Update all non-major dependencies

.github/workflows/build-mariadb.yml

@@ -10,7 +10,7 @@ jobs:
 
     services:
         mariad:
-            image: mariadb:11.5
+            image: mariadb:11.6
             ports:
                 - 3306:3306
             env:

.github/workflows/build-mysql.yml

@@ -10,7 +10,7 @@ jobs:
 
     services:
         mariad:
-            image: mysql:9.1
+            image: mysql:9.2
             ports:
                 - 3306:3306
             env:

build.gradle

@@ -96,21 +96,21 @@ plugins {
     id 'org.nosphere.apache.rat' version '0.8.1' apply false
     id 'com.github.hierynomus.license' version '0.16.1' apply false
     id 'com.github.jk1.dependency-license-report' version '2.9' apply false
-    id 'org.zeroturnaround.gradle.jrebel' version '1.2.0' apply false
-    id 'org.springframework.boot' version '3.3.5' apply false
+    id 'org.zeroturnaround.gradle.jrebel' version '1.2.1' apply false
+    id 'org.springframework.boot' version '3.4.2' apply false
     id 'net.ltgt.errorprone' version '4.1.0' apply false
-    id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.23' apply false
+    id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.28' apply false
     id 'com.gorylenko.gradle-git-properties' version '2.4.2' apply false
     id 'org.asciidoctor.jvm.convert' version '3.3.2' apply false
     id 'org.asciidoctor.jvm.pdf' version '3.3.2' apply false
     id 'com.google.cloud.tools.jib' version '3.4.4' apply false
     id 'org.sonarqube' version '4.4.1.3373'
-    id 'com.github.andygoossens.modernizer' version '1.10.0' apply false
+    id 'com.github.andygoossens.modernizer' version '1.11.0' apply false
     // TODO: upgrade to 6.0.4
-    id 'com.github.spotbugs' version '6.0.26' apply false
+    id 'com.github.spotbugs' version '6.1.2' apply false
     id 'se.thinkcode.cucumber-runner' version '0.0.11' apply false
     id "com.github.davidmc24.gradle.plugin.avro-base" version "1.9.1" apply false
-    id 'org.openapi.generator' version '7.8.0' apply false
+    id 'org.openapi.generator' version '7.11.0' apply false
     id 'com.gradleup.shadow' version '8.3.5' apply false
 }
 

buildSrc/build.gradle

@@ -20,7 +20,7 @@
 import static org.slf4j.LoggerFactory.*
 
 plugins {
-    id 'io.spring.dependency-management' version '1.1.6'
+    id 'io.spring.dependency-management' version '1.1.7'
     id 'groovy'
     id 'java-gradle-plugin'
     id 'groovy-gradle-plugin'

buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle

@@ -24,28 +24,28 @@ dependencyManagement {
     imports {
         mavenBom 'com.squareup.okhttp3:okhttp-bom:4.12.0'
         mavenBom 'org.slf4j:slf4j-bom:2.0.16'
-        mavenBom 'io.micrometer:micrometer-bom:1.13.6'
-        mavenBom 'org.springframework:spring-framework-bom:6.1.14'
-        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.3.5'
-        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.2.1'
-        mavenBom 'io.opentelemetry:opentelemetry-bom:1.44.1'
-        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.0.21'
-        mavenBom 'org.junit:junit-bom:5.11.3'
-        mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.1'
+        mavenBom 'io.micrometer:micrometer-bom:1.14.3'
+        mavenBom 'org.springframework:spring-framework-bom:6.2.2'
+        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.4.2'
+        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.3.0'
+        mavenBom 'io.opentelemetry:opentelemetry-bom:1.46.0'
+        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.1.0'
+        mavenBom 'org.junit:junit-bom:5.11.4'
+        mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.2'
         mavenBom 'io.cucumber:cucumber-bom:7.20.1'
-        mavenBom 'io.netty:netty-bom:4.1.114.Final'
-        mavenBom 'org.mockito:mockito-bom:5.14.2'
-        mavenBom 'software.amazon.awssdk:bom:2.29.9'
-        mavenBom 'io.github.resilience4j:resilience4j-bom:2.2.0'
+        mavenBom 'io.netty:netty-bom:4.1.117.Final'
+        mavenBom 'org.mockito:mockito-bom:5.15.2'
+        mavenBom 'software.amazon.awssdk:bom:2.30.6'
+        mavenBom 'io.github.resilience4j:resilience4j-bom:2.3.0'
     }
 
     dependencies {
         // We use fixed versions, instead of inheriting them from the Spring BOM, to be able to be on more recent ones.
         // We do not use :+ to get the latest available version available on Maven Central, as that could suddenly break things.
         // We use the Renovate Bot to automatically propose Pull Requests (PRs) when upgrades for all of these versions are available.
 
-        dependency 'ch.qos.logback:logback-core:1.5.12'
-        dependency 'ch.qos.logback:logback-classic:1.5.12'
+        dependency 'ch.qos.logback:logback-core:1.5.16'
+        dependency 'ch.qos.logback:logback-classic:1.5.16'
         dependency 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
         dependency 'ch.qos.logback.contrib:logback-jackson:0.1.5'
         dependency 'org.codehaus.janino:janino:3.1.12'
@@ -56,7 +56,7 @@ dependencyManagement {
         dependency 'com.google.code.gson:gson:2.11.0'
         dependency 'com.google.truth:truth:1.4.4'
         dependency 'com.google.truth.extensions:truth-java8-extension:1.4.4'
-        dependency 'com.google.googlejavaformat:google-java-format:1.24.0'
+        dependency 'com.google.googlejavaformat:google-java-format:1.25.2'
         dependency 'org.apache.commons:commons-collections4:4.4'
         dependency ('software.amazon.msk:aws-msk-iam-auth:2.2.0') {
             exclude 'commons-logging:commons-logging:'
@@ -65,14 +65,14 @@ dependencyManagement {
             exclude 'com.sun.mail:javax.mail'
             exclude 'javax.activation:activation'
         }
-        dependency 'commons-io:commons-io:2.17.0'
+        dependency 'commons-io:commons-io:2.18.0'
         dependency 'com.github.librepdf:openpdf:2.0.3'
         dependency ('org.mnode.ical4j:ical4j:3.2.19') {
             exclude 'com.sun.mail:javax.mail'
             exclude 'org.codehaus.groovy:groovy'
         }
-        dependency 'org.apache.commons:commons-csv:1.12.0'
-        dependency 'org.quartz-scheduler:quartz:2.3.2'
+        dependency 'org.apache.commons:commons-csv:1.13.0'
+        dependency 'org.quartz-scheduler:quartz:2.5.0'
         dependency 'org.ehcache:ehcache:3.10.8'
         dependency 'com.github.spullara.mustache.java:compiler:0.9.14'
         dependency 'com.jayway.jsonpath:json-path:2.9.0'
@@ -117,15 +117,15 @@ dependencyManagement {
         dependency 'jakarta.management.j2ee:jakarta.management.j2ee-api:1.1.4'
         dependency 'jakarta.jms:jakarta.jms-api:3.1.0'
         dependency 'jakarta.ws.rs:jakarta.ws.rs-api:3.1.0'
-        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.9'
+        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.10'
         dependency 'org.glassfish.jaxb:jaxb-runtime:2.3.6' // Swagger needs exactly this version
         dependency 'org.apache.bval:org.apache.bval.bundle:3.0.1'
         dependency 'joda-time:joda-time:2.13.0'
 
-        dependency 'io.github.classgraph:classgraph:4.8.177'
+        dependency 'io.github.classgraph:classgraph:4.8.179'
         dependency 'org.awaitility:awaitility:4.2.2'
         // TODO: upgrade to 4.8.3
-        dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6'
+        dependency 'com.github.spotbugs:spotbugs-annotations:4.9.0'
         dependency 'javax.cache:cache-api:1.1.1'
         dependency 'org.mock-server:mockserver-junit-jupiter:5.15.0'
         dependency 'org.webjars:webjars-locator-core:0.59'
@@ -152,28 +152,28 @@ dependencyManagement {
         dependency "org.apache.oltu.oauth2:org.apache.oltu.oauth2.httpclient4:1.0.1"
         dependency "io.gsonfire:gson-fire:1.9.0"
         dependency "com.google.code.findbugs:jsr305:3.0.2"
-        dependency "commons-codec:commons-codec:1.17.1"
-        dependency "org.projectlombok:lombok:1.18.34"
+        dependency "commons-codec:commons-codec:1.17.2"
+        dependency "org.projectlombok:lombok:1.18.36"
 
-        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.79'
-        dependency 'org.bouncycastle:bcprov-jdk15to18:1.79'
+        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.80'
+        dependency 'org.bouncycastle:bcprov-jdk15to18:1.80'
         dependency 'org.bouncycastle:bcprov-jdk15on:1.70'
         dependency 'org.bouncycastle:bcpg-jdk15on:1.70'
 
         dependency 'org.eclipse.jgit:org.eclipse.jgit:6.10.0.202406032230-r'
-        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.0.0.202409031743-r'
+        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.1.0.202411261347-r'
 
         dependency 'org.tmatesoft.svnkit:svnkit:1.10.11'
         dependency 'com.vdurmont:semver4j:3.1.0'
         dependency 'org.beryx:text-io:3.4.1'
 
-        dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0') {
+        dependency ('org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.3') {
             exclude 'io.swagger.core.v3:swagger-core'
         }
 
-        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.21.0'
+        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.23.0'
 
-        dependency ('org.apache.activemq:activemq-client:6.1.3') {
+        dependency ('org.apache.activemq:activemq-client:6.1.5') {
             exclude 'javax.annotation:javax.annotation-api'
         }
 
@@ -195,10 +195,10 @@ dependencyManagement {
             exclude 'jakarta.activation:jakarta.activation-api'
         }
 
-        dependency ('org.liquibase:liquibase-core:4.30.0') {
+        dependency ('org.liquibase:liquibase-core:4.31.0') {
             exclude 'javax.xml.bind:jaxb-api'
         }
-        dependency 'org.liquibase.ext:liquibase-postgresql:4.30.0.1'
+        dependency 'org.liquibase.ext:liquibase-postgresql:4.31.0'
 
         dependency ('org.dom4j:dom4j:2.1.4') {
             exclude 'relaxngDatatype:relaxngDatatype' // already in com.sun.xml.bind:jaxb-osgi:2.3.0.1
@@ -207,10 +207,10 @@ dependencyManagement {
             exclude 'pull-parser:pull-parser'
         }
 
-        dependency 'org.owasp.esapi:esapi:2.5.5.0'
+        dependency 'org.owasp.esapi:esapi:2.6.0.0'
         dependency 'org.awaitility:awaitility:4.2.2'
 
-        dependencySet(group: 'org.apache.poi', version: '5.3.0') {
+        dependencySet(group: 'org.apache.poi', version: '5.4.0') {
             entry 'poi'
             entry 'poi-ooxml'
             entry 'poi-ooxml-schemas'
@@ -229,14 +229,14 @@ dependencyManagement {
 
         dependency "org.apache.avro:avro:1.12.0"
 
-        dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.0') {
+        dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.1') {
             exclude 'org.slf4j:jcl-over-slf4j'
             exclude 'org.slf4j:slf4j-api'
         }
 
-        dependency 'org.postgresql:postgresql:42.7.4'
+        dependency 'org.postgresql:postgresql:42.7.5'
 
-        dependency 'org.assertj:assertj-core:3.26.3'
+        dependency 'org.assertj:assertj-core:3.27.3'
 
         dependency 'org.apache.commons:commons-math3:3.6.1'
 

docker-compose-postgresql-kafka.yml

@@ -20,7 +20,7 @@
 version: "3.7"
 services:
   kafka:
-    image: "bitnami/kafka:3.8.1-debian-12-r1"
+    image: "bitnami/kafka:3.9.0-debian-12-r5"
     ports:
       - "9092:9092"
     env_file:

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

settings.gradle

@@ -19,7 +19,7 @@
 
 plugins {
     id 'com.gradle.develocity' version '3.18.2'
-    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2'
+    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.1'
 }
 
 def isCI = System.getenv('JENKINS_URL') != null