chore(deps): Bump pulsar-version from 4.0.6 to 4.1.0

[dependabot]

Bumps pulsar-version from 4.0.6 to 4.1.0.
Updates org.apache.pulsar:pulsar-client from 4.0.6 to 4.1.0

Release notes

Sourced from org.apache.pulsar:pulsar-client's releases.

v4.1.0

Approved PIPs

• [improve][pip] PIP-292: Enforce token expiration time in the Websockets plugin (#20953)
• [improve][pip] PIP-391: Enable batch index ACK by default (#23567)
• [improve][pip] PIP-409: support producer configuration for retry/dead letter topic producer (#24022)
• [improve][pip] PIP-416: Add a new topic method to implement trigger offload by size threshold (#24276)
• [improve][pip] PIP-425: Support connecting with next available endpoint for multi-endpoint serviceUrls (#24394)
• [improve][pip] PIP-427: Align pulsar-admin Default for Mark-Delete Rate with Broker Configuration (#24425)
• [improve][pip] PIP-429: Optimize Handling of Compacted Last Entry by Skipping Payload Buffer Parsing (#24439)
• [pip] PIP-430: Pulsar Broker cache improvements: refactoring eviction and adding a new cache strategy based on expected read count (#24444)
• [improve][pip] PIP-431: Add Creation and Last Publish Timestamps to Topic Stats (#24469)
• [improve][pip] PIP-432: Add isEncrypted field to EncryptionContext (#24481)
• [improve][pip] PIP-433: Optimize the conflicts of the replication and automatic creation mechanisms, including the automatic creation of topics and schemas (#24485)
• [improve][pip] PIP-435: Add startTimestamp and endTimestamp for consuming messages in client cli (#24524)
• [improve][pip]PIP-422 Support global topic-level policy: replicated clusters and new API to delete topic-level policies (#24368)
• [improve][pip]PIP-436: Add decryptFailListener to Consumer (#24572)
• [feat][pip] PIP-420: Provide ability for Pulsar clients to integrate with third-party schema registry service (#24328)
• [improve] [pip] PIP-373: Add a topic's system prop that indicates whether users have published TXN messages in before. (#23210)
• [improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, requestTimeout, and connectionTimeout (#23222)
• [improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total (#23351)
• [pip] PIP-428: Change TopicPoliciesService interface to fix consistency issues (#24428)

Library updates

• [improve][broker] Upgrade avro version to 1.12.0 (#24617)
• [improve][broker] Upgrade bookkeeper to 4.17.2/commons-configuration to 2.x/grpc to 1.72.0 and enable ZooKeeper client to establish connection in read-only mode (#24468)
• [fix][sec] Bump commons-io version to 2.18.0 (#23684)
• [fix][sec] Mitigate CVE-2024-53990 by disabling AsyncHttpClient CookieStore (#23725)
• [fix][sec] Remove dependency on out-dated commons-configuration 1.x (#24562)
• [fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (#23532)
• [fix][sec] Upgrade async-http-client to 2.12.4 to address CVE-2024-53990 (#23732)
• [fix][sec] Upgrade bouncycastle bcpkix-fips version to 1.79 to address CVE-2025-8916 (#24650)
• [fix][sec] Upgrade golang.org/x/crypto from 0.21.0 to 0.31.0 in pulsar-function-go (#23743)
• [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (#24232)
• [fix][sec] Upgrade jwt/v5 to 5.2.2 to address CVE-2025-30204 (#24140)
• [fix][sec] Upgrade Kafka connector and clients version to 3.9.1 to address CVE-2025-27818 (#24564)
• [fix][sec] Upgrade pulsar-function-go dependencies to address CVE-2025-22868 (#24547)
• [fix][sec] Upgrade to Netty 4.1.115.Final to address CVE-2024-47535 (#23596)
• [fix][sec] Upgrade to Netty 4.1.118 (#23965)
• [fix][sec] Upgrade to Netty 4.1.124.Final to address CVE-2025-55163 (#24637)
• [fix][sec] Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#23581)
• [fix][build] Upgrade json-smart to 2.5.2 (#23966)
• [improve][io] Upgrade AWS SDK v1 & v2, Kinesis KPL and KPC versions (#24661)
• [improve][io] Upgrade Kafka client and compatible Confluent platform version (#24201)
• [improve][io] Upgrade Spring version to 6.1.13 in IO Connectors (#23459)
• [improve][io] Upgrade Spring version to 6.1.14 in IO Connectors (#23481)
• [improve][monitor] Upgrade OTel to 1.41.0 (#23484)
• [improve][monitor] Upgrade OTel to 1.45.0 (#23756)
• [fix][misc] Upgrade dependencies to fix critical security vulnerabilities (#24532)

... (truncated)

Commits

• 368381a [fix][client] Fix potential NPE in TypedMessageBuilderImpl (#24691)
• 520ff32 Release 4.1.0
• 45d71f8 [improve][client] PIP-420: Supports users implement external schemas (#24488)
• 4a4e692 [improve][doc] Cleanup some legacy PIP documents and improve PIP listing (#24...
• e466f45 [improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total...
• 66b69ad [fix][broker]User topic failed to delete after removed cluster because of fai...
• f767149 [improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, request...
• 8fd5bf5 [fix][client] Fix ArrayIndexOutOfBoundsException when using SameAuthParamsLoo...
• 03e0787 [improve][test]Add new test PartitionCreationTest.testGetPoliciesIfPartitions...
• a035c6e [improve][doc] Update PIP links in PIP documents converted from the wiki and ...
• Additional commits viewable in compare view

Updates org.apache.pulsar:pulsar-client-admin from 4.0.6 to 4.1.0

Release notes

Sourced from org.apache.pulsar:pulsar-client-admin's releases.

v4.1.0

Approved PIPs

• [improve][pip] PIP-292: Enforce token expiration time in the Websockets plugin (#20953)
• [improve][pip] PIP-391: Enable batch index ACK by default (#23567)
• [improve][pip] PIP-409: support producer configuration for retry/dead letter topic producer (#24022)
• [improve][pip] PIP-416: Add a new topic method to implement trigger offload by size threshold (#24276)
• [improve][pip] PIP-425: Support connecting with next available endpoint for multi-endpoint serviceUrls (#24394)
• [improve][pip] PIP-427: Align pulsar-admin Default for Mark-Delete Rate with Broker Configuration (#24425)
• [improve][pip] PIP-429: Optimize Handling of Compacted Last Entry by Skipping Payload Buffer Parsing (#24439)
• [pip] PIP-430: Pulsar Broker cache improvements: refactoring eviction and adding a new cache strategy based on expected read count (#24444)
• [improve][pip] PIP-431: Add Creation and Last Publish Timestamps to Topic Stats (#24469)
• [improve][pip] PIP-432: Add isEncrypted field to EncryptionContext (#24481)
• [improve][pip] PIP-433: Optimize the conflicts of the replication and automatic creation mechanisms, including the automatic creation of topics and schemas (#24485)
• [improve][pip] PIP-435: Add startTimestamp and endTimestamp for consuming messages in client cli (#24524)
• [improve][pip]PIP-422 Support global topic-level policy: replicated clusters and new API to delete topic-level policies (#24368)
• [improve][pip]PIP-436: Add decryptFailListener to Consumer (#24572)
• [feat][pip] PIP-420: Provide ability for Pulsar clients to integrate with third-party schema registry service (#24328)
• [improve] [pip] PIP-373: Add a topic's system prop that indicates whether users have published TXN messages in before. (#23210)
• [improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, requestTimeout, and connectionTimeout (#23222)
• [improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total (#23351)
• [pip] PIP-428: Change TopicPoliciesService interface to fix consistency issues (#24428)

Library updates

• [improve][broker] Upgrade avro version to 1.12.0 (#24617)
• [improve][broker] Upgrade bookkeeper to 4.17.2/commons-configuration to 2.x/grpc to 1.72.0 and enable ZooKeeper client to establish connection in read-only mode (#24468)
• [fix][sec] Bump commons-io version to 2.18.0 (#23684)
• [fix][sec] Mitigate CVE-2024-53990 by disabling AsyncHttpClient CookieStore (#23725)
• [fix][sec] Remove dependency on out-dated commons-configuration 1.x (#24562)
• [fix][sec] Replace bcprov-jdk15on dependency with bcprov-jdk18-on (#23532)
• [fix][sec] Upgrade async-http-client to 2.12.4 to address CVE-2024-53990 (#23732)
• [fix][sec] Upgrade bouncycastle bcpkix-fips version to 1.79 to address CVE-2025-8916 (#24650)
• [fix][sec] Upgrade golang.org/x/crypto from 0.21.0 to 0.31.0 in pulsar-function-go (#23743)
• [fix][sec] Upgrade Jetty to 9.4.57.v20241219 to mitigate CVE-2024-6763 (#24232)
• [fix][sec] Upgrade jwt/v5 to 5.2.2 to address CVE-2025-30204 (#24140)
• [fix][sec] Upgrade Kafka connector and clients version to 3.9.1 to address CVE-2025-27818 (#24564)
• [fix][sec] Upgrade pulsar-function-go dependencies to address CVE-2025-22868 (#24547)
• [fix][sec] Upgrade to Netty 4.1.115.Final to address CVE-2024-47535 (#23596)
• [fix][sec] Upgrade to Netty 4.1.118 (#23965)
• [fix][sec] Upgrade to Netty 4.1.124.Final to address CVE-2025-55163 (#24637)
• [fix][sec] Upgrade Zookeeper to 3.9.3 to address CVE-2024-51504 (#23581)
• [fix][build] Upgrade json-smart to 2.5.2 (#23966)
• [improve][io] Upgrade AWS SDK v1 & v2, Kinesis KPL and KPC versions (#24661)
• [improve][io] Upgrade Kafka client and compatible Confluent platform version (#24201)
• [improve][io] Upgrade Spring version to 6.1.13 in IO Connectors (#23459)
• [improve][io] Upgrade Spring version to 6.1.14 in IO Connectors (#23481)
• [improve][monitor] Upgrade OTel to 1.41.0 (#23484)
• [improve][monitor] Upgrade OTel to 1.45.0 (#23756)
• [fix][misc] Upgrade dependencies to fix critical security vulnerabilities (#24532)

... (truncated)

Commits

• 368381a [fix][client] Fix potential NPE in TypedMessageBuilderImpl (#24691)
• 520ff32 Release 4.1.0
• 45d71f8 [improve][client] PIP-420: Supports users implement external schemas (#24488)
• 4a4e692 [improve][doc] Cleanup some legacy PIP documents and improve PIP listing (#24...
• e466f45 [improve] [pip] PIP-382: Add a label named reason for topic_load_failed_total...
• 66b69ad [fix][broker]User topic failed to delete after removed cluster because of fai...
• f767149 [improve] [pip] PIP-375 Expose the Admin client configs: readTimeout, request...
• 8fd5bf5 [fix][client] Fix ArrayIndexOutOfBoundsException when using SameAuthParamsLoo...
• 03e0787 [improve][test]Add new test PartitionCreationTest.testGetPoliciesIfPartitions...
• a035c6e [improve][doc] Update PIP links in PIP documents converted from the wiki and ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟

🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run

• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot.

• You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.

• Build and test logs are available in the Summary page. Only Apache Camel committers have access to the summary.

• ⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

[oscerd]

/component-tests pulsar

Result ✅ The tests passed successfully

[github-actions]

🤖 The Apache Camel test robot will run the tests for you 👍