Bump quarkus.platform.version from 3.7.3 to 3.7.4

[dependabot]

Bumps quarkus.platform.version from 3.7.3 to 3.7.4.
Updates io.quarkus:quarkus-bom from 3.7.3 to 3.7.4

Release notes

Sourced from io.quarkus:quarkus-bom's releases.

3.7.4

Complete changelog

• #37608 - gRPC starter app is using legacy approach, single HTTP server should be used instead
• #38236 - Adding a decorator causes bytecode error
• #38504 - NPE on oidc-client when quarkus.oidc-client.grant-options.password.password not provided
• #38533 - 'Unable to find a JDBC driver' for Hibernate Reactive after updating to 3.7.1
• #38683 - Build time performance regression and bigger native binaries when migrating from 3.5 to 3.6 or 3.7
• #38688 - Making sure deployment modules excluded in POM files aren't pulled in by the Gradle plugin
• #38721 - Java 21: @VirtualThreadUnit produces very slow tests
• #38763 - Enable an injection of the OIDC code flow access token verificaton material
• #38767 - Fail early if OIDC client password grant is misconfigured
• #38771 - Adds an implementation note about @VirtualThreadUnit limitations
• #38775 - Use the right MongoDB ClientSession interface
• #38776 - OidcRequestFilter with OidcEndpoint applied to all endpoints
• #38777 - OIDC Code flow access token verification goes ahead even if the ID token verification has failed
• #38779 - Fix OidcEndpoint annotation processing
• #38784 - Fix guide URL in RESTEasy Client extension
• #38785 - ArC: fix interception when some methods return void
• #38798 - Using custom header in REST client together with @NotBody annotated argument results in warning from EndpointIndexer
• #38800 - Don't warn about @NotBody use in @GET methods in REST Client
• #38802 - Multipart form data is interpreted as a file although it's not a file
• #38803 - OIDC server is erroneously shown as not available
• #38810 - Expand types which are considered text in multipart handling
• #38815 - Support security identity propagation in VT
• #38816 - Propagate Vert.x context on all ExecutorService methods for VirtualThreadExecutor
• #38817 - Mocking Singleton does not work even when using @MockitoConfig(convertScopes = true) - Bean produced from factory method
• #38818 - Allow RunAndCheckMojoTestBase subclasses to override how much memory extension tests are allowed
• #38819 - Add response text to the OIDC bootstrap log errors
• #38821 - Configure SISU bean filtering for the bootstrap Maven resolver
• #38824 - Memory leak when using FT Fallback with dependent beans
• #38833 - Keycloak Admin Client Reactive error id: 9009f9b4-1d58-4011-9ff2-49b87bb59ddd-1: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "authHeader" is null
• #38836 - Fix Keycloak Admin Client Reactive Jackson reader provider priority so that the client can work when the JSONB REST client extension is present
• #38837 - Quarkus create new project fails when -DnoCode is used and artifactId is not set properly
• #38843 - Check the code flow access token after ID token
• #38844 - Fix copy/paste typo
• #38849 - Ensure that generated project GAV is always set
• #38851 - Kafka integration tests fail with latest Mandrel/GraalVM 24.1-dev builds
• #38853 - [3.7] Perform security checks on inherited endpoints before payload deserialization in the RESTEasy Reactive
• #38855 - Make registration of OAuthBearerValidatorCallbackHandler conditional
• #38858 - Testing: fix @MockitoConfig(convertScopes=true) with auto-producers
• #38859 - Fix warning when launching dev mode specifying quarkus-maven-plugin GAV on the command line
• #38865 - Update commons-compress version to mitigate CVE-2024-25710
• #38866 - Sporadic error in custom readiness check using keycloak-admin-client: IllegalStateException: Client is closed
• #38868 - Add config flag to disable jacoco
• #38882 - Quartz - prevent memory leak when Job instance is a @Dependent bean
• #38886 - Ignore ValidationSchema that results in registering all models
• #38888 - SmallRye Health: terminate request context properly
• #38889 - Kafka reactive messaging extension incompatible with Micrometer Prometheus extension for Quarkus 3.7.*

... (truncated)

Commits

• c8ac990 [RELEASE] - Bump version to 3.7.4
• bc84000 Merge pull request #38864 from gsmet/3.7.4-backports-1
• 4611ba6 Attempt to fix flaky DependentBeanJobTest
• 943784b Ignore ValidationSchema that results in registering all models
• 4d54338 SmallRye Health: terminate request context properly
• d4e9086 Disable messaging observation by default for backwards compatibility
• bdac5c7 Log resolved OIDC tenant id and how the bearer token is found
• f1ab295 Update commons-compress version to mitigate CVE-2024-25710
• 45c86cc Quartz - prevent memory leak when Job instance is a @​Dependent bean
• ca7c1bd Check the code flow access token after ID token
• Additional commits viewable in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.7.3 to 3.7.4

Commits

• 98e6573 [maven-release-plugin] prepare release 3.7.4
• 84eca8b Free more disk space on GitHub actions runners
• c45d630 Merge pull request #1126 from gsmet/quarkus-3.7.4
• be6bb23 Upgrade to Quarkus 3.7.4
• 20c293d [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates io.quarkus:quarkus-container-image-docker from 3.7.3 to 3.7.4

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud