chore(deps): bump the maven-minor group across 1 directory with 24 updates

[dependabot]

Bumps the maven-minor group with 24 updates in the / directory:

Package	From	To
org.junit:junit-bom	6.0.3	6.1.0
org.apache.myfaces.core:myfaces-api	4.1.2	4.1.3
org.apache.myfaces.core:myfaces-impl	4.1.2	4.1.3
org.omnifaces:omnifaces	5.2.3	5.3.4
org.primefaces:primefaces	15.0.14	15.0.16
commons-io:commons-io	2.21.0	2.22.0
org.mariadb.jdbc:mariadb-java-client	3.5.8	3.5.9
com.zaxxer:HikariCP	7.0.2	7.1.0
org.jdbi:jdbi3-core	3.52.1	3.53.0
org.jdbi:jdbi3-sqlobject	3.52.1	3.53.0
org.apache.logging.log4j:log4j-api	2.25.4	2.26.0
org.apache.logging.log4j:log4j-core	2.25.4	2.26.0
org.apache.logging.log4j:log4j-jcl	2.25.4	2.26.0
org.apache.logging.log4j:log4j-slf4j2-impl	2.25.4	2.26.0
org.apache.logging.log4j:log4j-jakarta-web	2.25.4	2.26.0
io.sentry:sentry-log4j2	8.39.1	8.43.2
com.github.ben-manes.caffeine:caffeine	3.2.3	3.2.4
com.google.code.gson:gson	2.13.2	2.14.0
org.eclipse.jetty.ee11:jetty-ee11-cdi	12.1.8	12.1.10
org.eclipse.jetty.ee11:jetty-ee11-maven-plugin	12.1.8	12.1.10
com.github.spotbugs:spotbugs-maven-plugin	4.9.8.3	4.10.2.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6
org.apache.maven.plugins:maven-dependency-plugin	3.10.0	3.11.0
org.apache.maven.plugins:maven-enforcer-plugin	3.6.2	3.6.3

Updates org.junit:junit-bom from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

• @​JarvisCraft made their first contribution in junit-team/junit-framework#5633
• @​Maran23 made their first contribution in junit-team/junit-framework#5644

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

• @​mariokhoury4 made their first contribution in junit-team/junit-framework#4574
• @​Ogu1208 made their first contribution in junit-team/junit-framework#5145
• @​HyungGeun94 made their first contribution in junit-team/junit-framework#5271
• @​yalishevant made their first contribution in junit-team/junit-framework#5316
• @​JINU-CHANG made their first contribution in junit-team/junit-framework#5290
• @​jaschdoc made their first contribution in junit-team/junit-framework#5427
• @​kawshikbuet17 made their first contribution in junit-team/junit-framework#5561
• @​msridhar made their first contribution in junit-team/junit-framework#5602

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

• @​vy made their first contribution in junit-team/junit-framework#5041
• @​Pankraz76 made their first contribution in junit-team/junit-framework#5006
• @​arukiidou made their first contribution in junit-team/junit-framework#5066
• @​laeubi made their first contribution in junit-team/junit-framework#5092
• @​jihun4452 made their first contribution in junit-team/junit-framework#5088
• @​TWiStErRob made their first contribution in junit-team/junit-framework#5133

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

• 0dc3af1 Release 6.1.0
• 1d13002 Prepare 6.1.0 release notes
• 072b217 Update plugin spotless to v8.5.0 (#5668)
• 3a53480 Update Gradle to v9.5.1 (#5666)
• 0e18a20 Update zizmorcore/zizmor-action action to v0.5.4 (#5669)
• 0a2634f Update github/codeql-action action to v4.35.5 (#5671)
• 4dbd556 Restructure workflows to have single "status" job (#5670)
• f2194ce Increase timeout to reduce flakiness
• 5c8fdd2 Update dependency org.apache.groovy:groovy to v5.0.6 (#5659)
• 43c6982 Update dependency org.slf4j:slf4j-jdk14 to v2.0.18 (#5667)
• Additional commits viewable in compare view

Updates org.apache.myfaces.core:myfaces-api from 4.1.2 to 4.1.3

Updates org.apache.myfaces.core:myfaces-impl from 4.1.2 to 4.1.3

Updates org.apache.myfaces.core:myfaces-impl from 4.1.2 to 4.1.3

Updates org.omnifaces:omnifaces from 5.2.3 to 5.3.4

Commits

• 0b000e8 Prepare 5.3.4 release
• 5aefefd Merge branch '4.x' into 5.3.4
• ef6d988 Branch is now ready for 4.7.11 development
• 082e2a4 Prepare 4.7.10 release
• d86f905 Merge branch '3.x' into 4.x
• 60d3291 Branch is now ready for 3.14.22 development
• a593f52 Prepare 3.14.21 release
• 21c3d1c Merge branch '4.x' into 5.3.4
• 2846cd9 Merge remote-tracking branch 'origin/3.x' into 4.x
• bfc6f68 Fix #956: cc attribute null after page refresh in MyFaces
• Additional commits viewable in compare view

Updates org.primefaces:primefaces from 15.0.14 to 15.0.16

Release notes

Sourced from org.primefaces:primefaces's releases.

15.0.16

What's Changed

Security 🔒

• CVE-2026-46625 Update js-cookie library from v3.0.5 to v3.0.7 by @​melloware in primefaces/primefaces#14927

Accessibility ♿

• Fix #14877: 15.0.16 SelectOneButton add aria-checked by @​melloware in primefaces/primefaces#14902

Defects 🐞

• Fix #14895: p:password unmask defect when it is inside inputgroup by @​melloware in primefaces/primefaces#14900
• Fix #14890: 15.0.16 Abort AJAX on page teardown by @​melloware in primefaces/primefaces#14906
• Fix #14910: 15.0.16 Datatable filter width CSS fix by @​melloware in primefaces/primefaces#14912
• Fix #14917: 15.0.16 Datepicker - respect defaultTime when navigating months by @​melloware in primefaces/primefaces#14924
• Fix #8579: 15.0.16 GMap add MarkerLabel by @​melloware in primefaces/primefaces#14935

Full Changelog: primefaces/primefaces@v15.0.15...v15.0.16

15.0.15

What's Changed

Security 🔒

• Fix #14810: 15.0.15 Schedule add escape property to restore HTML tooltips by @​melloware in primefaces/primefaces#14816

Accessibility ♿

• Fix #14880: 15.0.15 SelectOneMenu restore some ARIA attributes by @​melloware in primefaces/primefaces#14881
• Fix #14739: 15.0.15 Panel only add role=button for isToggleableHeader by @​melloware in primefaces/primefaces#14884

Defects 🐞

• Fix #14822: 15.0.15 Confirm respect beforeShow callback by @​melloware in primefaces/primefaces#14823
• Fix #14352: AutoNumeric 4.10.10 by @​melloware in primefaces/primefaces#14831
• Fix #14843: 15.0.15 QuillJS fix non-breaking space on paste issue by @​melloware in primefaces/primefaces#14845
• Fix #14837: 15.0.15 Panel fix statefulness for items that are not top level submenus by @​melloware in primefaces/primefaces#14838
• Fix #14782: 15.0.15 improve ajax error handling with optional chaining for redirect check by @​melloware in primefaces/primefaces#14853
• Fix #14855: 15.0.15 BlockUI properly unlock target element during widget cleanup by @​melloware in primefaces/primefaces#14857
• Fix #14850: 15.0.15 Autocomplete moreText fix by @​melloware in primefaces/primefaces#14858
• Fix #14873: 15.0.15 Slider display template value must use same precision as step by @​melloware in primefaces/primefaces#14875

Full Changelog: primefaces/primefaces@v15.0.14...v15.0.15

Commits

• 49496ea Release version 15.0.16
• e133c69 Update contact link for KSM Partners
• b48d1f8 Fix #8759: 15.0.16 GMap add MarkerLabel (#14935)
• 542ab2b #14933
• 2ba4cd1 CVE-2026-46625 Update js-cookie library from v3.0.5 to v3.0.7 (#14927)
• 0cca7cc Fix #14917: 15.0.16 Datepicker - respect defaultTime when navigating months (...
• dcf3cc3 Fix #14910: 15.0.16 Datatable filter width CSS fix (#14912)
• 7a39aea Fix #14890: 15.0.16 Abort AJAX on page teardown (#14906)
• 6e80c3d Fix #14877: 15.0.16 SelectOneButton add aria-checked (#14902)
• 997961b Fix #14895: p:password unmask defect when it is inside inputgroup (#14900)
• Additional commits viewable in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.8 to 3.5.9

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.9 (Jun 2026)

Full Changelog

Key Enhancements

• CONJ-1223 - cache TLS trust/key managers across connections to reduce SSL connection cost
• CONJ-1314 - add SPI for interactive dialog (PAM) authentication callback
• CONJ-1311 - add dedicated option useIpForKillQuery for query cancellation
• CONJ-1310 - Add full native image support and CI coverage

Issues Resolved

• CONJ-1320 - PAM (dialog) authentication must require a secure connection (report by fg0x0)
• CONJ-1319 - Use constant-time comparison when validating the server certificate fingerprint (report by jmestwa-coder)
• CONJ-1318 - enforce allowLocalInfile=false on the server's local-infile request, so a malicious server cannot read a client file despite the option being disabled
• CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)
• CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if MitM (report by tonghuaroot)
• CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
• CONJ-1304 - CallableStatement parameter metadata read from mysql.proc, with MySQL info_schema fallback
• CONJ-1299 - keep VALUES literals after the last placeholder when rewriting batches
• CONJ-1313 - race condition in HaMode#getAvailableHostInOrder can cause NPE
• CONJ-1311 - Connection.cancelCurrentQuery fails with SslMode.VERIFY_FULL when client socket IP is set
• CONJ-1264 - handle LocalDateTime as a zoneless wall-clock value
• CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
• CONJ-1324 - fix SQL parser to correctly handle '--' in expressions and reset lastChar after block comments
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.4.3 (Jun 2026)

Full Changelog

Bugs Fixed

• CONJ-1315 - cap BigDecimal/BigInteger string parsing length to prevent CPU exhaustion if Mitm (report by tonghuaroot)
• CONJ-1316 - pin Locale.ROOT on locale-sensitive call sites and date/time/Duration text formatting (fixes locale-dependent parsing/formatting, e.g. under tr_TR) (thanks to jmestwa-coder)
• CONJ-1259 - DatabaseMetaData read-only detection: handle MariaDB 12.0 @@read_only returning ON/OFF instead of 1/0
• CONJ-1317 - ensure non-UTF8 charset cannot be used for protocol exchanges (report by fg0x0)
• CONJ-1320 - PAM (dialog) authentication now requires a secure connection (TLS or unix socket), like mysql_clear_password (report by fg0x0)
• CONJ-1319 - use constant-time comparison when validating the server certificate fingerprint (thanks to jmestwa-coder)
• CONJ-1322 - match local infile filename case-sensitively (thanks to jmestwa-coder)
• CONJ-1323 - LOAD LOCAL INFILE validation rejects statements preceded by line comments (thanks to sebdomdev)

3.3.5 (Jun 2026)

... (truncated)

Commits

• See full diff in compare view

Updates com.zaxxer:HikariCP from 7.0.2 to 7.1.0

Changelog

Sourced from com.zaxxer:HikariCP's changelog.

HikariCP Changes

Changes in 7.1.0

• merged #2402 avoid virtual-thread yield spin in ConcurrentBag. Thanks to @​ittaigolde for addressing this and deep investigation into the issue.

Changes in 7.0.2

• decrease thread yield frequency in ConcurrentBag.unreserve()

Changes in 7.0.1

• merged #2346 fix regression with setSchema behavior

• decrease thread yield frequency in ConcurrentBag.requite()

Changes in 7.0.0

• merged #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

• fixed #1294 add support for HikariCredentialsProvider class

• fixed #2265 bail out of the pool filling loop if the thread is interrupted

Changes in 6.3.3

• backport #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

Changes in 6.3.2

• fixed #2342 restore module-info.class to jar file, which was lost in 6.3.1

• fixed #2256 add support for legacy override of getUsername()/getPassword() of HikariDataSource. See project page for documentation of system property com.zaxxer.hikari.legacy.supportUserPassDataSourceOverride.

• fixed #2323 right or wrong (wrt driver behavior) return to previous Connection.get/setSchema behavior

• fixed #2288 upgrade dependencies and fix build warnings

Changes in 6.3.1

• fixed #2315 source jar contains also binary .class files and missing some .java files

• fixed #2307 remove improper hardcoded timout, use validationTimeout

• fixed #2305 keep properties key and values as is rather than forcing stringification. Also fixes #2286 and #2304

... (truncated)

Commits

• e4c04e8 [maven-release-plugin] prepare release HikariCP-7.1.0
• b7c5afe upgrade fabric8 docker dependency for tests
• 315ab1c update testcontainer dependency and postgresql test dependency
• a400521 fix compiler warnings
• 37167dc prepare for v7.1.0 release
• 5e63223 Avoid virtual-thread yield spin in ConcurrentBag (#2402)
• bba167f Update README.md
• 62d720b update CHANGES for backport release 6.3.3, fix micrometrics dep version
• c3a2473 Update README.md
• 25663ef [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.jdbi:jdbi3-core from 3.52.1 to 3.53.0

Release notes

Sourced from org.jdbi:jdbi3-core's releases.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Changelog

Sourced from org.jdbi:jdbi3-core's changelog.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Commits

• 5361840 [maven-release-plugin] prepare release v3.53.0
• 59a8376 Release notes 3.53.0
• 1f1a5c5 freemarker: disable template class resolution
• 83465ac Merge remote-tracking branch 'origin/master' into sqlexception-handler-statem...
• 5d4191f Merge pull request #2969 from hgschmie/testcontainers2
• 05f9bdb align mysql docker image property name
• ce9f12c align oracle docker image property name
• ebceb8a move to testcontainers 2.x
• 9a42863 add documentation and example
• d53118f SqlExceptionHandler: add StatementContext parameter, remove confusing return ...
• Additional commits viewable in compare view

Updates org.jdbi:jdbi3-sqlobject from 3.52.1 to 3.53.0

Release notes

Sourced from org.jdbi:jdbi3-sqlobject's releases.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Changelog

Sourced from org.jdbi:jdbi3-sqlobject's changelog.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Commits

• 5361840 [maven-release-plugin] prepare release v3.53.0
• 59a8376 Release notes 3.53.0
• 1f1a5c5 freemarker: disable template class resolution
• 83465ac Merge remote-tracking branch 'origin/master' into sqlexception-handler-statem...
• 5d4191f Merge pull request #2969 from hgschmie/testcontainers2
• 05f9bdb align mysql docker image property name
• ce9f12c align oracle docker image property name
• ebceb8a move to testcontainers 2.x
• 9a42863 add documentation and example
• d53118f SqlExceptionHandler: add StatementContext parameter, remove confusing return ...
• Additional commits viewable in compare view

Updates org.jdbi:jdbi3-sqlobject from 3.52.1 to 3.53.0

Release notes

Sourced from org.jdbi:jdbi3-sqlobject's releases.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Changelog

Sourced from org.jdbi:jdbi3-sqlobject's changelog.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

Commits

• 5361840 [maven-release-plugin] prepare release v3.53.0
• 59a8376 Release notes 3.53.0
• 1f1a5c5 freemarker: disable template class resolution
• 83465ac Merge remote-tracking branch 'origin/master' into sqlexception-handler-statem...
• 5d4191f Merge pull request #2969 from hgschmie/testcontainers2
• 05f9bdb align mysql docker image property name
• ce9f12c align oracle docker image property name
• ebceb8a move to testcontainers 2.x
• 9a42863 add documentation and example
• d53118f SqlExceptionHandler: add StatementContext parameter, remove confusing return ...
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-api from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-jcl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-jakarta-web from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-core from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-jcl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.4 to 2.26.0

Updates org.apache.logging.log4j:log4j-jakarta-web from 2.25.4 to 2.26.0

Updates io.sentry:sentry-log4j2 from 8.39.1 to 8.43.2

Release notes

Sourced from io.sentry:sentry-log4j2's releases.

8.43.2

Improvements

• Improve SDK init performance by replacing java.net.URI with custom string parsing for DSN (#5448)
• Remove unnecessary boxing to improve performance (#5520)

Fixes

• Session Replay: Fix VerifyError in Compose masking under DexGuard/R8 obfuscation (#5507)
• Session Replay: Fix Compose view masking not working on obfuscated/minified builds (#5503)

8.43.1

Fixes

• Session Replay: Fix replay recording freezing on screens with continuous animations (#5489)
• Session Replay: Populate trace_ids in replay events to enable searching replays by trace ID (#5473)

8.43.0

Features

• Session Replay: Add ReplayFrameObserver for observing captured replay frames (#5386)

  SentryAndroid.init(context) { options ->
    options.sessionReplay.frameObserver =
      SentryReplayOptions.ReplayFrameObserver { hint, frameTimestamp, screenName ->
        val bitmap = hint.getAs(TypeCheckHint.REPLAY_FRAME_BITMAP, Bitmap::class.java)
        if (bitmap != null) {
          try {
            // Process the masked replay frame
            myAnalyzer.processFrame(bitmap, frameTimestamp, screenName)
          } finally {
            bitmap.recycle()
          }
        }
      }
  }

• Parse ART memory and garbage collector info from ANR tombstones into ART context (#5428)

8.42.0

Features

• Add option to attach raw tombstone protobuf on native crash events (#5446)
  • Enable via options.isAttachRawTombstone = true or manifest: <meta-data android:name="io.sentry.tombstone.attach-raw" android:value="true" />
• Add API to clear feature flags from scopes (#5426)
• Add support to configure reporting historical ANRs via AndroidManifest.xml using the io.sentry.anr.report-historical attribute (#5387)

Dependencies

... (truncated)

Changelog

Sourced from io.sentry:sentry-log4j2's changelog.

8.43.2

Improvements

• Improve SDK init performance by replacing java.net.URI with custom string parsing for DSN (#5448)
• Remove unnecessary boxing to improve performance (#5520)

Fixes

• Session Replay: Fix VerifyError in Compose masking under DexGuard/R8 obfuscation (#5507)
• Session Replay: Fix Compose view masking not working on obfuscated/minified builds (#5503)

8.43.1

Fixes

• Session Replay: Fix replay recording freezing on screens with continuous animations (#5489)
• Session Replay: Populate trace_ids in replay events to enable searching replays by trace ID (#5473)

8.43.0

Features

• Session Replay: Add ReplayFrameObserver for observing captured replay frames (#5386)

  SentryAndroid.init(context) { options ->
    options.sessionReplay.frameObserver =
      SentryReplayOptions.ReplayFrameObserver { hint, frameTimestamp, screenName ->
        val bitmap = hint.getAs(TypeCheckHint.REPLAY_FRAME_BITMAP, Bitmap::class.java)
        if (bitmap != null) {
          try {
            // Process the masked replay frame
            myAnalyzer.processFrame(bitmap, frameTimestamp, screenName)
          } finally {
            bitmap.recycle()
          }
        }
      }
  }

• Parse ART memory and garbage collector info from ANR tombstones into ART context (#5428)

8.42.0

Features

• Add option to attach raw tombstone protobuf on native crash events (#5446)
  • Enable via options.isAttachRawTombstone = true or manifest: <meta-data android:name="io.sentry.tombstone.attach-raw" android:value="true" />
• Add API to clear feature flags from scopes (#5426)

... (truncated)

Commits

• b88ded9 release: 8.43.2
• 3594cd9 ref(core): Reduce unnecessary boxing and redundant null checks (JAVA-554) (#5...
• 0456f5c chore(deps): bump the github-actions group across 1 directory with 3 updates ...
• 887fd58 ci(spring-matrix): Replace sed hacks with targeted Gradle builds (#5397)
• 29f120b perf: Replace java.net.URI with custom string parsing in Dsn (#5448)
• 105d667 fix(license): Attribute vendored AndroidX Compose UI code in Session Replay (...
• 80199f8 docs(ai): Refresh AGENTS.md module list and fix coding.mdc command (#5517)
• 8c7718c fix(replay): Fix VerifyError in Compose masking under DexGuard/R8 obfuscation...
• abcd889 fix(replay): Fix Compose masking on obfuscated/minified builds (#5503)
• b936425 chore(deps): bump the github-actions group with 3 updates (#5498)
• Additional commits viewable in compare view

Updates com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.4

• Improved access expiration's read performance by avoiding false sharing effects caused by the timestamp update
• Fixed head-of-line blocking of expiration queues caused by in-flight async entries (#1954)
• Fixed various minor issues found using AI audits
• Added ObjectInputFilter support to JCache

Commits

• 836b65c use a consistent expiration tolerance calculation
• 0dc7daf resurrect in-flight async entries on expiration
• 0bac8b5 handle head-of-line blocking of expiration queues (fixes #1954)
• ff25836 test polish
• f3a6176 Fix JCache close/createCache races and recursive teardown
• 622fbe7 Fix removal in identity views and widen hill-climber counters
• 8da5a7a defer weighing the entry until after the putIfAbsent hit fast-path
• 94ad0ff Record eviction stats before notifying the removal listener consistently
• f94c011 Auto-assert eviction stats alongside notifications.withCause.exclusively
• 2e945e0 Skip timestamp writes within tolerance on the read path.
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.2 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

• Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

  When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

  With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

• Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

  This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

• Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

  Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

• Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

  This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

• Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

  The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

• Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

  This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

• Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

• Add default capacity to EnumTypeAdapter maps by @​MukjepScarlet in google/gson#2959
• refactor: move derived adapters from Gson to TypeAdapters by @​MukjepScarlet in google/gson#2951
• Optimize new Gson() by @​MukjepScarlet in google/gson#2864

New Contributors

• @​ThirdGoddess made their first contribution in google/gson#2944
• @​lmj798 made their first contribution in

[astappiev]

@dependabot rebase

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.