Update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
bitnami/kafka (source)		minor	3.8.1-debian-12-r1 -> 3.9.0-debian-12-r4
gradle (source)		minor	8.10.2 -> 8.12
mariadb	service	minor	11.5 -> 11.6
org.assertj:assertj-core (source)	devDependencies	minor	3.26.3 -> 3.27.2
org.mariadb.jdbc:mariadb-java-client (source)	devDependencies	patch	3.5.0 -> 3.5.1
org.apache.poi:poi-ooxml	devDependencies	minor	5.3.0 -> 5.4.0
org.apache.poi:poi	devDependencies	minor	5.3.0 -> 5.4.0
org.owasp.esapi:esapi (source)	devDependencies	minor	2.5.5.0 -> 2.6.0.0
org.apache.activemq:activemq-client (source)	devDependencies	patch	6.1.3 -> 6.1.4
com.google.cloud.sql:mysql-socket-factory-connector-j-8	devDependencies	patch	1.21.0 -> 1.21.2
org.springdoc:springdoc-openapi-starter-webmvc-ui (source)	devDependencies	minor	2.6.0 -> 2.8.1
org.eclipse.jgit:org.eclipse.jgit.ssh.apache	devDependencies	minor	7.0.0.202409031743-r -> 7.1.0.202411261347-r
org.projectlombok:lombok (source)	devDependencies	patch	1.18.34 -> 1.18.36
commons-codec:commons-codec (source)	devDependencies	patch	1.17.1 -> 1.17.2
io.github.classgraph:classgraph	devDependencies	patch	4.8.177 -> 4.8.179
org.glassfish.jersey.media:jersey-media-multipart (source)	devDependencies	patch	3.1.9 -> 3.1.10
org.openapi.generator	plugin	minor	7.8.0 -> 7.10.0
com.github.spotbugs	plugin	patch	6.0.26 -> 6.0.27
io.swagger.core.v3.swagger-gradle-plugin	plugin	patch	2.2.23 -> 2.2.27
org.springframework.boot	plugin	minor	3.3.5 -> 3.4.1
org.zeroturnaround.gradle.jrebel	plugin	patch	1.2.0 -> 1.2.1
org.quartz-scheduler:quartz (source)	devDependencies	minor	2.3.2 -> 2.5.0
commons-io:commons-io (source)	devDependencies	minor	2.17.0 -> 2.18.0
com.google.googlejavaformat:google-java-format	devDependencies	minor	1.24.0 -> 1.25.2
ch.qos.logback:logback-classic (source, changelog)	devDependencies	patch	1.5.12 -> 1.5.16
ch.qos.logback:logback-core (source, changelog)	devDependencies	patch	1.5.12 -> 1.5.16
io.github.resilience4j:resilience4j-bom (source)	devDependencies	minor	2.2.0 -> 2.3.0
software.amazon.awssdk:bom	devDependencies	patch	2.29.9 -> 2.29.48
org.mockito:mockito-bom	devDependencies	minor	5.14.2 -> 5.15.2
io.netty:netty-bom (source)	devDependencies	patch	4.1.114.Final -> 4.1.116.Final
com.fasterxml.jackson:jackson-bom	devDependencies	patch	2.18.1 -> 2.18.2
org.junit:junit-bom (source)	devDependencies	patch	5.11.3 -> 5.11.4
org.jetbrains.kotlin:kotlin-bom (source)	devDependencies	minor	2.0.21 -> 2.1.0
io.opentelemetry:opentelemetry-bom	devDependencies	minor	1.44.1 -> 1.45.0
org.springframework.boot:spring-boot-dependencies (source)	devDependencies	minor	3.3.5 -> 3.4.1
org.springframework:spring-framework-bom	devDependencies	minor	6.1.14 -> 6.2.1
io.micrometer:micrometer-bom	devDependencies	minor	1.13.6 -> 1.14.2
io.spring.dependency-management	plugin	patch	1.1.6 -> 1.1.7

---

Release Notes

gradle/gradle (gradle)

v8.12

Compare Source

v8.11.1: 8.11.1

Compare Source

This is a patch release for Gradle 8.11. We recommend users upgrade to 8.11.1 instead of 8.11.

It fixes the following issues:

• #​31268 BuildEventsListenerRegistry corrupted with Isolated Projects and parallel configuration
• #​31282 Running executables sporadically fails with ETXTBSY (Text file busy)
• #​31284 ArrayIndexOutOfBoundsException after upgrading to gradle 8.11 when generating problems report
• #​31310 Unable to run Gradle task in 8.10 due to bytecode interception

Read the Release Notes

Upgrade instructions

Switch your build to use Gradle 8.11.1 by updating your wrapper:

./gradlew wrapper --gradle-version=8.11.1

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.11: 8.11

Compare Source

The Gradle team is excited to announce Gradle 8.11.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
alyssoncs,
Bilel MEDIMEGH,
Björn Kautler,
Chuck Thomas,
Daniel Lacasse,
Finn Petersen,
JK,
Jérémie Bresson,
luozexuan,
Mahdi Hosseinzadeh,
Markus Gaisbauer,
Matthew Haughton,
Matthew Von-Maszewski,
ploober,
Siarhei,
Titus James,
vrp0211

Upgrade instructions

Switch your build to use Gradle 8.11 by updating your wrapper:

./gradlew wrapper --gradle-version=8.11

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

mariadb-corporation/mariadb-connector-j (org.mariadb.jdbc:mariadb-java-client)

v3.5.1

Compare Source

Full Changelog

Notable changes

• CONJ-1193 Implement parsec authentication
• CONJ-1207 New HaMode: sequential write, loadbalance read
• CONJ-1208 permit bulk for INSERT ON DUPLICATE KEY UPDATE commands for 11.5.1+ servers

Bugs Fixed

• CONJ-1053 Mark waffle-jna dependency optional in module descriptor
• CONJ-1196 setObject on java.util.Date was considered was a java.sql.Date and truncate hour/minutes/seconds/ms while it must be considered like a java.sql.Timestamp
• CONJ-1211 jdbc 4.3 enquoteIdentifier missing validation
• CONJ-1213 sql command ending with semicolon and trailing space are not using bulk

GoogleCloudPlatform/cloud-sql-mysql-socket-factory (com.google.cloud.sql:mysql-socket-factory-connector-j-8)

v1.21.2

Bug Fixes

• Update dependency versions to latest. (#​2092) (1d476a7)

Dependencies

• Update Non-major dependencies (#​2089) (ab122eb)

v1.21.1

Dependencies

• Update Non-major dependencies (#​2076) (5a7e08a)

Documentation

• Add missing javadoc comments to public methods. (#​2080) (00e0b1a)

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-ui)

v2.8.1

Compare Source

Fixed

• #​2834 - java.lang.ClassNotFoundException: kotlin.reflect.full.KClasses when upgrade from 2.7.0 to 2.8.0

v2.8.0

Compare Source

Added

• #​2790 - Moving to OpenAPI 3.1 as the default implementation for springdoc-openapi
• #​2817 - Obey annotations when flattening ParameterObject fields
• #​2826 - Make it possible to mark parameters with @​RequestParam annotation to be sent in form instead of query.
• #​2822 - Support returning null in ParameterCustomizer
• #​2830 - Add support for deprecated fields.
• #​2780 - Add Security Schema by AutoConfigure

Changed

• Upgrade spring-boot to 3.4.1
• Upgrade spring-cloud-function to 4.2.0
• Upgrade swagger-core to 2.2.27

Fixed

• #​2804 - Stable release 2.7.0 depends on Spring Cloud Milestone 4.2.0-M1
• #​2828 - Required a bean of type 'org.springframework.data.rest.webmvc.mapping.Associations' that could not be found.
• #​2823 - Capturing pattern in identical paths only renders the path element of one method
• #​2817 - Automatically add required if a field is @​notNull or @​NotBlank.
• #​2814 - An unresolvable circular reference with management.endpoint.gateway.enabled=true.
• #​2798 - Object schema generated for Unit Kotlin type.
• #​2797 - Removing operationId via customizer does not work anymore.
• #​2833 - Resolve infinite recursion and add example test with OpenAPI v3.1
• #​2827 - Ignoring @​Parameter(required = false)

v2.7.0

Compare Source

Added

• #​2777 - Add SortAsQueryParam annotation
• #​2786 - No static resource swagger-ui/index.html error after migration to 2.7.0-RC1

Changed

• Upgrade spring-boot to 3.4.0
• Upgrade swagger-ui to 5.18.2
• Upgrade spring-security-oauth2-authorization-server to 1.4.0

projectlombok/lombok (org.projectlombok:lombok)

v1.18.36

Compare Source

apache/commons-codec (commons-codec:commons-codec)

v1.17.2

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

eclipse-ee4j/jersey (org.glassfish.jersey.media:jersey-media-multipart)

v3.1.10

Compare Source

quartz-scheduler/quartz (org.quartz-scheduler:quartz)

v2.5.0: Quartz 2.5.0

Most Significant Changes This Release (over 2.4.0):

• Move to Jakarta namespace

All changes/updates:

Open Issues

Completed Issues

v2.4.0: Quartz 2.4.0

Most Significant Changes This Release:

• Quartz 2.4.0 now requires minimum Java version of Java 8
• Quartz build system moved to Gradle
• 3rd party libraries (slf4j, log4j, Hikari, etc.) upgraded to more recent versions
• Maven POMs generated from gradle declare 3rd party dependencies as "provided" scope
• Removal of old TerracottaJobStore
• "NativeJob" class removed from "quartz-jobs" artifact. This resolves security concerns related to code execution. While it is possible to safely use this Job class, it is a risk for users that don’t engage some thought. If you wish to still use this job or something like it, the source code for it can now be found as "example15".
• Example programs can now simply be executed via gradle. See the "examples_guide.txt" file in the examples folder of the quartz repository for full description and info.

All changes/updates:

Open Issues

Completed Issues

google/google-java-format (com.google.googlejavaformat:google-java-format)

v1.25.2

Changes:

• Fix a crash formatting text blocks involving trailing whitespace before the close delimiter (#​1205)

Full Changelog: google/google-java-format@v1.25.1...v1.25.2

v1.25.1

Changes:

• Fix a crash in text block formatting (#​1195)

Full Changelog: google/google-java-format@v1.25.0...v1.25.1

v1.25.0

The minimum support JDK version to run google-java-format is now JDK 17 (#​1159). Using google-java-format to format earlier versions of the language is still supported, but running the formatter itself on JDK 17 or newer is required.

Changes:

• Various improvements to text block formatting
• Improve formatting of when pattern guards

Full Changelog: google/google-java-format@v1.24.0...v1.25.0

resilience4j/resilience4j (io.github.resilience4j:resilience4j-bom)

v2.3.0

Enhancements

• Issue #​2234: Allow passing custom Clock to CircuitBreaker without needing to use internal API.
• Issue #​2131: Added support for RxJava3 in Spring projects.
• Issue #​2029: Include decorateSupplier as a Retry instance method.
• Issue #​2246: Add handling for the case where a non-checked retry consumer is interrupted during sleep.
• Issue #​2245: Refactor Retry#executeSuspendExecute condition to enhance consistency with FlowRetry.
• Issue #​2232: Convert Synchronized to ReentrantLock to avoid virtual-thread pinning issues.
• Issue #​2241: Implement a lock-free sliding window for internal CircuitBreaker metrics.
• Issue #​2239: Add a Clock to CircuitBreakerConfig and utilize it in the state machine.
• Issue #​2200: Ignore unknown exceptions in CircuitBreaker configuration.
• Issue #​2233: Improve exception message for failure rate threshold in CircuitBreaker configuration.
• Issue #​1404: Configure exponential backoff or randomized wait duration if base configuration allows it.
• Issue #​2179: Ensure RateLimiter.executeSuspendFunction respects drainPermissionsOnResult in the configuration.
• Issue #​2152: Ensure the randomize function always returns a number greater than 1.0.
• Issue #​2130: Add support for Feign 12.5+.
• Issue #​2121: Specify required RateLimiter permits in annotations.

Bugs

• Issue #​2243: Fixed potential memory leak in DefaultEventConsumerRegistry.
• Issue #​2209: Resolved issue where CompletionStage does not complete on user-supplied predicate failures.
• Issue #​2190: Fixed StackOverflowError and circular reference in CircuitBreaker configuration handling.
• Issue #​2175: Fixed validation error message for slowCallDurationThreshold.

mockito/mockito (org.mockito:mockito-bom)

v5.15.2

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.15.2

• 2025-01-02 - 2 commit(s) by Brice Dutheil, dependabot[bot]
• Fix javadoc publication (#​3561)
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 (#​3560)
• The release job is failed again (#​3542)

JetBrains/kotlin (org.jetbrains.kotlin:kotlin-bom)

v2.1.0

Analysis API

New Features

• KT-68603 KotlinDirectInheritorsProvider: add an option to ignore non-kotlin results

Performance Improvements

• KT-70757 Performance problem in KaFirVisibilityChecker for KaFirPsiJavaClassSymbol

Fixes

• KT-70437 Class reference is not resolvable
• KT-57733 Analysis API: Use optimized ModuleWithDependenciesScopes in combined symbol providers
• KT-72389 K2: False positive "Redundant 'protected' modifier" for protected property inside protected constructor from private or internal class
• KT-69190 K2: False-positive "redundant private modifier"
• KT-64984 Analysis API: Support Wasm target
• KT-70375 K2: NPE at org.jetbrains.kotlin.analysis.api.fir.symbols.KaFirNamedClassSymbolBase.createPointer
• KT-71259 K2 evaluator: Invalid smart cast info collecting for Code Fragments
• KT-69360 Lack of implicit receiver for the last statement under lambda in scripts
• KT-70890 Analysis API: Experiment with weak references to LL FIR/analysis sessions in session caches
• KT-70657 Analysis API: Inner types from classes with generics are incorrectly represented by the compiled jars
• KT-71055 Suspend calls inside 'analyze()' break the block guarantees
• KT-70815 Analysis API: Implement stop-the-world session invalidation
• KT-69819 K2 IDE: LHS type in callable references is unresolved when it has type arguments and is qualified
• KT-68761 Analysis API: Experiment with limited-size cache in KaFirSessionProvider
• KT-70384 Analysis API Standalone: The same class in the same two renamed jars is unresolved
• KT-71067 Exceptions from references cancel Find Usages
• KT-69535 Redesign 'containingSymbol'
• KT-71025 K2 IDE: Scopes in "importingScopeContext" have reversed ordering and "indexInTower" values
• KT-67483 K2 IDE: Serializable plugin causes infinite resolve recursion when there is a star import from a class with annotation call
• KT-69416 K2 IDE / Completion: “No classifier found” on simple value creating
• KT-70257 CCE: class kotlin.UInt cannot be cast to class java.lang.Number
• KT-70376 K2 IDE / Kotlin Debugger: IAE “Only componentN functions should be cached this way, but got: toString” on evaluating toString() method for value class
• KT-70264 AA: service registration via XML fails with AbstractMethodError in Lint CLI
• KT-69950 Analysis API: Introduce isSubtypeOf(ClassId)
• KT-68625 K2: “lazyResolveToPhase(STATUS) cannot be called from a transformer with a phase STATUS.”
• KT-67665 K2: contract violation for value class with a constructor parameter with an implicit type
• KT-67009 Analysis API: Add abbreviated type tests for type aliases from source modules
• KT-69977 KaFirFunctionalType#getAbbreviation is always null
• KT-68341 Analysis API: Expanded function types from libraries don't have an abbreviated type
• KT-68857 Analysis API: Refactor annotations
• KT-70386 Do not filter out overloads from different libraries in dangling files
• KT-65552 K2: CANNOT_CHECK_FOR_ERASED in KtTypeCodeFragment
• KT-65803 K2: Analysis API: KtFirTypeProvider#getSubstitutedSuperTypes throws an exception in the case of "Wrong number of type arguments"
• KT-68896 Support VirtualFile binary dependency inputs to Analysis API modules
• KT-69395 K2 IDE: incorrect overload selection from binary dependencies in a shared native source set
• KT-68573 ISE: "Unexpected constant value (kotlin/annotation/AnnotationTarget, CLASS)" at Kt1DescUtilsKt.toKtConstantValue()
• KT-69576 Analysis API: FIR implementation of "isImplicitReferenceToCompanion" returns false for companion references in implicit invoke operator calls
• KT-69568 Analysis API: FIR implementation of "isImplicitReferenceToCompanion" returns true for non-companion references in qualified calls
• KT-69436 Analysis API Platform: Encapsulate LLFirDeclarationModificationService as an engine service
• KT-63004 K2: Analysis API: Design API for querying declarations generated by compiler plugins (similar to indic

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.