Bump the java group across 1 directory with 35 updates

[dependabot]

Bumps the java group with 33 updates in the / directory:

Package	From	To
ch.qos.logback:logback-core	1.5.16	1.5.18
ch.qos.logback:logback-classic	1.5.16	1.5.18
com.google.guava:guava	33.4.0-jre	33.4.6-jre
org.slf4j:slf4j-simple	2.0.16	2.0.17
org.slf4j:slf4j-api	2.0.16	2.0.17
org.xerial:sqlite-jdbc	3.48.0.0	3.49.1.0
com.fasterxml.jackson.core:jackson-databind	2.18.2	2.18.3
org.apache.httpcomponents.client5:httpclient5	5.4.1	5.4.3
org.jsoup:jsoup	1.18.3	1.19.1
org.springframework.boot:spring-boot-maven-plugin	3.4.2	3.4.4
org.codehaus.mojo:flatten-maven-plugin	1.6.0	1.7.0
co.elastic.clients:elasticsearch-java	8.17.1	8.17.4
org.apache.activemq:artemis-jms-server	2.39.0	2.40.0
com.itextpdf:itext-core	9.0.0	9.1.0
com.itextpdf:cleanup	5.0.0	5.0.1
org.mariadb.jdbc:mariadb-java-client	3.5.1	3.5.3
org.apache.tika:tika-core	3.0.0	3.1.0
org.apache.tika:tika-parsers	3.0.0	3.1.0
org.apache.tika:tika-parser-pdf-module	3.0.0	3.1.0
org.apache.tika:tika-parser-text-module	3.0.0	3.1.0
org.apache.tika:tika-parser-ocr-module	3.0.0	3.1.0
org.apache.tika:tika-parser-microsoft-module	3.0.0	3.1.0
org.springdoc:springdoc-openapi-starter-webmvc-ui	2.8.4	2.8.6
org.languagetool:language-en	6.5	6.6
org.languagetool:language-pt	6.5	6.6
org.apache.solr:solr-solrj	9.8.0	9.8.1
org.springframework.security:spring-security-test	6.4.2	6.4.4
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.14.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-failsafe-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-project-info-reports-plugin	3.8.0	3.9.0
org.apache.maven.plugins:maven-pdf-plugin	1.6.1	1.6.2
org.apache.maven.plugins:maven-surefire-report-plugin	3.5.2	3.5.3

Updates ch.qos.logback:logback-core from 1.5.16 to 1.5.18

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.18

2025-03-18 Release of logback version 1.5.18

• Added support for XZ compression for archived log files. Note that XZ compression requires Tukaani project's XZ library for Java. In case XZ compression is requested but the XZ library is missing, then logback will substitute GZ compression as a fallback. This feature was requested in issues/755.

• Removed references to java.security.AccessController class. This class has been deprecated for some time and is slated for removal in future JDK versions.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag v_1.5.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.17

2025-02-25 Release of logback version 1.5.17

• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe console when the default terminal application is set to "Windows Console Host". This problem was reported in issues/753 by Michael Lyubkin.

• Fixed race condition occurring in case MDC class is initialized while org.slf4j.LoggerFactory is initializing logback-classic's LoggerContext. When this race conditions occurs, the MDCAdapter instance used by MDC does not match the instance used by logback-classic. This issue was reported in SLF4J issues/450. While logback-classic version 1.5.17 remains compatible with SLF4J versions in the 2.0.x series, fixing this particular MDC issue requires SLF4J version 2.0.17.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag v_1.5.17. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• b2a02f0 prepare release 1.5.18
• 991de58 remove references to AccessController marked for deletion in the JDK
• f54ab16 If compression mode is XZ but the XZ library is missing, then fallback to GZ ...
• fb45971 add support for XZ compression
• 31c1f55 add xz compression support with tests
• 8968d0f introduce strategy based compression
• 834059c start work on 1.5.18-SNAPSHOT
• 1035872 prepare release 1.5.17
• 2e6984d bump to slf4j version 2.0.17
• 1009952 use a new LoggerContert instance when running LogbackListenerTest. This shoul...
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.16 to 1.5.18

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.18

2025-03-18 Release of logback version 1.5.18

• Added support for XZ compression for archived log files. Note that XZ compression requires Tukaani project's XZ library for Java. In case XZ compression is requested but the XZ library is missing, then logback will substitute GZ compression as a fallback. This feature was requested in issues/755.

• Removed references to java.security.AccessController class. This class has been deprecated for some time and is slated for removal in future JDK versions.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit b2a02f065379a9b1ba5ff837fc08913b744774bc associated with the tag v_1.5.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.17

2025-02-25 Release of logback version 1.5.17

• Fixed Jansi 2.4.0 color-coded output not working on Windows CMD.exe console when the default terminal application is set to "Windows Console Host". This problem was reported in issues/753 by Michael Lyubkin.

• Fixed race condition occurring in case MDC class is initialized while org.slf4j.LoggerFactory is initializing logback-classic's LoggerContext. When this race conditions occurs, the MDCAdapter instance used by MDC does not match the instance used by logback-classic. This issue was reported in SLF4J issues/450. While logback-classic version 1.5.17 remains compatible with SLF4J versions in the 2.0.x series, fixing this particular MDC issue requires SLF4J version 2.0.17.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 10358724ed723b3745c010aa40cb02a2dfed4593 associated with the tag v_1.5.17. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• b2a02f0 prepare release 1.5.18
• 991de58 remove references to AccessController marked for deletion in the JDK
• f54ab16 If compression mode is XZ but the XZ library is missing, then fallback to GZ ...
• fb45971 add support for XZ compression
• 31c1f55 add xz compression support with tests
• 8968d0f introduce strategy based compression
• 834059c start work on 1.5.18-SNAPSHOT
• 1035872 prepare release 1.5.17
• 2e6984d bump to slf4j version 2.0.17
• 1009952 use a new LoggerContert instance when running LogbackListenerTest. This shoul...
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.0-jre to 33.4.6-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.6

Guava 33.4.6 fixes two problems that we introduced while modularizing Guava in 33.4.5.

Even if you're not upgrading from Guava 33.4.0 or earlier, still read the release notes for Guava 33.4.1. Those release notes contain information about Guava 33.4.5 and 33.4.6's effect on the module system.

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.6-jre</version>
  <!-- or, for Android: -->
  <version>33.4.6-android</version>
</dependency>

Jar files

• 33.4.6-jre.jar
• 33.4.6-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.4.6-jre
• 33.4.6-android

JDiff

• 33.4.6-jre vs. 33.4.5-jre
• 33.4.6-android vs. 33.4.5-android
• 33.4.6-android vs. 33.4.6-jre

Changelog

• Removed the extra copy of each class from the Guava jar. The extra copies were an accidental addition from the modularization work in Guava 33.4.5. (40485b93ce)
• Fixed annotation-related warnings when using Guava in modular builds. The most common such warning is Cannot find annotation method 'value()' in type 'DoNotMock': .... (7e15ab3566)

33.4.5

Use Guava 33.4.6, not Guava 33.4.5. 33.4.5 was our first attempt to modularize Guava, but we misconfigured our build, so it:

• contains an extra copy of each of its classes
• does not declare its dependencies on artifacts of annotations

These issues are fixed in release 33.4.6. Sorry for the trouble.

... (truncated)

Commits

• See full diff in compare view

Updates org.slf4j:slf4j-simple from 2.0.16 to 2.0.17

Updates org.slf4j:slf4j-api from 2.0.16 to 2.0.17

Updates org.xerial:sqlite-jdbc from 3.48.0.0 to 3.49.1.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.49.1.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.49.1 (02d5463)

🛠 Build

deps

• bump org.graalvm.buildtools:native-maven-plugin (9cda17f)

deps-dev

• bump com.tngtech.archunit:archunit-junit5 (bdcf7ee)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Gauthier Roebroeck

Release 3.49.0.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.49.0 (3ef2146)

🛠 Build

deps

• bump org.graalvm.sdk:nativeimage from 24.1.1 to 24.1.2 (2ced005)

deps-dev

• bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (cea714f)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Gauthier Roebroeck

Commits

• b9983e6 chore(release): 3.49.1.0 [skip ci]
• ed20edd chore: update native libraries
• 02d5463 feat(sqlite): upgrade to sqlite 3.49.1
• bdcf7ee build(deps-dev): bump com.tngtech.archunit:archunit-junit5
• 9cda17f build(deps): bump org.graalvm.buildtools:native-maven-plugin
• 51b7f8f chore(release): prepare next snapshot [skip ci]
• 3c697e8 chore(release): 3.49.0.0 [skip ci]
• a08886a chore: update native libraries
• 3ef2146 feat(sqlite): upgrade to sqlite 3.49.0
• 2ced005 build(deps): bump org.graalvm.sdk:nativeimage from 24.1.1 to 24.1.2
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.2 to 2.18.3

Commits

• See full diff in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.3

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.4.3

This maintenance release upgrades HttpCore to version 5.3.4 and fixes a regression preventing the PublicSuffixMatcherLoader from finding the resource containing the Public Suffix List and causing the Public Suffix List to be empty by default.

Change Log

• MultipartEntityBuilder to include a random UUID in the boundary value by default. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2363: Ensure requests have a scheme and an authority populated before they get committed to the execution pipeline. Contributed by Oleg Kalnichevski

• Upgraded HttpCore to version 5.3.4. Contributed by Oleg Kalnichevski

• Fix PublicSuffixMatcherLoader#getDefault (#621). Contributed by Joe Gallo [email protected]

• HTTPCLIENT-2361: HTTP protocol handler to tolerate multiple Cookie headers added manually by the caller. Contributed by Oleg Kalnichevski

Release 5.4.2

This maintenance release upgrades HttpCore to version 5.3.3 and fixes several regressions reported since the last release. One of the regressions could cause connection leaks and eventual connection pool exhaustion in case of proxy authentication failure when establishing a tunnel via the proxy.

Change Log

• Upgraded HttpCore to version 5.3.3 Contributed by Oleg Kalnichevski

• Improved internal state representation of the internal async execution runtime in order to prevent potential race conditions. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2357, regression: Classic HttpClient fails to release connection in case of a proxy authentication failure.

... (truncated)

Commits

• 48236f5 HttpClient 5.4.3 release
• 36e40cd Updated release notes for HttpClient 5.4.3 release
• d5622dc MultipartEntityBuilder to include a random UUID in the boundary value by default
• 8d0f3b1 HTTPCLIENT-2363: ensure requests have a scheme and an authority populated bef...
• 783502e Upgraded HttpCore to version 5.3.4
• 98e8e9d Updated MultipartEntityBuilder javadocs clarifying content validation and san...
• bff9c47 Fix PublicSuffixMatcherLoader#getDefault (#621)
• b7ece75 HTTPCLIENT-2361: Tolerate multiple Cookie headers added by the caller
• ad82f0d Upgraded HttpClient version to 5.4.3-SNAPSHOT
• 2145d2c Updated release notes for HttpClient 5.4.2 release
• Additional commits viewable in compare view

Updates org.jsoup:jsoup from 1.18.3 to 1.19.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.19.1

Changes

• Added support for http/2 requests in Jsoup.connect(), when running on Java 11+, via the Java HttpClient implementation. #2257.
  • In this version of jsoup, the default is to make requests via the HttpUrlConnection implementation: use System.setProperty("jsoup.useHttpClient", "true"); to enable making requests via the HttpClient instead , which will enable http/2 support, if available. This will become the default in a later version of jsoup, so now is a good time to validate it.
  • If you are repackaging the jsoup jar in your deployment (i.e. creating a shaded- or a fat-jar), make sure to specify that as a Multi-Release JAR.
  • If the HttpClient impl is not available in your JRE, requests will continue to be made via HttpURLConnection (in http/1.1 mode).
• Updated the minimum Android API Level validation from 10 to 21. As with previous jsoup versions, Android developers need to enable core library desugaring. The minimum Java version remains Java 8. #2173
• Removed previously deprecated class: org.jsoup.UncheckedIOException (replace with java.io.UncheckedIOException); moved previously deprecated method Element Element#forEach(Consumer) to void Element#forEach(Consumer()). #2246
• Deprecated the methods Document#updateMetaCharsetElement(bool) and #Document#updateMetaCharsetElement(), as the setting had no effect. When Document#charset(Charset) is called, the document's meta charset or XML encoding instruction is always set. #2247

Improvements

• When cleaning HTML with a Safelist that preserves relative links, the isValid() method will now consider these links valid. Additionally, the enforced attribute rel=nofollow will only be added to external links when configured in the safelist. #2245
• Added Element#selectStream(String query) and Element#selectStream(Evaluator) methods, that return a Stream of matching elements. Elements are evaluated and returned as they are found, and the stream can be terminated early. #2092
• Element objects now implement Iterable, enabling them to be used in enhanced for loops.
• Added support for fragment parsing from a Reader via Parser#parseFragmentInput(Reader, Element, String). #1177
• Reintroduced CLI executable examples, in jsoup-examples.jar. #1702
• Optimized performance of selectors like #id .class (and other similar descendant queries) by around 4.6x, by better balancing the Ancestor evaluator's cost function in the query planner. #2254
• Removed the legacy parsing rules for <isindex> tags, which would autovivify a form element with labels. This is no longer in the spec.
• Added Elements.selectFirst(String cssQuery) and Elements.expectFirst(String cssQuery), to select the first matching element from an Elements list. #2263
• When parsing with the XML parser, XML Declarations and Processing Instructions are directly handled, vs bouncing through the HTML parser's bogus comment handler. Serialization for non-doctype declarations no longer end with a spurious !. #2275
• When converting parsed HTML to XML or the W3C DOM, element names containing < are normalized to _ to ensure valid XML. For example, <foo<bar> becomes <foo_bar>, as XML does not allow < in element names, but HTML5 does. #2276
• Reimplemented the HTML5 Adoption Agency Algorithm to the current spec. This handles mis-nested formating / structural elements. #2278

... (truncated)

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.19.1 (2025-03-04)

Changes

• Added support for http/2 requests in Jsoup.connect(), when running on Java 11+, via the Java HttpClient implementation. #2257.
  • In this version of jsoup, the default is to make requests via the HttpUrlConnection implementation: use System.setProperty("jsoup.useHttpClient", "true"); to enable making requests via the HttpClient instead , which will enable http/2 support, if available. This will become the default in a later version of jsoup, so now is a good time to validate it.
  • If you are repackaging the jsoup jar in your deployment (i.e. creating a shaded- or a fat-jar), make sure to specify that as a Multi-Release JAR.
  • If the HttpClient impl is not available in your JRE, requests will continue to be made via HttpURLConnection (in http/1.1 mode).
• Updated the minimum Android API Level validation from 10 to 21. As with previous jsoup versions, Android developers need to enable core library desugaring. The minimum Java version remains Java 8. #2173
• Removed previously deprecated class: org.jsoup.UncheckedIOException (replace with java.io.UncheckedIOException); moved previously deprecated method Element Element#forEach(Consumer) to void Element#forEach(Consumer()). #2246
• Deprecated the methods Document#updateMetaCharsetElement(boolean) and Document#updateMetaCharsetElement(), as the setting had no effect. When Document#charset(Charset) is called, the document's meta charset or XML encoding instruction is always set. #2247

Improvements

• When cleaning HTML with a Safelist that preserves relative links, the isValid() method will now consider these links valid. Additionally, the enforced attribute rel=nofollow will only be added to external links when configured in the safelist. #2245
• Added Element#selectStream(String query) and Element#selectStream(Evaluator) methods, that return a Stream of matching elements. Elements are evaluated and returned as they are found, and the stream can be terminated early. #2092
• Element objects now implement Iterable, enabling them to be used in enhanced for loops.
• Added support for fragment parsing from a Reader via Parser#parseFragmentInput(Reader, Element, String). #1177
• Reintroduced CLI executable examples, in jsoup-examples.jar. #1702
• Optimized performance of selectors like #id .class (and other similar descendant queries) by around 4.6x, by better balancing the Ancestor evaluator's cost function in the query planner. #2254
• Removed the legacy parsing rules for <isindex> tags, which would autovivify a form element with labels. This is no longer in the spec.
• Added Elements.selectFirst(String cssQuery) and Elements.expectFirst(String cssQuery), to select the first matching element from an Elements list. #2263
• When parsing with the XML parser, XML Declarations and Processing Instructions are directly handled, vs bouncing through the HTML parser's bogus comment handler. Serialization for non-doctype declarations no longer end with a spurious !. #2275
• When converting parsed HTML to XML or the W3C DOM, element names containing < are normalized to _ to ensure valid XML. For example, <foo<bar> becomes <foo_bar>, as XML does not allow < in element names, but HTML5 does. #2276

... (truncated)

Commits

• 5c4c09a [maven-release-plugin] prepare release jsoup-1.19.1
• 7de25be Updated changelog in preparation of release
• 6d7a058 Use 'el' instead of 'node' in adoption agency
• 0679bef Perf: removed redundant lowercase normalization
• d80275e Performance tweak when appending tag names
• 4b733b1 Updated InScope search basetypes to be namespace aware
• d89d757 Changelog tidy
• 5fde3d9 Changelog for #2281
• d55469a Clone the Parser when cloning a Document
• 11a0334 Concurrency note
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.4.2 to 3.4.4

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.4.4

❗ Noteworthy Changes

Tomcat APR support is now disabled by default if you are using Java 24 or higher. This change has been made to prevent JDK from issuing warnings.

Please see the updated release notes for details.

🐞 Bug Fixes

• Actuator throws an exception when using prototype scoped DataSource bean #44706
• Docker API error message is missing in some cases #44630
• DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry should not be public #44585
• When an application contains multiple DataSource beans, EntityManagerFactoryBuilder will default ddl-auto to a value that may only be appropriate for the primary DataSource #44516
• When the main class is not proxied, native testing that uses the application's main method does not work #44481
• When loading configuration from a Resource, Log4J2LoggingSystem may not close the InputStream #44473
• When loading from a resource, PemContent does not close the InputStream #44454
• ResourceBanner does not close the InputStream used to read the banner #44452
• ConfigDataLocationResolvers and PropertySourceLoaders are loaded using a potentially different class loader #44450
• Kafka message sending fails with 'class SslBundleSslEngineFactory could not be found' #44437
• Kafka in native-image fails when using SSL bundles #44436
• Nested test classes don't inherit properties from @DataJpaTest on enclosing class #44407
• Failure diagnostics are poor when trying to use an image platform that is not supported by the builder #44059
• Checking if APR is available logs a warning on Java 24 #44033

📔 Documentation

• Multiline properties in documentation are missing backslashes #44790
• Polish javadoc of SqlR2dbcScriptDatabaseInitializer #44764
• Document support for Java 24 #44754
• Remove OpenShift link that 404s #44748
• Fix link to javadoc for JavaExec.setArgsString #44536
• Fix typo in documentation #44523
• Update descriptions of properties that no longer require Flyway Teams #44483
• Fix typo in javadoc of CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA #44469
• Samples for metadata annotation processers have invalid fold attribute #44420
• Clarify which Mongo properties are ignored when URI property is set #44404
• Adapt Javadoc reference of JooqExceptionTranslator to use ExceptionTranslatorExecuteListener #44402

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.6 #44663
• Upgrade to AspectJ 1.9.23 #44720
• Upgrade to Groovy 4.0.26 #44546
• Upgrade to Hibernate 6.6.11.Final #44739
• Upgrade to Infinispan 15.0.14.Final #44548
• Upgrade to Jackson Bom 2.18.3 #44549
• Upgrade to Jetty 12.0.18 #44774
• Upgrade to Jetty Reactive HTTPClient 4.0.9 #44773
• Upgrade to jOOQ 3.19.21 #44665
• Upgrade to Logback 1.5.18 #44775
• Upgrade to Maven Deploy Plugin 3.1.4 #44552

... (truncated)

Commits

• d4eb556 Increase Nexus timeouts
• 0226b6a Release v3.4.4
• 6ba94ae Merge branch '3.3.x' into 3.4.x
• 36a5936 Next development version (v3.3.11-SNAPSHOT)
• 375aba6 Upgrade to Spring Framework 6.2.5
• 37e4a3c Merge branch '3.3.x' into 3.4.x
• 99fa21c Upgrade to asciidoctor-extensions 1.0.0-alpha.17
• f86a6fb Upgrade to Spring Batch 5.2.2
• 6567609 Merge branch '3.3.x' into 3.4.x
• 80b6c59 Improve debuggability of DockerComposeTestExtension
• Additional commits viewable in compare view

Updates org.codehaus.mojo:flatten-maven-plugin from 1.6.0 to 1.7.0

Release notes

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.7.0

🚀 New features and improvements

• Bind :clean to 'clean' phase by default (#435) @​pzygielo
• Feature/extended interpolate (#384) @​SergeDemoulinGebit

🐛 Bug Fixes

• Fix Issue#377 Regression: parent dependencies missing in flattened pom (#417) @​hkampbjorn

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 86 to 87 (#437) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#434) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 (#433) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 (#432) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#431) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#430) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#425) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#428) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#427) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 (#421) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 84 to 85 (#424) @dependabot[bot]
• Bump org.eclipse.sisu:org.eclipse.sisu.inject from 0.9.0.M2 to 0.9.0.M3 (#418) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 82 to 84 (#420) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#416) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 (#415) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 81 to 82 (#414) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 80 to 81 (#413) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#411) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#410) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 78 to 80 (#406) @dependabot[bot]
• Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#409) @dependabot[bot]
• Bump apache/maven-gh-actions-shared from 3 to 4 (#407) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 (#404) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.2 (#402) @dependabot[bot]

👻 Maintenance

• Avoid using deprecated items (#439) @​slawekjaranowski
• Remove Maven wrapper configuration (#438) @​slawekjaranowski
• Remove no-overwrite-3.6.2-before IT (#436) @​pzygielo

Commits

• f9ad1f7 [maven-release-plugin] prepare release 1.7.0
• 8061369 Avoid using deprecated items
• 28c7cb0 Bump org.codehaus.mojo:mojo-parent from 86 to 87
• 3800f8b Remove Maven wrapper configuration
• b622639 Fix Issue#377 Regression: parent dependencies missing in flattened pom
• 600e7a0 Bump org.assertj:assertj-core from 3.27.2 to 3.27.3
• bb80610 Remove no-overwrite-3.6.2-before IT
• 78bac9e Bind :clean to 'clean' phase by default
• 8bd8956 Bump org.assertj:assertj-core from 3.27.1 to 3.27.2
• 0e461a2 Bump org.assertj:assertj-core from 3.27.0 to 3.27.1
• Additional commits viewable in compare view

Updates co.elastic.clients:elasticsearch-java from 8.17.1 to 8.17.4

Release notes

Sourced from co.elastic.clients:elasticsearch-java's releases.

v8.17.4

What's Changed

Full Changelog: elastic/elasticsearch-java@v8.17.3...v8.17.4

v8.17.3

What's Changed

Full Changelog: elastic/elasticsearch-java@v8.17.2...v8.17.3

v8.17.2

What's Changed

Full Changelog: elastic/elasticsearch-java@v8.17.1...v8.17.2

Commits

• 8f53cdc maven central release with nexux plugin (#961)
• b5574fa [codegen] update to latest spec
• 99ff263 json enum case insensitive (#941) (#959)
• 6900670 version bump
• 500de42 [codegen] update to latest spec
• 788d688 [codegen] update to latest spec
• 30b3efe [codegen] update to latest spec
• e90330f bump version
• f46b8b0 [codegen] update to latest spec
• a3ee856 [codegen] update to latest spec
• Additional commits viewable in compare view

Updates org.apache.activemq:artemis-jms-server from 2.39.0 to 2.40.0

Updates com.itextpdf:itext-core from 9.0.0 to 9.1.0

Release notes

Sourced from com.itextpdf:itext-core's releases.

iText Core/Community 9.1.0

To celebrate both iText’s 25th anniversary and Valentine’s Day, we bring you iText Core version 9.1. There’s a lot of to love about this release, with a huge performance increase in table creation, massively extended SVG support, and further Digital Signing goodies.

Extended SVG Support

Many additions and enhancements have been made to our in-house implementation since it was introduced, with coverage of the specification steadily increasing to meet customer needs. This release sees our biggest leap yet with over 40 tickets being closed – full marks to our incredible dev team!

Newly added are support for text clipping paths, 'marker-mid' properties, text decoration, and passing markers from elements to children. We’ve improved general font handling, while some other improvements to draw attention to are in the support for relative size attributes, text positioning, 'direction' properties, stroke opacity, and dash patterns.

There's also improved support for CSS-specific SVG, which you can find more details on in the pdfHTML release notes. However, we'll call out the improved support for different CSS origins in SVG and referencing external resources with the @importurl() rule.

To top it off we’ve significantly improved the SVG module’s usage of the advanced typography features enabled by the pdfCalligraph add-on. See the example PDF on our Knowledge Base for a demonstration!

Increased Table Performance

With iText Core 9.1 the table rendering code has been highly-optimized, particularly when it comes to tagged tables. This is especially noticable for tables with many rows, or when tagging tables. See more details

Digital Signatures

We’re continually working on iText’s digital signing and validation capabilities to provide a unique breadth of support in the market. MAC integrity protection support is extended to support two-step signing. There’s also new code examples for signing with the Cloud Signing Consortium (CSC) API, which we recently wrote about in Part V of our Digital Signing with iText series. You can find these in the GitHub samples repositories linked below.

Alongside that, we’ve made some general improvements (if you know, you know) to signing and validation. In particular, the workaround for certificates where the pathLength parameter is set to 0 for the basicConstraints extension is no longer required.

PDF/UA-2

Our PDF/UA-2 implementation is improved, specifically, when using the Annot tag for content elements in PDF 2.0 documents.Don’t tell anyone, but our team is preparing further PDF/UA-2 goodies for our next release.

Pull Requests

For this release, we’d like to thank Stefan Bechtold for submitting a PR adding support for styling tables with nth-last pseudo class selectors. Thanks also to Artyom Skrobov for squashing a bug when decoding an empty PdfString, and finally Zuzu-Typ for fixes to the kernel PDF encryption constants documentation.

Bug Fixes and Miscellaneous

There’s an update for merge handling when remote and embedded go-to actions are present, and we resolved a customer issue related to decoding Xref streams with missing bytes.

Many bugs have been resolved for SVG rendering and CSS layout. In addition, general bugfixes have been made to font and text handling, form fields, signing and validation, and more.

Other Stuff

If you use iText for digital signing, you may be interested in the Digital Signatures Hub which contains a ton of useful resources and examples. In particular, we have a new chapter to our Digital Signing with iText series. In Part V, we take you through the steps of signing PDFs with Java via a remote signing service offering CSC API access.

Don’t forget that in addition to the resources on our Knowledge Base, on our GitHub you can find a ton of useful up-to-date samples in the following repos:

Java

• https://github.com/itext/itext-publications-examples-java
• https://github.com/itext/itext-publications-book-java
• https://github.com/itext/itext-publications-signing-examples-java
• https://github.com/itext/itext-publications-signatures-java
• https://github.com/itext/itext-publications-highlevel-java

... (truncated)

Commits

• 6d43eb7 [RELEASE] iText 9.1.0
• a80ad00 [RELEASE] 9.1.0
• 1ffa4d5 Fix behavior for svg containing elements with zero or negative stroke-width
• 457ddde SVG: don't draw rect with negative or zero height or width
• 586e3e3 SVG: add tests for text-decoration inheritance
• 862fac8 SVG: Fix currentColor handling
• 903b8df SVG: fix preserveAspectRatio on image
• d49afc6 Fix rgba alpha channel parsing
• 07a241a Support display:none and visibility:hidden for svg elements except text
• 69e07f1 Add missing AES_GCM encryption references
• Additional commits viewable in compare view

Updates com.itextpdf:cleanup from 5.0.0 to 5.0.1

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.1 to 3.5.3

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.3

3.5.3 (Feb 2025)

Full Changelog

Bugs Fixed

• CONJ-1226 Fixed issue where dates containing zero day or month resulted in a DateTimeException
• CONJ-1232 Resolved timestamp string representation incompatibility between versions 2.7 and 3.x
  • see new option oldModeNoPrecisionTimestamp
• CONJ-1226 Fixed incorrect values returned by ResultSet.getColumnType() for unsigned values
• CONJ-1241 Corrected regression in 3.x affecting column metadata for unsigned types<...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.