chore(deps): bump the java-dependencies group across 1 directory with 15 updates

[dependabot]

Bumps the java-dependencies group with 14 updates in the / directory:

Package	From	To
org.owasp.dependencycheck	12.2.0	12.2.2
org.cyclonedx.bom	3.2.0	3.2.4
com.fasterxml.jackson.core:jackson-databind	2.21.2	2.21.3
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.21.2	2.21.3
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.21.2	2.21.3
com.github.ben-manes.caffeine:caffeine	3.2.3	3.2.4
com.zaxxer:HikariCP	5.1.0	7.0.2
org.xerial:sqlite-jdbc	3.50.3.0	3.53.0.0
org.postgresql:postgresql	42.7.10	42.7.11
com.mysql:mysql-connector-j	9.6.0	9.7.0
io.javalin:javalin	7.1.0	7.2.0
com.nimbusds:nimbus-jose-jwt	10.8	10.9
io.micrometer:micrometer-core	1.16.4	1.16.5
gradle-wrapper	9.4.1	9.5.0

Updates org.owasp.dependencycheck from 12.2.0 to 12.2.2

Updates org.cyclonedx.bom from 3.2.0 to 3.2.4

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.21.2 to 2.21.3

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.21.2 to 2.21.3

Commits

• ccfcc95 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.3
• 5e81617 Prep for 2.21.3 release
• 52ab617 Merge branch '2.20' into 2.21
• 84f99f7 Merge branch '2.19' into 2.20
• 4fe54cb Merge branch '2.18' into 2.19
• f18c578 Post-release dep version bump
• 8db1032 [maven-release-plugin] prepare for next development iteration
• 7afb263 [maven-release-plugin] prepare release jackson-dataformats-text-2.18.7
• ec50f24 Prep for 2.18.7 release
• a8bedbd Post-release dep version bump
• Additional commits viewable in compare view

Updates com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.4

• Improved access expiration's read performance by avoiding false sharing effects caused by the timestamp update
• Fixed head-of-line blocking of expiration queues caused by in-flight async entries (#1954)
• Fixed various minor issues found using AI audits
• Added ObjectInputFilter support to JCache

Commits

• 836b65c use a consistent expiration tolerance calculation
• 0dc7daf resurrect in-flight async entries on expiration
• 0bac8b5 handle head-of-line blocking of expiration queues (fixes #1954)
• ff25836 test polish
• f3a6176 Fix JCache close/createCache races and recursive teardown
• 622fbe7 Fix removal in identity views and widen hill-climber counters
• 8da5a7a defer weighing the entry until after the putIfAbsent hit fast-path
• 94ad0ff Record eviction stats before notifying the removal listener consistently
• f94c011 Auto-assert eviction stats alongside notifications.withCause.exclusively
• 2e945e0 Skip timestamp writes within tolerance on the read path.
• Additional commits viewable in compare view

Updates com.zaxxer:HikariCP from 5.1.0 to 7.0.2

Changelog

Sourced from com.zaxxer:HikariCP's changelog.

HikariCP Changes

Changes in 7.0.2

• decrease thread yield frequency in ConcurrentBag.unreserve()

Changes in 7.0.1

• merged #2346 fix regression with setSchema behavior

• decrease thread yield frequency in ConcurrentBag.requite()

Changes in 7.0.0

• merged #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

• fixed #1294 add support for HikariCredentialsProvider class

• fixed #2265 bail out of the pool filling loop if the thread is interrupted

Changes in 6.3.3

• backport #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

Changes in 6.3.2

• fixed #2342 restore module-info.class to jar file, which was lost in 6.3.1

• fixed #2256 add support for legacy override of getUsername()/getPassword() of HikariDataSource. See project page for documentation of system property com.zaxxer.hikari.legacy.supportUserPassDataSourceOverride.

• fixed #2323 right or wrong (wrt driver behavior) return to previous Connection.get/setSchema behavior

• fixed #2288 upgrade dependencies and fix build warnings

Changes in 6.3.1

• fixed #2315 source jar contains also binary .class files and missing some .java files

• fixed #2307 remove improper hardcoded timout, use validationTimeout

• fixed #2305 keep properties key and values as is rather than forcing stringification. Also fixes #2286 and #2304

• upgraded various maven plugin dependencies to latest versions

Changes in 6.3.0

• increase keepaliveTime variance from 10% to 20%

... (truncated)

Commits

• 80c46ae [maven-release-plugin] prepare release HikariCP-7.0.2
• cba7ebe decrease thread yield frequency in ConcurrentBag.unreserve()
• 22cc9bd Update README.md
• 86915ee [maven-release-plugin] prepare for next development iteration
• 217bcc8 [maven-release-plugin] prepare release HikariCP-7.0.1
• 29ad2f4 update changes log
• b81bbc9 fixes #2323 always reset schema upon connection retrieval (#2346)
• ee5328d decrease yield() frequency during direct hand-off attempts
• 1da3a33 Update README.md
• 17c4b33 Update README.md
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.50.3.0 to 3.53.0.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.53.0.0

Changelog

🚀 Features

jdbc

• expose wal_autocheckpoint pragma in SQLiteConfig (dd2adcc), closes #1397

sqlite

• upgrade to sqlite 3.53.0 (baaf087)

unscoped

• publish multiple classifer jars (bdd2b64), closes #1273
• better Android support (7eb6f3f), closes #1378

🛠 Build

deps

• bump org.sonatype.central:central-publishing-maven-plugin (19259e5)
• bump EndBug/add-and-commit from 9 to 10 (f572217)

deps-dev

• bump surefire.version from 3.5.4 to 3.5.5 (b649d25)
• bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (857a754)
• bump org.mockito:mockito-core from 5.21.0 to 5.23.0 (a597952)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Karl-Michael Edlinger, kju2

Release 3.51.3.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.51.3 (09e9741)
• upgrade to sqlite 3.52.0 (64cf690)

🛠 Build

deps

• bump org.graalvm.buildtools:native-maven-plugin (5ad5155)
• bump actions/upload-artifact from 6 to 7 (90c726f)
• bump actions/download-artifact from 7 to 8 (17d4998)

deps-dev

• bump org.jreleaser:jreleaser-maven-plugin (d4d5c04)

unscoped

• set-version trigger CI after build native (89dfbc8)
• set-version commit and trigger workflow (eed41ae)
• set-version fix VERSION (22e5106)

... (truncated)

Commits

• f88e9c7 chore(release): 3.53.0.0 [skip ci]
• bdd2b64 feat: publish multiple classifer jars
• 7eb6f3f feat: better Android support
• 23ead2e chore: update native libraries
• baaf087 feat(sqlite): upgrade to sqlite 3.53.0
• dd2adcc feat(jdbc): expose wal_autocheckpoint pragma in SQLiteConfig
• b649d25 build(deps-dev): bump surefire.version from 3.5.4 to 3.5.5
• 857a754 build(deps-dev): bump org.assertj:assertj-core from 3.27.6 to 3.27.7
• 19259e5 build(deps): bump org.sonatype.central:central-publishing-maven-plugin
• a597952 build(deps-dev): bump org.mockito:mockito-core from 5.21.0 to 5.23.0
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

• fix: Add sources and javadocs to shaded published lib generation @​sehrope (#4043)
• update Changelog and website for release of 42.7.11 @​davecramer (#4042)
• Fix scram fix location in changelog and update published artifact developer list @​sehrope (#4041)
• Restrict test with scram_iterations to v16+ and release notes @​sehrope (#4040)
• chore(deps): update ubuntu:24.04 docker digest to 84e77de @​renovate-bot (#4017)
• test: add tests for QueryExecutor#getTransactionState @​vlsi (#4006)
• chore(deps): update actions/create-github-app-token action to v2.2.2 @​renovate-bot (#3983)
• fix: fix flaky CopyBothResponseTest by using WAL flush LSN @​vlsi (#3979)
• fix: fix flaky replication restart tests by waiting for confirmed_flush_lsn @​vlsi (#3975)
• test: fix flaky LogicalReplicationStatusTest by polling pg_stat_replication @​vlsi (#3974)
• chore: replace Appveyor with ikalnytskyi/action-setup-postgres @​vlsi (#3966)
• test: move test table creation from @​BeforeEach to @​BeforeAll @​vlsi (#3967)
• Return jsonb as PGObject fixes Issue #3926 @​davecramer (#3956)
• Update docker scripts @​davecramer (#3958)
• implement require_auth, this is pretty much how libpq does this. @​davecramer (#3895)
• docs: add SCRAM authentication test setup section to TESTING.md @​emmaeng700 (#3945)
• Add RequireServerVersion annotation for tests @​sehrope (#3939)

🐛 Bug Fixes

• fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
• fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
• fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

• style: replace @​exception with @​throws in getBoolean javadoc @​vlsi (#4035)
• chore: use @​vlsi/github-actions-random-matrix npm package @​vlsi (#4008)
• chore: use tag names for pinning github actions, pin ikalnytskyi/action-setup-postgres @​vlsi (#4007)
• chore: bump errorprone to 2.48.0 @​vlsi (#4005)
• test: add @​DisableLogger annotation to suppress expected log warnings in tests @​vlsi (#3971)
• chore: suppress deprecations in test code to reduce build verbosity @​vlsi (#3972)
• chore: replace log warning in ConnectionFactory.closeStream with Throwable.addSuppressed @​vlsi (#3970)
• chore: use greedy pairwise coverage for CI matrix generation @​vlsi (#3965)
• chore: use full version tags in GitHub Actions comments @​vlsi (#3963)

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

• fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

• feat: implement require_auth connection property, aligning with libpq behavior [PR #3895](pgjdbc/pgjdbc#3895)

Changed

• chore: replace Appveyor CI with ikalnytskyi/action-setup-postgres [PR #3966](pgjdbc/pgjdbc#3966)
• chore: upgrade Gradle to v9 [PR #3978](pgjdbc/pgjdbc#3978)

Fixed

• fix: ensure extended protocol messages end with Sync message [PR #3728](pgjdbc/pgjdbc#3728)
• fix: enable cursor-based fetching in extended protocol when transaction started via SQL command [PR #3996](pgjdbc/pgjdbc#3996)
• fix: retry with SSL on IOException when sslMode=ALLOW [PR #3973](pgjdbc/pgjdbc#3973)
• fix: make sure the driver honours connectTimeout when retrying the connection [PR #3968](pgjdbc/pgjdbc#3968)
• fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in [PR #3968](pgjdbc/pgjdbc#3968)
• fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers [PR #3962](pgjdbc/pgjdbc#3962)
• fix: use compareTo for LogSequenceNumber comparison to handle unsigned values correctly [PR #3961](pgjdbc/pgjdbc#3961)
• fix: release COPY lock on IOException to prevent connection hang [PR #3957](pgjdbc/pgjdbc#3957)
• fix: return jsonb as PGObject instead of String [PR #3956](pgjdbc/pgjdbc#3956)
• fix: align SSL key file permission check with libpq [PR #3952](pgjdbc/pgjdbc#3952)
• fix: guard connection closed flag with a reentrant lock to protect against concurrent close [PR #3905](pgjdbc/pgjdbc#3905)

Commits

• 78e261f fix: Add sources and javadocs to shaded published lib generation
• 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
• d479fa5 Fix scram fix location in changelog and update published artifact developer l...
• b04fc46 docs: Add scram max iters fix to changelog
• cf54822 test: Disable scram test on older version without scram_iterations GUC
• 7dbcc79 test: Add SCRAM max iteration tests
• c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
• a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
• 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
• 23af03b chore(deps): update actions/checkout action to v6
• Additional commits viewable in compare view

Updates com.mysql:mysql-connector-j from 9.6.0 to 9.7.0

Changelog

Sourced from com.mysql:mysql-connector-j's changelog.

Changelog

https://dev.mysql.com/doc/relnotes/connector-j/en/

Version 9.7.0

• Fix for Bug#119863 (Bug#38951042), Inaccurate decoding of negative TIME durations in Binary Protocol (Cursor Mode).

• WL#17215, Implement JDBC 4.3/4.5 Statement/Connection.enquote* methods.

• Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into' in them. (reopened)

• Fix for Bug#119659 (Bug#38916595), BinaryResultsetReader fails to consume EOF packet after column definitions when EOF is not deprecated.

Version 9.6.0

• Fix for Bug#118002 (Bug#37843004), The setFetchSize() method in the Statement class may have a potential bug.

• Fix for Bug#113130 (Bug#36043125), getGeneratedKeys() returns a zero resultset with non-key-generating statements.

• Fix for Bug#113336 (Bug#36080226), Inconsistent getUpdateCount() Behavior with allowMultiQueries.

• Fix for Bug#118234 (Bug#37975837), A potential bugs in Mysql Connector/J.

• Fix for Bug#113413 (Bug#36107426), Connection.changeUser cannot be done after DriverManager.loginTimeout elapses. Thanks to Kazuhisa Kawashima for his contribution.

• Fix for Bug#119271 (Bug#38599496), Connector/J fails to accept legacy value zeroDateTimeBehavior=convertToNull on multi-host URLs (failover).

• Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into' in them.

Version 9.5.0

• Fix for Bug#72036 (Bug#18403804), XA isSameRM() shouldn't take database into account.

• Fix for Bug#62693 (Bug#16722068), XAConnection savepoint capability.

• Fix for Bug#81128 (Bug#23146631), Master host list overwritten by slave list when loadBalanceConnectionGroup used.

• Fix for Bug#19887224, RUNNING THE TEST SUITE WITH SOCKSPROXY* PROPERTIES HANGS IN TEST TESTBUG56429.

• Fix for Bug#98699 (Bug#30932850), Allow empty keyStore file for keyStoreTypes that do not require files. Thanks to Kolbe Kegel for his contribution.

• Fix for Bug#118938 (Bug#38396227), DatabaseMetaDataInformationSchema#getSchemas has a bug.

• Fix for Bug#99292 (Bug#31195955), Contribution: Support Windows time zone 'Coordinated Universal Time'. Thanks to Frédéric Barrière for his contribution.

• Fix for Bug#107094 (Bug#34104230), NullPointerException when calling equals with null on MultiHostConnectionProxy.

... (truncated)

Commits

• 0aade1f Fix for Bug#119863 (Bug#38951042), Inaccurate decoding of negative TIME durat...
• b6d5baa Update for GPL license book.
• a7cc5a9 Fix for DateTimeTest failures after some of the work done for WL#16669 in MyS...
• 6a0c818 WL#17215, Implement JDBC 4.3/4.5 Statement/Connection.enquote* methods.
• 5f96e85 Fix for Bug#119245 (Bug#38599240), Select into fix breaks queries with 'into'...
• 8d779fc Fix for Bug#119659 (Bug#38916595), BinaryResultsetReader fails to consume EOF...
• 1391179 Copyright header year bump.
• 5c764b4 Post-release version bump.
• See full diff in compare view

Updates io.javalin:javalin from 7.1.0 to 7.2.0

Release notes

Sourced from io.javalin:javalin's releases.

7.2.0

What's Changed

• [performance] Replace Stream API with List and reduce per-request allocations by @​tipsy in javalin/javalin#2567
• feat: introduce JavalinJackson3 as an optional JsonMapper implementation for Jackson 3 by @​yvasyliev in javalin/javalin#2548
• [workflow]: Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the dependencies group by @​dependabot[bot] in javalin/javalin#2569
• Add path role inheritance by @​AoElite in javalin/javalin#2553
• [deps]: Bump the dependencies group across 1 directory with 23 updates by @​dependabot[bot] in javalin/javalin#2575
• [workflow]: Bump codecov/codecov-action from 5.5.3 to 6.0.0 in the dependencies group across 1 directory by @​dependabot[bot] in javalin/javalin#2570
• [workflow]: Bump actions/github-script from 8 to 9 in the dependencies group by @​dependabot[bot] in javalin/javalin#2581
• [cleanup] Remove JavalinTest.class by @​vorburger in javalin/javalin#2584
• [deps] Bump Jetty from 12.1.7 to 12.1.8 by @​vorburger in javalin/javalin#2585
• Add ability to emit plain data messages in SSE by @​1cg in javalin/javalin#2578
• fix: sanitize newlines in SSE event and id fields by @​eddieran in javalin/javalin#2580
• [deps] Bump stable deps and sync OptionalDependency.kt by @​tipsy in javalin/javalin#2588

New Contributors

• @​AoElite made their first contribution in javalin/javalin#2553
• @​vorburger made their first contribution in javalin/javalin#2584
• @​1cg made their first contribution in javalin/javalin#2578
• @​eddieran made their first contribution in javalin/javalin#2580

Full Changelog: javalin/javalin@javalin-parent-7.1.0...javalin-parent-7.2.0

Commits

• c67b118 [maven-release-plugin] prepare release javalin-parent-7.2.0
• b89fdf7 [deps] Bump stable deps and sync OptionalDependency.kt (#2588)
• a3ad657 [sse] Sanitize newlines in event and id fields
• e0f5458 [sse] Add ability to emit plain data messages
• fa51869 [deps] Bump Jetty from 12.1.7 to 12.1.8 (#2585)
• 4bc70e9 [cleanup] Remove JavalinTest.class (#2584)
• 1901feb [workflow]: Bump actions/github-script in the dependencies group (#2581)
• 152f7b3 [workflow]: Bump codecov/codecov-action in the dependencies group (#2570)
• 2c4d1ef [deps]: Bump the dependencies group across 1 directory with 23 updates (#2575)
• 64f3a75 [apibuilder] Refactor role-scoping internals to Kotlin
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 10.8 to 10.9

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

version 1.0 (2012-03-01)

• First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)

• Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
• Refactors the JWT class.

version 1.2 (2012-03-08)

• Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)

• Switches to Apache Commons Codec for Base64URL encoding and decoding
• Consolidates the crypto utilities within the package.
• Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)

• Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)

• Switches to JSON Smart for JSON serialisation and parsing.
• Introduces claims set class with JSON objects, string, Base64URL and byte array views.

version 1.6 (2012-03-20)

• Creates class for representing, serialising and parsing JSON Web Keys (JWK).
• Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)

• Introduces separate classes for plain, JWS and JWE headers.
• Introduces separate classes for plain, signed and encrypted JWTs.
• Removes the JWTContent class.
• Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)

• Adds support for the ZIP JWE header parameter.
• Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)

• Renames JWEHeader.{get|set}EncryptionAlgorithm() to JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)

• Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)

• Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)

• JWT.serialize() throws checked JWTException instead of

... (truncated)

Commits

• e48aa07 [maven-release-plugin] prepare for next development iteration
• 4b02531 Adds X509CertUtils.computeSHA1Thumbprint(X509Certificate) method
• 6b52455 [maven-release-plugin] prepare release 10.9
• See full diff in compare view

Updates io.micrometer:micrometer-core from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates gradle-wrapper from 9.4.1 to 9.5.0

Release notes

Sourced from gradle-wrapper's releases.

9.5.0

The Gradle team is excited to announce Gradle 9.5.0.

Here are the highlights of this release:

• Task provenance in reports and failure messages
• Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

9.5.0 RC4

... (truncated)

Commits

• 3fe117d Update jdks.yaml (#37703)
• 33d145a Update jdks.yaml
• f7a05d1 Update Gradle wrapper to version 9.5.0-rc-4 (#37654)
• 266facd Update Gradle wrapper to version 9.5.0-rc-4
• 0ad6dd8 Suppress OSC taskbar reset on plain/piped stdout (#37646)
• 966025d Suppress OSC taskbar reset on plain/piped stdout
• e745573 Polish IP docs (#37642)
• d5cfd07 Ensure BuildOperationQueue will progress without extra leases (#37629)
• acdf0c3 Ensure BuildOperationQueue will progress without extra leases
• f7d0e4f Rename anchor
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions