Skip to content

chore(deps): bump the low-risk group with 6 updates#353

Merged
RichardSlater merged 1 commit intomainfrom
dependabot/maven/low-risk-1708ed1280
Mar 30, 2026
Merged

chore(deps): bump the low-risk group with 6 updates#353
RichardSlater merged 1 commit intomainfrom
dependabot/maven/low-risk-1708ed1280

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the low-risk group with 6 updates:

Package From To
org.springframework.boot:spring-boot-dependencies 3.5.12 3.5.13
com.nimbusds:oauth2-oidc-sdk 11.34 11.37
io.netty:netty-codec-http 4.2.10.Final 4.2.12.Final
io.netty:netty-codec 4.2.10.Final 4.2.12.Final
io.netty:netty-common 4.2.10.Final 4.2.12.Final
io.netty:netty-handler 4.2.10.Final 4.2.12.Final

Updates org.springframework.boot:spring-boot-dependencies from 3.5.12 to 3.5.13

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.13

⚠️ Attention Required

  • Jackson has been upgraded to 2.21.2 in response to the Jackson team ending support for Jackson 2.19.x and 2.20.x. #49365

🐞 Bug Fixes

  • WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49750
  • Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49734
  • Override of property in external 'application.properties' or 'application.yaml' is ignored #49724
  • Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49716
  • NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49661
  • @GraphQlTest does not include @ControllerAdvice #49660

📔 Documentation

  • Fix incorrect indefinite articles in Javadoc #49723
  • Add some more Kotlin examples and trivial style fixes #49710

🔨 Dependency Upgrades

  • Upgrade to Hibernate 6.6.45.Final #49757
  • Upgrade to jOOQ 3.19.31 #49758
  • Upgrade to Netty 4.1.132.Final #49759
  • Upgrade to Tomcat 10.1.53 #49760
  • Upgrade to Undertow 2.3.24.Final #49761
  • Upgrade to Zipkin Reporter 3.5.3 #49756

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, and @​ljrmorgan

Commits
  • 4a4c79f Release v3.5.13
  • 696a60e Full auto-configure transaction management in slice tests
  • 4b37ecb Upgrade to Undertow 2.3.24.Final
  • 32a51d5 Upgrade to Tomcat 10.1.53
  • 0934296 Upgrade to Netty 4.1.132.Final
  • 851ddda Upgrade to jOOQ 3.19.31
  • ef876fe Upgrade to Hibernate 6.6.45.Final
  • 2841d87 Upgrade to Zipkin Reporter 3.5.3
  • 025b527 Fix WebSocketMessagingAutoConfiguration in the absence of Jackson
  • 3282672 Make DevTools tests more tolerant to wrapped DataSource
  • Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.34 to 11.37

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits
  • d98de1a [maven-release-plugin] prepare for next development iteration
  • 2ea716f Shortens InvalidClientException messages
  • ed5773c TokenRevocationRequest receives custom form parameters support
  • e133559 Updates tests for shortened InvalidClientException messages
  • fe43e1f [maven-release-plugin] prepare release 11.35
  • 73224c9 [maven-release-plugin] prepare for next development iteration
  • f3f7286 Adds static JSONObjectUtils.getNonNegativeLong methods
  • d6899e0 Cleans up JSONObjectUtils.getEnum(net.minidev.json.JSONObject, java.lang.Stri...
  • 9b05d23 Adds non-negative checks when parsing Date instances from Unix timestamps (is...
  • 592d8f4 Adds "acr" and "auth_time" parameter (RFC 9470) support to TokenIntrospection...
  • Additional commits viewable in compare view

Updates io.netty:netty-codec-http from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-codec's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates io.netty:netty-common from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-common's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates io.netty:netty-handler from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-handler's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.2.10.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-codec's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

@dependabot
chore(deps): bump the low-risk group with 6 updates
f483a4c 
Bumps the low-risk group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.5.12` | `3.5.13` |
| [com.nimbusds:oauth2-oidc-sdk](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) | `11.34` | `11.37` |
| [io.netty:netty-codec-http](https://github.com/netty/netty) | `4.2.10.Final` | `4.2.12.Final` |
| [io.netty:netty-codec](https://github.com/netty/netty) | `4.2.10.Final` | `4.2.12.Final` |
| [io.netty:netty-common](https://github.com/netty/netty) | `4.2.10.Final` | `4.2.12.Final` |
| [io.netty:netty-handler](https://github.com/netty/netty) | `4.2.10.Final` | `4.2.12.Final` |


Updates `org.springframework.boot:spring-boot-dependencies` from 3.5.12 to 3.5.13
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.12...v3.5.13)

Updates `com.nimbusds:oauth2-oidc-sdk` from 11.34 to 11.37
- [Changelog](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/branches/compare/11.37..11.34)

Updates `io.netty:netty-codec-http` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-codec` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-common` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-handler` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-codec` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-common` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

Updates `io.netty:netty-handler` from 4.2.10.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.10.Final...netty-4.2.12.Final)

---
updated-dependencies:
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 3.5.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: com.nimbusds:oauth2-oidc-sdk
  dependency-version: '11.37'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: io.netty:netty-codec-http
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-codec
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-common
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-handler
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-codec
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-common
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: io.netty:netty-handler
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Mar 30, 2026
Copilot AI review requested due to automatic review settings March 30, 2026 08:09
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Mar 30, 2026
@dependabot dependabot bot review requested due to automatic review settings March 30, 2026 08:09
@RichardSlater
Copy link
Copy Markdown
Contributor

RichardSlater commented Mar 30, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines bot commented Mar 30, 2026

Azure Pipelines successfully started running 1 pipeline(s).

RichardSlater
RichardSlater approved these changes Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@RichardSlater RichardSlater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch version bumps, standard pre-approved change.

@RichardSlater RichardSlater enabled auto-merge (squash) March 30, 2026 09:24
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 30, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RichardSlater RichardSlater merged commit d58e156 into main Mar 30, 2026
2 checks passed
@RichardSlater RichardSlater deleted the dependabot/maven/low-risk-1708ed1280 branch March 30, 2026 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RichardSlater RichardSlater RichardSlater approved these changes

Assignees

@RichardSlater RichardSlater

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RichardSlater