chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
docker.io/bitnami/kafka (source)		minor	3.7.1 -> 3.8.1
docker.io/curlimages/curl		minor	8.8.0 -> 8.10.1
docker.io/hapiproject/hapi		minor	v7.2.0 -> v7.4.0
docker.io/library/gradle	stage	minor	8.8.0-jdk21 -> 8.10.2-jdk21
ghcr.io/miracum/fhir-pseudonymizer		minor	v2.21.11 -> v2.22.0
ghcr.io/miracum/loinc-conversion		minor	v1.14.10 -> v1.15.2
gradle (source)		minor	8.8 -> 8.10.2
com.uber.nullaway:nullaway	dependencies	patch	0.12.0 -> 0.12.1
com.google.errorprone:error_prone_core (source)	dependencies	minor	2.34.0 -> 2.35.1
com.h2database:h2 (source)	dependencies	minor	2.2.224 -> 2.3.232
org.postgresql:postgresql (source)	dependencies	patch	42.7.3 -> 42.7.4
io.micrometer:micrometer-core	dependencies	patch	1.13.1 -> 1.13.6
io.micrometer:micrometer-registry-prometheus	dependencies	patch	1.13.1 -> 1.13.6
org.miracum:kafka-fhir-serializer	dependencies	patch	1.0.6 -> 1.0.7
ca.uhn.hapi.fhir:hapi-fhir-client-okhttp (source)	dependencies	minor	7.2.1 -> 7.4.5
ca.uhn.hapi.fhir:hapi-fhir-structures-r4 (source)	dependencies	minor	7.2.1 -> 7.4.5
ca.uhn.hapi.fhir:hapi-fhir-client (source)	dependencies	minor	7.2.1 -> 7.4.5
ca.uhn.hapi.fhir:hapi-fhir-base (source)	dependencies	minor	7.2.1 -> 7.4.5
org.springframework.cloud:spring-cloud-dependencies (source)	dependencies	patch	2023.0.2 -> 2023.0.3
org.springframework.boot	plugin	patch	3.3.4 -> 3.3.5

---

Release Notes

curl/curl-container (docker.io/curlimages/curl)

v8.10.1

Compare Source

Changed

• bump to curl 8.10.1

v8.10.0

Compare Source

Changed

• bump to curl 8.10.0
• bump to alpine:3.20.3

v8.9.1

Compare Source

Changed

• bump to curl 8.9.1

v8.9.0

Compare Source

Changed

• bump to curl 8.9.0
• bump to alpine 3.20.2

miracum/fhir-pseudonymizer (ghcr.io/miracum/fhir-pseudonymizer)

v2.22.0

Compare Source

Features

• added support for truncating crypto-hashed values to a max length (#​207) (54dae1e)

Miscellaneous Chores

• deps: update all non-major dependencies (#​202) (e5c3b47)
• deps: update docker.io/library/postgres docker tag to v17 (#​206) (a4fb8cb)
• deps: update dotnet monorepo (#​201) (38971e1)

v2.21.16

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​198) (90ffb5e)

v2.21.15

Compare Source

Miscellaneous Chores

• deps: update github-actions (#​196) (aab8118)

v2.21.14

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​192) (c8b6062)
• deps: update dependency verify.xunit to v26 (#​194) (03d24e4)
• deps: update dependency yamldotnet to v16 (#​195) (98abbf2)
• deps: update docker.io/bitnami/kubectl:1.30.2 docker digest to dc190b7 (#​189) (f3db2cb)
• deps: update docker.io/library/postgres:16.3 docker digest to d0f363f (#​190) (f92a84d)
• deps: update github-actions (#​193) (8c2b726)
• deps: update mcr.microsoft.com/dotnet/sdk:8.0.303-noble docker digest to e1713ba (#​191) (290cbe3)

v2.21.13

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​187) (3ee4280)
• deps: update github-actions (#​188) (6d9a3cd)

v2.21.12

Compare Source

Documentation

• updated scorecard badge (#​181) (9dbd32f)

Miscellaneous Chores

• deps: update dependency verify.xunit to v25.1.1 (#​183) (b1c8117)
• deps: update docker.io/library/postgres:16.3 docker digest to 3cc4d8c (#​182) (0a92435)
• deps: update quay.io/keycloak/keycloak docker tag to v25 (#​180) (95f31fd)

Build

• added linux/arm64 images (#​185) (1b66b34)
• fixed multi-platform build (#​186) (71d2d84)

miracum/loinc-conversion (ghcr.io/miracum/loinc-conversion)

v1.15.2

Compare Source

Bug Fixes

• consistently use L instead of l (#​78) (e4e4a55)
• deps: update dependency fastify to v5 (#​84) (d009ee4)
• deps: update dependency fastify-metrics to v12 (#​85) (ee49be9)
• parse given value to numeric before processing (#​86) (a12e324)

Miscellaneous Chores

• deps: update all non-major dependencies (#​81) (6b23154)
• deps: update dependency ubuntu to v24 (#​83) (6d83a76)
• deps: update gcr.io/distroless/nodejs22-debian12:nonroot docker digest to 9f0d01f (#​80) (9f89456)
• deps: update github-actions (#​82) (b69f22b)

v1.15.1

Compare Source

Miscellaneous Chores

• deps: bump find-my-way from 8.1.0 to 8.2.2 (#​79) (dabc35d)

v1.15.0

Compare Source

Features

• make loinc version configurable, provide both 2.67 (default) and 2.77 (#​72) (1ba71d3)

Bug Fixes

• deps: update all non-major dependencies (#​63) (d4719f6)
• deps: update dependency fastify-graceful-shutdown to v4 (#​76) (0e6d61c)
• deps: update dependency fastify-metrics to v11 (#​58) (6a57253)
• deps: update dependency pino to v9 (#​65) (e100b07)

Documentation

• update README.md (7b8f13b)

Miscellaneous Chores

• deps-dev: bump braces from 3.0.2 to 3.0.3 (#​66) (7a80d7d)
• deps: eslint to v9 (#​77) (7dd6d22)
• deps: update all non-major dependencies (#​57) (bf899a5)
• deps: update dependency wait-on to v8 (#​74) (cd36bc4)
• deps: update github-actions (#​56) (7ebaa74)
• deps: update github-actions (#​62) (b562641)
• deps: update github-actions (#​69) (c97a290)

gradle/gradle (gradle)

v8.10.2

Compare Source

v8.10.1

Compare Source

v8.10

Compare Source

v8.9

Compare Source

uber/NullAway (com.uber.nullaway:nullaway)

v0.12.1

• Add library model for Apache Commons CollectionUtils.isNotEmpty (#​932) (#​1062)
• Handle records in targetTypeMatches (#​1061)

google/error-prone (com.google.errorprone:error_prone_core)

v2.35.1: Error Prone 2.35.1

Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.

Version 3.25.5 of protobuf still fixes CVE-2024-7254. This release is provided for users who aren't ready to update to 4.x, see also #​4584 and #​4634. Future versions of Error Prone will upgrade back to protobuf 4.x.

Full changelog: google/error-prone@v2.35.0...v2.35.1

v2.35.0: Error Prone 2.35.0

Changes:

• Fix handling of \s before the trailing delimiter in MisleadingEscapedSpace
• TimeUnitMismatch improvements: handle binary trees, consider trees like fooSeconds * 1000 to have units of millis

New checks:

• JavaDurationGetSecondsToToSeconds: Prefer duration.toSeconds() over duration.getSeconds()

Full changelog: google/error-prone@v2.34.0...v2.35.0

pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.4

Added

• chore: SCRAM dependency to 3.1 and support channel binding PR #​3188
• chore: Add PostgreSQL 15, 16, and 17beta1 to CI tests PR #​3299
• test: Update to 17beta3 PR #​3308
• chore: Implement direct SSL ALPN connections PR #​3252
• translation: Add Korean translation file PR #​3276

Fixed

• fix: PgInterval ignores case for represented interval string PR #​3344
• perf: Avoid extra copies when receiving int4 and int2 in PGStream PR #​3295
• fix: Add support for Infinity::numeric values in ResultSet.getObject PR #​3304
• fix: Ensure order of results for getDouble PR #​3301
• perf: Replace BufferedOutputStream with unsynchronized PgBufferedOutputStream, allow configuring different Java and SO_SNDBUF buffer sizes PR #​3248
• fix: Fix SSL tests PR #​3260
• fix: Support bytea in preferQueryMode=simple PR #​3243
• fix: Fix #​3234 - Return -1 as update count for stored procedure calls PR #​3235
• fix: Fix #​3224 - conversion for TIME '24:00' to LocalTime breaks in binary-mode PR #​3225
• perf: Speed up getDate by parsing bytes instead of String PR #​3141
• fix: support PreparedStatement.setBlob(1, Blob) and PreparedStatement.setClob(1, Clob) for lobs that return -1 for length PR #​3136
• fix: Validates resultset Params in PGStatement constructor. uses assertThro… PR #​3171
• fix: Validates resultset parameters PR #​3167
• docs: Replace greater to with greater than PR #​3315
• docs: Clarify binaryTransfer and prepareThreshold PR #​3338
• docs: use.md, typo PR #​3314
• test: Use docker v2 which changes docker-compose to docker compose #​3339
• refactor: Merge PgPreparedStatement#setBinaryStream int and long methods PR #​3165
• test: Test both binaryMode=true,false when creating connections in DatabaseMetaDataTest PR #​3231
• docs: Fixed typos in all source code and documentations PR #​3242
• chore: Remove self-hosted runner PR #​3227
• docs: Add cancelSignalTimeout in README PR #​3190
• docs: Document READ_ONLY_MODE in README PR #​3175
• test: Test for +/- infinity double values PR #​3294
• test: Switch localhost and auth-test around for test-gss PR #​3343
• fix: remove preDescribe from internalExecuteBatch PR #​2883

Deprecated

• test: Deprecate all PostgreSQL versions older than 9.1 PR #​3335

micrometer-metrics/micrometer (io.micrometer:micrometer-core)

v1.13.6: 1.13.6

⭐ New Features / Enhancements

• Improve memory usage of StepBucketHistogram #​4954

🐞 Bug Fixes

• Instrumented Java 11 HttpClient does not re-throw exceptions in sendAsync call #​5136
• Map time units to UCUM format for Dynatrace #​5588
• Aspects' tagsBasedOnJoinPoint may throw uncaught exception #​5584
• Set user agent header in OTLP registry #​5577
• MicrometerHttpRequestExecutor fails to instrument with Apache HC 5.4 #​5575

📔 Documentation

• Remove duplicated context-propagation documentation in Micrometer docs #​5549
• [OTLP Registry] Document batch size configuration #​5578

🔨 Dependency Upgrades

• Bump dropwizard-metrics from 4.2.27 to 4.2.28 #​5566
• Bump context-propagation to 1.1.2 #​5592

📝 Tasks

• Bump org.junit:junit-bom from 5.10.4 to 5.10.5 #​5571
• Bump me.champeau.gradle:japicmp-gradle-plugin from 0.4.3 to 0.4.4 #​5567
• Bump jersey3 from 3.0.12 to 3.0.16 #​5560
• Do not include formerly removed micrometer-samples-jetty12 subproject #​5554
• Bump spring from 5.3.37 to 5.3.39 #​5419
• Bump org.junit.platform:junit-platform-launcher from 1.10.4 to 1.10.5 #​5557
• Bump org.mongodb:mongodb-driver-sync from 4.11.3 to 4.11.4 #​5538
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.6 to 2.1.7 #​5536
• Bump io.netty:netty-bom from 4.1.112.Final to 4.1.114.Final #​5534
• Bump io.spring.develocity.conventions from 0.0.20 to 0.0.22 #​5533
• Bump org.junit.platform:junit-platform-launcher from 1.10.3 to 1.10.4 #​5532
• Bump jetty9 from 9.4.55.v20240627 to 9.4.56.v20240826 #​5531
• Bump junit from 5.10.3 to 5.10.4 #​5530
• Bump spring from 5.3.37 to 5.3.39 #​5455

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​lenin-jaganathan, @​pirgeo, @​kinddevil, and @​joaopgrassi

v1.13.5: 1.13.5

🐞 Bug Fixes

• ConcurrentModificationException when late meter filters are added #​5489

🔨 Dependency Upgrades

• Bump com.signalfx.public:signalfx-java from 1.0.45 to 1.0.46 #​5506
• Bump com.netflix.spectator:spectator-reg-atlas from 1.7.19 to 1.7.21 #​5505

Tasks

• Use Prometheus BOMs for dependency management #​5468

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​mabartos, @​emmanuel-ferdman, and @​izeye

v1.13.4: 1.13.4

🐞 Bug Fixes

• BOM contains a non-resolvable dependency: io.micrometer:concurrency-tests #​5395
• Zero percentile can be missing from Dynatrace meters where expected #​4750

📔 Documentation

• Fix a typo in meters.adoc #​5399

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.7.18 to 1.7.19 #​5425
• Bump dropwizard-metrics from 4.2.26 to 4.2.27 #​5423
• Bump com.signalfx.public:signalfx-java from 1.0.44 to 1.0.45 #​5420

📝 Tasks

• Bump org.apache.maven:maven-resolver-provider from 3.9.8 to 3.9.9 #​5426
• Bump io.spring.develocity.conventions from 0.0.19 to 0.0.20 #​5424
• Bump io.projectreactor:reactor-bom from 2022.0.21 to 2022.0.22 #​5422
• Bump spring-javaformat from 0.0.42 to 0.0.43 #​5421
• Bump org.postgresql:postgresql from 42.7.3 to 42.7.4 #​5418
• Fix GuavaCacheMetricsTest and CaffeineCacheMetricsTest #​5405

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye and @​madhead

v1.13.3: 1.13.3

🐞 Bug Fixes

• Add default factoryType tag in CommonsObjectPool2Metrics #​5316
• Buffered statsd lines are not published on close #​2141
• Disable kotlinSourcesJar since it conflicts with sourcesJar #​5151

📔 Documentation

• Make more explicit that recording a metric is safe to call #​5365

🔨 Dependency Upgrades

• Bump com.fasterxml.jackson.core:jackson-databind from 2.17.1 to 2.17.2 #​5364
• Bump com.gradle.develocity from 3.17.5 to 3.17.6 #​5357
• Bump com.netflix.spectator:spectator-reg-atlas from 1.7.14 to 1.7.17 #​5356
• Bump com.signalfx.public:signalfx-java from 1.0.43 to 1.0.44 #​5362
• Bump io.netty:netty-bom from 4.1.111.Final to 4.1.112.Final #​5360
• Bump io.projectreactor:reactor-bom from 2022.0.20 to 2022.0.21 #​5358
• Bump jersey3 from 3.0.11 to 3.0.12 #​5378
• Bump jetty9 from 9.4.54.v20240208 to 9.4.55.v20240627 #​5361
• Bump org.jetbrains.kotlin.jvm from 1.9.23 to 1.9.24 #​5294

📝 Tasks

• Make PrometheusMeterRegistryTest less flaky #​5302
• Migrate to io.spring.develocity.conventions:0.0.19 #​5312
• Apply test-retry settings to all tests #​5303

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye, @​HYEONSEOK1, @​BJMg, and @​cbrachem

v1.13.2: 1.13.2

🐞 Bug Fixes

• Avoid calling naming convention on scrape #​5288
• Fix histogram consistency in PrometheusMeterRegistry #​5193
• Fix log to include stack trace in OtlpMeterRegistry.publish() #​5141

🔨 Dependency Upgrades

• Bump software.amazon.awssdk:cloudwatch from 2.25.69 to 2.25.70 #​5277
• Bump com.netflix.spectator:spectator-reg-atlas from 1.7.13 to 1.7.14 #​5276
• Bump com.signalfx.public:signalfx-java from 1.0.42 to 1.0.43 #​5272

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye and @​shalk

miracum/kafka-fhir-serializer (org.miracum:kafka-fhir-serializer)

v1.0.7

What's Changed

• chore(deps): update all non-major dependencies by @​renovate in https://github.com/miracum/kafka-fhir-serializer/pull/50
• chore(deps): update github-actions by @​renovate in https://github.com/miracum/kafka-fhir-serializer/pull/49
• chore(deps): update gradle/actions action to v4 by @​renovate in https://github.com/miracum/kafka-fhir-serializer/pull/51

Full Changelog: miracum/kafka-fhir-serializer@v1.0.6...v1.0.7

hapifhir/hapi-fhir (ca.uhn.hapi.fhir:hapi-fhir-client-okhttp)

v7.4.5

7.4.5

v7.4.4

7.4.4

v7.4.3

7.4.3

v7.4.2

7.4.2

v7.4.0

7.4.0

v7.2.3

7.2.3

v7.2.2

7.2.2

spring-cloud/spring-cloud-release (org.springframework.cloud:spring-cloud-dependencies)

v2023.0.3

Full Changelog: spring-cloud/spring-cloud-release@v2023.0.2...v2023.0.3

Module	Version	Issues
Spring Cloud Vault	4.1.3
Spring Cloud Bus	4.1.2
Spring Cloud Zookeeper	4.1.2
Spring Cloud Kubernetes	3.1.3	(issues)
Spring Cloud Task	3.1.2	(issues)
Spring Cloud Function	4.1.3	(issues)
Spring Cloud Commons	4.1.4	(issues)
Spring Cloud OpenFeign	4.1.3	(issues)
Spring Cloud CircuitBreaker	3.1.2	(issues)
Spring Cloud Starter Build	2023.0.3
Spring Cloud Stream	4.1.3
Spring Cloud Gateway	4.1.5	(issues)
Spring Cloud Consul	4.1.2
Spring Cloud Contract	4.1.4	(issues)
Spring Cloud Config	4.1.3	(issues)
Spring Cloud Build	4.1.3
Spring Cloud Netflix	4.1.3	(issues)

---

Configuration

📅 Schedule: Branch creation - "every 3 months on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	4		0	0.06s
✅ DOCKERFILE	hadolint	2		0	0.15s
✅ EDITORCONFIG	editorconfig-checker	67		0	0.39s
✅ GROOVY	npm-groovy-lint	2		0	9.4s
✅ JAVA	checkstyle	19		0	5.25s
✅ JSON	jsonlint	5		0	0.22s
✅ JSON	prettier	5		0	1.34s
✅ JSON	v8r	5		0	5.13s
✅ MARKDOWN	markdownlint	2		0	0.62s
✅ PYTHON	bandit	1		0	1.27s
✅ PYTHON	black	1		0	1.21s
✅ PYTHON	flake8	1		0	0.61s
✅ PYTHON	isort	1		0	0.31s
✅ PYTHON	mypy	1		0	7.93s
✅ PYTHON	ruff	1		0	0.03s
✅ REPOSITORY	checkov	yes		no	18.51s
✅ REPOSITORY	gitleaks	yes		no	0.62s
✅ REPOSITORY	git_diff	yes		no	0.03s
✅ REPOSITORY	grype	yes		no	15.16s
✅ REPOSITORY	kics	yes		no	4.21s
✅ REPOSITORY	secretlint	yes		no	0.88s
✅ REPOSITORY	syft	yes		no	1.77s
✅ REPOSITORY	trivy	yes		no	8.05s
✅ REPOSITORY	trivy-sbom	yes		no	0.82s
✅ REPOSITORY	trufflehog	yes		no	5.69s
✅ XML	xmllint	1		0	0.62s
✅ YAML	prettier	17		0	1.13s
✅ YAML	yamllint	17		0	0.56s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

• Click here to request the new flavor

MegaLinter is graciously provided by

[github-actions]

Code Coverage Report

Overall Project	29.93%	❌

There is no coverage information present for the Files changed

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

Trivy image scan report

ghcr.io/miracum/fhir-gateway:pr-168 (debian 12.7)

No Vulnerabilities found

No Misconfigurations found

Java

1 known vulnerabilities found (MEDIUM: 0 LOW: 0 CRITICAL: 0 HIGH: 1)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
commons-io:commons-io	CVE-2024-47554	HIGH	2.11.0	2.14.0

No Misconfigurations found

[miracum-bot]

🎉 This PR is included in version 3.14.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀