build(deps): bump the maven-minor-patch group across 1 directory with 160 updates

[dependabot]

Bumps the maven-minor-patch group with 157 updates in the / directory:

Package	From	To
org.apache.commons:commons-lang3	3.18.0	3.20.0
io.projectreactor.netty:reactor-netty-http	1.2.16	1.3.5
org.eclipse.angus:angus-mail	2.0.4	2.0.5
io.dropwizard:dropwizard-core	5.0.0	5.0.2
io.dropwizard:dropwizard-assets	5.0.0	5.0.2
io.dropwizard:dropwizard-client	5.0.0	5.0.2
io.dropwizard:dropwizard-http2	5.0.0	5.0.2
io.dropwizard:dropwizard-testing	5.0.0	5.0.2
io.dropwizard:dropwizard-json-logging	5.0.0	5.0.2
io.dropwizard:dropwizard-metrics	5.0.0	5.0.2
io.dropwizard:dropwizard-jersey	5.0.0	5.0.2
io.dropwizard:dropwizard-views	5.0.0	5.0.2
io.dropwizard:dropwizard-jetty	5.0.0	5.0.2
io.modelcontextprotocol.sdk:mcp-bom	1.1.1	1.1.3
io.modelcontextprotocol.sdk:mcp-core	1.1.1	1.1.3
io.modelcontextprotocol.sdk:mcp-json-jackson2	1.1.1	1.1.3
org.eclipse.jetty:jetty-server	12.1.7	12.1.10
org.eclipse.jetty.ee10:jetty-ee10-servlet	12.1.7	12.1.10
org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server	12.1.7	12.1.10
org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server	12.1.7	12.1.10
org.eclipse.jetty.ee10:jetty-ee10-servlets	12.1.7	12.1.10
org.eclipse.jetty:jetty-io	12.1.7	12.1.10
ch.qos.logback:logback-core	1.5.25	1.5.34
ch.qos.logback:logback-classic	1.5.25	1.5.34
ch.qos.logback.access:logback-access-jetty12	2.0.7	2.0.12
ch.qos.logback.access:logback-access-common	2.0.7	2.0.12
org.awaitility:awaitility	4.2.0	4.3.0
io.dropwizard:dropwizard-jdbi3	5.0.0	5.0.2
org.jdbi:jdbi3-core	3.37.1	3.53.0
org.jdbi:jdbi3-sqlobject	3.37.1	3.53.0
commons-cli:commons-cli	1.9.0	1.11.0
commons-io:commons-io	2.17.0	2.22.0
com.mysql:mysql-connector-j	9.3.0	9.7.0
com.google.code.gson:gson	2.13.1	2.14.0
io.swagger.core.v3:swagger-core	2.2.25	2.2.50
io.swagger.core.v3:swagger-jaxrs2	2.2.25	2.2.50
io.swagger.core.v3:swagger-integration	2.2.25	2.2.50
io.swagger.core.v3:swagger-annotations	2.2.25	2.2.50
jakarta.xml.bind:jakarta.xml.bind-api	4.0.2	4.0.5
io.prometheus:prometheus-metrics-instrumentation-dropwizard	1.3.6	1.6.1
org.mockito:mockito-core	5.5.0	5.23.0
org.mockito:mockito-junit-jupiter	5.7.0	5.23.0
com.amazon.redshift:redshift-jdbc42	2.2.2	2.2.7
org.slf4j:slf4j-api	2.0.4	2.0.18
org.slf4j:slf4j-simple	2.0.4	2.0.18
org.projectlombok:lombok	1.18.30	1.18.46
org.apache.tomcat:tomcat-jdbc	11.0.5	11.0.22
io.github.classgraph:classgraph	4.8.177	4.8.184
org.reflections:reflections	0.9.11	0.10.2
org.apache.logging.log4j:log4j-core	2.25.4	2.26.0
org.apache.logging.log4j:log4j-api	2.25.4	2.26.0
io.github.resilience4j:resilience4j-retry	2.3.0	2.4.0
io.github.resilience4j:resilience4j-ratelimiter	2.3.0	2.4.0
info.picocli:picocli	4.7.6	4.7.7
com.github.erosb:everit-json-schema	1.14.4	1.14.6
com.github.jknack:handlebars	4.5.0	4.5.1
com.microsoft.azure:msal4j	1.17.2	1.25.0
com.azure:azure-identity	1.15.2	1.18.3
io.netty:netty-bom	4.1.133.Final	4.2.15.Final
org.yaml:snakeyaml	2.3	2.6
org.apache.httpcomponents.core5:httpcore5-h2	5.3.5	5.4.2
org.apache.commons:commons-compress	1.26.0	1.28.0
tools.jackson:jackson-bom	3.1.3	3.1.4
software.amazon.awssdk:bom	2.41.30	2.46.0
org.jacoco:jacoco-maven-plugin	0.8.10	0.8.14
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.6.0	3.12.0
org.apache.maven.plugins:maven-gpg-plugin	3.0.1	3.2.8
org.apache.maven.plugins:maven-jxr-plugin	3.3.0	3.6.0
org.apache.maven.plugins:maven-enforcer-plugin	3.1.0	3.6.3
org.apache.maven.plugins:maven-clean-plugin	3.2.0	3.5.0
org.apache.maven.plugins:maven-deploy-plugin	3.0.0	3.1.4
org.apache.maven.plugins:maven-install-plugin	3.0.1	3.1.4
org.apache.maven.plugins:maven-resources-plugin	3.3.0	3.5.0
org.apache.maven.plugins:maven-assembly-plugin	3.4.2	3.8.0
org.apache.maven.plugins:maven-site-plugin	3.12.1	3.22.0
org.apache.maven.plugins:maven-dependency-plugin	3.6.0	3.11.0
org.apache.maven.plugins:maven-checkstyle-plugin	3.2.0	3.6.0
org.apache.maven.plugins:maven-release-plugin	3.0.1	3.3.1
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.15.0
org.apache.maven.plugins:maven-jar-plugin	3.3.0	3.5.0
org.apache.maven.plugins:maven-surefire-plugin	3.1.2	3.5.6
org.apache.maven.plugins:maven-surefire-report-plugin	3.1.2	3.5.6
org.codehaus.mojo:versions-maven-plugin	2.13.0	2.21.0
org.sonatype.central:central-publishing-maven-plugin	0.9.0	0.10.0
org.jsonschema2pojo:jsonschema2pojo-maven-plugin	1.3.1	1.3.3
org.jsonschema2pojo:jsonschema2pojo-core	1.3.1	1.3.3
com.flipkart.zjsonpatch:zjsonpatch	0.4.14	0.4.16
io.socket:socket.io-client	2.1.1	2.1.2
com.auth0:java-jwt	4.4.0	4.5.2
org.eclipse.parsson:parsson	1.1.5	1.1.9
org.apache.maven.plugins:maven-failsafe-plugin	3.1.2	3.5.6
commons-codec:commons-codec	1.17.1	1.22.0
co.elastic.clients:elasticsearch-java	9.2.4	9.4.2
org.apache.maven.plugins:maven-shade-plugin	3.6.0	3.6.2
org.codehaus.mojo:build-helper-maven-plugin	3.4.0	3.6.1
org.opensearch.client:opensearch-java	3.4.0	3.8.0
com.google.cloud:libraries-bom	26.73.0	26.83.0
jakarta.validation:jakarta.validation-api	3.0.2	3.1.1
com.nimbusds:nimbus-jose-jwt	10.0.2	10.9.1
net.minidev:json-smart	2.5.2	2.6.0
com.google.api-client:google-api-client	2.2.0	2.9.0
com.google.oauth-client:google-oauth-client	1.34.1	1.39.0
io.swagger.core.v3:swagger-core-jakarta	2.2.30	2.2.50
io.swagger.core.v3:swagger-jaxrs2-jakarta	2.2.30	2.2.50
com.azure:azure-security-keyvault-secrets	4.10.7	4.11.0
com.azure:azure-identity-extensions	1.0.0	1.2.8
jakarta.servlet:jakarta.servlet-api	6.0.0	6.1.0
io.micrometer:micrometer-bom	1.14.5	1.16.5
io.micrometer:micrometer-observation	1.14.5	1.16.5
io.micrometer:micrometer-registry-prometheus	1.14.5	1.16.5
io.micrometer:micrometer-core	1.14.5	1.16.5
io.dropwizard.metrics:metrics-core	4.2.19	4.2.39
ai.djl:api	0.34.0	0.36.0
ai.djl.pytorch:pytorch-engine	0.34.0	0.36.0
ai.djl.huggingface:tokenizers	0.34.0	0.36.0
org.skyscreamer:jsonassert	1.5.1	1.5.3
io.jsonwebtoken:jjwt	0.9.1	0.13.0
com.auth0:jwks-rsa	0.22.1	0.24.1
io.socket:socket.io-server	4.0.1	4.1.2
io.socket:engine.io-server	6.2.1	6.3.2
org.freemarker:freemarker	2.3.33	2.3.34
org.apache.commons:commons-csv	1.12.0	1.14.1
com.opencsv:opencsv	5.9	5.12.0
org.quartz-scheduler:quartz	2.5.0-rc2	2.5.2
com.mchange:c3p0	0.12.0	0.13.0
com.google.guava:guava	33.4.8-jre	33.6.0-jre
com.slack.api:bolt-servlet	1.44.1	1.49.0
com.slack.api:slack-api-client	1.44.1	1.49.0
io.github.jamsesso:json-logic-java	1.0.7	1.1.0
org.apache.calcite:calcite-core	1.36.0	1.42.0
org.commonmark:commonmark	0.26.0	0.28.0
org.commonmark:commonmark-ext-gfm-strikethrough	0.26.0	0.28.0
org.commonmark:commonmark-ext-autolink	0.26.0	0.28.0
org.commonmark:commonmark-ext-gfm-tables	0.26.0	0.28.0
com.azure:azure-storage-blob	12.31.1	12.34.0
org.apache.poi:poi	5.4.1	5.5.1
org.apache.poi:poi-ooxml	5.4.1	5.5.1
org.apache.poi:poi-scratchpad	5.4.1	5.5.1
org.apache.tika:tika-core	3.2.3	3.3.1
org.apache.tika:tika-parser-ocr-module	3.2.3	3.3.1
org.codehaus.mojo:buildnumber-maven-plugin	3.0.0	3.3.0
io.swagger.core.v3:swagger-maven-plugin-jakarta	2.2.30	2.2.50
org.testcontainers:junit-jupiter	1.20.3	1.21.4
org.testcontainers:k3s	1.20.3	1.21.4
com.github.docker-java:docker-java-bom	3.4.2	3.7.1
com.microsoft.playwright:playwright	1.49.0	1.60.0
org.codehaus.mojo:rpm-maven-plugin	2.2.0	2.3.0
io.github.openfeign:feign-core	13.5	13.12
io.github.openfeign:feign-jackson	13.5	13.12
io.github.openfeign:feign-slf4j	13.5	13.12
io.github.openfeign:feign-okhttp	13.5	13.12
org.openapitools:jackson-databind-nullable	0.2.6	0.2.10
io.swagger.parser.v3:swagger-parser	2.1.23	2.1.43
com.google.auth:google-auth-library-oauth2-http	1.29.0	1.47.0
org.mozilla:rhino	1.7.15.1	1.9.1
org.openapitools:openapi-generator-maven-plugin	7.13.0	7.22.0

Updates org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0

Updates io.projectreactor.netty:reactor-netty-http from 1.2.16 to 1.3.5

Release notes

Sourced from io.projectreactor.netty:reactor-netty-http's releases.

v1.3.5

Reactor Netty 1.3.5 is part of 2025.0.5 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.8.5 by @​violetagg in b68dacab12f5ff46575f9009f34ea676a212879d, see release notes
• Depend on Netty v4.2.12.Final by @​violetagg in #4167
• Depend on Netty QUIC Codec v0.0.75.Final by @​violetagg in #4148
• Depend on Brave v6.3.1 by @​dependabot[bot] in #4159
• Optimise uri construction with baseUrl in HttpClientHandler by @​violetagg in #4130
• Optimise UriEndpoint#toSocketAddressStringWithoutDefaultPort by @​violetagg in #4131
• Store resolved SocketAddress in UriEndpoint for absolute URLs by @​violetagg in #4132
• Lazily compute HttpClientOperations#resourceUrl by @​violetagg in #4135
• Pre-compute path in UriEndpoint when URI is provided by @​violetagg in #4136
• Cleanup HTTP/2 WebSocket extension handlers by @​violetagg in #4152
• Optimise Flux body accumulation for GET/HEAD/DELETE requests by @​violetagg in #4164
• Fix HTTP/3 connection pool max streams handling by @​violetagg in #4182

🐞 Bug fixes

• Ensure connection concurrency and acquired counters are updated before delivering the slot by @​violetagg in #4179
• Fix StackOverflowError in ServerTransport graceful shutdown by @​violetagg in #4181
• Fix invalidated connection reuse in Http2Pool by @​violetagg in #4180

New Contributors

• @​Junuu made their first contribution in #4137

Full Changelog: reactor/reactor-netty@v1.3.4...v1.3.5

v1.3.4

Reactor Netty 1.3.4 is part of 2025.0.4 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.8.4 by @​chemicL in 53e8319e6fc66e101c3b52fc3a1267a891d1aeff, see release notes
• Avoid DefaultChannelId generation for DisposedChannel by @​violetagg in #4095
• Push-based maxConcurrentStreams update via SETTINGS frame handler by @​violetagg in #4106
• Add configurable maxLifeTime with per-resource variance by @​violetagg in #4111
• Add Http2AllocationStrategy#streamBatchSize for batched stream dispatching by @​violetagg in #4114
• Override isSharable() explicitly to avoid annotation lookup by @​violetagg in #4120
• Add fast-path short-circuit for is100ContinueExpected check by @​violetagg in #4123
• Cache resolved HttpHeadersFactory instances to avoid repeated allocation by @​violetagg in #4124

🐞 Bug fixes

• Add FlushConsolidationHandler to H2C upgrade pipeline by @​violetagg in #4097
• Fix Http2Pool returning connection to the pool before H2C upgrade completes by @​violetagg in #4098
• Fix Http2Pool ACQUIRED counter not rolled back when deliver is rejected by @​violetagg in #4099

... (truncated)

Commits

• b68daca [release] Prepare and release 1.3.5
• f8fc51b Merge-ignore release 1.2.17 into 1.3.5
• 4cffaf0 [release] Back to snapshots, next is 1.2.18-SNAPSHOT
• 3f6ae4c Defer asciidoctor-pdf check to execution time
• 9f6f3e0 [release] Prepare and release 1.2.17
• 7b2c429 Merge #4190 into 1.3.5
• 6225c6d Bump ruby/setup-ruby from 1.299.0 to 1.301.0 (#4190)
• f4f9b50 Bump org.bouncycastle:bcpkix-jdk18on from 1.83 to 1.84 (#4191)
• 5b344dc Merge #4187 into 1.3.5
• e177f39 Bump @​springio/antora-extensions from 1.14.10 to 1.14.11 in /docs (#4187)
• Additional commits viewable in compare view

Updates org.eclipse.angus:angus-mail from 2.0.4 to 2.0.5

Release notes

Sourced from org.eclipse.angus:angus-mail's releases.

Angus Mail 2.0.5 Final Release

What's Changed

• Ee10 11 sync by @​jbescos in eclipse-ee4j/angus-mail#181
• 2.0.4 release by @​lukasj in eclipse-ee4j/angus-mail#182
• activation api 2.1.4, mail api 2.1.5, angus activation 2.0.3 by @​lukasj in eclipse-ee4j/angus-mail#183

Full Changelog: eclipse-ee4j/angus-mail@2.0.4...2.0.5

Commits

• a7a4a37 Prepare release org.eclipse.angus:all:2.0.5
• a7d6745 activation api 2.1.4, mail api 2.1.5, angus activation 2.0.3
• c93dde0 Merge pull request #182 from eclipse-ee4j/2.0.4-RELEASE
• ddcc8e3 From-Address not parsed correctly #161 (#174)
• c4e72d2 Update github action versions
• f160633 OAuth2.md: POP3 works with O365 with towlines
• acbb015 Update changes files, it was wrong (#177)
• b96c2c3 Rename resource files so JakartaMail and JavaMail can co-exist (#171)
• 8d4a8ce Update CHANGES.txt
• dbd22ec Remove this-escape compiler warnings #141 (#142)
• Additional commits viewable in compare view

Updates io.dropwizard:dropwizard-core from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-assets from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-client from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-http2 from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-testing from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-json-logging from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-metrics from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-jersey from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-views from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-jetty from 5.0.0 to 5.0.2

Updates io.modelcontextprotocol.sdk:mcp-bom from 1.1.1 to 1.1.3

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-bom's releases.

v1.1.3

What's changed

• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943 (backport)
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946 (backport)

Full Changelog: modelcontextprotocol/java-sdk@v1.1.2...v1.1.3

v1.1.2

What's Changed

• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann in modelcontextprotocol/java-sdk#900

Full Changelog: modelcontextprotocol/java-sdk@v1.1.1...v1.1.2

Commits

• f4c25f0 Release version 1.1.3
• 45589ad Fix assertions in HttpClientSseClientTransportTests
• 0be6032 DefaultSseMessageEndpointValidator allows same-origin message endpoints
• f4c8371 Validate message endpoint in SSE client transport
• 34e9b8c Next development version
• e9e1a2f Release version 1.1.2
• 141063c Polish gh-906
• 92bb47b feat: add support for meta parameter in client paginated list queries (#906)
• 9ead4d1 Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports
• 8e1c5d0 HttpClientStreamableHttpTransport: handle HTTP 405
• Additional commits viewable in compare view

Updates io.modelcontextprotocol.sdk:mcp-core from 1.1.1 to 1.1.3

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-core's releases.

v1.1.3

What's changed

• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943 (backport)
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946 (backport)

Full Changelog: modelcontextprotocol/java-sdk@v1.1.2...v1.1.3

v1.1.2

What's Changed

• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann in modelcontextprotocol/java-sdk#900

Full Changelog: modelcontextprotocol/java-sdk@v1.1.1...v1.1.2

Commits

• f4c25f0 Release version 1.1.3
• 45589ad Fix assertions in HttpClientSseClientTransportTests
• 0be6032 DefaultSseMessageEndpointValidator allows same-origin message endpoints
• f4c8371 Validate message endpoint in SSE client transport
• 34e9b8c Next development version
• e9e1a2f Release version 1.1.2
• 141063c Polish gh-906
• 92bb47b feat: add support for meta parameter in client paginated list queries (#906)
• 9ead4d1 Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports
• 8e1c5d0 HttpClientStreamableHttpTransport: handle HTTP 405
• Additional commits viewable in compare view

Updates io.modelcontextprotocol.sdk:mcp-json-jackson2 from 1.1.1 to 1.1.3

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-json-jackson2's releases.

v1.1.3

What's changed

• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943 (backport)
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946 (backport)

Full Changelog: modelcontextprotocol/java-sdk@v1.1.2...v1.1.3

v1.1.2

What's Changed

• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann in modelcontextprotocol/java-sdk#900

Full Changelog: modelcontextprotocol/java-sdk@v1.1.1...v1.1.2

Commits

• f4c25f0 Release version 1.1.3
• 45589ad Fix assertions in HttpClientSseClientTransportTests
• 0be6032 DefaultSseMessageEndpointValidator allows same-origin message endpoints
• f4c8371 Validate message endpoint in SSE client transport
• 34e9b8c Next development version
• e9e1a2f Release version 1.1.2
• 141063c Polish gh-906
• 92bb47b feat: add support for meta parameter in client paginated list queries (#906)
• 9ead4d1 Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports
• 8e1c5d0 HttpClientStreamableHttpTransport: handle HTTP 405
• Additional commits viewable in compare view

Updates io.modelcontextprotocol.sdk:mcp-core from 1.1.1 to 1.1.3

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-core's releases.

v1.1.3

What's changed

• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943 (backport)
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946 (backport)

Full Changelog: modelcontextprotocol/java-sdk@v1.1.2...v1.1.3

v1.1.2

What's Changed

• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann in modelcontextprotocol/java-sdk#900

Full Changelog: modelcontextprotocol/java-sdk@v1.1.1...v1.1.2

Commits

• f4c25f0 Release version 1.1.3
• 45589ad Fix assertions in HttpClientSseClientTransportTests
• 0be6032 DefaultSseMessageEndpointValidator allows same-origin message endpoints
• f4c8371 Validate message endpoint in SSE client transport
• 34e9b8c Next development version
• e9e1a2f Release version 1.1.2
• 141063c Polish gh-906
• 92bb47b feat: add support for meta parameter in client paginated list queries (#906)
• 9ead4d1 Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports
• 8e1c5d0 HttpClientStreamableHttpTransport: handle HTTP 405
• Additional commits viewable in compare view

Updates io.modelcontextprotocol.sdk:mcp-json-jackson2 from 1.1.1 to 1.1.3

Release notes

Sourced from io.modelcontextprotocol.sdk:mcp-json-jackson2's releases.

v1.1.3

What's changed

• Validate message endpoint in SSE client transport by @​Kehrlann in modelcontextprotocol/java-sdk#943 (backport)
• DefaultSseMessageEndpointValidator allows same-origin message endpoints by @​Kehrlann in modelcontextprotocol/java-sdk#946 (backport)

Full Changelog: modelcontextprotocol/java-sdk@v1.1.2...v1.1.3

v1.1.2

What's Changed

• HttpClientStreamableHttpTransport: handle HTTP 405 by @​Kehrlann in modelcontextprotocol/java-sdk#900

Full Changelog: modelcontextprotocol/java-sdk@v1.1.1...v1.1.2

Commits

• f4c25f0 Release version 1.1.3
• 45589ad Fix assertions in HttpClientSseClientTransportTests
• 0be6032 DefaultSseMessageEndpointValidator allows same-origin message endpoints
• f4c8371 Validate message endpoint in SSE client transport
• 34e9b8c Next development version
• e9e1a2f Release version 1.1.2
• 141063c Polish gh-906
• 92bb47b feat: add support for meta parameter in client paginated list queries (#906)
• 9ead4d1 Fix UTF-8 encoding for non-ASCII tool names in HTTP client transports
• 8e1c5d0 HttpClientStreamableHttpTransport: handle HTTP 405
• Additional commits viewable in compare view

Updates org.eclipse.jetty:jetty-server from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10:jetty-ee10-servlets from 12.1.7 to 12.1.10

Updates org.eclipse.jetty:jetty-io from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server from 12.1.7 to 12.1.10

Updates org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server from 12.1.7 to 12.1.10

Updates io.dropwizard:dropwizard-assets from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-client from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-http2 from 5.0.0 to 5.0.2

Updates io.dropwizard:dropwizard-testing from 5.0.0 to 5.0.2

Updates ch.qos.logback:logback-core from 1.5.25 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

... (truncated)

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.25 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

... (truncated)

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates ch.qos.logback.access:logback-access-jetty12 from 2.0.7 to 2.0.12

Updates ch.qos.logback.access:logback-access-common from 2.0.7 to 2.0.12

Updates io.dropwizard:dropwizard-json-logging from 5.0.0 to 5.0.2

Updates org.awaitility:awaitility from 4.2.0 to 4.3.0

Changelog

Sourced from org.awaitility:awaitility's changelog.

Changelog 4.3.0 (2025-02-21)

• Support for kotlin.time.Duration in Kotlin DSL (thanks to Ivo Šmíd for PR)

• Upgraded kotlin version in the awaitility-kotlin module to 2.1.10

• Using a more descriptive error message when using VERY long wait conditions or poll du...

  Description has been truncated

[github-actions]

Hi there 👋 Thanks for your contribution!

The OpenMetadata team will review the PR shortly! Once it has been labeled as safe to test, the CI workflows
will start executing and we'll be able to make sure everything is working as expected.

Let us know if you need any help!