1298 - Performance improvement: avoid decoding extended format
Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

  • CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
  • CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

  • CONJ-1298 - Performance improvement: avoid decoding extended format
Commits
  • 26b34a2 Merge branch 'develop'
  • 06d6efe bump CI actions/checkout@v5
  • a86a83c bump 3.5.8
  • 975f991 [misc] refactor TimestampCodec to implement Codec directly and extract shared...
  • 75bb509 [misc] code formatting cleanup
  • 4c0b6a0 [misc] refactor TimestampCodec to extend UtilDateCodec and extract common dat...
  • a5b7fb1 [misc] convert Reader and Writer from interfaces to final class implementatio...
  • d31eb06 [misc] convert ReadableByteBuf from interface to final class implementation, ...

@dependabot
Bump the dependencies group across 1 directory with 29 updates
0c9effa 
Bumps the dependencies group with 28 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` |
| [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.21` | `2.22` |
| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.21.1` | `2.22.0` |
| [com.fasterxml.jackson.dataformat:jackson-dataformat-xml](https://github.com/FasterXML/jackson-dataformat-xml) | `2.21.1` | `2.22.0` |
| [com.github.dasniko:testcontainers-keycloak](https://github.com/dasniko/testcontainers-keycloak) | `4.1.1` | `4.2.1` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.5.0-jre` | `33.6.0-jre` |
| commons-io:commons-io | `2.21.0` | `2.22.0` |
| [de.fraunhofer.iosb.ilt:Configurable](https://github.com/FraunhoferIOSB/Configurable) | `0.37` | `0.38` |
| [io.prometheus:prometheus-metrics-bom](https://github.com/prometheus/client_java) | `1.5.0` | `1.7.0` |
| org.eclipse.jetty.ee10:jetty-ee10-servlet | `12.1.7` | `12.1.10` |
| org.jooq:jooq | `3.20.11` | `3.21.5` |
| org.jooq:jooq-codegen | `3.20.11` | `3.21.5` |
| org.jooq:jooq-meta | `3.20.11` | `3.21.5` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.junit.platform:junit-platform-suite](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.mariadb.jdbc:mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j) | `3.5.7` | `3.5.8` |
| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.10` | `42.7.11` |
| org.slf4j:jul-to-slf4j | `2.0.17` | `2.0.18` |
| org.slf4j:slf4j-api | `2.0.17` | `2.0.18` |
| [org.testcontainers:testcontainers-bom](https://github.com/testcontainers/testcontainers-java) | `2.0.3` | `2.0.5` |
| [io.github.git-commit-id:git-commit-id-maven-plugin](https://github.com/git-commit-id/git-commit-id-maven-plugin) | `9.0.2` | `10.0.0` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.10.0` | `3.11.0` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `3.3.0` | `3.6.0` |
| [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.2.0` | `12.2.2` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.14` | `0.8.15` |
| [de.fraunhofer.iosb.io.moquette:moquette-broker](https://github.com/FraunhoferIOSB/moquette) | `0.18.3` | `0.18.4` |
| de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus | `0.18.3` | `0.18.4` |



Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.34)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.21 to 2.22
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.21.1 to 2.22.0
- [Commits](FasterXML/jackson-core@jackson-core-2.21.1...jackson-core-2.22.0)

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-xml` from 2.21.1 to 2.22.0
- [Commits](FasterXML/jackson-dataformat-xml@jackson-dataformat-xml-2.21.1...jackson-dataformat-xml-2.22.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.1 to 2.22.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-xml` from 2.21.1 to 2.22.0
- [Commits](FasterXML/jackson-dataformat-xml@jackson-dataformat-xml-2.21.1...jackson-dataformat-xml-2.22.0)

Updates `com.github.dasniko:testcontainers-keycloak` from 4.1.1 to 4.2.1
- [Release notes](https://github.com/dasniko/testcontainers-keycloak/releases)
- [Commits](dasniko/testcontainers-keycloak@v4.1.1...v4.2.1)

Updates `com.google.guava:guava` from 33.5.0-jre to 33.6.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `commons-io:commons-io` from 2.21.0 to 2.22.0

Updates `de.fraunhofer.iosb.ilt:Configurable` from 0.37 to 0.38
- [Changelog](https://github.com/FraunhoferIOSB/Configurable/blob/master/CHANGELOG.md)
- [Commits](FraunhoferIOSB/Configurable@v0.37...v0.38)

Updates `io.prometheus:prometheus-metrics-bom` from 1.5.0 to 1.7.0
- [Release notes](https://github.com/prometheus/client_java/releases)
- [Changelog](https://github.com/prometheus/client_java/blob/main/CHANGELOG.md)
- [Commits](prometheus/client_java@v1.5.0...v1.7.0)

Updates `org.eclipse.jetty.ee10:jetty-ee10-servlet` from 12.1.7 to 12.1.10

Updates `org.jooq:jooq` from 3.20.11 to 3.21.5

Updates `org.jooq:jooq-codegen` from 3.20.11 to 3.21.5

Updates `org.jooq:jooq-meta` from 3.20.11 to 3.21.5

Updates `org.jooq:jooq-codegen` from 3.20.11 to 3.21.5

Updates `org.jooq:jooq-meta` from 3.20.11 to 3.21.5

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.junit.platform:junit-platform-suite` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.mariadb.jdbc:mariadb-java-client` from 3.5.7 to 3.5.8
- [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases)
- [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/main/CHANGELOG.md)
- [Commits](mariadb-corporation/mariadb-connector-j@3.5.7...3.5.8)

Updates `org.postgresql:postgresql` from 42.7.10 to 42.7.11
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.10...REL42.7.11)

Updates `org.slf4j:jul-to-slf4j` from 2.0.17 to 2.0.18

Updates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18

Updates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18

Updates `org.testcontainers:testcontainers-bom` from 2.0.3 to 2.0.5
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](testcontainers/testcontainers-java@2.0.3...2.0.5)

Updates `io.github.git-commit-id:git-commit-id-maven-plugin` from 9.0.2 to 10.0.0
- [Release notes](https://github.com/git-commit-id/git-commit-id-maven-plugin/releases)
- [Commits](git-commit-id/git-commit-id-maven-plugin@v9.0.2...v10.0.0)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.10.0 to 3.11.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.10.0...maven-dependency-plugin-3.11.0)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.3.0 to 3.6.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@lib/3.3.0...maven/3.6.0)

Updates `org.owasp:dependency-check-maven` from 12.2.0 to 12.2.2
- [Release notes](https://github.com/dependency-check/DependencyCheck/releases)
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.2.0...v12.2.2)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.14 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.14...v0.8.15)

Updates `de.fraunhofer.iosb.io.moquette:moquette-broker` from 0.18.3 to 0.18.4
- [Changelog](https://github.com/FraunhoferIOSB/moquette/blob/v0.18.x/ChangeLog.txt)
- [Commits](FraunhoferIOSB/moquette@v0.18.3...v0.18.4)

Updates `de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus` from 0.18.3 to 0.18.4

Updates `de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus` from 0.18.3 to 0.18.4

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-version: '2.22'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.github.dasniko:testcontainers-keycloak
  dependency-version: 4.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.google.guava:guava
  dependency-version: 33.6.0-jre
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: commons-io:commons-io
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.ilt:Configurable
  dependency-version: '0.38'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: io.prometheus:prometheus-metrics-bom
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.eclipse.jetty.ee10:jetty-ee10-servlet
  dependency-version: 12.1.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.jooq:jooq
  dependency-version: 3.21.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jooq:jooq-codegen
  dependency-version: 3.21.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jooq:jooq-meta
  dependency-version: 3.21.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jooq:jooq-codegen
  dependency-version: 3.21.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jooq:jooq-meta
  dependency-version: 3.21.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.junit.platform:junit-platform-suite
  dependency-version: 6.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.mariadb.jdbc:mariadb-java-client
  dependency-version: 3.5.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.slf4j:jul-to-slf4j
  dependency-version: 2.0.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.slf4j:slf4j-api
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.slf4j:slf4j-api
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.testcontainers:testcontainers-bom
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.github.git-commit-id:git-commit-id-maven-plugin
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.io.moquette:moquette-broker
  dependency-version: 0.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus
  dependency-version: 0.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.io.moquette:moquette-metrics-prometheus
  dependency-version: 0.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants