fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
lint-staged	15.2.10 -> 15.3.0
prettier (source)	3.3.3 -> 3.4.2
io.quarkus:quarkus-bom	3.16.2 -> 3.17.5
io.quarkus:quarkus-maven-plugin	3.16.2 -> 3.17.5

---

Release Notes

lint-staged/lint-staged (lint-staged)

v15.3.0

Compare Source

Minor Changes

• #​1495 e69da9e Thanks @​iiroj! - Added more info to the debug logs so that "environment" info doesn't need to be added separately to GitHub issues.

• #​1493 fa0fe98 Thanks @​iiroj! - Added more help messages around the automatic git stash that lint-staged creates as a backup (by default). The console output also displays the short git hash of the stash so that it's easier to recover lost files in case some fatal errors are encountered, or the process is killed before completing.

  For example:

  % npx lint-staged
  ✔ Backed up original state in git stash (20addf8)
  ✔ Running tasks for staged files...
  ✔ Applying modifications from tasks...
  ✔ Cleaning up temporary files...
  

  where the backup can be seen with git show 20addf8, or git stash list:

  % git stash list
  stash@{0}: lint-staged automatic backup (20addf8)
  

v15.2.11

Compare Source

Patch Changes

• #​1484 bcfe309 Thanks @​wormsik! - Escape paths containing spaces when using the "shell" option.

• #​1487 7dd8caa Thanks @​iiroj! - Do not treat submodule root paths as "staged files". This caused lint-staged to fail to a Git error when only updating the revision of a submodule.

prettier/prettier (prettier)

v3.4.2

Compare Source

diff

Treat U+30A0 & U+30FB in Katakana Block as CJK (#​16796 by @​tats-u)

Prettier doesn't treat U+30A0 & U+30FB as Japanese. U+30FB is commonly used in Japanese to represent the delimitation of first and last names of non-Japanese people or “and”. The following “C言語・C++・Go・Rust” means “C language & C++ & Go & Rust” in Japanese.

<!-- Input (--prose-wrap=never) -->

C言
語
・
C++
・
Go
・
Rust

<!-- Prettier 3.4.1 -->
C言語・ C++ ・ Go ・ Rust

<!-- Prettier 3.4.2 -->
C言語・C++・Go・Rust

U+30A0 can be used as the replacement of the - in non-Japanese names (e.g. “Saint-Saëns” (Charles Camille Saint-Saëns) can be represented as “サン゠サーンス” in Japanese), but substituted by ASCII hyphen (U+002D) or U+FF1D (full width hyphen) in many cases (e.g. “サン=サーンス” or “サン＝サーンス”).

Fix comments print on class methods with decorators (#​16891 by @​fisker)

// Input
class A {
  @​decorator
  /** 
   * The method description
   *
  */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.1
class A {
  @​decorator
  async /**
   * The method description
   *
   */
  method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

// Prettier 3.4.2
class A {
  @​decorator
  /**
   * The method description
   *
   */
  async method(foo: Foo, bar: Bar) {
    console.log(foo);
  }
}

Fix non-idempotent formatting (#​16899 by @​seiyab)

This bug fix is not language-specific. You may see similar change in any languages. This fixes regression in 3.4.0 so change caused by it should yield same formatting as 3.3.3.

// Input
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.1 (first)
<div>
  foo
  <span>
    longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo
  </span>, abc
</div>;

// Prettier 3.4.1 (second)
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

// Prettier 3.4.2
<div>
  foo
  <span>longlonglonglonglonglonglonglonglonglonglonglonglonglonglongl foo</span>
  , abc
</div>;

v3.4.1

Compare Source

diff

Remove unnecessary parentheses around assignment in v-on (#​16887 by @​fisker)

<!-- Input -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

<!-- Prettier 3.4.0 -->
<template>
  <button @&#8203;click="(foo += 2)">Click</button>
</template>

<!-- Prettier 3.4.1 -->
<template>
  <button @&#8203;click="foo += 2">Click</button>
</template>

v3.4.0

Compare Source

diff

🔗 Release Notes

quarkusio/quarkus (io.quarkus:quarkus-bom)

v3.17.5

Compare Source

Complete changelog

• #​44974 - Rest Client metrics show real value in uri attribute instead of path parameter placeholders when used with @Url
• #​44989 - REST Client not sending headers from shared configKey
• #​45002 - REST Client using configKey resolves wrong config
• #​45004 - Update documentation for handling proxies in native-mode
• #​45010 - Properly create REST Client template path when @Url is used
• #​45022 - Upgrade to quarkus-http 5.3.4
• #​45034 - Revert MariaDB driver to 3.4.1
• #​45044 - Priority of REST Client Config changed to Quarkus FQN, config key, simple name
• #​45066 - Update OIDC MTLS test to use generated certificates
• #​45072 - Prioritize OIDC mechanism when inclusive authentication is disabled to simplify using mTLS and OIDC together
• #​45084 - A NoSuchMethodException is raised when a REST resource is called with a single JsonObject argument in native build
• #​45095 - Generate certificates in the OIDC integration test
• #​45097 - Ensure that jakarta json types can be deserialized in native mode
• #​45108 - Logstash conf file fix
• #​45126 - Bump org.hibernate.validator:hibernate-validator from 8.0.1.Final to 8.0.2.Final
• #​45130 - Conflicting open telemetry and flyway dependencies
• #​45136 - Break build cycle between OTel, logging and Flyway
• #​45143 - Update OIDC bearer doc with a section about response filters
• #​45161 - Fix local proxy handling in REST Client module
• #​45162 - Improve documentation for handling proxies in native-mode
• #​45172 - Docs: Correct word form in Native Applications Tips
• #​45173 - Unable to use custom handlers for HTTP OPTIONS method in subresources
• #​45174 - Unable to use custom handlers for HTTP OPTIONS method in subresources
• #​45190 - Fix matrix computation for Ubuntu 24

v3.17.4

Compare Source

Complete changelog

• #​40328 - Support for springdoc-openapi annotations in quarkus-smallrye-openapi
• #​44035 - smallrye-openapi scan for @ServerExceptionMapper annotation
• #​44627 - OpenAPI Extension Fails to Generate Schema for Generic Type that Uses Jackson JsonUnwrapped
• #​44804 - ElytronPasswordIdentityProvider does not forward attributes from SecurityIdentity
• #​44853 - Quarkus Vertx GRPC Client should respect "max-inbound-message-size" property
• #​44855 - Respect max message size property fo Quarkus GRPC client (44853)
• #​44896 - Copy attributes from Elytron SecurityIdentity to Quarkus SecurityIdentity
• #​44914 - LogManager error of type GENERIC_FAILURE
• #​44919 - Register Kotlin's empty set for reflection
• #​44923 - Spring Cloud Configuration ordinal customization
• #​44931 - Reduce log level of OTel side exporter classes
• #​44932 - Grpc client interceptors are not registered when injected via constructor
• #​44936 - Make sure OidcRequestContextProperties are always modifiable
• #​44938 - Keycloak devservice can be started indirectly if quarkus-oidc uses quarkus.oidc.provider
• #​44946 - Bump org.jboss.logmanager:jboss-logmanager from 3.1.0.Final to 3.1.1.Final
• #​44952 - Spring Cloud Configuration ordinal customization
• #​44954 - Bump io.smallrye.common:smallrye-common-bom from 2.8.0 to 2.9.0
• #​44961 - Fix InjectionPointModifier for repeated annotations on method parameters; add grpc test
• #​44975 - Quarkus Generator for gradle projects generates broken GitHub-Workflow
• #​44980 - Don't start Keycloak Dev Service for OIDC client and other extensions when OIDC extension is configured with a known social provider
• #​44983 - Fix ci.yml for Gradle projects
• #​44986 - Minor OIDC updates
• #​44990 - PermissionChecker method sometimes receives unaugmented SecurityIdentity even though augmentor did run successfully
• #​44996 - Bump smallrye-open-api.version from 4.0.4 to 4.0.5
• #​45003 - Fix code indentation
• #​45007 - Properly substitute {quarkus-version} in native-reference.adoc
• #​45008 - Improve Dev Services network output in dev mode when typing c
• #​45012 - Use final SecurityIdentity augmented with all the augmentors in @PermissionChecker methods
• #​45016 - Correct dependency notation in documentation for observability-devservices-lgtm.adoc
• #​45024 - Document @Url usage in REST Client
• #​45026 - Build with devservices failed because download of redpanda leads to 404
• #​45028 - Move from vectorized/redpanda images to redpandadata/redpanda

v3.17.3

Compare Source

Complete changelog

• #​44471 - JDK 24 new console is causing a serious regression in startup
• #​44599 - Build fails with "Method too large" exception
• #​44624 - Split creation of the Set to match unknown properties to avoid MethodTooLargeException
• #​44653 - Dev console "crashes" with Java 23
• #​44708 - Fix invalid proxy setting when the port ends with a whitespace
• #​44761 - Re-enable OIDC wiremock tests once a new certificate chain is available
• #​44791 - Add OpenPGP's Bouncycastle library to application's BOM
• #​44795 - Fix typo with classes() method
• #​44796 - Default to old console if user has not set it
• #​44797 - Quarkus Qute broken in 3.16
• #​44798 - Drop mentions of quarkus.ssl.native=false in Hibernate Search guides
• #​44808 - Use CertificateGenerator in OIDC Wiremock tests
• #​44811 - quarkus.jacoco.excludes doesn't work since 3.17.0
• #​44817 - Qute: fix regression in perf optimization of ReflectionValueResolver
• #​44820 - Fix NPE caused by PropertyName map with Mappings names
• #​44822 - Bump com.fasterxml.jackson:jackson-bom from 2.18.1 to 2.18.2
• #​44834 - Fix off-by-one error in exception decoration code
• #​44838 - Update SmallRye Config to 3.10.2
• #​44853 - Quarkus Vertx GRPC Client should respect "max-inbound-message-size" property
• #​44866 - Qute message bundle using enum uppercase with words separated by underscores
• #​44883 - Qute message bundles: fix localization of enums
• #​44886 - Custom openapi.yml under META-INF not merged after upgrade to 3.17.x
• #​44892 - Bump smallrye-open-api.version from 4.0.3 to 4.0.4

v3.17.2

Compare Source

Complete changelog

• #​7462 - Hibernate fails on complex orphanDelete=true cases and bump version upon merge calls involving entities without change
• #​35980 - Health UI access wrong health endpoint with management interface
• #​43056 - Double Array Hibernate @JdbcTypeCode(SqlTypes.ARRAY) causes NullPointerException with 6.6.0.Final
• #​43296 - AssertionError in EntityInitializerImpl.resolveInstanceSubInitializers after upgrading to 3.14
• #​43845 - Exemplars are not recorded for metric http_server_requests*
• #​44016 - Micrometer exemplars on HTTP
• #​44117 - TestProfile's getEnabledAlternatives CDI BEAN leaks to unrelated TestProfile's test
• #​44261 - Improve Qute documentation
• #​44391 - Upgrade to Hibernate ORM 6.6.3.Final
• #​44454 - Hibernate FetchNotFoundException
• #​44511 - NPE during custom bean invocation via PreAuthorize annotation in Quarkus RESTEasy
• #​44543 - Fix buildpack docker host handling for macos
• #​44564 - A NoSuchMethodException is raised when a rest resource is called with a Jakarta Reader/Writer interceptor defined
• #​44568 - @AuthorizationPolicy is not compatoble with kotlin suspend functions
• #​44576 - Cannot build TODO demo app on windows into uber-jar since quarkus 3.16.1
• #​44584 - Fix wrong web endpoint path for resource on Windows
• #​44586 - Bump smallrye-fault-tolerance.version from 6.6.2 to 6.6.3
• #​44589 - Copyedits for style, security-jwt.adoc
• #​44592 - Docs: dev mode differences - remove the link for old Dev UI
• #​44594 - Google Cloud Function gen 2 is now the default
• #​44599 - Build fails with "Method too large" exception
• #​44602 - Qute docs improvement
• #​44603 - Copyedits for style, security-jwt-build.adoc
• #​44608 - Bump testcontainers.version from 1.20.3 to 1.20.4
• #​44610 - Qute: Unexpected primitive equality
• #​44613 - Register method for reflection when read or write interceptors exist
• #​44615 - Qute: if section - adjust the evaluation rules for equality operators
• #​44638 - Clean up effects of test profiles when @QuarkusMainTest completes
• #​44641 - NoClassDefFoundError in ShutdownTask when running BuildMetricsTest
• #​44646 - Failing to apply @SecureField to a generic with nested objects.
• #​44647 - Do not add host:port to Health path in Health UI
• #​44649 - Register jakarta.json.spi.JsonProvider service provider
• #​44667 - Pass secured method arguments into security checks for @PreAuthorize security annotation on SpringWeb endpoints
• #​44668 - Support @AuthorizationPolicy on suspended Kotlin endpoint methods
• #​44669 - Quarkus REST Jackson: Improve detection of generic fields annotated with the @SecureField and allow to explicitly enable secure serialization
• #​44674 - Qute: Rendering Timeout Instead of Throwing TemplateException for Missing Keys in {#let} and {#set} Constructs
• #​44677 - Properly reset Quarkus populated Jackson ObjectMapper
• #​44678 - Fix glob to regex convertion to properly handle **/*.suffix
• #​44679 - Config Doc - Improve HTML Javadoc -> Asciidoc conversion
• #​44682 - Qute: fix handling of missing properties in strict mode
• #​44684 - Remove line
• #​44685 - Add documentation for @WithTestResource to getting started testing
• #​44698 - Bump hibernate-search.version from 7.2.1.Final to 7.2.2.Final
• #​44704 - Fix TLS config Javadoc typo
• #​44709 - Fix leftover -reactive properties references in REST client guide
• #​44754 - Fix retry count in remote dev mode error message
• #​44760 - Temporarily disable OIDC wiremock tests using expired certificates
• #​44768 - Address leftovers in testing docs from #​44685

v3.17.1

Compare Source

v3.17.0

Compare Source

Complete changelog

• #​9335 - Bug using a maven classifier in dev mode
• #​43608 - Dependency warning spam during build
• #​44216 - Increased build-time RSS usage in micrometer-prometheus integration test after moving Kubernetes to @ConfigMapping
• #​44246 - Runtime property being resolved at build time
• #​44286 - Clarify JFR configuration when using OTel Metrics
• #​44448 - Reduce allocation in matching of unknown properties
• #​44452 - quarkus-hal omits link params from response entity
• #​44467 - WebSockets Next: clarify connector API docs/javadoc
• #​44475 - Improve test reliability
• #​44477 - Update to Quartz 2.5.0 and drop Jakarta transformation workaround
• #​44479 - TestSecurity#permissions using SecurityIdentityAugmentor only work with proactive auth
• #​44481 - Bump smallrye-open-api from 4.0.2 to 4.0.3
• #​44483 - Bump com.gradle.develocity from 3.18.1 to 3.18.2 in /devtools/gradle
• #​44487 - Support configuring quarkus.bootstrap.effective-model-builder as a POM property
• #​44497 - Mutiple starts of Quarkus during Test execution (works in 3.15.1)
• #​44499 - Improve test reliability II
• #​44500 - Kafka serializer cannot be autodetected when injecting an Instance
• #​44501 - Support title and type fields when generating HAL links
• #​44503 - Enforce the platform constraints when resolving the Quarkus bootstrap Gradle resolver dependencies
• #​44504 - WebSockets Next: support arrays as valid return types of callbacks
• #​44512 - SmallRye Fault Tolerance: upgrade to 6.6.2
• #​44526 - Support Serde detection for Instance injection of Messaging channels
• #​44532 - Consider resources from @TestProfile when checking for restart
• #​44535 - Allow @PermissionChecker methods to authorize secured methods when @TestSecurity annotation is applied and conditionally apply SecurityIdentityAugmentors
• #​44536 - Fix typo, use common ID syntax
• #​44541 - Removing unused configuration of the application model in QuarkusBuildTasks
• #​44558 - Reference extension maturity matrix from extensions FAQ
• #​44560 - Correct javadoc of ReflectiveHierarchyBuildItem
• #​44567 - Render ConfigMapping elements properly in the Dev UI Configuration editor
• #​44572 - Remove customizer mappings from runtime recording Config
• #​44577 - Application does not start after update from 3.15.2 to 3.16.3 due to open api processor

v3.16.4

Compare Source

Complete changelog

• #​37040 - The flyway extension generates Kubernetes resources as if quarkus.flyway.enabled was a runtime property
• #​42446 - Add explanation/concept for extension maturity model
• #​44367 - Gradle 3.16 fails with missing required property additionalForcedProperties
• #​44399 - Declaring explicitly the build service in the QuarkusBuildTask
• #​44433 - Reflection free serializers ArrayIndexOutOfBoundsException
• #​44438 - Gradle buildForkOptions no longer used since quarkus 3.16.1
• #​44457 - Support for short and uncommon field names like set, get, and is
• #​44468 - Use QUARKUS_FLYWAY_ACTIVE instead of QUARKUS_FLYWAY_ENABLED env in Kubernetes resources
• #​44472 - Kotlin native Jackson serialization regression: EmptyList & EmptyMap missing
• #​44480 - Fix nullpointer on null code websockets-next
• #​44493 - Using BuildForkOptions in QuarkusBuildTask
• #​44494 - Register Kotlin's empty list and map for reflection
• #​44505 - Log in smallrye-jwt and oauth2 extensions when no bearer access token is available
• #​44507 - Fixed Timestamp not being set for otel log signals
• #​44509 - Updates to Infinispan 15.0.11.Final
• #​44515 - Coordinated Vert.x 4.5.11 upgrades
• #​44531 - Correct image file name to resolve broken image
• #​44537 - Update smallrye-jwt to 4.6.1
• #​44545 - Wrong index of ParameterizedType argument of Map when register type to be generated in JacksonCodeGenerator
• #​44571 - Update CacheJsonRPCService.java reference
• #​44574 - Grammar corrections for en-us

v3.16.3

Compare Source

Complete changelog

• #​43392 - Quarkus does not decompress Brotli requests in native mode
• #​44118 - QuarkusMainTest always run even TestProfile's tags do not match
• #​44147 - Avoid duplication descriptors in PlatformImportsImpl
• #​44329 - Do not run the Gradle tests when using -DquicklyDocs and add some useful workflow tips
• #​44335 - Allow for using RuntimeDelegate SPI in native mode
• #​44336 - Do not try to list synthetic injection points in "inactive bean" errors
• #​44339 - Remove use of Json in OIDC
• #​44341 - Scheduler: fix OffLoadingInvoker
• #​44345 - Update opentelemetry-tracing.adoc
• #​44348 - Enable Brotli decompression
• #​44352 - Make sure the result from QCL.getElementsWithResource(name) does not include duplicates
• #​44353 - Small improvements to the Google Cloud Function guides
• #​44366 - Qute: generation of qute-i18n-examples doesn't handle localized enums
• #​44371 - Make @QuarkusMainTest respect quarkus.test.profile.tags
• #​44384 - quarkus-grpc: Generate proto files from dependencies no longer works since Quarkus 3.16
• #​44385 - Qute: fix generation of qute-i18n-examples
• #​44388 - Fix some invalid configuration cases for doc generation and fail the build if some description are missing
• #​44398 - Fix Keycloak DevService property doc typo
• #​44400 - jbang devmode not honoring properties
• #​44412 - QuteErrorPageSetup does not support templates that are not backed by a file
• #​44415 - Propagate Runtime properties in JBang Dev mode
• #​44416 - QuteErrorPageSetup: support templates that are not backed by a file
• #​44417 - Reflection-Free-Serializers issue with 3.16.2
• #​44421 - Fix deserialization of null maps in reflection-free Jackson deserializers
• #​44425 - Bump resteasy.version from 6.2.10.Final to 6.2.11.Final
• #​44426 - Bump io.micrometer:micrometer-bom from 1.13.6 to 1.13.7
• #​44432 - Forcing initializing compilejava if empty

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	Transitive: environment, filesystem, shell	+54	2.25 MB	okonet
npm/[email protected]	Transitive: environment, eval, filesystem, unsafe	+11	12.7 MB	jtkiesel
npm/[email protected]	None	0	7.83 MB	prettier-bot
npm/[email protected]	filesystem	0	10.9 kB	toplenboren

🚮 Removed packages: maven/io.quarkus/[email protected]

View full report↗︎

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud