Bump the libs group across 1 directory with 16 updates

[dependabot]

Bumps the libs group with 16 updates in the / directory:

Package	From	To
org.jetbrains.kotlinx:kotlinx-coroutines-test	1.9.0	1.10.1
io.arrow-kt:arrow-core	1.2.4	2.0.0
io.arrow-kt:arrow-fx-coroutines	1.2.4	2.0.0
com.nimbusds:nimbus-jose-jwt	9.41.2	9.48
com.nimbusds:oauth2-oidc-sdk	11.20	11.20.1
org.bouncycastle:bcpkix-jdk18on	1.78.1	1.79
com.google.crypto.tink:tink	1.15.0	1.16.0
org.keycloak:keycloak-admin-client	26.0.2	26.0.3
id.walt.mdoc-credentials:waltid-mdoc-credentials-jvm	0.8.0	0.10.0
org.springframework.boot	3.3.4	3.4.1
io.spring.dependency-management	1.1.6	1.1.7
org.jetbrains.kotlin.jvm	2.0.20	2.1.0
org.jetbrains.kotlin.plugin.spring	2.0.20	2.1.0
org.jetbrains.kotlin.plugin.serialization	2.0.20	2.1.0
org.owasp.dependencycheck	10.0.4	11.1.1
org.sonarqube	5.1.0.4882	6.0.1.5171

Updates org.jetbrains.kotlinx:kotlinx-coroutines-test from 1.9.0 to 1.10.1

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-coroutines-test's releases.

Version 1.10.1

• Fixed binary incompatibility introduced for non-JVM targets in #4261 (#4309).

1.10.0

• Kotlin was updated to 2.1.0 (#4284).
• Introduced Flow.any, Flow.all, and Flow.none (#4212). Thanks, @​CLOVIS-AI!
• Reorganized kotlinx-coroutines-debug and kotlinx-coroutines-core code to avoid a split package between the two artifacts (#4247). Note that directly referencing kotlinx.coroutines.debug.AgentPremain must now be replaced with kotlinx.coroutines.debug.internal.AgentPremain. Thanks, @​sellmair!
• No longer shade byte-buddy in kotlinx-coroutines-debug, reducing the artifact size and simplifying the build configuration of client code. Thanks, @​sellmair!
• Fixed NullPointerException when using Java-deserialized kotlinx-coroutines-core exceptions (#4291). Thanks, @​AlexRiedler!
• Properly report exceptions thrown by CoroutineDispatcher.dispatch instead of raising internal errors (#4091). Thanks, @​zuevmaxim!
• Fixed a bug that delayed scheduling of a Dispatchers.Default or Dispatchers.IO task after a yield() in rare scenarios (#4248).
• Fixed a bug that prevented the main() coroutine on Wasm/WASI from executing after a delay() call in some scenarios (#4239).
• Fixed scheduling of runBlocking tasks on Kotlin/Native that arrive after the runBlocking block was exited (#4245).
• Fixed some terminal Flow operators sometimes resuming without taking cancellation into account (#4254). Thanks, @​jxdabc!
• Fixed a bug on the JVM that caused coroutine-bound ThreadLocal values not to get cleaned when using non-CoroutineDispatcher continuation interceptors (#4296).
• Small tweaks, fixes, and documentation improvements.

Changelog

Sourced from org.jetbrains.kotlinx:kotlinx-coroutines-test's changelog.

Version 1.10.1

• Fixed binary incompatibility introduced for non-JVM targets in #4261 (#4309).

Version 1.10.0

• Kotlin was updated to 2.1.0 (#4284).
• Introduced Flow.any, Flow.all, and Flow.none (#4212). Thanks, @​CLOVIS-AI!
• Reorganized kotlinx-coroutines-debug and kotlinx-coroutines-core code to avoid a split package between the two artifacts (#4247). Note that directly referencing kotlinx.coroutines.debug.AgentPremain must now be replaced with kotlinx.coroutines.debug.internal.AgentPremain. Thanks, @​sellmair!
• No longer shade byte-buddy in kotlinx-coroutines-debug, reducing the artifact size and simplifying the build configuration of client code. Thanks, @​sellmair!
• Fixed NullPointerException when using Java-deserialized kotlinx-coroutines-core exceptions (#4291). Thanks, @​AlexRiedler!
• Properly report exceptions thrown by CoroutineDispatcher.dispatch instead of raising internal errors (#4091). Thanks, @​zuevmaxim!
• Fixed a bug that delayed scheduling of a Dispatchers.Default or Dispatchers.IO task after a yield() in rare scenarios (#4248).
• Fixed a bug that prevented the main() coroutine on Wasm/WASI from executing after a delay() call in some scenarios (#4239).
• Fixed scheduling of runBlocking tasks on Kotlin/Native that arrive after the runBlocking block was exited (#4245).
• Fixed some terminal Flow operators sometimes resuming without taking cancellation into account (#4254). Thanks, @​jxdabc!
• Fixed a bug on the JVM that caused coroutine-bound ThreadLocal values not to get cleaned when using non-CoroutineDispatcher continuation interceptors (#4296).
• Small tweaks, fixes, and documentation improvements.

Commits

• ee92d16 Version 1.10.1
• 9a773f1 Ignore a flaky test
• 2a9b88c Fix binary incompatibility introduced in #4261 (#4310)
• 33b18cd Version 1.10.0
• d2f2717 Merge remote-tracking branch 'origin/master' into develop
• bed3d29 Introduce Flow.any, Flow.all, Flow.none
• ec83195 Disable timing-sensitive test on Windows
• 8f83057 Do not initialize non-mocked Dispatchers.Main unnecessarily (#4301)
• f8c0304 Properly cleanup thread locals for non-CoroutineDispatcher-intercepte… (#4303)
• 2cafea4 Update Kotlin to 2.1.0 (#4284)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-core from 1.2.4 to 2.0.0

Release notes

Sourced from io.arrow-kt:arrow-core's releases.

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-core's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• 9131152 chore(deps): update all dependencies (#3541)
• e5fde90 chore(deps): update all dependencies (#3540)
• 89be074 chore(deps): update all dependencies (#3538)
• 3808d09 More overloads for collectors (#3539)
• 63b162f Prepare for 2.0 publication
• a203862 Add and fix contracts for inline functions (#3535)
• 5026cfd Defer optics generation of invalid classes to later ksp rounds (#3537)
• 2319143 chore(deps): update all dependencies (#3536)
• b490817 Change zipOrAccumulate to not use delegated properties to prevent IAE (#3533)
• 06ea5b9 Ensure AutoCloseScope and ResourceScope only ever call finalizers once (#3530)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-fx-coroutines from 1.2.4 to 2.0.0

Release notes

Sourced from io.arrow-kt:arrow-fx-coroutines's releases.

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-fx-coroutines's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• 9131152 chore(deps): update all dependencies (#3541)
• e5fde90 chore(deps): update all dependencies (#3540)
• 89be074 chore(deps): update all dependencies (#3538)
• 3808d09 More overloads for collectors (#3539)
• 63b162f Prepare for 2.0 publication
• a203862 Add and fix contracts for inline functions (#3535)
• 5026cfd Defer optics generation of invalid classes to later ksp rounds (#3537)
• 2319143 chore(deps): update all dependencies (#3536)
• b490817 Change zipOrAccumulate to not use delegated properties to prevent IAE (#3533)
• 06ea5b9 Ensure AutoCloseScope and ResourceScope only ever call finalizers once (#3530)
• Additional commits viewable in compare view

Updates io.arrow-kt:arrow-fx-coroutines from 1.2.4 to 2.0.0

Release notes

Sourced from io.arrow-kt:arrow-fx-coroutines's releases.

2.0.0

The new major release of Arrow! 🎉

This version strives to be source compatible with 1.2, if deprecated methods and classes are not used. Please check the Arrow website for the full release notes.

2.0.0-rc.1

Release candidate for the new major version

2.0.0-beta.3

No release notes provided.

Changelog

Sourced from io.arrow-kt:arrow-fx-coroutines's changelog.

Release flow

0. Previous checks

• No broken links in the website
• Dependencies in arrow-stack/build.gradle:
  • The new modules are considered
  • The old modules don't appear

1. Create a pull request

Prepare a pull request with these changes:

1. Update versions in arrow-libs/gradle.properties. For instance, the release version will be 0.10.5 and the next SNAPSHOT version will be 0.11.0-SNAPSHOT:

projects.version=0.11.0-SNAPSHOT
projects.latestVersion=0.10.5

2. Update versions in README.md

When merging that pull request, these things will happen automatically:

• New RELEASE version will be published for all the Arrow libraries into Sonatype staging repository.
• A tag will be created with the RELEASE version.
• Release notes will be created and associated to that tag.
• The website will be updated with a new RELEASE version (doc and doc/major.minor directories)

2. Close and release

Then, close and release the Sonatype repository to sync with Maven Central:

1. Login to https://oss.sonatype.org/ > Staging repositories
2. Check the content of the new staging repository
3. Select the staging repository and Close (it will check if the content meet the requirements)
4. Select the staging repository and Release to sync with Maven Central
5. Drop and repeat if there are issues.

NOTE: This plugin provides tasks for closing and releasing the staging repositories. However, that plugin must be applied to the root project, and it would be necessary to discard modules for publication. Let's keep this note here to give it a try later on.

About signing artifacts with GPG/PGP

One of the requirements for artifacts available in Central Maven is being signed with GPG/PGP.

These secrets are involved to meet that requirement:

• ORG_GRADLE_PROJECT_SIGNINGKEY: private key from Generating a Key Pair
• ORG_GRADLE_PROJECT_SIGNINGPASSWORD: passphrase from Generating a Key Pair

To verify artifacts during Close task, the public key must be distributed to a key server: Distributing Your Public Key.

... (truncated)

Commits

• 9131152 chore(deps): update all dependencies (#3541)
• e5fde90 chore(deps): update all dependencies (#3540)
• 89be074 chore(deps): update all dependencies (#3538)
• 3808d09 More overloads for collectors (#3539)
• 63b162f Prepare for 2.0 publication
• a203862 Add and fix contracts for inline functions (#3535)
• 5026cfd Defer optics generation of invalid classes to later ksp rounds (#3537)
• 2319143 chore(deps): update all dependencies (#3536)
• b490817 Change zipOrAccumulate to not use delegated properties to prevent IAE (#3533)
• 06ea5b9 Ensure AutoCloseScope and ResourceScope only ever call finalizers once (#3530)
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 9.41.2 to 9.48

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

9.41.2 (2024-10-01) * JWEHeader must support the special case of an "aud" header value of type string (iss #569).

9.42 (2024-10-28) * Promotes getCompatibleAlgorithms from MACSigner to MACProvider. * Promotes getMinRequiredSecretLength from MACSigner to MACProvider. * Removes the Set argument from the protected MACProvider constructors, the compatible HSxxx algorithms are now determined within the constructor. * MACVerifier must enforce a minimum secret key length of 384 bits for HS384 and of 512 bits for HS512 (iss #563). * OctetSequenceKeyGenerator must support "exp", "nbf" and "iat" (iss #575). * Updates to com.google.crypto.tink:tink:1.15.0

9.43 (2024-10-31) * Adds JWK.toRevokedJWK(KeyRevocation) method.

9.44 (2024-11-01) * JWKMatcher receives a capability to match non-revoked and revoked keys only, with JWKMatcher.Builder.nonRevokedOnly and revokedOnly. * Adds JWKMatcher.Builder.withKeyUseOnly, deprecating hasKeyUse. * Adds JWKMatcher.Builder.withKeyIDOnly, deprecating hasKeyID. * Adds JWKMatcher.Builder.withX509CertChainOnly, deprecating hasX509CertChain.

9.45 (2024-11-01) * New JWKMatcher.Builder(JWKMatcher) constructor.

9.46 (2024-11-08) * Adds JWKParameterNames.PUBLIC constant Set with the standard public JWK parameter names.

9.47 (2024-11-14) * Adds static JSONArrayUtils.parse(String). * Adds static JSONArrayUtils.toJSONString(List). * JSONObjectUtils.toJSONString must throw NPE on null String (iss #577). * Fixes regression: Invalid JSON was accepted in versions 9.24+ (iss #574).

9.48 (2024-12-20) * Adds static JWTClaimsSet.getClaimAsString(String) to get the specified JWT claim (registered or custom) as String, with primitive or Wrapper types converted to String.

Commits

• See full diff in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.20 to 11.20.1

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 5e425ec [maven-release-plugin] prepare for next development iteration
• 6d97ef0 Updates README
• 7968337 Sanitises ErrorObject inputs from OIDCResponseTypeValidator.validate, Authent...
• 2dd5cc1 [maven-release-plugin] prepare release 11.20.1
• See full diff in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.78.1 to 1.79

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      TBD.

2.2.1 Version Release: 1.79 Date:      2024, 30th October.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.crypto.tink:tink from 1.15.0 to 1.16.0

Release notes

Sourced from com.google.crypto.tink:tink's releases.

Tink Java v1.16.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Java 1.16.0

What's new

The complete list of changes since 1.15.0 can be found here.

• Added new API AndroidKeystore, which is now the preferred way to interact with the Android Keystore.
• Before this release, the decision whether to use Conscrypt was done at time of class loading of some specific internal classes. If Conscrypt was not installed before the specific class for a primitive was loaded, Conscrypt was never used. Now, the decision is made whenever a new primitive is instantiated.
• In HPKE, use Conscrypt implementation of X25519 when available. On Android, it is available since API version 31. This makes HPKE both faster and uses less memory.
• Updated deps:
  • protobuf (4.28.2)
• Allow @AccessesPartialKey to be applied to fields and local variables, as well as methods and classes.
• Added support for X-AES-GCM, which is an AEAD algorithm with extended nonce. It uses AES-CMAC for key derivation and AES-GCM for encryption. It is a generalization of the specification in https://c2sp.org/XAES-256-GCM.
• Added configurations that allow specifying what key types are when using Tink in your application. Tink provides defaults (ConfigurationV0) that are backwards compatible with behavior before configs were introduced.

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Maven:

<dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink</artifactId>
    <version>1.16.0</version>
</dependency>

Gradle:

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.16.0'
}

Bazel:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
RULES_JVM_EXTERNAL_TAG = "4.5"
RULES_JVM_EXTERNAL_SHA ="b17d7388feb9bfa7f2fa09031b32707df529f26c91ab9e5d909eb1676badd9a6"
</tr></table>

... (truncated)

Commits

• a8214b8 Bump tink-java version to 1.16.0
• be4a93a Add X-AES-GCM proto to Tink Go
• 10eb316 Add Wycheproof test vectors to AES-CMAC PRF tests in Java.
• e1959dc Add XAesGcm to AeadConfigurationV0.
• e906eb4 Allow @AccessesPartialKey to apply to fields and local variables as well
• 992e758 Internally deprecate X-AES-GCM inconsistent template naming
• fdaa503 Add a Test Vector for AesCtrHmac.
• 9659b06 Move PRF AES-CMAC test-vectors into its own class.
• d973df3 Merge #48 by osipxd
• fc8acd3 Update Gradle to 8.5, based on cl/699313517 since cushon@ is OOO this week.
• Additional commits viewable in compare view

Updates org.keycloak:keycloak-admin-client from 26.0.2 to 26.0.3

Updates id.walt.mdoc-credentials:waltid-mdoc-credentials-jvm from 0.8.0 to 0.10.0

Updates org.springframework.boot from 3.3.4 to 3.4.1

Release notes

Sourced from org.springframework.boot's releases.

v3.4.1

🐞 Bug Fixes

• KafkaProperties fail to build SSL properties when the bundle name is an empty string #43563
• Diagnostics are poor when property resolution throws a ConversionFailedException #43559
• SpringApplicationShutdownHandlers do not run in deterministic order #43536
• Unable to find a @SpringBootConfiguration results in misleading error message #43507
• With multiple ResourceHandlerRegistrationCustomizer beans in the context, only one of them is used #43497
• Unable to use Docker Compose support when mixing dedicated and shared services #43472
• Kafka dependency management does not include the kafka-server module #43454
• Docker API version is incorrectly reported when '/_ping` calls fail and version should be fixed #43452
• Methods to build producer / consumer properties from KafkaProperties are inconvienenent to use without an SSL bundle #43448
• Failures in -Djarmode=tools do not consistently return a non-zero exit #43436
• HttpComponentsClientHttpRequestFactoryBuilder replaces the existing defaultRequestConfigCustomizer rather than adding to it #43429
• spring-boot-maven-plugin sets imagePlatform even if it's empty #43424
• OnBeanCondition fails to match on annotations when using Scoped Proxies #43423
• Failure analysis for InvalidConfigurationPropertyValueException doesn't correctly handle fuzzy matching of environment variables #43382
• H2ConsoleAutoConfiguration causes early initialization of DataSource beans #43359
• Accept progress on numbers >2GB #43356
• Servlet-based UserDetailsServiceAutoConfiguration is active in a reactive app #43334
• StructuredLoggingJsonMembersCustomizer implementations declared in spring.factories with a generic type more specific than Object are not called #43312
• Overriding log level with an environment variable does not work when using an environment prefix #43307
• Management endpoint access and enabled properties are ignored unless the endpoint ID is an exact match #43302
• UnsupportedOperationException when starting a Maven shaded application on Java 21 with virtual threads enabled #43291
• JmsListener failing with Narayana (pooled ConnectionFactory) since 3.4.0 #43277
• SslBundle can no longer open store file locations without using a 'file:' prefix #43274
• TestRestTemplate does not allow redirects to be customized #43258
• Testcontainers start() methods may be started multiple times #43253

📔 Documentation

• Fix typo in documentation #43558
• Document that server.ssl.cipher and server.ssl.enabled-protocols are not fallbacks used with SSL bundles #43552
• Use <annotationProcessorPaths> in Maven examples for configuring an annotation processor #43544
• Fix typo #43519
• Links to logback javadoc are incorrect #43456
• Fix JUnit javadoc links #43428
• Reference documentation incorrectly uses 'disabled' rather than 'none' for access restrictions #43351
• Restore System property in Logging section of the reference documentation #43342
• Fix link to proxyBeanMethods in @AutoConfiguration javadoc #43325
• Fix links to Servlet and JPA javadoc #43324
• Link to @EnableMethodSecurity instead of the deprecated @EnableGlobalMethodSecurity #43315
• Document that StructuredLoggingJsonMembersCustomizer implementations may optionally take constructor parameters #43314
• Update javadoc of StructuredLoggingJsonMembersCustomizer to note that implementations can registered through spring.factories #43313
• Fix Javadoc link for Hikari #43311
• Document how to use structured logging with custom log configuration #43301
• Update Javadoc since for OtlpMetricsProperties and OtlpTracingProperties #43249

🔨 Dependency Upgrades

... (truncated)

Commits

• 1832852 Release v3.4.1
• c9e8174 Merge branch '3.3.x'
• 316fe52 Next development version (v3.3.8-SNAPSHOT)
• 4300ee9 Merge branch '3.3.x'
• da59380 Upgrade to Spring Batch 5.2.1
• a085a01 Upgrade to Spring Batch 5.1.3
• fcc569e Upgrade to Hibernate 6.6.4.Final
• 1b8fcb6 Merge pull request #43560 from arefbehboudi
• dbc1fc2 Polish
• ef43160 Merge branch '3.3.x'
• Additional commits viewable in compare view

Updates io.spring.dependency-management from 1.1.6 to 1.1.7

Release notes

Sourced from io.spring.dependency-management's releases.

v1.1.7

🐞 Bug Fixes

• Dependency management report task produces a deprecation warning with Gradle 8.12-rc-1 #400
• ExclusionResolver makes assumptions that won't hold true with Gradle 9 #394

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​octylFractal

Commits

• 99c6a87 Release v1.1.7
• e870ef7 Address another deprecation warning in report take
• fc43f90 Stop report task from triggering a deprecation warning
• 0d1b43d Merge pull request #394 from octylFractal
• 09853a2 Check for ModuleComponentIdentifier explicitly
• e85cd28 Next development version (v1.1.7-SNAPSHOT)
• See full diff in compare view

Updates org.jetbrains.kotlin.jvm from 2.0.20 to 2.1.0

Release notes

Sourced from org.jetbrains.kotlin.jvm's releases.

Kotlin 2.1.0

Changelog

Analysis API

New Features

• KT-68603 KotlinDirectInheritorsProvider: add an option to ignore non-kotlin results

Performance Improvements

• KT-70757 Performance problem in KaFirVisibilityChecker for KaFirPsiJavaClassSymbol

Fixes

• KT-70437 Class reference is not resolvable
• KT-57733 Analysis API: Use optimized ModuleWithDependenciesScopes in combined symbol providers
• KT-72389 K2: False positive "Redundant 'protected' modifier" for protected property inside protected constructor from private or internal class
• KT-69190 K2: False-positive "redundant private modifier"
• KT-64984 Analysis API: Support Wasm target
• KT-70375 K2: NPE at org.jetbrains.kotlin.analysis.api.fir.symbols.KaFirNamedClassSymbolBase.createPointer
• KT-71259 K2 evaluator: Invalid smart cast info collecting for Code Fragments
• KT-69360 Lack of implicit receiver for the last statement under lambda in scripts
• KT-70890 Analysis API: Experiment with weak references to LL FIR/analysis sessions in session caches
• KT-70657 Analysis API: Inner types from classes with generics are incorrectly represented by the compiled jars
• KT-71055 Suspend calls inside 'analyze()' break the block guarantees
• KT-70815 Analysis API: Implement stop-the-world session invalidation
• KT-69819 K2 IDE: LHS type in callable references is unresolved when it has type arguments and is qualified
• KT-68761 Analysis API: Experiment with limited-size cache in KaFirSessionProvider
• KT-70384 Analysis API Standalone: The same class in the same two renamed jars is unresolved
• KT-71067 Exceptions from references cancel Find Usages
• KT-69535 Redesign 'containingSymbol'
• KT-71025 K2 IDE: Scopes in "importingScopeContext" have reversed ordering and "indexInTower" values
• KT-67483 K2 IDE: Serializable plugin causes infinite resolve recursion when there is a star import from a class with annotation call
• KT-69416 K2 IDE / Completion: “No classifier found” on simple value creating
• KT-70257 CCE: class kotlin.UInt cannot be cast to class java.lang.Number
• KT-70376 K2 IDE / Kotlin Debugger: IAE “Only componentN functions should be cached this way, but got: toString” on evaluating toString() method for value class
• KT-70264 AA: service registration via XML fails with AbstractMethodError in Lint CLI
• KT-69950 Analysis API: Introduce isSubtypeOf(ClassId)
• KT-68625 K2: “lazyResolveToPhase(STATUS) cannot be called from a transformer with a phase STATUS.”
• KT-67665 K2: contract violation for value class with a constructor parameter with an implicit type
• KT-67009 Analysis API: Add abbreviated type tests for type aliases from source modules
• KT-69977 KaFirFunctionalType#getAbbreviation is always null
• KT-68341 Analysis API: Expanded function types from libraries don't have an abbreviated type
• KT-68857 Analysis API: Refactor annotations
• KT-70386 Do not filter out overloads from different libraries in dangling files
• KT-65552 K2: CANNOT_CHECK_FOR_ERASED in KtTypeCodeFragment
• KT-65803 K2: Analysis API: KtFirTypeProvider#getSubstitutedSuperTypes throws an exception in the case of "Wrong number of type arguments"
• KT-68896 Support VirtualFile binary dependency inputs to Analysis API modules
• KT-69395 K2 IDE: incorrect overload selection from binary dependencies in a shared native source set

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin.jvm's changelog.

2.1.0

Analysis API

New Features

• KT-68603 KotlinDirectInheritorsProvider: add an option to ignore non-kotlin results

Performance Improvements

• KT-70757 Performance problem in KaFirVisibilityChecker for KaFirPsiJavaClassSymbol

Fixes

• KT-70437 Class reference is not resolvable
• KT-57733 Analysis API: Use optimized ModuleWithDependenciesScopes in combined symbol providers
• KT-72389 K2: False positive "Redundant 'protected' modifier" for protected property inside protected constructor from private or internal class
• KT-69190 K2: False-positive "redundant private modifier"
• KT-64984 Analysis API: Support Wasm target
• KT-70375 K2: NPE at org.jetbrains.kotlin.analysis.api.fir.symbols.KaFirNamedClassSymbolBase.createPointer
• KT-71259 K2 evaluator: Invalid smart cast info collecting for Code Fragments
• KT-69360 Lack of implicit receiver for the last statement under lambda in scripts
• KT-70890 Analysis API: Experiment with weak references to LL FIR/analysis sessions in session caches
• KT-70657 Analysis API: Inner types from classes with generics are incorrectly represented by the compiled jars
• KT-71055 Suspend calls inside 'analyze()' break the block guarantees
• KT-70815 Analysis API: Implement stop-the-world session invalidation
• KT-69819 K2 IDE: LHS type in callable references is unresolved when it has type arguments and is qualified
• KT-68761 Analysis API: Experiment with limited-size cache in KaFirSessionProvider
• KT-70384 Analysis API Standalone: The same class in the same two renamed jars is unresolved
• KT-71067 Exceptions from references cancel Find Usages

[babisRoutis]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.