Skip to content

chore(deps): Bump com.cedarsoftware:java-util from 4.106.0 to 4.107.0#24484

Merged
davsclaus merged 1 commit into
mainfrom
dependabot/maven/com.cedarsoftware-java-util-4.107.0
Jul 7, 2026
Merged

chore(deps): Bump com.cedarsoftware:java-util from 4.106.0 to 4.107.0#24484
davsclaus merged 1 commit into
mainfrom
dependabot/maven/com.cedarsoftware-java-util-4.107.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps com.cedarsoftware:java-util from 4.106.0 to 4.107.0.

Release notes

Sourced from com.cedarsoftware:java-util's releases.

4.107.0

java-util 4.107.0

Performance (concurrency) — removed the dominant multi-threaded deserialization lock. ClassUtilities.trySetAccessible probed a Collections.synchronizedMap(WeakHashMap) on every object instantiation and field injection. Under concurrent load that single monitor serialized worker threads — 13-thread profiling of concurrent json-io reads showed ~74% of threads BLOCKED on it. It's now a lock-free ConcurrentHashMap; post-change profiling shows zero threads blocked. Single-threaded performance is unchanged. This directly improves json-io's concurrent read scaling.

Performance — ReflectionUtils.getAllConstructors(Class) no longer allocates on a cache hit. It's now keyed directly by Class with a get()-first fast path (no per-probe key allocation, no capturing compute lambda on hits); the redundant SortedConstructorsCacheKey wrapper was removed. Anti-poisoning/security semantics are unchanged.

Documentation — ClassValueMap / ClassValueSet Javadoc, userguide.md, and README.md now document their critical usage constraints. They are specialists for a few, pre-populated, read-mostly class registries — not general-purpose faster Map<Class,V> / Set<Class>. The docs now cover: the non-local cost (every Class has one small, PROBE_LIMIT-bounded ClassValue cache array shared across all ClassValue instances, so many instances thrash each other and the advantage inverts past ~10); that lazy get-then-put population is an anti-pattern (put() invalidates the whole ClassValue → ≈O(N²) warm-up); and that the strong-referencing backing store forfeits ClassValue's leak-safety. No behavioral change.


Full changelog: https://github.com/jdereg/java-util/blob/master/changelog.md

Changelog

Sourced from com.cedarsoftware:java-util's changelog.

4.107.0 - 2026-07-06

  • DOCUMENTATION: ClassValueMap and ClassValueSet Javadoc, userguide.md, and README.md now document the critical usage constraints uncovered by profiling. These are specialists, not general-purpose faster Map<Class,V>/Set<Class>: they win only for a few, pre-populated, read-mostly class registries. The docs now spell out (1) the non-local cost — every Class has one small, PROBE_LIMIT-bounded ClassValue cache array shared across all ClassValue instances, so many instances keyed on the same classes thrash each other and the "faster than ConcurrentHashMap" advantage inverts past ~10; (2) that lazy get-then-put population is an anti-pattern because put() invalidates the whole ClassValue (≈O(N²) as classes warm up); and (3) that the strong-referencing backing store forfeits ClassValue's leak-safety. No behavioral change.
  • PERFORMANCE (concurrency): ClassUtilities.trySetAccessible no longer serializes concurrent callers on a single lock. Its accessibilityCache was a Collections.synchronizedMap(WeakHashMap) probed on every object instantiation and field injection; under multi-threaded deserialization this monitor was the dominant contention point — 13-thread profiling of concurrent json-io reads showed ~74% of worker threads BLOCKED on it, and after the change profiling shows zero threads blocked on it. It is now a lock-free ConcurrentHashMap. The map only ever stores failures (members whose module refuses to open — JPMS-sealed platform/JDK internals on the bootstrap loader, which are never unloaded), so dropping the weak keys retains no application or dynamically-loaded (e.g. Groovy) classloaders; caching logic is otherwise unchanged. Single-threaded performance is unchanged.
  • PERFORMANCE: ReflectionUtils.getAllConstructors(Class) no longer allocates on a cache hit. It previously wrapped the class in a SortedConstructorsCacheKey on every call just to probe the cache, and passed a capturing compute lambda that was allocated at the call site even when unused — both per-object costs on hot reflection/deserialization paths (e.g. json-io's per-instance construction). The cache is now keyed directly by Class (which already has identity equals/hashCode, so the anti-poisoning/security semantics are unchanged), with a get()-first fast path that allocates nothing on hits; the redundant SortedConstructorsCacheKey class was removed.
Commits
  • 49c02cc Build: bump json-io test dependency 4.105.0 -> 4.106.0
  • 1930f38 Documentation: scope ClassValueMap/ClassValueSet to their niche + document th...
  • 7192c0e Performance: lock-free ClassUtilities.accessibilityCache (removes concurrent-...
  • 36101fd Performance: ReflectionUtils.getAllConstructors keyed by Class (drop per-prob...
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [com.cedarsoftware:java-util](https://github.com/jdereg/java-util) from 4.106.0 to 4.107.0.
- [Release notes](https://github.com/jdereg/java-util/releases)
- [Changelog](https://github.com/jdereg/java-util/blob/master/changelog.md)
- [Commits](jdereg/java-util@4.106.0...4.107.0)

---
updated-dependencies:
- dependency-name: com.cedarsoftware:java-util
  dependency-version: 4.107.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🧪 CI tested the following changed modules:

  • parent

POM dependency changes: targeted tests included

Changed properties: java-util-version

Modules affected by dependency changes (1)
  • :camel-headersmap

🔬 Scalpel shadow comparison — Scalpel: 9 tested, 29 compile-only — current: 0 all tested

Maveniverse Scalpel detected 38 affected modules (current approach: 0).

⚠️ Modules only in Scalpel (38)
  • apache-camel
  • camel-allcomponents
  • camel-catalog
  • camel-catalog-console
  • camel-catalog-lucene
  • camel-catalog-maven
  • camel-catalog-suggest
  • camel-componentdsl
  • camel-csimple-maven-plugin
  • camel-endpointdsl
  • camel-endpointdsl-support
  • camel-headersmap
  • camel-itest
  • camel-jbang-core
  • camel-jbang-it
  • camel-jbang-main
  • camel-jbang-mcp
  • camel-jbang-plugin-edit
  • camel-jbang-plugin-generate
  • camel-jbang-plugin-kubernetes
  • camel-jbang-plugin-mcp
  • camel-jbang-plugin-route-parser
  • camel-jbang-plugin-test
  • camel-jbang-plugin-tui
  • camel-jbang-plugin-validate
  • camel-kamelet-main
  • camel-launcher
  • camel-launcher-container
  • camel-report-maven-plugin
  • camel-route-parser
  • camel-yaml-dsl
  • camel-yaml-dsl-deserializers
  • camel-yaml-dsl-maven-plugin
  • camel-yaml-dsl-validator
  • camel-yaml-dsl-validator-maven-plugin
  • coverage
  • docs
  • dummy-component

Changed properties: java-util-version

Skip-tests mode would test 9 modules (1 direct + 8 downstream), skip tests for 29 (generated code, meta-modules)

Modules Scalpel would test (9)
  • camel-headersmap
  • camel-jbang-mcp
  • camel-jbang-plugin-mcp
  • camel-jbang-plugin-route-parser
  • camel-jbang-plugin-tui
  • camel-jbang-plugin-validate
  • camel-launcher-container
  • camel-yaml-dsl-validator
  • camel-yaml-dsl-validator-maven-plugin
Modules with tests skipped (29)
  • apache-camel
  • camel-allcomponents
  • camel-catalog
  • camel-catalog-console
  • camel-catalog-lucene
  • camel-catalog-maven
  • camel-catalog-suggest
  • camel-componentdsl
  • camel-csimple-maven-plugin
  • camel-endpointdsl
  • camel-endpointdsl-support
  • camel-itest
  • camel-jbang-core
  • camel-jbang-it
  • camel-jbang-main
  • camel-jbang-plugin-edit
  • camel-jbang-plugin-generate
  • camel-jbang-plugin-kubernetes
  • camel-jbang-plugin-test
  • camel-kamelet-main
  • camel-launcher
  • camel-report-maven-plugin
  • camel-route-parser
  • camel-yaml-dsl
  • camel-yaml-dsl-deserializers
  • camel-yaml-dsl-maven-plugin
  • coverage
  • docs
  • dummy-component

ℹ️ Shadow mode — Scalpel observes but does not affect test execution. Learn more

All tested modules (39 modules)
  • Camel :: All Components Sync point
  • Camel :: Assembly
  • Camel :: Catalog :: CSimple Maven Plugin (deprecated)
  • Camel :: Catalog :: Camel Catalog
  • Camel :: Catalog :: Camel Report Maven Plugin
  • Camel :: Catalog :: Camel Route Parser
  • Camel :: Catalog :: Console
  • Camel :: Catalog :: Dummy Component
  • Camel :: Catalog :: Lucene (deprecated)
  • Camel :: Catalog :: Maven
  • Camel :: Catalog :: Suggest
  • Camel :: Component DSL
  • Camel :: Coverage
  • Camel :: Docs
  • Camel :: Endpoint DSL
  • Camel :: Endpoint DSL :: Support
  • Camel :: Headers Map (deprecated)
  • Camel :: Integration Tests
  • Camel :: JBang :: Core
  • Camel :: JBang :: Integration tests
  • Camel :: JBang :: MCP
  • Camel :: JBang :: Main
  • Camel :: JBang :: Plugin :: Edit
  • Camel :: JBang :: Plugin :: Generate
  • Camel :: JBang :: Plugin :: Kubernetes
  • Camel :: JBang :: Plugin :: MCP
  • Camel :: JBang :: Plugin :: Route Parser
  • Camel :: JBang :: Plugin :: TUI
  • Camel :: JBang :: Plugin :: Testing
  • Camel :: JBang :: Plugin :: Validate
  • Camel :: Kamelet Main
  • Camel :: Launcher
  • Camel :: Launcher :: Container
  • Camel :: Parent
  • Camel :: YAML DSL
  • Camel :: YAML DSL :: Deserializers
  • Camel :: YAML DSL :: Maven Plugins
  • Camel :: YAML DSL :: Validator
  • Camel :: YAML DSL :: Validator Maven Plugin

⚙️ View full build and test results

@davsclaus davsclaus merged commit 14e5697 into main Jul 7, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/com.cedarsoftware-java-util-4.107.0 branch July 7, 2026 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant