Bump the dependencies group across 1 directory with 58 updates

[dependabot]

Bumps the dependencies group with 58 updates in the / directory:

Package	From	To
org.apache.logging.log4j:log4j-api	2.24.3	2.25.3
org.apache.logging.log4j:log4j-api-test	2.24.3	2.25.3
org.apache.logging.log4j:log4j-iostreams	2.24.3	2.25.3
org.apache.logging.log4j:log4j-jpl	2.24.3	2.25.3
org.apache.logging.log4j:log4j-slf4j2-impl	2.24.3	2.25.3
org.apache.logging.log4j:log4j-slf4j-impl	2.24.3	2.25.3
org.apache.logging.log4j:log4j-to-jul	2.24.3	2.25.3
org.apache.logging.log4j:log4j-to-slf4j	2.24.3	2.25.3
org.apache.commons:commons-csv	1.14.0	1.14.1
ch.qos.logback:logback-core	1.5.18	1.5.32
org.apache.groovy:groovy-bom	4.0.27	5.0.4
tools.jackson:jackson-bom	3.0.0	3.1.0
org.junit:junit-bom	5.13.4	6.0.3
org.junit.jupiter:junit-jupiter-engine	5.13.4	6.0.3
org.mockito:mockito-bom	5.18.0	5.22.0
org.assertj:assertj-core	3.27.3	3.27.7
net.bytebuddy:byte-buddy	1.17.6	1.18.5
commons-codec:commons-codec	1.18.0	1.21.0
org.apache.commons:commons-dbcp2	2.13.0	2.14.0
commons-io:commons-io	2.20.0	2.21.0
org.apache.commons:commons-lang3	3.17.0	3.20.0
org.apache.commons:commons-pool2	2.12.1	2.13.1
com.google.guava:guava	33.4.8-jre	33.5.0-jre
com.google.guava:guava-testlib	33.4.8-jre	33.5.0-jre
com.h2database:h2	2.3.232	2.4.240
org.jctools:jctools-core	4.0.5	4.0.6
org.jmdns:jmdns	3.6.1	3.6.3
net.java.dev.jna:jna	5.17.0	5.18.1
net.javacrumbs.json-unit:json-unit	4.1.1	5.1.0
com.vlkan.log4j2:log4j2-logstash-layout	0.18	1.0.5
org.apache.maven:maven-core	3.9.10	3.9.12
org.apache.maven:maven-model	3.9.10	3.9.12
org.openjdk.nashorn:nashorn-core	15.6	15.7
org.eclipse.platform:org.eclipse.osgi	3.23.100	3.24.0
org.xmlunit:xmlunit-core	2.10.3	2.11.0
org.xmlunit:xmlunit-matchers	2.10.3	2.11.0
biz.aQute.bnd:biz.aQute.bnd.annotation	7.1.0	7.2.1
com.github.spotbugs:spotbugs-annotations	4.9.3	4.9.8
io.fabric8:docker-maven-plugin	0.46.0	0.48.1
org.tukaani:xz	1.10	1.11
com.github.luben:zstd-jni	1.5.7-4	1.5.7-7
org.apache.commons:commons-compress	1.27.1	1.28.0
com.google.code.gson:gson	2.13.1	2.13.2
org.wiremock:wiremock	3.13.1	3.13.2
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.21.1
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.20.0	2.21.1
co.elastic.clients:elasticsearch-java	9.2.0	9.3.1
org.elasticsearch.client:elasticsearch-rest-client	9.2.0	9.3.1
org.mongodb:bson	5.5.1	5.6.4
org.mongodb:mongodb-driver-core	5.5.1	5.6.4
org.mongodb:mongodb-driver-sync	5.5.1	5.6.4
ch.qos.logback:logback-classic	1.5.18	1.5.32
org.springframework:spring-framework-bom	6.2.9	7.0.5
org.springframework:spring-core	6.2.9	7.0.5
org.springframework.boot:spring-boot-autoconfigure	3.5.3	4.0.3
org.springframework.boot:spring-boot-starter-test	3.5.3	4.0.3
org.springframework.boot:spring-boot-starter-log4j2	3.5.3	4.0.3
org.springframework.cloud:spring-cloud-context	4.3.0	5.0.1

Updates org.apache.logging.log4j:log4j-api from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.3

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.3

Updates org.apache.commons:commons-csv from 1.14.0 to 1.14.1

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV 1.14.1 Release Notes

The Apache Commons CSV team is pleased to announce the release of Apache Commons CSV 1.14.1.

This document contains the release notes for the 1.14.1 version of Apache Commons CSV. Commons CSV reads and writes files in Comma Separated Value (CSV) format variations.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version include:

Fixed Bugs

• CSV-318: CSVPrinter.printRecord(Stream) hangs if given a parallel stream. Thanks to Joseph Shraibman, Gary Gregory.
• CSV-318: CSVPrinter now uses an internal lock instead of synchronized methods. Thanks to Joseph Shraibman, Gary Gregory.

•       org.apache.commons.csv.CSVPrinter.printRecords(ResultSet) now writes one record at a time using a lock. Thanks to Gary Gregory.
  

Changes

•       Bump org.apache.commons:commons-parent from 81 to 85 [#542](https://github.com/apache/commons-csv/issues/542). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.18.0 to 2.20.0. Thanks to Gary Gregory.
  

•       Bump com.opencsv:opencsv from 5.10 to 5.11.2 [#545](https://github.com/apache/commons-csv/issues/545), [#551](https://github.com/apache/commons-csv/issues/551), [#553](https://github.com/apache/commons-csv/issues/553). Thanks to Gary Gregory, Dependabot.
  

•       Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 [#556](https://github.com/apache/commons-csv/issues/556). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-codec:commons-codec from 1.18.0 to 1.19.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CSV website:

https://commons.apache.org/proper/commons-csv/

Download page: https://commons.apache.org/proper/commons-csv/download_csv.cgi

Have fun! -Apache Commons CSV team

---

Commits

• e14ef86 Ignore macOS file
• d8724bf Prepare for the release candidate 1.14.1 RC1
• b76971c Prepare for the next release candidate
• b66814e Merge pull request #557 from apache/dependabot/github_actions/github/codeql-a...
• 9c95e92 Bump github/codeql-action from 3.29.2 to 3.29.4
• 1fb3716 Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
• 7b72c50 Merge some string literals
• 9658373 Update the GitHub pull request template for AI
• 67192a9 Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 59164c8 Bump com.opencsv:opencsv from 5.11.1 to 5.11.2 #553
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates org.apache.groovy:groovy-bom from 4.0.27 to 5.0.4

Commits

• See full diff in compare view

Updates tools.jackson:jackson-bom from 3.0.0 to 3.1.0

Commits

• 71cd2e0 [maven-release-plugin] prepare release jackson-bom-3.1.0
• 6926bbd Prep for 3.1.0 release
• 5e763e5 Merge branch '3.x' of github.com:FasterXML/jackson-bom into 3.x
• 26b42d6 Update to latest oss-parent (v76)
• b1c70b5 Merge pull request #118 from FasterXML/dependabot/github_actions/github-actio...
• de14794 Bump the github-actions group with 2 updates
• 5f92034 Post-release dep version bump
• 648cb70 [maven-release-plugin] prepare for next development iteration
• e59dd9a [maven-release-plugin] prepare release jackson-bom-3.1.0-rc1
• 4e60dd9 Prep for 3.1.0-rc1 release
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.18.0 to 5.22.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

• 2025-09-20 - 11 commit(s) by Adrian-Kim, Giulio Longfils, Rafael Winterhalter, dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 [(#3730)](mockito/mockito#3730)
• Introducing the Ability to Mock Construction of Generic Types (#2401) [(#3729)](mockito/mockito#3729)
• Bump com.gradle.develocity from 4.1.1 to 4.2 [(#3726)](mockito/mockito#3726)

... (truncated)

Commits

• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• 9e5d449 Add tests for Sets utility class (#3771)
• 8d9a62f Bump actions/upload-artifact from 5 to 6 (#3774)
• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.6 to 1.18.5

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Commits

• e01d09a [maven-release-plugin] prepare release byte-buddy-1.18.5
• 0cef4be [release] Release new version
• c880bab Fix hashcode equals generation.
• 05dc85e Instana attachpid file removal handling (#1884)
• 71448e3 Add ASM URL for copyright note.
• 9689261 Update checksums and internal Byte Buddy.
• 87c1368 [maven-release-plugin] prepare for next development iteration
• c080180 [maven-release-plugin] prepare release byte-buddy-1.18.4
• 3e40080 [release] Release new version
• e94974f [release] Release new version
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.21.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.21.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.21.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

• CODEC-333: Add distinct Base64 decoding for standard and URL-safe formats. Thanks to Aleksandr Beliakov, Gary Gregory.

Fixed Bugs

•         Fix oak leaf icon references in overview.html when running `mvn clean javadoc:javadoc`. Thanks to Gary Gregory.
  

•         Fix Apache RAT plugin console warnings. Thanks to Gary Gregory.
  

•         Fix malformed Javadoc comments. Thanks to Gary Gregory.
  

Changes

•         Bump org.apache.commons:commons-parent from 91 to 96 [#415](https://github.com/apache/commons-codec/issues/415), [#418](https://github.com/apache/commons-codec/issues/418). Thanks to Gary Gregory, Dependabot.
  

•         Bump commons-io:commons-io from 2.20.0 to 2.21.0. Thanks to Gary Gregory.
  

•         Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0. Thanks to Gary Gregory, Dependabot.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Apache Commons Codec 1.20.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.20.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

... (truncated)

Commits

• 91c4404 Prepare for the release candidate 1.21.0 RC1
• 21fe1d7 Prepare for the next release candidate
• d4ea4d0 Bump actions/checkout from 6.0.1 to 6.0.2
• e30b1f6 Bump actions/setup-java from 5.1.0 to 5.2.0
• 2e4891c Bump org.apache.commons:commons-parent from 95 to 96
• d02c003 Use a URL to a prettier page: https://www.ietf.org/rfc/rfc2045
• 3c961b8 Checkstyle
• 99cf6b7 Javadoc and exception messages: "base 32" -> "Base32".
• 2df7b9a Javadoc and exception messages: "base 64" -> "Base64".
• 0643fdd Javadoc 8 doesn't know how to find this link
• Additional commits viewable in compare view

Updates org.apache.commons:commons-dbcp2 from 2.13.0 to 2.14.0

Updates commons-io:commons-io from 2.20.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.22.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.22.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

This is a feature and maintenance release. Java 8 or later is required.

New features

o Add and use IOUtils.closeQuietlySuppress(Closeable, Throwable) #818. Thanks to Gary Gregory, Piotr P. Karwasz.

Fixed Bugs

o Fix Apache RAT plugin console warnings. Thanks to Gary Gregory. o ByteArraySeekableByteChannel.position(long) and truncate(long) shouldn't throw an IllegalArgumentException for a new positive position that's too large #817. Thanks to Gary Gregory, Piotr P. Karwasz. o Fix malformed Javadoc comments. Thanks to Gary Gregory. o ReadAheadInputStream.close() doesn't always close its filtered input stream. Thanks to Stanislav Fort, Gary Gregory.

Changes

o Bump org.apache.commons:commons-parent from 91 to 96 #816. Thanks to Gary Gregory, Dependabot. o Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 #812. Thanks to Gary Gregory, Dependabot. o Bump commons.bytebuddy.version from 1.17.8 to 1.18.4 #814, #820. Thanks to Gary Gregory, Dependabot. o Bump commons-lang3 from 3.19.0 to 3.20.0. Thanks to Gary Gregory, Dependabot.

Commons IO 2.7 and up requires Java 8 or above. Commons IO 2.6 requires Java 7 or above. Commons IO 2.3 through 2.5 requires Java 6 or above. Commons IO 2.2 requires Java 5 or above. Commons IO 1.4 requires Java 1.3 or above.

Historical list of changes: https://commons.apache.org/proper/commons-io/changes.html

For complete information on Apache Commons IO, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons IO website:

https://commons.apache.org/proper/commons-io/

Download page: https://commons.apache.org/proper/commons-io/download_io.cgi

... (truncated)

Commits

• 54073d3 Prepare for the release candidate 2.21.0 RC1
• f141f09 Prepare for the next release candidate
• adcf135 Add license header
• 0f499d0 Use new oak logo
• 34a961c Use HTTPS in URL
• 9e51118 Use HTTPS in URL
• d715865 Add dependabot email [skip ci]
• 3d6a7e1Description has been truncated