Skip to content

Improved: Bump minor versions of dependencies#1040

Merged
jacopoc merged 5 commits intoapache:release24.09from
jacopoc:bump-minor-versions-release
Apr 1, 2026
Merged

Improved: Bump minor versions of dependencies#1040
jacopoc merged 5 commits intoapache:release24.09from
jacopoc:bump-minor-versions-release

Conversation

@jacopoc
Copy link
Copy Markdown
Contributor

@jacopoc jacopoc commented Mar 30, 2026

No description provided.

dependabot bot and others added 2 commits March 28, 2026 07:47
@dependabot
Bump the all-dependencies group with 55 updates
49d39b2 
Bumps the all-dependencies group with 55 updates:

| Package | From | To |
| --- | --- | --- |
| org.apache.ant:ant-junit | `1.10.14` | `1.10.15` |
| org.owasp.dependencycheck | `9.0.9` | `9.2.0` |
| se.patrikerdes.use-latest-versions | `0.2.18` | `0.2.19` |
| com.github.ben-manes.versions | `0.51.0` | `0.53.0` |
| com.github.node-gradle.node | `7.0.2` | `7.1.0` |
| com.gradle.develocity | `3.18.2` | `3.19.2` |
| com.gradle.common-custom-user-data-gradle-plugin | `2.0.2` | `2.4.0` |
| [com.github.ben-manes.caffeine:caffeine](https://github.com/ben-manes/caffeine) | `3.1.8` | `3.2.3` |
| [com.google.zxing:core](https://github.com/zxing/zxing) | `3.5.3` | `3.5.4` |
| [com.googlecode.ez-vcard:ez-vcard](https://github.com/mangstadt/ez-vcard) | `0.11.3` | `0.12.2` |
| [com.googlecode.libphonenumber:libphonenumber](https://github.com/google/libphonenumber) | `8.13.31` | `8.13.55` |
| [com.thoughtworks.xstream:xstream](https://github.com/x-stream/xstream) | `1.4.20` | `1.4.21` |
| [commons-cli:commons-cli](https://github.com/apache/commons-cli) | `1.5.0` | `1.11.0` |
| [commons-net:commons-net](https://github.com/apache/commons-net) | `3.10.0` | `3.13.0` |
| [commons-validator:commons-validator](https://github.com/apache/commons-validator) | `1.8.0` | `1.10.1` |
| [net.lingala.zip4j:zip4j](https://github.com/srikanth-lingala/zip4j) | `2.11.5` | `2.11.6` |
| org.apache.commons:commons-collections4 | `4.4` | `4.5.0` |
| [org.apache.commons:commons-csv](https://github.com/apache/commons-csv) | `1.10.0` | `1.14.1` |
| org.apache.commons:commons-dbcp2 | `2.10.0` | `2.14.0` |
| org.apache.commons:commons-imaging | `1.0-alpha3` | `1.0.0-alpha6` |
| [org.apache.commons:commons-text](https://github.com/apache/commons-text) | `1.11.0` | `1.15.0` |
| org.apache.logging.log4j:log4j-api | `2.24.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-core | `2.24.2` | `2.25.3` |
| org.apache.pdfbox:pdfbox | `2.0.31` | `2.0.36` |
| org.apache.shiro:shiro-crypto-cipher | `2.0.0` | `2.1.0` |
| [org.apache.sshd:sshd-core](https://github.com/apache/mina-sshd) | `2.10.0` | `2.17.1` |
| [org.apache.sshd:sshd-sftp](https://github.com/apache/mina-sshd) | `2.10.0` | `2.17.1` |
| [org.apache.tika:tika-core](https://github.com/apache/tika) | `2.9.2` | `2.9.4` |
| [org.apache.tika:tika-parsers](https://github.com/apache/tika) | `2.5.0` | `2.9.4` |
| org.apache.tika:tika-parser-pdf-module | `2.5.0` | `2.9.4` |
| org.apache.cxf:cxf-rt-frontend-jaxrs | `3.5.6` | `3.6.10` |
| org.apache.tomcat:tomcat-catalina-ha | `9.0.115` | `9.0.116` |
| org.apache.tomcat:tomcat-jasper | `9.0.115` | `9.0.116` |
| org.apache.xmlgraphics:batik-anim | `1.17` | `1.19` |
| org.apache.xmlgraphics:batik-util | `1.17` | `1.19` |
| org.apache.xmlgraphics:batik-bridge | `1.17` | `1.19` |
| org.apache.xmlgraphics:fop | `2.3` | `2.11` |
| [org.clojure:clojure](https://github.com/clojure/clojure) | `1.11.1` | `1.12.4` |
| [org.codehaus.groovy:groovy-all](https://github.com/apache/groovy) | `3.0.21` | `3.0.25` |
| [org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) | `2.5.3.1` | `2.7.0.0` |
| [org.springframework:spring-test](https://github.com/spring-projects/spring-framework) | `5.3.29` | `5.3.39` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.15.2` | `2.21.2` |
| [com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.4.0` | `4.5.1` |
| [com.google.re2j:re2j](https://github.com/google/re2j) | `1.7` | `1.8` |
| [org.mustangproject:library](https://github.com/ZUGFeRD/mustangproject) | `2.8.0` | `2.22.0` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.10.0` | `5.23.0` |
| [org.jmockit:jmockit](https://github.com/jmockit/jmockit1) | `1.49` | `1.50` |
| org.apache.derby:derby | `10.14.2.0` | `10.17.1.0` |
| org.apache.logging.log4j:log4j-1.2-api | `2.24.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-jul | `2.24.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-slf4j-impl | `2.24.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-web | `2.24.2` | `2.25.3` |
| org.apache.logging.log4j:log4j-jcl | `2.24.2` | `2.25.3` |
| [org.codenarc:CodeNarc](https://github.com/CodeNarc/CodeNarc) | `3.4.0` | `3.7.0` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `7.6` | `7.6.6` |


Updates `org.apache.ant:ant-junit` from 1.10.14 to 1.10.15

Updates `org.owasp.dependencycheck` from 9.0.9 to 9.2.0

Updates `se.patrikerdes.use-latest-versions` from 0.2.18 to 0.2.19

Updates `com.github.ben-manes.versions` from 0.51.0 to 0.53.0

Updates `com.github.node-gradle.node` from 7.0.2 to 7.1.0

Updates `com.gradle.develocity` from 3.18.2 to 3.19.2

Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.0.2 to 2.4.0

Updates `com.github.ben-manes.caffeine:caffeine` from 3.1.8 to 3.2.3
- [Release notes](https://github.com/ben-manes/caffeine/releases)
- [Commits](ben-manes/caffeine@v3.1.8...v3.2.3)

Updates `com.google.zxing:core` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/zxing/zxing/releases)
- [Changelog](https://github.com/zxing/zxing/blob/master/CHANGES)
- [Commits](zxing/zxing@zxing-3.5.3...zxing-3.5.4)

Updates `com.googlecode.ez-vcard:ez-vcard` from 0.11.3 to 0.12.2
- [Commits](mangstadt/ez-vcard@0.11.3...0.12.2)

Updates `com.googlecode.libphonenumber:libphonenumber` from 8.13.31 to 8.13.55
- [Release notes](https://github.com/google/libphonenumber/releases)
- [Changelog](https://github.com/google/libphonenumber/blob/master/release_notes.txt)
- [Commits](google/libphonenumber@v8.13.31...v8.13.55)

Updates `com.thoughtworks.xstream:xstream` from 1.4.20 to 1.4.21
- [Release notes](https://github.com/x-stream/xstream/releases)
- [Commits](https://github.com/x-stream/xstream/commits)

Updates `commons-cli:commons-cli` from 1.5.0 to 1.11.0
- [Changelog](https://github.com/apache/commons-cli/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-cli@commons-cli-1.5.0...rel/commons-cli-1.11.0)

Updates `commons-net:commons-net` from 3.10.0 to 3.13.0
- [Changelog](https://github.com/apache/commons-net/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-net@rel/commons-net-3.10.0...rel/commons-net-3.13.0)

Updates `commons-validator:commons-validator` from 1.8.0 to 1.10.1
- [Changelog](https://github.com/apache/commons-validator/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-validator@rel/commons-validator-1.8.0...rel/commons-validator-1.10.1)

Updates `net.lingala.zip4j:zip4j` from 2.11.5 to 2.11.6
- [Release notes](https://github.com/srikanth-lingala/zip4j/releases)
- [Commits](srikanth-lingala/zip4j@v2.11.5...v2.11.6)

Updates `org.apache.commons:commons-collections4` from 4.4 to 4.5.0

Updates `org.apache.commons:commons-csv` from 1.10.0 to 1.14.1
- [Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-csv@rel/commons-csv-1.10.0...rel/commons-csv-1.14.1)

Updates `org.apache.commons:commons-dbcp2` from 2.10.0 to 2.14.0

Updates `org.apache.commons:commons-imaging` from 1.0-alpha3 to 1.0.0-alpha6

Updates `org.apache.commons:commons-text` from 1.11.0 to 1.15.0
- [Changelog](https://github.com/apache/commons-text/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-text@rel/commons-text-1.11.0...rel/commons-text-1.15.0)

Updates `org.apache.logging.log4j:log4j-api` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3

Updates `org.apache.pdfbox:pdfbox` from 2.0.31 to 2.0.36

Updates `org.apache.shiro:shiro-crypto-cipher` from 2.0.0 to 2.1.0

Updates `org.apache.sshd:sshd-core` from 2.10.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/mina-sshd@sshd-2.10.0...sshd-2.17.1)

Updates `org.apache.sshd:sshd-sftp` from 2.10.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
- [Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/mina-sshd@sshd-2.10.0...sshd-2.17.1)

Updates `org.apache.tika:tika-core` from 2.9.2 to 2.9.4
- [Changelog](https://github.com/apache/tika/blob/2.9.4/CHANGES.txt)
- [Commits](apache/tika@2.9.2...2.9.4)

Updates `org.apache.tika:tika-parsers` from 2.5.0 to 2.9.4
- [Changelog](https://github.com/apache/tika/blob/2.9.4/CHANGES.txt)
- [Commits](apache/tika@2.5.0...2.9.4)

Updates `org.apache.tika:tika-parser-pdf-module` from 2.5.0 to 2.9.4

Updates `org.apache.cxf:cxf-rt-frontend-jaxrs` from 3.5.6 to 3.6.10

Updates `org.apache.tomcat:tomcat-catalina-ha` from 9.0.115 to 9.0.116

Updates `org.apache.tomcat:tomcat-jasper` from 9.0.115 to 9.0.116

Updates `org.apache.xmlgraphics:batik-anim` from 1.17 to 1.19

Updates `org.apache.xmlgraphics:batik-util` from 1.17 to 1.19

Updates `org.apache.xmlgraphics:batik-bridge` from 1.17 to 1.19

Updates `org.apache.xmlgraphics:fop` from 2.3 to 2.11

Updates `org.clojure:clojure` from 1.11.1 to 1.12.4
- [Changelog](https://github.com/clojure/clojure/blob/master/changes.md)
- [Commits](clojure/clojure@clojure-1.11.1...clojure-1.12.4)

Updates `org.codehaus.groovy:groovy-all` from 3.0.21 to 3.0.25
- [Commits](https://github.com/apache/groovy/commits)

Updates `org.owasp.esapi:esapi` from 2.5.3.1 to 2.7.0.0
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases)
- [Commits](ESAPI/esapi-java-legacy@esapi-2.5.3.1...esapi-2.7.0.0)

Updates `org.springframework:spring-test` from 5.3.29 to 5.3.39
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v5.3.29...v5.3.39)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.21.2
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.auth0:java-jwt` from 4.4.0 to 4.5.1
- [Release notes](https://github.com/auth0/java-jwt/releases)
- [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/java-jwt@4.4.0...4.5.1)

Updates `com.google.re2j:re2j` from 1.7 to 1.8
- [Release notes](https://github.com/google/re2j/releases)
- [Commits](google/re2j@re2j-1.7...re2j-1.8)

Updates `org.mustangproject:library` from 2.8.0 to 2.22.0
- [Release notes](https://github.com/ZUGFeRD/mustangproject/releases)
- [Changelog](https://github.com/ZUGFeRD/mustangproject/blob/master/History.md)
- [Commits](ZUGFeRD/mustangproject@core-2.8.0...core-2.22.0)

Updates `org.mockito:mockito-core` from 5.10.0 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.10.0...v5.23.0)

Updates `org.jmockit:jmockit` from 1.49 to 1.50
- [Commits](https://github.com/jmockit/jmockit1/commits)

Updates `org.apache.derby:derby` from 10.14.2.0 to 10.17.1.0

Updates `org.apache.logging.log4j:log4j-1.2-api` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-jul` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-web` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-jcl` from 2.24.2 to 2.25.3

Updates `org.codenarc:CodeNarc` from 3.4.0 to 3.7.0
- [Release notes](https://github.com/CodeNarc/CodeNarc/releases)
- [Changelog](https://github.com/CodeNarc/CodeNarc/blob/master/CHANGELOG.md)
- [Commits](CodeNarc/CodeNarc@v3.4.0...v3.7.0)

Updates `gradle-wrapper` from 7.6 to 7.6.6
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v7.6.0...v7.6.6)

---
updated-dependencies:
- dependency-name: org.apache.ant:ant-junit
  dependency-version: 1.10.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.owasp.dependencycheck
  dependency-version: 9.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: se.patrikerdes.use-latest-versions
  dependency-version: 0.2.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: com.github.ben-manes.versions
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.github.node-gradle.node
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.gradle.develocity
  dependency-version: 3.19.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.gradle.common-custom-user-data-gradle-plugin
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.github.ben-manes.caffeine:caffeine
  dependency-version: 3.2.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.google.zxing:core
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: com.googlecode.ez-vcard:ez-vcard
  dependency-version: 0.12.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.googlecode.libphonenumber:libphonenumber
  dependency-version: 8.13.55
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: com.thoughtworks.xstream:xstream
  dependency-version: 1.4.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: commons-cli:commons-cli
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: commons-net:commons-net
  dependency-version: 3.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: commons-validator:commons-validator
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: net.lingala.zip4j:zip4j
  dependency-version: 2.11.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-collections4
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-csv
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-dbcp2
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-imaging
  dependency-version: 1.0.0-alpha6
  dependency-type: direct:production
  dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-text
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-api
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-core
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.pdfbox:pdfbox
  dependency-version: 2.0.36
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.apache.shiro:shiro-crypto-cipher
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.sshd:sshd-core
  dependency-version: 2.17.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.sshd:sshd-sftp
  dependency-version: 2.17.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-core
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parsers
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parser-pdf-module
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.cxf:cxf-rt-frontend-jaxrs
  dependency-version: 3.6.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.tomcat:tomcat-catalina-ha
  dependency-version: 9.0.116
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper
  dependency-version: 9.0.116
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-anim
  dependency-version: '1.19'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-util
  dependency-version: '1.19'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-bridge
  dependency-version: '1.19'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:fop
  dependency-version: '2.11'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.clojure:clojure
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.codehaus.groovy:groovy-all
  dependency-version: 3.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: org.owasp.esapi:esapi
  dependency-version: 2.7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.springframework:spring-test
  dependency-version: 5.3.39
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.auth0:java-jwt
  dependency-version: 4.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: com.google.re2j:re2j
  dependency-version: '1.8'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.mustangproject:library
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.jmockit:jmockit
  dependency-version: '1.50'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.derby:derby
  dependency-version: 10.17.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-1.2-api
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jul
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-slf4j-impl
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-web
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jcl
  dependency-version: 2.25.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: org.codenarc:CodeNarc
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: gradle-wrapper
  dependency-version: 7.6.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@jacopoc
Fixed: post-Dependabot bump compilation and runtime errors
c876c4b 
- Revert commons-imaging to 1.0-alpha3: API changed since alpha4, breaking
  HttpRequestFileUpload, SecuredUpload, ScaleImage and others
- Revert mustangproject to 2.8.0: 2.22.0 pulls pdfbox 3.x transitively,
  breaking PDDocument.load(File) in SecuredUpload
- Revert derby to 10.14.2.0: 10.15+ restructured jars, EmbeddedDriver not
  found at runtime
- Fix VCard.java: use go(file.toPath()) for ez-vcard 0.12.x compatibility
- Stay on Fop 2.10
jacopoc and others added 2 commits March 31, 2026 09:37
@jacopoc
Improved: Update url of Groovy javadocs
bd16958
@nmalin @jacopoc
Improved: Replace iText by librePDF (OFBIZ-13300)
0fdd859 
With OFBIZ-10455 (Put back the com.lowagie:itext license from 4.2.0 to 2.1.7), this library has been block in the past.

It's not a good solution for the future due to dependencies conflict.

So we replace the old library itext by librepdf (https://github.com/LibrePDF/OpenPDF) that replace natively it.

(cherry picked from commit bec8add)
@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

@nmalin @JacquesLeRoux I have included in this pull request that upgrades several dependencies Nicolas' commit to replace iText with librePDF, in order to backport it to the release24.09 branch. Please have a look if it looks good to you. I am pinging both of you because I think you have worked together at it on https://issues.apache.org/jira/browse/OFBIZ-13300

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026

It's more @nmalin than me, I prefer to wait for his opinion. Also there is one Javadoc error.

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

The javadoc error is not caused by the changes in this pull request. The root cause of the problem is that https://docs.oracle.com/javase/17/docs/api/ is broken.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026

Ah OK, this happens more and more everywhere during this "period"

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

I have modified the Oracle URL on trunk and the issue is fixed. I have updated this branch with the same url and it works too.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026
edited
Loading

Seems that Infra has the same type of problem: https://ci2.apache.org/#/builders/121/builds/194

The line in is BB ofbiz.py is
env={"JAVA_HOME": "/home/buildslave/slave/tools/java/latest17"}

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

The useful error (the same we faced before I modified the Oracle URL) is at line 56:

> Task :javadoc
error: Error fetching URL: https://docs.oracle.com/javase/17/docs/api/ (java.io.FileNotFoundException: https://docs.oracle.com/javase/17/docs/api/package-list)
/home/buildslave/slave/ofbizBranch24FrameworkPlugins/build/framework/base/src/main/java/org/apache/ofbiz/base/container/Container.java:39: warning: empty <p> tag
 * <p>Containers might be loaded more than once (have more than one instance).<p>

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026

Thanks for the help Jacopo,

I'll put that in the Jira.

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

Once the new url propagates the build task will work: I don't think we need help from Infra.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026

Checking

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Mar 31, 2026

I mean, once we merge this PR (that includes commit #17b3d22 ), the build will work.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026

Actually the URL is defined with the line I copied above
env={"JAVA_HOME": "/home/buildslave/slave/tools/java/latest17"}
That's Infra, I have no access to this generality (look for "17" in https://svn.apache.org/repos/infra/infrastructure/buildbot2/projects/ofbiz.py).
Anyway I'll wait their return.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Mar 31, 2026
edited
Loading

I mean, once we merge this PR (that includes commit #17b3d22 ), the build will work.

Indeed, because
env={"JAVA_HOME": "/home/buildslave/slave/tools/java/latest17"}
is not related to Javadoc but build in general

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Apr 1, 2026

HI Jacopo,

Weirdly the last build passed w/o this PR pushed.
We can see at the top of https://ci2.apache.org/#/builders/121/builds/195/steps/12/logs/stdio

warning: URL https://docs.oracle.com/javase/17/docs/api/element-list was redirected to https://docs.oracle.com/en/java/javase/17/docs/api/index.html -- Update the command-line options to suppress this warning.
/home/buildslave/slave/ofbizBranch24FrameworkPlugins/build/framework/base/src/main/java/org/apache/ofbiz/base/container/Container.java:39: warning: empty

tag

  • Containers might be loaded more than once (have more than one instance).

Do I miss something?

@jacopoc
Copy link
Copy Markdown
Contributor Author

jacopoc commented Apr 1, 2026

@JacquesLeRoux yes I have noticed this as well. The reason is that the Oracle URL that yesterday was broken (https://docs.oracle.com/javase/17/docs/api/package-list) now redirects the request to the new URL (https://docs.oracle.com/en/java/javase/17/docs/api/index.html). You can easily test it with your browser.
However, considering the outage we had yesterday, I think it is still safer to upgrade to the new URL directly without relying on the redirection.

@JacquesLeRoux
Copy link
Copy Markdown
Contributor

JacquesLeRoux commented Apr 1, 2026

I also thought about that because of the warning. So I agree to push, but we are not in hurry now :)
BTW, I have closed https://issues.apache.org/jira/browse/INFRA-27790

@jacopoc jacopoc self-assigned this Apr 1, 2026
@jacopoc jacopoc merged commit bad956b into apache:release24.09 Apr 1, 2026
5 checks passed
@jacopoc jacopoc deleted the bump-minor-versions-release branch April 1, 2026 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jacopoc jacopoc

Labels

release_branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jacopoc @JacquesLeRoux @nmalin