Skip to content

build(deps): bump the maven group across 1 directory with 2 updates#674

Merged
jiangxincode merged 1 commit intomasterfrom
dependabot/maven/maven-8b7edd2744
Apr 20, 2026
Merged

build(deps): bump the maven group across 1 directory with 2 updates#674
jiangxincode merged 1 commit intomasterfrom
dependabot/maven/maven-8b7edd2744

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 18, 2026

Bumps the maven group with 2 updates in the / directory: org.bouncycastle:bcprov-jdk18on and com.github.junrar:junrar.

Updates org.bouncycastle:bcprov-jdk18on from 1.83 to 1.84

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

... (truncated)

Commits

Updates com.github.junrar:junrar from 7.5.8 to 7.5.10

Release notes

Sourced from com.github.junrar:junrar's releases.

Release v7.5.10

Changelog

🐛 Fixes

  • better handling of files outside directory when extracting (d77e9a8)

🧪 Tests

  • disable test on windows due to path (154e3bf)

🛠 Build

Contributors

We'd like to thank the following people for their contributions: Gauthier Roebroeck

Release v7.5.9

Changelog

🐛 Fixes

  • ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction (9b69c6b)
  • seek past SubHeader packed data after parsing to prevent corrupt reads (ad7ad33)

🛠 Build

deps

  • bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (7e1b558)
  • bump org.mockito:mockito-core from 5.22.0 to 5.23.0 (f800f10)
  • bump com.fasterxml.jackson.core:jackson-databind (1886aec)
  • bump gradle-wrapper from 9.4.0 to 9.4.1 (832f685)
  • bump gradle/actions from 5 to 6 (b2f434d)
  • bump codecov/codecov-action from 5 to 6 (aaaede2)
  • bump EndBug/add-and-commit from 9 to 10 (884dde4)
  • bump gradle-wrapper from 9.3.1 to 9.4.0 (5ff5c7e)
  • bump org.mockito:mockito-core from 5.21.0 to 5.22.0 (d9e9e49)
  • bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.32 (935ece8)
  • bump org.jreleaser from 1.22.0 to 1.23.0 (000fcdb)
  • bump actions/upload-artifact from 6 to 7 (2c83103)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Ryan Campbell

Changelog

Sourced from com.github.junrar:junrar's changelog.

7.5.10 (2026-04-15)

🐛 Fixes

  • better handling of files outside directory when extracting (d77e9a8)

🧪 Tests

  • disable test on windows due to path (154e3bf)

🛠 Build

7.5.9 (2026-04-13)

🐛 Fixes

  • ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction (9b69c6b)
  • seek past SubHeader packed data after parsing to prevent corrupt reads (ad7ad33)

🛠 Build

deps

  • bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (7e1b558)
  • bump org.mockito:mockito-core from 5.22.0 to 5.23.0 (f800f10)
  • bump com.fasterxml.jackson.core:jackson-databind (1886aec)
  • bump gradle-wrapper from 9.4.0 to 9.4.1 (832f685)
  • bump gradle/actions from 5 to 6 (b2f434d)
  • bump codecov/codecov-action from 5 to 6 (aaaede2)
  • bump EndBug/add-and-commit from 9 to 10 (884dde4)
  • bump gradle-wrapper from 9.3.1 to 9.4.0 (5ff5c7e)
  • bump org.mockito:mockito-core from 5.21.0 to 5.22.0 (d9e9e49)
  • bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.32 (935ece8)
  • bump org.jreleaser from 1.22.0 to 1.23.0 (000fcdb)
  • bump actions/upload-artifact from 6 to 7 (2c83103)
Commits
  • e36ee09 ci: publish test results
  • 154e3bf test: disable test on windows due to path
  • d77e9a8 fix: better handling of files outside directory when extracting
  • a60857b ci: update homebrew action
  • 72cd364 chore(release): 7.5.9 [skip ci]
  • 7e1b558 build(deps): bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  • f800f10 build(deps): bump org.mockito:mockito-core from 5.22.0 to 5.23.0
  • 1886aec build(deps): bump com.fasterxml.jackson.core:jackson-databind
  • 832f685 build(deps): bump gradle-wrapper from 9.4.0 to 9.4.1
  • 9b69c6b fix: ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the maven group across 1 directory with 2 updates
070b7e7 
Bumps the maven group with 2 updates in the / directory: [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) and [com.github.junrar:junrar](https://github.com/junrar/junrar).


Updates `org.bouncycastle:bcprov-jdk18on` from 1.83 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `com.github.junrar:junrar` from 7.5.8 to 7.5.10
- [Release notes](https://github.com/junrar/junrar/releases)
- [Changelog](https://github.com/junrar/junrar/blob/master/CHANGELOG.md)
- [Commits](junrar/junrar@v7.5.8...v7.5.10)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: com.github.junrar:junrar
  dependency-version: 7.5.10
  dependency-type: direct:production
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 18, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 18, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jiangxincode jiangxincode merged commit 786e9d6 into master Apr 20, 2026
22 checks passed
@dependabot dependabot bot deleted the dependabot/maven/maven-8b7edd2744 branch April 20, 2026 13:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jiangxincode