Update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
gradle (source)		minor	8.4 -> 8.5
mariadb	service	minor	11.1 -> 11.2
mariadb		minor	11.1 -> 11.2
org.postgresql:postgresql (source)	devDependencies	patch	42.7.0 -> 42.7.1
org.mariadb.jdbc:mariadb-java-client (source)	devDependencies	patch	3.3.0 -> 3.3.1
org.apache.groovy:groovy-json (source)	devDependencies	patch	4.0.15 -> 4.0.16
org.apache.groovy:groovy-xml (source)	devDependencies	patch	4.0.14 -> 4.0.16
io.rest-assured:xml-path (source)	devDependencies	minor	5.3.2 -> 5.4.0
io.rest-assured:json-path (source)	devDependencies	minor	5.3.2 -> 5.4.0
io.rest-assured:rest-assured (source)	devDependencies	minor	5.3.2 -> 5.4.0
org.apache.poi:poi-ooxml	devDependencies	patch	5.2.4 -> 5.2.5
org.apache.poi:poi	devDependencies	patch	5.2.4 -> 5.2.5
org.owasp.esapi:esapi (source)	devDependencies	patch	2.5.2.0 -> 2.5.3.1
org.liquibase:liquibase-core (source)	devDependencies	minor	4.23.0 -> 4.25.0
jakarta.xml.bind:jakarta.xml.bind-api	devDependencies	patch	4.0.0 -> 4.0.1
org.apache.activemq:activemq-client (source)	devDependencies	patch	6.0.0 -> 6.0.1
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	devDependencies	minor	2.2.0 -> 2.3.0
org.eclipse.jgit:org.eclipse.jgit.ssh.apache	devDependencies	minor	6.7.0.202309050840-r -> 6.8.0.202311291450-r
org.eclipse.jgit:org.eclipse.jgit	devDependencies	minor	6.7.0.202309050840-r -> 6.8.0.202311291450-r
com.github.spotbugs:spotbugs-annotations (source)	devDependencies	minor	4.7.3 -> 4.8.2
org.glassfish.jersey.media:jersey-media-multipart (source)	devDependencies	patch	3.1.3 -> 3.1.4
com.github.spotbugs	plugin	minor	5.0.14 -> 5.2.5
software.amazon.awssdk:bom	devDependencies	patch	2.21.28 -> 2.21.42
com.github.librepdf:openpdf	devDependencies	patch	1.3.33 -> 1.3.34
commons-io:commons-io (source)	devDependencies	patch	2.15.0 -> 2.15.1
org.springframework.boot	plugin	minor	3.1.5 -> 3.2.0
com.diffplug.spotless	plugin	minor	6.22.0 -> 6.23.3
org.codehaus.janino:janino (source)	devDependencies	patch	3.1.10 -> 3.1.11
ch.qos.logback:logback-classic (source)	devDependencies	patch	1.4.11 -> 1.4.14
ch.qos.logback:logback-core (source)	devDependencies	patch	1.4.11 -> 1.4.14
org.mockito:mockito-bom	devDependencies	minor	5.7.0 -> 5.8.0
io.cucumber:cucumber-bom (source)	devDependencies	patch	7.14.0 -> 7.14.1
org.jetbrains.kotlin:kotlin-bom (source)	devDependencies	patch	1.9.20 -> 1.9.21
io.opentelemetry:opentelemetry-bom	devDependencies	minor	1.32.0 -> 1.33.0
io.awspring.cloud:spring-cloud-aws-dependencies (source)	devDependencies	minor	3.0.3 -> 3.1.0
org.springframework.boot:spring-boot-dependencies (source)	devDependencies	minor	3.1.5 -> 3.2.0
org.springframework:spring-framework-bom	devDependencies	patch	6.1.0 -> 6.1.1
com.gradle.common-custom-user-data-gradle-plugin	plugin	patch	1.12 -> 1.12.1
com.gradle.enterprise	plugin	minor	3.15.1 -> 3.16

---

Release Notes

gradle/gradle (gradle)

v8.5

Compare Source

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.1

Changed

• perf: improve performance of PreparedStatement.setBlob, BlobInputStream, and BlobOutputStream with dynamic buffer sizing PR #​3044

Fixed

• fix: Apply connectTimeout before SSLSocket.startHandshake to avoid infinite wait in case the connection is broken PR #​3040
• fix: support waffle-jna 2.x and 3.x by using reflective approach for ManagedSecBufferDesc PR #​2720 Fixes Issue #​2690.
• fix: NoSuchMethodError on ByteBuffer#position When Running on Java 8 when accessing arrays, fixes Issue #​3014
• Revert "PR #​2925 Use canonical DateStyle name" PR #​3035
  Fixes Issue #​3008
• Revert "PR ##​2973 feat: support SET statements combining with other queries with semicolon in PreparedStatement" PR #​3010
  Fixes Issue #​3007
• fix: avoid timezone conversions when sending LocalDateTime to the database #​2852 Fixes Issue #​1390
  ,Issue #​2850
  Closes [Issue #​1391(https://github.com/pgjdbc/pgjdbc/issues/1391)

mariadb-corporation/mariadb-connector-j (org.mariadb.jdbc:mariadb-java-client)

v3.3.1

Compare Source

Full Changelog

Bugs Fixed

• CONJ-1120 java 8 compatibility error in 3.3.0
• CONJ-1123 missing OSGi javax.crypto dependency
• CONJ-1124 ensure not having OOM when setting huge fetch size
• CONJ-1109 Regression in clearBatch() for parameterized statements
• CONJ-1126 setting fetchSize directly on a ResultSet object does not reflect the expected change
• CONJ-1127 Statement.getResultSetType () failed to change the result set type
• CONJ-1128 Setting Negative Fetch Size on ResultSet Without Throwing Error

liquibase/liquibase (org.liquibase:liquibase-core)

v4.25.0

v4.24.0

Compare Source

v4.23.2

v4.23.1

eclipse-ee4j/jaxb-api (jakarta.xml.bind:jakarta.xml.bind-api)

v4.0.1

Compare Source

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-ui)

v2.3.0

Added

• #​2340 - Add support OIDC with Spring Authorization Server
• #​2345 - Support Schema added in OpenAPI Specification v3.1
• #​2387 - Support get javadoc description from getter method
• #​2404 - Update condition to register links schema customizer
• #​2359 - Update condition to register links schema customizer
• #​2348 - Enhance resource path processing
• #​2438, #​2315 - Support for @​JsonProperty with Javadoc Change in springdoc-openapi

Changed

• Upgrade spring-boot to 3.2.0
• Upgrade swagger-core to 2.2.19
• Upgrade swagger-ui to 5.10.3

Fixed

• #​2366 - Fix the failed test due to hardcoded file separators
• #​2370, #​2371 - No empty description for polymorphic subtypes
• #​2373 - SchemaProperty.array Schema is ignored in /api-docs or api-docs.yaml
• #​2366 - Refactoring AbstractSwaggerResourceResolver.findWebJarResourcePath
• #​2320 - javadoc for class attribute ignored when in EntityModel.
• #​2347 - Not working if a property of entity contains generic parameters.
• #​2399 - SpringdocRouteBuilder.onError is overriding last route defined.
• #​2426 - StackOverflowError when using @​ParameterObject on groovy class.

spotbugs/spotbugs (com.github.spotbugs:spotbugs-annotations)

v4.8.2

Compare Source

Fixed

• Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#​2379)
• Use java.nio to load filter files (#​2684)
• Eclipse: Do not export javax.annotation packages (#​2699)
• Fixed not thread safe FindOverridableMethodCall detector (#​2701)
• Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#​2646)
• Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#​2686)
• Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#​2710)

Added

• New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

• Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#​2722)

v4.8.1

Compare Source

Fixed

• Fixed schema location for findbugsfilter.xsd ([#​1416])
• Fixed missing null checks ([#​2629])
• Disabled DontReusePublicIdentifiers due to the high false positives rate ([#​2627])
• Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#​2634])
• Fix exception escapes when calling functions of JUnit Assert or Assertions ([#​2640])
• Fixed an error in the SARIF export when a bug annotation is missing ([#​2632])
• Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws ([#​2628])
• Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize ([#​2665])
• Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug ([#​2652])
• Eclipse: fixed startup overhead (on computing classpath) for PDE projects ([#​2671])

Build

• Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT ([#​2651])

v4.8.0

Compare Source

Changed

• Bump up Apache Commons BCEL to the version 6.6.1 (#​2223)
• Bump up slf4j-api to 2.0.3 (#​2220)
• Bump up gson to 2.10 (#​2235)
• Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
• Use com.github.stephenc.jcip for jcip-annotations fixing #​887

Fixed

• Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#​219)
• Stop exposing junit-bom to consumers (#​2255)
• Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#​184)
• Added support for jakarta namespace (#​2289)
• Report a low priority bug for an unread field in reflective classes (#​2325)
• Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#​2327)
• Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#​2370)
• Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
• Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #​2470
• Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#​2502)
• Added support for CONSTANT_Dynamic in constant class pool (#​2506)
• Recognise enums and records as immutable (#​2356)
• Added detections of reliance on default encoding in java.nio.file.Files (#​2114)
• Fixed a regression in the Value Number Analysis (#​2465)
• Fix XML Output incorrectly escaped in Eclipse Bug Info view (#​2520)
• Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#​1669)
• Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#​2297)
• Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#​2402)
• Added execute file permission to files in the distribution zip (#​2540)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#​872)
• Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#​560)
• Detect created, but not-thrown exceptions, which are created by not the constructor (#​2547)
• Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#​2579)

Added

• New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called classAnnotationNames). For example, use like in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation.
• Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. (#​2410).
• New detector FindAssertionsWithSideEffects detecting bug ASSERTION_WITH_SIDE_EFFECT and ASSERTION_WITH_SIDE_EFFECT_METHOD in case of assertions which may have side effects (See EXP06-J. Expressions used in assertions must not produce side effects)
• New rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule OBJ01-J Limit accessibility of fields. (#OBJ01-J)
• Extend SerializableIdiom detector with new bug type: SE_PREVENT_EXT_OBJ_OVERWRITE. It's reported in case of the readExternal() method allows any caller to reset any value of an object
• New Detector FindVulnerableSecurityCheckMethods for new bug type VSC_VULNERABLE_SECURITY_CHECK_METHODS. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the java.lang.SecurityManager. (See [SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final))
• New function added to detector SynchronizationOnSharedBuiltinConstantto detect DL_SYNCHRONIZATION_ON_INTERNED_STRING (#​2266)
• Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable (#​2066)
• New detector FindArgumentAssertions detecting bug ASSERTION_OF_ARGUMENTS in case of validation of arguments of public functions using assertions (See MET01-J. Never use assertions to validate method arguments)
• Add new detector CT_CONSTRUCTOR_THROW for detecting constructors that throw exceptions.
• New detector DontReusePublicIdentifiers for new bug type PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the Java Standard Library . (See SEI CERT rule DCL01-J)

Security

• Disable access to external entities when processing XML (#​2217)

Build

• Bump Eclipse from 4.6.3 to 4.14 (#​2314)
• Use jakarta annotation 1.3.5 instead of legacy javax annotation 1.3.2 (#​2315)
• Change hamcrest-all to hamcrest-core as that is what was actually used and then update to 2.2 (#​2316)
• Only run release action on 'spotbugs' and use Eclipse 4.14 (#​2317)
• Prefer log4j2 2.20.0 (#​2480)
• Prefer logback 1.4.8 (#​2480)
• Prefer logback 1.4.11 (#​2580)
• Switch junit 4 for junit 5 vintage engine (#​2483)
• LineEndings and Spotless (#​2343)
  • Cleanup gitattributes switching text to auto. For developers using windows, run 'git add . --renormalize' and see https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings if needed.
  • Rework spotless setup from plugin to build file plugin matching that of gradle plugin and thus allowing spotless to be updated to 6.22.0
  • Remove customized line endings for spotless so it uses git attributes as suggested by spotless
  • Add trimTrailingWhitespace for spotless
  • Fix deprecated usage of eclipse version from 4.13.0 to 4.13 per spotless requirements
• Bump spotbugs gradle plugin to 6.0.0-beta.3 demonstrating breaking changes for 6.0.0 in gradle/java.gradle build file (#​2582)
• Delete checked in j2ee jar and instead use servlet/ejb apis from jakarta (javax standard) (#​2585)
• Bump Eclipse from 4.14 to 4.29 (latest) (#​2589)
• Cleanup hamcrest imports / used library (#​2600)
• Migrate entirely to junit 5 (#​2605)
  • Some parts of codebase were junit 3
  • Delete the SpotbugsRule
  • Replace custom java determination on build with Junit 5 usage
  • Various 'public' methods in tests fixed to 'private'
  • Junit 5 styling applied throughout
  • Add missing code to the SpotBugsRunner and now use the Extension as replacement of SpotbugsRule

eclipse-ee4j/jersey (org.glassfish.jersey.media:jersey-media-multipart)

v3.1.4

Compare Source

[Pull 5293] - HTTP/2 for JNH connector

[Pull 5372] - Jetty 12 multirelease

[Pull 5396] - Support a single EntityPart as an entity

[Pull 5398] - Created an example with Jakarta REST 3.1 SeBootstrap & Multipart

[Pull 5399] - Enable @​FormParam EntityPart injection to fields

[Pull 5407] - Describe Java SE compatibility and Jetty modules compatibility

[Pull 5462] - HTTP/2 Jetty 11 support removed (to be re-worked for Jetty 12)

[Pull 5464] - Examples cleanup

[Pull 5466] - Drop 11 for Jetty11 classnames

LibrePDF/OpenPDF (com.github.librepdf:openpdf)

v1.3.34: OpenPDF 1.3.34

Compare Source

OpenPDF 1.3.34

• Disable External Entities in XmlParser #​999 by @​andreasrosdal in https://github.com/LibrePDF/OpenPDF/pull/1000
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 by @​dependabot in https://github.com/LibrePDF/OpenPDF/pull/997
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.2 to 3.6.3 by @​dependabot in https://github.com/LibrePDF/OpenPDF/pull/998
• Bump com.puppycrawl.tools:checkstyle from 10.12.5 to 10.12.6 by @​dependabot in https://github.com/LibrePDF/OpenPDF/pull/1002
• Fixed several form flattening issues by @​Lonzak in https://github.com/LibrePDF/OpenPDF/pull/992
• Fixed issues discussed in #​992 by @​Lonzak in https://github.com/LibrePDF/OpenPDF/pull/1003

janino-compiler/janino (org.codehaus.janino:janino)

v3.1.11

Compare Source

mockito/mockito (org.mockito:mockito-bom)

v5.8.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.8.0

• 2023-12-01 - 15 commit(s) by Andreas Turban, Mikaël Francoeur, dependabot[bot], jfrantzius
• #​3000: fix ArrayIndexOutOfBoundsException (#​3190)
• Bump com.diffplug.spotless from 6.23.1 to 6.23.2 (#​3188)
• Bump com.diffplug.spotless from 6.23.0 to 6.23.1 (#​3186)
• Bump actions/setup-java from 3 to 4 (#​3185)
• Apply spotless to all java projects (#​3184)
• Bump com.diffplug.spotless from 6.22.0 to 6.23.0 (#​3182)
• Fixes #​3179 : Add module for Java 21 tests. (#​3180)
• Need separate module for java 21 tests (#​3179)
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.20 to 1.9.21 (#​3176)
• Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.20 to 1.9.21 (#​3175)
• Bump versions.bytebuddy from 1.14.9 to 1.14.10 (#​3174)
• Fixes #​3160 : Fix interference between spies when spying on records. (#​3173)
• Bump com.github.ben-manes.versions from 0.49.0 to 0.50.0 (#​3172)
• Bump versions.junitJupiter from 5.10.0 to 5.10.1 (#​3169)
• Bump org.junit.platform:junit-platform-launcher from 1.10.0 to 1.10.1 (#​3168)
• Deep Stubs Incompatible With Mocking Enum (#​3167)
• Annotation-based spying on a generic class breaks existing final/inline Spies [(#​3160)](https://togithub.com/mockit

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[vidakovic]

Taken care of in FINERACT-2009