chore(deps): bump io.smallrye.config:smallrye-config from 3.4.4 to 3.10.2 in /jans-keycloak-integration

[dependabot]

Bumps io.smallrye.config:smallrye-config from 3.4.4 to 3.10.2.

Release notes

Sourced from io.smallrye.config:smallrye-config's releases.

3.10.2

• #1259 Release 3.10.2
• #1258 Release 3.10.2
• #1257 Revert "Remove the generation of a comma separated value name for Collections in the YamlConfigSource (#1203)"
• #1255 Use module-friendly bundle methods
• #1253 Use module-friendly logger methods

3.10.1

• #1252 Release 3.10.1
• #1251 Validate mapping annotation only in SmallRyeConfigBuilder
• #1250 Reduce allocations when generating default names
• #1248 fix #1246: honor ConfigProperties.UNCONFIGURED_PREFIX again
• #1247 Remove ConfigValuePropertiesConfigSource from docs
• #1245 Bump io.smallrye.common:smallrye-common-bom from 2.7.0 to 2.8.0

3.10.0

• #1244 Release 3.10.0
• #1243 Release 3.10.0
• #1242 Bump version.curator from 5.7.0 to 5.7.1
• #1240 Bump kotlin.version from 2.0.20 to 2.0.21
• #1239 Add @​ConfigMapping beanStyleGetter to enable / disable bean style getter names matching with configuration names
• #1237 Bump org.ow2.asm:asm from 9.7 to 9.7.1
• #1236 Rename ConfigClassWithPrefix to ConfigClass and use it in SmallRyeConfigBuilder
• #1235 Bump version.smallrye.testing from 2.3.0 to 2.3.1
• #1234 Bump io.smallrye.common:smallrye-common-bom from 2.4.0 to 2.7.0
• #1233 Split release into two workflows
• #1231 Slight optimization when looking up System properties
• #1229 Bump io.fabric8:docker-maven-plugin from 0.45.0 to 0.45.1
• #1226 Move local classes to inner to reduce the number of classes in the main package
• #1224 Remove constructor arguments from examples
• #1223 Fix docs of interceptor service registration
• #1222 Bump io.smallrye:smallrye-parent from 45 to 46
• #1220 Support a fixed list of Map keys statically @​WithKeys
• #1218 Bump org.yaml:snakeyaml from 2.2 to 2.3
• #1217 Cache profile prefixes
• #1216 Avoid expensive exception and log when getValues fails lookup for indexed properties and fallbacks to comma
• #1215 Check if profile file resources are in the location ClassLoader
• #1214 Internal cleanup of AbstractLocationConfigSourceLoader
• #1213 Reduce allocations of iterateNames
• #1212 Improve mappings documentation
• #1211 Avoid using string concatenation to forge impl name
• #1210 Bump kotlin.version from 2.0.0 to 2.0.20
• #1209 ConfigValue name consistent with PropertiesConfigSource
• #1204 Search for indexed property names before flattened comma separated value name when loading Collections for CDI injection
• #1203 Remove the generation of a comma separated value name for Collections in the YamlConfigSource
• #1202 Search for indexed property names before flattened comma separated value name when loading Collections
• #1201 Drop support for full YAML content in parent property names
• #1200 Bump io.fabric8:docker-maven-plugin from 0.44.0 to 0.45.0
• #1198 Update sample ordinal in custom.md
• #1195 Bump zipp from 3.15.0 to 3.19.1 in /documentation

... (truncated)

Commits

• a5d4dd9 [maven-release-plugin] prepare release 3.10.2
• 50f2ecb Release 3.10.2 (#1259)
• b350b16 Ensure coverage module is updated on release
• e95749c Remove DumperOptions
• 1841dbe Revert "Remove the generation of a comma separated value name for Collections...
• 871478a Add coverage module to release to the version is also updated.
• ff3c4d3 Use module-friendly bundle methods (#1255)
• 029c88e Use module-friendly logger methods (#1253)
• a13acb4 Update coverage version
• 4d2670a [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The code change updates the smallrye-config dependency version from 3.4.4 to 3.10.2 in the jans-keycloak-integration/pom.xml file, which is generally a good practice for addressing potential security vulnerabilities and bugs while requiring thorough testing to ensure no unintended consequences.

Expand for full summary

Summary:

This code change updates the version of the smallrye-config dependency from 3.4.4 to 3.10.2 in the jans-keycloak-integration/pom.xml file. The smallrye-config library is a configuration management library for Java applications, commonly used in microservices and cloud-native applications.

From an application security perspective, this change is not particularly concerning. Updating dependencies to their latest versions is generally a good practice, as it can help address security vulnerabilities and bugs. However, it's important to thoroughly test the application after making such changes to ensure that the update does not introduce any regressions or unintended behavior. Additionally, it's crucial to monitor the security advisories and release notes for the smallrye-config library to stay informed about any potential security issues that may arise, as it is a third-party dependency.

Files Changed:

• jans-keycloak-integration/pom.xml: This file has been updated to change the version of the smallrye-config dependency from 3.4.4 to 3.10.2.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.