Skip to content

chore(deps): bump the maven group across 6 directories with 16 updates #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the maven group across 6 directories with 16 updates #28

dependabot wants to merge 1 commit into from
+18 −18

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026

Bumps the maven group with 3 updates in the /cmd/osv-scanner/fix/fixtures/override-maven directory: org.jsoup:jsoup, org.apache.httpcomponents:httpclient and org.codehaus.plexus:plexus-utils.
Bumps the maven group with 2 updates in the /cmd/osv-scanner/update/fixtures directory: com.fasterxml.jackson.core:jackson-core and junit:junit.
Bumps the maven group with 1 update in the /internal/remediation/fixtures/override-workaround/guava/android-to-android directory: com.google.guava:guava.
Bumps the maven group with 1 update in the /internal/remediation/fixtures/override-workaround/guava/jre-to-jre directory: com.google.guava:guava.
Bumps the maven group with 9 updates in the /internal/remediation/fixtures/zeppelin-server directory:

Package From To
commons-beanutils:commons-beanutils 1.9.4 1.11.0
com.fasterxml.jackson.core:jackson-databind 2.12.6.1 2.12.7.1
org.apache.shiro:shiro-core 1.10.0 1.13.0
com.nimbusds:nimbus-jose-jwt 9.13 9.37.4
org.apache.thrift:libthrift 0.13.0 0.14.0
org.apache.commons:commons-lang3 3.12.0 3.18.0
org.apache.commons:commons-configuration2 2.8.0 2.10.1
commons-io:commons-io 2.7 2.14.0
org.assertj:assertj-core 1.7.0 3.27.7

Bumps the maven group with 1 update in the /internal/resolution/manifest/fixtures/maven/my-app directory: junit:junit.

Updates org.jsoup:jsoup from 1.14.1 to 1.15.3

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.15.3

jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with other bug fixes and improvements, including more descriptive validation error messages.

Details:

jsoup 1.15.2 is out now with a bunch of improvements and bug fixes.

jsoup 1.15.1 is out now with a bunch of improvements and bug fixes.

jsoup 1.14.3

jsoup 1.14.3 is out now, adding native XPath selector support, improved \<template> support, and also includes a bunch of bug fixes, improvements, and performance enhancements.

See the release announcement for the full changelog.

jsoup 1.14.2

Caught by the fuzz! jsoup 1.14.2 is out now, and includes a set of parser bug fixes and improvements for handling rough HTML and XML, as identified by the Jazzer JVM fuzzer. This release also includes other fixes and improvements.

See the release announcement for the full changelog.

Changelog

Sourced from org.jsoup:jsoup's changelog.

jsoup changelog

Release 1.15.3 [2022-Aug-24]

  • Security: fixed an issue where the jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled. GHSA-gp7f-rwcx-9369

  • Improvement: the Cleaner will preserve the source position of cleaned elements, if source tracking is enabled in the original parse.

  • Improvement: the error messages output from Validate are more descriptive. Exceptions are now ValidationExceptions (extending IllegalArgumentException). Stack traces do not include the Validate class, to make it simpler to see where the exception originated. Common validation errors including malformed URLs and empty selector results have more explicit error messages.

  • Bugfix: the DataUtil would incorrectly read from InputStreams that emitted reads less than the requested size. This lead to incorrect results when parsing from chunked server responses, for e.g. jhy/jsoup#1807

  • Build Improvement: added implementation version and related fields to the jar manifest. jhy/jsoup#1809

*** Release 1.15.2 [2022-Jul-04]

  • Improvement: added the ability to track the position (line, column, index) in the original input source from where a given node was parsed. Accessible via Node.sourceRange() and Element.endSourceRange(). jhy/jsoup#1790

  • Improvement: added Element.firstElementChild(), Element.lastElementChild(), Node.firstChild(), Node.lastChild(), as convenient accessors to those child nodes and elements.

  • Improvement: added Element.expectFirst(cssQuery), which is just like Element.selectFirst(), but instead of returning a null if there is no match, will throw an IllegalArgumentException. This is useful if you want to simply abort processing if an expected match is not found.

  • Improvement: when pretty-printing HTML, doctypes are emitted on a newline if there is a preceding comment. jhy/jsoup#1664

  • Improvement: when pretty-printing, trim the leading and trailing spaces of textnodes in block tags when possible, so that they are indented correctly. jhy/jsoup#1798

  • Improvement: in Element#selectXpath(), disable namespace awareness. This makes it possible to always select elements by their simple local name, regardless of whether an xmlns attribute was set. jhy/jsoup#1801

  • Bugfix: when using the readToByteBuffer method, such as in Connection.Response.body(), if the document has not already been parsed and must be read fully, and there is any maximum buffer size being applied, only the default internal buffer size is read. jhy/jsoup#1774

... (truncated)

Commits
  • c596417 [maven-release-plugin] prepare release jsoup-1.15.3
  • d2d9ac3 Changelog for URL cleaner improvement
  • 4ea768d Strip control characters from URLs when resolving absolute URLs
  • 985f1fe Include help link for malformed URLs
  • 6b67d05 Improved Validate error messages
  • 653da57 Normalized API doc link
  • 5ed84f6 Simplified the Test Server startup
  • c58112a Set the read size correctly when capped
  • fa13c80 Added jar manifest default implementation entries.
  • 5b19390 Bump maven-resources-plugin from 3.2.0 to 3.3.0 (#1814)
  • Additional commits viewable in compare view

Updates org.apache.httpcomponents:httpclient from 4.0 to 4.5.13

Updates org.codehaus.plexus:plexus-utils from 3.0 to 3.0.24

Commits
  • fd36d8b [maven-release-plugin] prepare release plexus-utils-3.0.24
  • 33a2853 o Updated to guard against directory traversal issues.
  • f933e5e o Updated to remove '<!--' and '-->' from XML comments to guard against XML
  • fcd94e5 o Updated to stop detecting Windows systems as family DOS.
  • 2644af5 o Updated to guard against 'NullPointerException's.
  • ba1c194 o Updated class 'PropertyUtils' to stop silently dropping exceptions.
  • 8399a2e [maven-release-plugin] prepare for next development iteration
  • 6176f91 [maven-release-plugin] prepare release plexus-utils-3.0.23
  • 5d94a60 Merge pull request #9 from ChristianSchulte/master
  • 05df14e o Updated to stop suppressing exception's thrown when closing streams.
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.14.0 to 2.15.0

Changelog

Sourced from com.fasterxml.jackson.core:jackson-core's changelog.

#release configuration #Sun Apr 23 14:19:10 PDT 2023 scm.commentPrefix=[maven-release-plugin] exec.pomFileName=pom.xml pushChanges=false releaseStrategyId=default project.dev.com.fasterxml.jackson.core:jackson-core=2.15.1-SNAPSHOT project.scm.com.fasterxml.jackson.core:jackson-core.connection=scm:git:[email protected]:FasterXML/jackson-core.git scm.tag=jackson-core-2.15.0 remoteTagging=true project.scm.com.fasterxml.jackson.core:jackson-core.developerConnection=scm:git:[email protected]:FasterXML/jackson-core.git exec.additionalArguments=-Prelease scm.branchCommitComment=@{prefix} prepare branch @{releaseLabel} projectVersionPolicyId=default scm.url=scm:git:[email protected]:FasterXML/jackson-core.git scm.tagNameFormat=@{project.artifactId}-@{project.version} project.scm.com.fasterxml.jackson.core:jackson-core.tag=HEAD pinExternals=false project.rel.com.fasterxml.jackson.core:jackson-core=2.15.0 preparationGoals=clean verify scm.releaseCommitComment=@{prefix} prepare release @{releaseLabel} exec.snapshotReleasePluginAllowed=false project.scm.com.fasterxml.jackson.core:jackson-core.url=https://github.com/FasterXML/jackson-core scm.developmentCommitComment=@{prefix} prepare for next development iteration scm.rollbackCommitComment=@{prefix} rollback the release of @{releaseLabel} completedPhase=end-release

Commits
  • a2c0bdc [maven-release-plugin] prepare release jackson-core-2.15.0
  • 180027a Prepare for 2.15.0 release
  • 2b41925 ...
  • 85340aa Merge branch '2.14' into 2.15
  • ed846d9 ...
  • 94ea208 Update release notes wrt #990
  • a4f2086 [2.14 only] backport removal of BigDecimal to BigInt conversion (#990)
  • 1976c0d Try to get Release workflow working wrt SLSA provenance (fix #844) (#989)
  • 0ee3ad8 ...
  • 163540e [maven-release-plugin] prepare for next development iteration
  • Additional commits viewable in compare view

Updates junit:junit from 4.12 to 4.13.1

Release notes

Sourced from junit:junit's releases.

JUnit 4.13.1

Please refer to the release notes for details.

JUnit 4.13

Please refer to the release notes for details.

JUnit 4.13 RC 2

Please refer to the release notes for details.

JUnit 4.13 RC 1

Please refer to the release notes for details.

JUnit 4.13 Beta 3

Please refer to the release notes for details.

JUnit 4.13 Beta 2

Please refer to the release notes for details.

JUnit 4.13 Beta 1

Please refer to the release notes for details.

Commits

Updates com.google.guava:guava from 22.0-android to 32.0.0-android

Release notes

Sourced from com.google.guava:guava's releases.

32.0.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.0.0-jre</version>
  <!-- or, for Android: -->
  <version>32.0.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

Security fixes

While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to 32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble.

Incompatible changes

Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact.

One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:

  • The new implementations of Files.createTempDir and FileBackedOutputStream throw an exception under Windows. This is fixed in 32.0.1. Sorry for the trouble.
  • guava-gwt now requires GWT 2.10.0.
  • This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)

... (truncated)

Commits

Updates com.google.guava:guava from 23.1-jre to 32.0.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.0.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.0.0-jre</version>
  <!-- or, for Android: -->
  <version>32.0.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

Security fixes

While CVE-2020-8908 was officially closed when we deprecated Files.createTempDir in Guava 30.0, we've heard from users that even recent versions of Guava have been listed as vulnerable in other databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used FileBackedOutputStream class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under "Incompatible changes" below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to 32.0.1 which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we warn that common.io in particular may not work under Windows, we didn't intend to regress support.) Sorry for the trouble.

Incompatible changes

Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the guava artifact.

One change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:

  • The new implementations of Files.createTempDir and FileBackedOutputStream throw an exception under Windows. This is fixed in 32.0.1. Sorry for the trouble.
  • guava-gwt now requires GWT 2.10.0.
  • This release makes a binary-incompatible change to a @Beta API in the separate artifact guava-testlib. Specifically, we changed the return type of TestingExecutors.sameThreadScheduledExecutor to ListeningScheduledExecutorService. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)

... (truncated)

Commits

Updates commons-beanutils:commons-beanutils from 1.9.4 to 1.11.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.12.6.1 to 2.12.7.1

Commits

Updates org.apache.shiro:shiro-core from 1.10.0 to 1.13.0

Release notes

Sourced from org.apache.shiro:shiro-core's releases.

Apache Shiro 1.13.0

What's Changed

Full Changelog: apache/shiro@shiro-root-1.12.0...shiro-root-1.13.0

shiro-root-1.12.0

What's Changed

... (truncated)

Commits
  • 8681958 [maven-release-plugin] prepare release shiro-root-1.13.0
  • f4daf3a Merge pull request #1148 from apache/dependabot/maven/1.13.x/com.ibm.icu-icu4...
  • 02e1f66 build(deps): bump com.ibm.icu:icu4j from 73.2 to 74.1
  • d62387d Add tests for SavedRequest redirects
  • 3b80f5c The InvalidRequestFilter is more flexible
  • 443135b Revert "[maven-release-plugin] prepare release shiro-root-1.13.0"
  • 208e0b8 Revert "[maven-release-plugin] prepare for next development iteration"
  • e4c217c [maven-release-plugin] prepare for next development iteration
  • fb46976 [maven-release-plugin] prepare release shiro-root-1.13.0
  • 4e71c79 Merge pull request #1144 from fpapon/SHIRO-1143
  • Additional commits viewable in compare view

Updates org.apache.shiro:shiro-web from 1.10.0 to 1.13.0

Release notes

Sourced from org.apache.shiro:shiro-web's releases.

Apache Shiro 1.13.0

What's Changed

Full Changelog: apache/shiro@shiro-root-1.12.0...shiro-root-1.13.0

shiro-root-1.12.0

What's Changed

... (truncated)

Commits
  • 8681958 [maven-release-plugin] prepare release shiro-root-1.13.0
  • f4daf3a Merge pull request #1148 from apache/dependabot/maven/1.13.x/com.ibm.icu-icu4...
  • 02e1f66 build(deps): bump com.ibm.icu:icu4j from 73.2 to 74.1
  • d62387d Add tests for SavedRequest redirects
  • 3b80f5c The InvalidRequestFilter is more flexible
  • 443135b Revert "[maven-release-plugin] prepare release shiro-root-1.13.0"
  • 208e0b8 Revert "[maven-release-plugin] prepare for next development iteration"
  • e4c217c [maven-release-plugin] prepare for next development iteration
  • fb46976 [maven-release-plugin] prepare release shiro-root-1.13.0
  • 4e71c79 Merge pull request #1144 from fpapon/SHIRO-1143
  • Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 9.13 to 9.37.4

Commits
  • f64e094 Makes the abstract class BaseJWEProvider public (iss #521)
  • ad6fed3 [maven-release-plugin] prepare release 9.35
  • 81c7f24 [maven-release-plugin] prepare for next development iteration
  • 24aaaf0 Bumps jacoco-maven-plugin to 0.8.10
  • ff01cd9 Adds new JWKSet.filter method
  • 9c7ca65 [maven-release-plugin] prepare release 9.36
  • 6111838 [maven-release-plugin] prepare for next development iteration
  • 11d0767 Updates maven-surefire-plugin, removes config workaround for maven-surefire-p...
  • 43118de Adds JWTClaimsSet.getListClaim method
  • f50158f [maven-release-plugin] prepare release 9.37
  • Additional commits viewable in compare view

Updates org.apache.thrift:libthrift from 0.13.0 to 0.14.0

Release notes

Sourced from org.apache.thrift:libthrift's releases.

Version 0.14.0

For release 0.14.0 head over to the official release download source: http://thrift.apache.org/download

The assets below are added by Github based on the release tag and they may therefore not match the checkums.

Changelog

Sourced from org.apache.thrift:libthrift's changelog.

0.14.0

Deprecated Languages

Removed Languages

  • THRIFT-4980 - Remove deprecated C# and netcore bindings from the code base
  • THRIFT-4981 - Remove deprecated netcore bindings from the code base
  • THRIFT-4982 - Remove deprecated C# bindings from the code base

Breaking Changes

  • THRIFT-4981 - Remove deprecated netcore bindings from the code base
  • THRIFT-4982 - Remove deprecated csharp bindings from the code base
  • THRIFT-4990 - Upgrade to .NET Core 3.1 (LTS)
  • THRIFT-5006 - Implement DEFAULT_MAX_LENGTH at TFramedTransport
  • THRIFT-5069 - In Go library TDeserializer.Transport is now typed *TMemoryBuffer instead of TTransport
  • THRIFT-5072 - Haskell generator fails to distinguish between multiple enum types with conflicting enum identifiers
  • THRIFT-5116 - Upgrade NodeJS to 10.x
  • THRIFT-5138 - Swift generator does not escape keywords properly
  • THRIFT-5164 - In Go library TProcessor interface now includes ProcessorMap and AddToProcessorMap functions.
  • THRIFT-5186 - cpp: use all getaddrinfo() results when retrying failed bind() in T{Nonblocking,}ServerSocket
  • THRIFT-5233 - go: Now all Read*, Write* and Skip functions in TProtocol accept context arg
  • THRIFT-5152 - go: TSocket and TSSLSocket now have separated connect timeout and socket timeout
  • c++: dropped support for Windows XP
  • THRIFT-5326 - go: TException interface now has a new function: TExceptionType
  • THRIFT-4914 - go: TClient.Call now returns ResponseMeta in addition to error

Known Open Issues (Blocker or Critical)

  • THRIFT-3877 - C++: library don't work with HTTP (csharp server, cpp client; need cross test enhancement)
  • THRIFT-5098 - Deprecated: "The high level Network interface is no longer supported. Please use Network.Socket." and other Haskell issues
  • THRIFT-5245 - NPE when the value of map's key is null
  • THRIFT-4687 - Add thrift 0.12.0 to pypi and/or enable more maintainers

Build Process

  • THRIFT-4976 - Docker build: Test failure for StalenessCheckTest on MacOS
  • THRIFT-5087 - test/test.py fails with "AssertionError: Python 3.3 or later is required for proper operation."
  • THRIFT-5097 - Incorrect THRIFT_VERSION in ThriftConfig.cmake
  • THRIFT-5109 - Misc CMake improvements
  • THRIFT-5147 - Add uninstall function
  • THRIFT-5218 - Automated Github release artifacts do not match checksums provided
  • THRIFT-5249 - travis-ci : Failed to run FastbinaryTest.py

C glib

... (truncated)

Commits
  • 8411e18 Version 0.14.0
  • 0be1b7d Version 0.14.0
  • 705f377 Version 0.14.0
  • ebfa771 THRIFT-5274: Enforce Java 8 compatibility
  • 518163a Update README.md
  • de523c7 Updated CHANGES to reflect Version 0.14.0
  • 7ae1ec3 THRIFT-5297: Improve TThreadPoolServer Handling of Incoming Connections
  • ebc2ab5 THRIFT-5345: Allow the ServerContext to be Unwrapped Programmatically
  • 55016bf THRIFT-5343: TTlsSocketTransport does not resolve IPv4 addresses or validate ...
  • 4aaef75 THRIFT-5337 Go set fields write improvement
  • Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.12.0 to 3.18.0

Updates org.apache.commons:commons-configuration2 from 2.8.0 to 2.10.1

Updates commons-io:commons-io from 2.7 to 2.14.0

Updates org.assertj:assertj-core from 1.7.0 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

  • Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

  • Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.18.3
  • Upgrade to JUnit BOM 5.14.1

Guava

  • Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

  • Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks ...

Description has been truncated

@dependabot
chore(deps): bump the maven group across 6 directories with 16 updates
564b0de 
Bumps the maven group with 3 updates in the /cmd/osv-scanner/fix/fixtures/override-maven directory: [org.jsoup:jsoup](https://github.com/jhy/jsoup), org.apache.httpcomponents:httpclient and [org.codehaus.plexus:plexus-utils](https://github.com/codehaus-plexus/plexus-utils).
Bumps the maven group with 2 updates in the /cmd/osv-scanner/update/fixtures directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) and [junit:junit](https://github.com/junit-team/junit4).
Bumps the maven group with 1 update in the /internal/remediation/fixtures/override-workaround/guava/android-to-android directory: [com.google.guava:guava](https://github.com/google/guava).
Bumps the maven group with 1 update in the /internal/remediation/fixtures/override-workaround/guava/jre-to-jre directory: [com.google.guava:guava](https://github.com/google/guava).
Bumps the maven group with 9 updates in the /internal/remediation/fixtures/zeppelin-server directory:

| Package | From | To |
| --- | --- | --- |
| commons-beanutils:commons-beanutils | `1.9.4` | `1.11.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.12.6.1` | `2.12.7.1` |
| [org.apache.shiro:shiro-core](https://github.com/apache/shiro) | `1.10.0` | `1.13.0` |
| [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) | `9.13` | `9.37.4` |
| [org.apache.thrift:libthrift](https://github.com/apache/thrift) | `0.13.0` | `0.14.0` |
| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |
| org.apache.commons:commons-configuration2 | `2.8.0` | `2.10.1` |
| commons-io:commons-io | `2.7` | `2.14.0` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `1.7.0` | `3.27.7` |

Bumps the maven group with 1 update in the /internal/resolution/manifest/fixtures/maven/my-app directory: [junit:junit](https://github.com/junit-team/junit4).


Updates `org.jsoup:jsoup` from 1.14.1 to 1.15.3
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/jsoup-1.15.3/CHANGES)
- [Commits](jhy/jsoup@jsoup-1.14.1...jsoup-1.15.3)

Updates `org.apache.httpcomponents:httpclient` from 4.0 to 4.5.13

Updates `org.codehaus.plexus:plexus-utils` from 3.0 to 3.0.24
- [Release notes](https://github.com/codehaus-plexus/plexus-utils/releases)
- [Commits](codehaus-plexus/plexus-utils@plexus-utils-3.0...plexus-utils-3.0.24)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.14.0 to 2.15.0
- [Changelog](https://github.com/FasterXML/jackson-core/blob/jackson-core-2.15.0/release.properties)
- [Commits](FasterXML/jackson-core@jackson-core-2.14.0...jackson-core-2.15.0)

Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](junit-team/junit4@r4.12...r4.13.1)

Updates `com.google.guava:guava` from 22.0-android to 32.0.0-android
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `com.google.guava:guava` from 23.1-jre to 32.0.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `commons-beanutils:commons-beanutils` from 1.9.4 to 1.11.0

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.12.6.1 to 2.12.7.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `org.apache.shiro:shiro-core` from 1.10.0 to 1.13.0
- [Release notes](https://github.com/apache/shiro/releases)
- [Changelog](https://github.com/apache/shiro/blob/main/RELEASE-NOTES)
- [Commits](apache/shiro@shiro-root-1.10.0...shiro-root-1.13.0)

Updates `org.apache.shiro:shiro-web` from 1.10.0 to 1.13.0
- [Release notes](https://github.com/apache/shiro/releases)
- [Changelog](https://github.com/apache/shiro/blob/main/RELEASE-NOTES)
- [Commits](apache/shiro@shiro-root-1.10.0...shiro-root-1.13.0)

Updates `com.nimbusds:nimbus-jose-jwt` from 9.13 to 9.37.4
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.4..9.13)

Updates `org.apache.thrift:libthrift` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/apache/thrift/releases)
- [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md)
- [Commits](apache/thrift@v0.13.0...v0.14.0)

Updates `org.apache.commons:commons-lang3` from 3.12.0 to 3.18.0

Updates `org.apache.commons:commons-configuration2` from 2.8.0 to 2.10.1

Updates `commons-io:commons-io` from 2.7 to 2.14.0

Updates `org.assertj:assertj-core` from 1.7.0 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-core-1.7.0...assertj-build-3.27.7)

Updates `junit:junit` from 4.12 to 4.13.1
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.12.md)
- [Commits](junit-team/junit4@r4.12...r4.13.1)

---
updated-dependencies:
- dependency-name: org.jsoup:jsoup
  dependency-version: 1.15.3
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.httpcomponents:httpclient
  dependency-version: 4.5.13
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.codehaus.plexus:plexus-utils
  dependency-version: 3.0.24
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-version: 2.15.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: com.google.guava:guava
  dependency-version: 32.0.0-android
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.google.guava:guava
  dependency-version: 32.0.0-jre
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: commons-beanutils:commons-beanutils
  dependency-version: 1.11.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.12.7.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.shiro:shiro-core
  dependency-version: 1.13.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.shiro:shiro-web
  dependency-version: 1.13.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-version: 9.37.4
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.thrift:libthrift
  dependency-version: 0.14.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.commons:commons-lang3
  dependency-version: 3.18.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.apache.commons:commons-configuration2
  dependency-version: 2.10.1
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: commons-io:commons-io
  dependency-version: 2.14.0
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
  dependency-group: maven
- dependency-name: junit:junit
  dependency-version: 4.13.1
  dependency-type: direct:development
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jan 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants