Skip to content

build(deps): Bump the dev-dependencies group with 10 updates#2

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/dev-dependencies-576fcf5167
Closed

build(deps): Bump the dev-dependencies group with 10 updates#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/dev-dependencies-576fcf5167

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026
edited
Loading

Bumps the dev-dependencies group with 10 updates:

Package From To
org.gradle.toolchains.foojay-resolver-convention 0.9.0 1.0.0
gradle-wrapper 9.5.0 9.5.1
com.diffplug.spotless:spotless-plugin-gradle 7.0.2 8.4.0
com.diffplug.spotless 7.0.2 8.4.0
com.google.errorprone:error_prone_core 2.36.0 2.49.0
org.junit.jupiter:junit-jupiter 5.11.4 6.0.3
org.junit.platform:junit-platform-launcher 1.11.4 6.0.3
org.assertj:assertj-core 3.27.3 3.27.7
org.mockito:mockito-core 5.14.2 5.23.0
org.mockito:mockito-junit-jupiter 5.14.2 5.23.0

Updates org.gradle.toolchains.foojay-resolver-convention from 0.9.0 to 1.0.0

Updates gradle-wrapper from 9.5.0 to 9.5.1

Release notes

Sourced from gradle-wrapper's releases.

9.5.1

The Gradle team is excited to announce Gradle 9.5.1.

Here are the highlights of this release:

  • Task provenance in reports and failure messages
  • Type-safe accessors for precompiled Kotlin Settings plugins

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: atm1020, mataha, Adam, Attila Kelemen, Benedikt Ritter, Björn Kautler, Caro Silva Rode, CHANHAN, Dmitry Nezavitin, Eng Zer Jun, KugelLibelle, Madalin Valceleanu, Markus Gaisbauer, Oliver Kopp, Philip Wedemann, ploober, Roberto Perez Alcolea, Rohit Anand, Suvrat Acharya, Ujwal Suresh Vanjare, Victor Merkulov

Upgrade instructions

Switch your build to use Gradle 9.5.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.5.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

Commits
  • fd78213 Update Documentation Infrastructure: Fix scrolling issue in user manual (#37861)
  • 7758437 fix scroll
  • 2fd605f Only try to run as worker thread in DefaultBuildOperationQueue (#37845)
  • af69849 Release notes for Gradle 9.5.1 (#37853)
  • f4d9d03 Release notes for Gradle 9.5.1
  • 01eda3a Address review feedback on worker-lease retry changes
  • 7024e15 Revert enrich file visitor with size info on release branch (#37848)
  • d51476f Fix tryRunAsWorkerThread null-return test to match contract
  • 090ebab Revert "Add getLength() to FilePropertyVisitor.VisitState"
  • bceab24 Revert "Fix annotation"
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 8.4.0

Release notes

Sourced from com.diffplug.spotless:spotless-plugin-gradle's releases.

Gradle Plugin v8.4.0

Added

  • Add tableTest format type for standalone .table files. (#2880)

Fixed

  • Fix illegal mutation when using predeclared dependencies. (#2892)

Changes

  • Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Gradle Plugin v8.3.0

Added

  • Partial support for isolated projects. They work if predeclared dependencies are not used. (#2854)
  • Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

  • Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
  • [fix] ConcurrentModificationException in expandWildcardImports (#2830)

Gradle Plugin v8.2.1

Fixed

  • Fix OutOfMemoryError and slow configuration phase in large multi-project builds when using Eclipse-based formatters (Eclipse JDT, GrEclipse, Eclipse CDT) by implementing P2 dependency caching. (#2788)

Gradle Plugin v8.2.0

Added

  • Add a expandWildcardImports API for java (#2679)
  • Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)
  • Add support for passing multiple file paths using the -PspotlessIdeHook option. (#2774)

Fixed

  • configuration cache for groovy. (#2797)
  • [fix] NPE due to workingTreeIterator being null for git ignored files. #911 (#2771)
  • Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)

Changes

  • Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
  • Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
  • Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Gradle Plugin v8.1.0

Changes

  • Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
  • Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
  • Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)
  • POTENTIALLY BREAKING Removed support for ktlint versions below 1.0. (#2711)

Fixed

  • Tasks were being eagerly instantiated, now avoided using TaskProviders. #2719
    • POTENTIALLY BREAKING Bump minimum supported Gradle version from 7.3 to 8.1. #2719
  • Use absolute path in the git pre push hook.
  • palantirJavaFormat is no longer arbitrarily set to outdated versions on Java 17, latest available version is always used (#2686 fixes #2685)

Added

  • forbidModuleImports() API for java (#2679)
  • new options to customize Flexmark, e.g. to allow YAML front matter (#2616)

Gradle Plugin v8.0.0

... (truncated)

Commits
  • 1cc0163 Published gradle/8.4.0
  • a4cd808 Published lib/4.5.0
  • 9066bf6 Add links to the changelog.
  • db8dc1c Fix for illegal mutation issue with predeclareDeps (#2892)
  • 0eb98a9 chore: Updated gradle plugin change
  • 3f7f12e chore: Removes check for predeclare as it's not needed anymore
  • 55c0c5c fix: IsolatedProjectTest.predeclaredIsUnsupported() is now actually supported...
  • 47489af fix: avoid IllegalMutationException when root project uses predeclareDeps() w...
  • 4010e8b test: Introduce a test harnessing predeclared deps
  • 441dddc fix(deps): update selfie to v3 (major) (#2889)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless from 7.0.2 to 8.4.0

Updates com.google.errorprone:error_prone_core from 2.36.0 to 2.49.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

  • Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
  • Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
  • Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
  • New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Error Prone 2.48.0

Changes:

New checks:

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Error Prone 2.47.0

New checks:

Closed issues: #1811, #4168, #5459, #5460

Full changelog: google/error-prone@v2.46.0...v2.47.0

Error Prone 2.46.0

Changes:

... (truncated)

Commits
  • 89d75c1 Release Error Prone 2.49.0
  • 0b7b03b Fix up some javadoc on `ModifySourceCollectionInStream.isStreamApiInvocationO...
  • fe5a7b1 Remove old FieldMatchers API
  • d54a1d1 Fix up some Finally javadocs.
  • d93b319 [RefactorSwitch] bugfix comment handling
  • ff59782 [IfChainToSwitch] cleanup redundant conditions in ternary. No functional cha...
  • 43b6df6 Generalise DuplicateAssertion to handle check* methods.
  • 2c4346f Fix a bug in BooleanLiteral: it currently suggests replacing `Boolean.FALSE...
  • 559039b [IfChainToSwitch] doc-only change. fix typo in code comments.
  • 393c61c [IfChainToSwitch] enhance code generation to emit unnamed variables, when sup...
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.11.4 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits
  • 36e3253 Release 6.0.3
  • 295561f Finalize 6.0.3 release notes
  • ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
  • 869e232 Add 5.14.3 release notes
  • d4b34c4 Fix links to User Guide
  • 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
  • febb13f Check out entire repo so switching to main branch works in last step
  • 71fba90 Install poppler-utils for pdfinfo
  • 740e9e0 Update API baseline
  • 2ba535f Use release branch of examples repo
  • Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-launcher from 1.11.4 to 6.0.3

Release notes

Sourced from org.junit.platform:junit-platform-launcher's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

Updates org.assertj:assertj-core from 3.27.3 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

  • Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

  • Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.18.3
  • Upgrade to JUnit BOM 5.14.1

Guava

  • Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

  • Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

  • ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits
  • e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
  • 85ca7eb Deprecate XmlStringPrettyFormatter
  • 77081dc Merge commit from fork
  • b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
  • 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
  • d393ef1 Abort tests when symbolic links cannot be created (#3788)
  • 2212433 Add IntelliJ custom inspection for test class names
  • 5717d02 Update JetBrains icon
  • a8ec20b Add icon for JetBrains products
  • c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
  • Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.14.2 to 5.23.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

... (truncated)

Commits
  • a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
  • f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
  • aa2298a fix: make spotless happy
  • a6729d6 chore: update BDDMockito with jspecify annotation
  • bb83c92 chore: move jspecify as a compile only dependency
  • 47a4695 chore: add jspecify with minimal change. Fixes #3503
  • 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
  • ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
  • d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
  • 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
  • Additional commits viewable in compare view

Updates org.mockito:mockito-junit-jupiter from 5.14.2 to 5.23.0

Release notes

Sourced from org.mockito:mockito-junit-jupiter's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

... (truncated)

Commits
  • a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
  • f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
  • aa2298a fix: make spotless happy
  • a6729d6 chore: update BDDMockito with jspecify annotation
  • bb83c92 chore: move jspecify as a compile only dependency
  • 47a4695 chore: add jspecify with minimal change. Fixes #3503
  • 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
  • ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
  • d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
  • 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
  • Additional commits viewable in compare view

Updates org.mockito:mockito-junit-jupiter from 5.14.2 to 5.23.0

Release notes

Sourced from org.mockito:mockito-junit-jupiter's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

  • 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
  • Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](

@dependabot
build(deps): Bump the dev-dependencies group with 10 updates
61d36dd 
Bumps the dev-dependencies group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| org.gradle.toolchains.foojay-resolver-convention | `0.9.0` | `1.0.0` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.5.0` | `9.5.1` |
| [com.diffplug.spotless:spotless-plugin-gradle](https://github.com/diffplug/spotless) | `7.0.2` | `8.4.0` |
| com.diffplug.spotless | `7.0.2` | `8.4.0` |
| [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) | `2.36.0` | `2.49.0` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework) | `5.11.4` | `6.0.3` |
| [org.junit.platform:junit-platform-launcher](https://github.com/junit-team/junit-framework) | `1.11.4` | `6.0.3` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.3` | `3.27.7` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.14.2` | `5.23.0` |
| [org.mockito:mockito-junit-jupiter](https://github.com/mockito/mockito) | `5.14.2` | `5.23.0` |


Updates `org.gradle.toolchains.foojay-resolver-convention` from 0.9.0 to 1.0.0

Updates `gradle-wrapper` from 9.5.0 to 9.5.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.5.0...v9.5.1)

Updates `com.diffplug.spotless:spotless-plugin-gradle` from 7.0.2 to 8.4.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@gradle/7.0.2...gradle/8.4.0)

Updates `com.diffplug.spotless` from 7.0.2 to 8.4.0

Updates `com.google.errorprone:error_prone_core` from 2.36.0 to 2.49.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](google/error-prone@v2.36.0...v2.49.0)

Updates `org.junit.jupiter:junit-jupiter` from 5.11.4 to 6.0.3
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.11.4...r6.0.3)

Updates `org.junit.platform:junit-platform-launcher` from 1.11.4 to 6.0.3
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](https://github.com/junit-team/junit-framework/commits/r6.0.3)

Updates `org.assertj:assertj-core` from 3.27.3 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.3...assertj-build-3.27.7)

Updates `org.mockito:mockito-core` from 5.14.2 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.14.2...v5.23.0)

Updates `org.mockito:mockito-junit-jupiter` from 5.14.2 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.14.2...v5.23.0)

Updates `org.mockito:mockito-junit-jupiter` from 5.14.2 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.14.2...v5.23.0)

Updates `com.diffplug.spotless` from 7.0.2 to 8.4.0

---
updated-dependencies:
- dependency-name: org.gradle.toolchains.foojay-resolver-convention
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: com.diffplug.spotless:spotless-plugin-gradle
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: com.diffplug.spotless
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: com.google.errorprone:error_prone_core
  dependency-version: 2.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: org.junit.platform:junit-platform-launcher
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: org.mockito:mockito-junit-jupiter
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
- dependency-name: com.diffplug.spotless
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 13, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 13, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 13, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/dev-dependencies-576fcf5167 branch May 13, 2026 14:14
wolpert added a commit that referenced this pull request May 16, 2026
@wolpert @claude
security: fix HIGH-severity findings from review (TODO #2-#11)
8d22d3a 
- ceremony: default UV to REQUIRED so WebAuthn4J enforces flagUV (#2)
- ceremony: refuse the non-strict WebAuthnManager when attestation conveyance
  is not NONE; force operators to wire a strict manager explicitly (#3)
- jwt(spring): fail-fast on HS256 secrets shorter than 32 bytes; remove the
  silent expand() helper that masked weak keys (#4)
- jwt(micronaut): fail-fast on blank or short HS256 secrets; remove the
  zero-pad and random-on-blank fallbacks (#5)
- persistence: make signCount updates atomic against concurrent racing
  assertions so clone detection cannot be silently defeated — JDBI adds
  AND sign_count < :sc, DynamoDB adds a conditional UpdateItem (#6)
- starters: gate LoggingEmailSender / LoggingSmsSender behind dev-mode so
  magic-link tokens and OTP codes don't silently leak to production logs (#7)
- magic-link: replace the unbounded ConcurrentHashMap of consumed JTIs with
  a TTL-bounded Caffeine cache; fix the Javadoc to match reality (#8)
- magic-link: bind verification email to the user via UserLookup#emailFor
  and reject mismatches; admin service maps the new EmailMismatch result to
  a 400 (#9)
- persistence(dynamodb): server-enforce single-use for backup-code consume
  and OTP consume/incrementAttempts via ConditionExpression (#10)
- persistence(dynamodb): server-enforce challenge expiry in takeOnce
  via ConditionExpression on expiresAt instead of post-filtering in Java (#11)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants