{"id":1558,"name":"org.apache.avro:avro","ecosystem":"maven","repository_url":"https://github.com/apache/avro","issues_count":214,"created_at":"2025-06-06T15:01:45.989Z","updated_at":"2025-06-06T15:01:45.989Z","purl":"pkg:maven/org.apache.avro:avro","metadata":{"id":4891374,"name":"org.apache.avro:avro","ecosystem":"maven","description":"Avro core components","homepage":"https://avro.apache.org","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/apache/avro","keywords_array":[],"namespace":"org.apache.avro","versions_count":34,"first_release_published_at":"2010-09-03T01:37:46.000Z","latest_release_published_at":"2024-07-26T08:44:03.000Z","latest_release_number":"1.12.0","last_synced_at":"2025-06-05T05:31:37.501Z","created_at":"2022-07-26T21:33:58.073Z","updated_at":"2025-06-05T05:31:37.502Z","registry_url":"https://central.sonatype.com/artifact/org.apache.avro/avro/","install_command":null,"documentation_url":"https://appdoc.app/artifact/org.apache.avro/avro/","metadata":{},"repo_metadata":{"uuid":"206459","full_name":"apache/avro","owner":"apache","description":"Apache Avro is a data serialization system.","archived":false,"fork":false,"pushed_at":"2023-07-03T10:52:40.000Z","size":31517,"stargazers_count":2518,"open_issues_count":136,"forks_count":1498,"subscribers_count":106,"default_branch":"master","last_synced_at":"2023-07-03T12:40:00.540Z","etag":null,"topics":["avro","bigdata","c","cplusplus","csharp","dotnet","java","perl","php","python","ruby","rust"],"latest_commit_sha":null,"homepage":"https://avro.apache.org/","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apache.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2009-05-21T02:48:37.000Z","updated_at":"2023-07-03T04:13:28.000Z","dependencies_parsed_at":"2023-01-16T17:48:07.418Z","dependency_job_id":null,"html_url":"https://github.com/apache/avro","commit_stats":null,"previous_names":[],"tags_count":95,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":142730922,"owners_count":6005042,"icon_url":"https://github.com/github.png","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"apache","name":"The Apache Software Foundation","uuid":"47359","kind":"organization","description":"","email":null,"website":"https://www.apache.org/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/47359?v=4","repositories_count":2433,"last_synced_at":"2023-04-09T09:48:08.710Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/apache","created_at":"2022-11-02T16:23:23.532Z","updated_at":"2023-04-09T09:48:09.897Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apache/repositories"},"tags":[{"name":"release-1.11.1","sha":"3a9e5a789b5165e0c8c4da799c387fdf84bfb75e","kind":"tag","published_at":"2022-07-31T15:08:50.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.11.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.1/manifests"},{"name":"release-1.11.1-rc1","sha":"3a9e5a789b5165e0c8c4da799c387fdf84bfb75e","kind":"tag","published_at":"2022-07-26T19:27:06.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.11.1-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.11.1-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.1-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.1-rc1/manifests"},{"name":"release-1.11.0","sha":"4e1fefca493029ace961b7ef8889a3722458565a","kind":"tag","published_at":"2021-10-27T14:09:55.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.11.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0/manifests"},{"name":"release-1.11.0-rc2","sha":"4e1fefca493029ace961b7ef8889a3722458565a","kind":"tag","published_at":"2021-10-20T14:55:11.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.11.0-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.11.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0-rc2/manifests"},{"name":"release-1.11.0-rc1","sha":"622343fdc705ccbc5a918f598d60a0df802119d8","kind":"tag","published_at":"2021-10-06T16:35:13.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.11.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.11.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.11.0-rc1/manifests"},{"name":"release-1.10.2","sha":"8111cdc35430ff68dcb644306362859de40999d9","kind":"tag","published_at":"2021-03-17T09:33:11.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2/manifests"},{"name":"release-1.10.2-rc2","sha":"8111cdc35430ff68dcb644306362859de40999d9","kind":"tag","published_at":"2021-03-09T17:33:14.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.2-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.2-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2-rc2/manifests"},{"name":"release-1.10.2-rc1","sha":"56de625fd2b5a9b4e40bb0f9bcef1791d5ac5b40","kind":"tag","published_at":"2021-03-05T15:51:50.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.2-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.2-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.2-rc1/manifests"},{"name":"release-1.10.1","sha":"801a3656b126380b392c5b2d13d34978f46e6c84","kind":"tag","published_at":"2020-12-03T14:08:46.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.1/manifests"},{"name":"release-1.10.1-rc1","sha":"801a3656b126380b392c5b2d13d34978f46e6c84","kind":"tag","published_at":"2020-11-18T10:58:37.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.1-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.1-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.1-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.1-rc1/manifests"},{"name":"release-1.10.0","sha":"6b55656b25cacf0d88cf44d9d802ce46dfaadc83","kind":"tag","published_at":"2020-06-29T08:29:48.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0/manifests"},{"name":"release-1.10.0-rc2","sha":"6b55656b25cacf0d88cf44d9d802ce46dfaadc83","kind":"tag","published_at":"2020-06-22T14:00:22.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.0-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0-rc2/manifests"},{"name":"release-1.10.0-rc1","sha":"1301a045396cf0e6ca7f12c9e4053b4f81237887","kind":"tag","published_at":"2020-06-09T14:03:32.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.10.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.10.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.10.0-rc1/manifests"},{"name":"release-1.9.2","sha":"bf20128ca6138a830b2ea13e0490f3df6b035639","kind":"tag","published_at":"2020-02-12T09:38:42.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2/manifests"},{"name":"release-1.9.2-rc2","sha":"bf20128ca6138a830b2ea13e0490f3df6b035639","kind":"tag","published_at":"2020-02-07T08:24:49.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.2-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.2-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2-rc2/manifests"},{"name":"release-1.9.2-rc1","sha":"39dd5c6bb33ab6634b4ed69f591a0676be62563a","kind":"commit","published_at":"2020-02-05T10:48:59.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.2-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.2-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.2-rc1/manifests"},{"name":"release-1.9.1","sha":"89218262cde62e98fcb3778b86cd3f03056c54f3","kind":"commit","published_at":"2019-08-28T09:09:02.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1/manifests"},{"name":"release-1.9.1-rc3","sha":"89218262cde62e98fcb3778b86cd3f03056c54f3","kind":"commit","published_at":"2019-08-28T09:09:02.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.1-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.1-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc3/manifests"},{"name":"release-1.9.1-rc2","sha":"aa9abbabd0efca5d86d33a1db74dcbb36203f607","kind":"commit","published_at":"2019-08-26T18:39:23.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.1-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.1-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc2/manifests"},{"name":"release-1.9.1-rc1","sha":"aad028bf84d43cc3481ac8b527f30debbdf213d2","kind":"commit","published_at":"2019-08-20T13:51:40.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.1-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.1-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.1-rc1/manifests"},{"name":"release-1.9.0","sha":"3c76495e9524ef322726d03d7ee406be89e8fde0","kind":"commit","published_at":"2019-05-07T18:25:47.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0/manifests"},{"name":"release-1.9.0-rc4","sha":"3c76495e9524ef322726d03d7ee406be89e8fde0","kind":"commit","published_at":"2019-05-07T18:25:47.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.0-rc4","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.0-rc4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc4/manifests"},{"name":"release-1.9.0-rc3","sha":"24ff48c32d8d13433a1e31e485ef2af187d1eb62","kind":"commit","published_at":"2019-04-30T10:27:18.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.0-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc3/manifests"},{"name":"release-1.9.0-rc2","sha":"8dbe05a17363a1281482e8611cfead4c04645f47","kind":"commit","published_at":"2019-04-29T07:21:35.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.0-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc2/manifests"},{"name":"release-1.9.0-rc1","sha":"4607730012293fe1e58957760e8f7b5474abd408","kind":"commit","published_at":"2019-04-25T08:33:50.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.9.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.9.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.9.0-rc1/manifests"},{"name":"release-1.8.2","sha":"7f2b8dda4be515a3d1f0b60d5175ee500dbe16e2","kind":"tag","published_at":"2017-05-14T22:38:50.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2/manifests"},{"name":"release-1.8.2-rc4","sha":"7f2b8dda4be515a3d1f0b60d5175ee500dbe16e2","kind":"tag","published_at":"2017-05-07T15:16:07.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.2-rc4","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.2-rc4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc4/manifests"},{"name":"release-1.8.2-rc3","sha":"e38f7074d7c8f9156b39c8310302486ced93767a","kind":"tag","published_at":"2017-04-07T21:19:38.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.2-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.2-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc3/manifests"},{"name":"release-1.8.2-rc2","sha":"6bbcf7658e31cd7e92c459300fd70263b9b89de6","kind":"tag","published_at":"2017-04-04T22:46:47.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.2-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.2-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc2/manifests"},{"name":"release-1.8.2-rc1","sha":"7ec35ea24ff0270586a26afbc6f6f530d272d1f7","kind":"tag","published_at":"2016-11-06T21:43:07.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.2-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.2-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.2-rc1/manifests"},{"name":"release-1.8.1","sha":"ca6c57106d9853fcbf2dadba43ec9a54b7bb85a9","kind":"tag","published_at":"2016-05-21T21:36:37.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1/manifests"},{"name":"release-1.8.1-rc1","sha":"d299cc23ff5f035afde2f28129afdb1da9e8e746","kind":"tag","published_at":"2016-05-15T00:52:59.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.1-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.1-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1-rc1/manifests"},{"name":"release-1.8.1-rc0","sha":"eb1c1c6b28e92167a7147a9be1c4091c9ecb41ab","kind":"tag","published_at":"2016-05-14T23:55:25.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.1-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.1-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.1-rc0/manifests"},{"name":"release-1.8.0","sha":"b2f47a1f498fc758d05a9159fd2a3cb5092e8cd1","kind":"tag","published_at":"2016-01-29T11:35:00.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0/manifests"},{"name":"release-1.8.0-rc3","sha":"674b67670758ffa3aa7cc19c83d46720d35bd029","kind":"tag","published_at":"2016-01-22T16:45:22.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.0-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc3/manifests"},{"name":"release-1.8.0-rc2","sha":"c95270d173cd3d5e37e25b671388a95bbab7a9b8","kind":"tag","published_at":"2016-01-06T12:20:03.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.0-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc2/manifests"},{"name":"release-1.8.0-rc1","sha":"85ae7132552dc25f3e7397c9f4242c2af11c49e1","kind":"tag","published_at":"2015-12-16T17:46:00.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc1/manifests"},{"name":"release-1.8.0-rc0","sha":"4bd088781c5abac93f2bf7f44d21b560949a0872","kind":"tag","published_at":"2015-08-11T10:11:48.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.8.0-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.8.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.8.0-rc0/manifests"},{"name":"release-1.7.7","sha":"b1e93f10a08ab95e79913580441f8a63c72dcc20","kind":"tag","published_at":"2014-07-24T18:49:05.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.7","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.7/manifests"},{"name":"release-1.7.7-rc0","sha":"f457317854f7111a8209111a9f573dae46704660","kind":"tag","published_at":"2014-07-18T19:13:46.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.7-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.7-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.7-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.7-rc0/manifests"},{"name":"release-1.7.6","sha":"3c6c62ad7917e5ee712bdc3494ac6fad9905924c","kind":"tag","published_at":"2014-01-23T21:26:15.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.6","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.6/manifests"},{"name":"release-1.7.6-rc0","sha":"cf73bf13812c57e455d2e96ebb599a1e3bda99eb","kind":"tag","published_at":"2014-01-10T20:59:28.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.6-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.6-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.6-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.6-rc0/manifests"},{"name":"release-1.7.5","sha":"de1904f0a6b9f2239d715c2a2e8ec71349071d8b","kind":"tag","published_at":"2013-08-19T18:05:45.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.5","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.5/manifests"},{"name":"release-1.7.5-rc0","sha":"1b52ab8aee659aa8360d25ea444ed0dd771bb2d2","kind":"tag","published_at":"2013-08-07T23:33:49.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.5-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.5-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.5-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.5-rc0/manifests"},{"name":"release-1.7.4","sha":"7364df6e10977e5c36d2921b06064d1abe5832d4","kind":"tag","published_at":"2013-02-26T18:35:12.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.4","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4/manifests"},{"name":"release-1.7.4-rc2","sha":"bce7288b1ec5bec012ef4d7252f0ebe714ee188b","kind":"tag","published_at":"2013-02-21T21:13:58.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.4-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.4-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc2/manifests"},{"name":"release-1.7.4-rc1","sha":"9fdce569f4fb921f8f4b090eaaf6f12d39eeefa2","kind":"tag","published_at":"2013-02-21T18:02:33.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.4-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.4-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc1/manifests"},{"name":"release-1.7.4-rc0","sha":"bc9c81504473ea1db37e5e326adb5263b2e06d49","kind":"tag","published_at":"2013-02-21T17:30:51.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.4-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.4-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.4-rc0/manifests"},{"name":"release-1.7.3","sha":"bffc3c6701a3fc7f0776dea6e61f5ae25c14c602","kind":"tag","published_at":"2012-12-07T19:20:59.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.3","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3/manifests"},{"name":"release-1.7.3-rc2","sha":"37b4bb9745e7ea08c0bc76ad520d90d76f711ac7","kind":"tag","published_at":"2012-12-03T17:38:30.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.3-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.3-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc2/manifests"},{"name":"release-1.7.3-rc1","sha":"a17bd8d682d3c15a7610d808ffa59c6e0828be5b","kind":"tag","published_at":"2012-11-30T18:33:32.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.3-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.3-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc1/manifests"},{"name":"release-1.7.3-rc0","sha":"a3fc6eee66ddb7d133012d8d0135b87b94d36903","kind":"tag","published_at":"2012-11-30T00:43:46.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.3-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.3-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.3-rc0/manifests"},{"name":"release-1.7.2","sha":"c1aca86bf8ab2715e0ba732ed48d18fb3becf54d","kind":"tag","published_at":"2012-09-25T17:21:46.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.2/manifests"},{"name":"release-1.7.2-rc0","sha":"e9ec68ed9fc5186e7156202327ee9d9e02ef05c4","kind":"tag","published_at":"2012-09-18T00:33:37.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.2-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.2-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.2-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.2-rc0/manifests"},{"name":"release-1.7.1","sha":"6e782954af86fd684ff1ff183813310d5e84a12e","kind":"tag","published_at":"2012-07-18T21:55:40.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.1/manifests"},{"name":"release-1.7.1-rc0","sha":"d6ec34804528f7db2d5d8dd7f3d5463ffb1d7fcc","kind":"tag","published_at":"2012-07-12T19:24:54.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.1-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.1-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.1-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.1-rc0/manifests"},{"name":"release-1.7.0","sha":"45af853873551ab8fceca5bc43cdf5e742c1080e","kind":"tag","published_at":"2012-06-11T19:41:35.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0/manifests"},{"name":"release-1.7.0-rc1","sha":"36ce7e802d599f31b099dfbed930978d17452b2b","kind":"tag","published_at":"2012-06-07T20:48:20.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0-rc1/manifests"},{"name":"release-1.7.0-rc0","sha":"4f9e9269a9f47add956d2602b90a6be697557853","kind":"tag","published_at":"2012-05-23T21:03:44.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.7.0-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.7.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.7.0-rc0/manifests"},{"name":"release-1.6.3","sha":"b72784d7a5f8f932edaacbee75ce05ff5d3544ef","kind":"tag","published_at":"2012-03-19T16:12:14.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.3","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.3/manifests"},{"name":"release-1.6.3-rc0","sha":"80857409e2ba96b270469bf28aa2b45251d8f332","kind":"tag","published_at":"2012-03-02T22:24:32.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.3-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.3-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.3-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.3-rc0/manifests"},{"name":"release-1.6.2","sha":"4937406e4ab5a13d5202a479c088829c4615d112","kind":"tag","published_at":"2012-02-15T00:27:51.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2/manifests"},{"name":"release-1.6.2-rc1","sha":"e9036f2599403b79a92ab05921fb050ef6b300e9","kind":"tag","published_at":"2012-02-09T23:38:50.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.2-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.2-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2-rc1/manifests"},{"name":"release-1.6.2-rc0","sha":"196ab7ea8486f9118d2af6b429319050d4b21298","kind":"tag","published_at":"2012-02-09T22:37:57.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.2-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.2-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.2-rc0/manifests"},{"name":"release-1.6.1","sha":"0a4726777771380299e8baf716a1565a406de0d2","kind":"tag","published_at":"2011-11-15T00:19:17.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.1/manifests"},{"name":"release-1.6.1-rc0","sha":"5c861865c9f95278175b38d0d3ed5d920e5b548c","kind":"tag","published_at":"2011-11-04T21:51:30.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.1-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.1-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.1-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.1-rc0/manifests"},{"name":"release-1.6.0","sha":"7b60f03ad832976b0c771c4af68c3e66a0a4b201","kind":"tag","published_at":"2011-11-01T18:10:51.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0/manifests"},{"name":"release-1.6.0-rc1","sha":"43180cf8a9fb0f3c665e66ab5d94f3a1202cca3e","kind":"tag","published_at":"2011-10-28T22:44:45.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0-rc1/manifests"},{"name":"release-1.6.0-rc0","sha":"cabbe1c3a4bc6761d0392f3faf2988be47819cd5","kind":"tag","published_at":"2011-10-25T00:21:48.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.6.0-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.6.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.6.0-rc0/manifests"},{"name":"release-1.5.4","sha":"76dbd5fe19eba2f6ec343f9f51a5b654e36e9827","kind":"tag","published_at":"2011-09-11T20:52:07.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.4","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.4/manifests"},{"name":"release-1.5.4-rc0","sha":"2566695ad9b64198e2905db121e1727b3f90c8d5","kind":"tag","published_at":"2011-09-07T21:45:41.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.4-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.4-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.4-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.4-rc0/manifests"},{"name":"release-1.5.3","sha":"74aae533d1baaa1003cdce46708181ca68933fad","kind":"tag","published_at":"2011-08-30T05:43:42.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.3","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.3/manifests"},{"name":"release-1.5.2","sha":"eb78714000fb0367fcea10333c373569df5b7178","kind":"tag","published_at":"2011-08-12T19:42:08.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2/manifests"},{"name":"release-1.5.2-rc1","sha":"17b32d944b67486ea2cdb34fe3686eb4427f37cf","kind":"tag","published_at":"2011-07-28T20:02:17.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.2-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.2-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2-rc1/manifests"},{"name":"release-1.5.2-rc0","sha":"f8155f24c015c89f301ca0bf817f841e4facd8f4","kind":"tag","published_at":"2011-07-01T20:42:23.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.2-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.2-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.2-rc0/manifests"},{"name":"release-1.5.1","sha":"cb6560b1ad29c12ff7ddd4bfba646424e99f6bb6","kind":"tag","published_at":"2011-05-06T18:20:39.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.1/manifests"},{"name":"release-1.5.0","sha":"6ee867478ca18135507c4f4e0db49186d08fdbfe","kind":"tag","published_at":"2011-03-12T00:18:38.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0/manifests"},{"name":"release-1.5.0-rc3","sha":"1ae46026f857255d457f0ccb8bf4ad968f8a71a3","kind":"tag","published_at":"2011-03-08T01:16:10.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.0-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc3/manifests"},{"name":"release-1.5.0-rc2","sha":"ccc5fdd16c1f07d7533144a4347c6353536318f2","kind":"tag","published_at":"2011-03-01T17:47:35.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.0-rc2","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc2/manifests"},{"name":"release-1.5.0-rc1","sha":"7848403d07672e6b4ba9f2a5c298c1b5ea4632c4","kind":"tag","published_at":"2011-02-26T01:05:12.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc1/manifests"},{"name":"release-1.5.0-rc0","sha":"b7386b5452740ad12d079afba109fc39f116feb7","kind":"tag","published_at":"2011-02-26T01:02:03.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.5.0-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.5.0-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.5.0-rc0/manifests"},{"name":"release-1.4.1","sha":"c646fd429e1b3ee92c25c6691c21c3454546332e","kind":"tag","published_at":"2010-10-14T18:33:26.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.4.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.1/manifests"},{"name":"release-1.4.1-rc0","sha":"f19a3b63053794835d340f1f62057a3df99a09ab","kind":"tag","published_at":"2010-10-08T21:44:40.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.4.1-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.4.1-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.1-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.1-rc0/manifests"},{"name":"release-1.4.0","sha":"5f1806b2eb1b2d0bcb38a3af8d4412f839b4d273","kind":"tag","published_at":"2010-09-08T18:29:00.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.4.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0/manifests"},{"name":"release-1.4.0-rc3","sha":"24fa9ec4c0bfa13388153cde1695ec799a4587cf","kind":"tag","published_at":"2010-09-01T03:30:58.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.4.0-rc3","html_url":"https://github.com/apache/avro/releases/tag/release-1.4.0-rc3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0-rc3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0-rc3/manifests"},{"name":"release-1.4.0-rc1","sha":"a9faf335db929eaa843678e10189bc5443356ed2","kind":"tag","published_at":"2010-08-30T18:00:10.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.4.0-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.4.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.4.0-rc1/manifests"},{"name":"release-1.3.3","sha":"a052723e1b0f22ec061865f6cdad2ad45c67ac93","kind":"tag","published_at":"2010-06-09T22:00:14.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.3","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3/manifests"},{"name":"release-1.3.3-rc0","sha":"395bb7f9c666410c0fc3a0fe10ad213a5257fcdf","kind":"tag","published_at":"2010-06-07T02:23:58.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.3-rc0","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.3-rc0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3-rc0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3-rc0/manifests"},{"name":"release-1.3.3-rc1","sha":"514dcca8e21407edc10804ee7ab5b36bf290f246","kind":"tag","published_at":"2010-06-06T02:05:29.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.3-rc1","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.3-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.3-rc1/manifests"},{"name":"release-1.3.2","sha":"2ebc1bd7bd0b5a7b7695ee46632b0d46918c727c","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.2","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.2/manifests"},{"name":"release-1.3.1","sha":"3438682347961393ea40d60447c899435696de5e","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.1","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.1/manifests"},{"name":"release-1.3.0","sha":"54c7c5e90a77e298f09fb884520b00b1496cde90","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.3.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.3.0/manifests"},{"name":"release-1.2.0","sha":"8e900b4a1450bc64057a257efa7682daf5da1c8b","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.2.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.2.0/manifests"},{"name":"release-1.1.0","sha":"12b51f98003fb0af5966eb6710a8270d69dd7ee3","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.1.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.1.0/manifests"},{"name":"release-1.0.0","sha":"116a973813541d4f6ca000ae27090074871e714e","kind":"tag","published_at":"2010-05-10T21:58:52.000Z","download_url":"https://codeload.github.com/apache/avro/tar.gz/release-1.0.0","html_url":"https://github.com/apache/avro/releases/tag/release-1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Favro/tags/release-1.0.0/manifests"}]},"repo_metadata_updated_at":"2023-07-03T13:36:28.213Z","dependent_packages_count":1964,"downloads":null,"downloads_period":null,"dependent_repos_count":15858,"rankings":{"downloads":null,"dependent_repos_count":0.05550212390799071,"dependent_packages_count":0.03626673078464375,"stargazers_count":6.684900216398172,"forks_count":4.046846197002484,"docker_downloads_count":0.04688627073815821,"average":2.17408030776629},"purl":"pkg:maven/org.apache.avro/avro","advisories":[{"uuid":"GSA_kwCzR0hTQS1yN3BnLXYyYzgtbWZnM84AA_7r","url":"https://github.com/advisories/GHSA-r7pg-v2c8-mfg3","title":"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)","description":"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code.\nUsers are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2024-10-03T12:30:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-47561","https://lists.apache.org/thread/c2v7mhqnmq0jmbwxqq3r5jbj1xg43h5x","https://github.com/apache/avro/pull/2934","https://github.com/apache/avro/pull/2980","https://github.com/apache/avro/commit/8f89868d29272e3afea2ff8de8c85cb81a57d900","https://github.com/apache/avro/commit/f6b3bd7e50e6e09fedddb98c61558c022ba31285","https://issues.apache.org/jira/browse/AVRO-3985","https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html","https://www.openwall.com/lists/oss-security/2024/10/03/1","https://github.com/advisories/GHSA-r7pg-v2c8-mfg3"],"source_kind":"github","identifiers":["GHSA-r7pg-v2c8-mfg3","CVE-2024-47561"],"repository_url":"https://github.com/apache/avro","blast_radius":39.06231024569279,"packages":[{"versions":[{"first_patched_version":"1.11.4","vulnerable_version_range":"\u003c 1.11.4"}],"ecosystem":"maven","package_name":"org.apache.avro:avro"}],"created_at":"2024-10-03T17:06:27.390Z","updated_at":"2025-04-30T01:08:37.333Z","epss_percentage":0.00841,"epss_percentile":0.73462},{"uuid":"GSA_kwCzR0hTQS1yaHJ2LTY0NWgtZmpmaM4AA2Jb","url":"https://github.com/advisories/GHSA-rhrv-645h-fjfh","title":"Apache Avro Java SDK vulnerable to Improper Input Validation","description":"When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2.  Users should update to apache-avro version 1.11.3 which addresses this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-09-29T18:30:22.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-39410","https://lists.apache.org/thread/q142wj99cwdd0jo5lvdoxzoymlqyjdds","http://www.openwall.com/lists/oss-security/2023/09/29/6","https://github.com/apache/avro/commit/a12a7e44ddbe060c3dc731863cad5c15f9267828","https://github.com/pypa/advisory-database/tree/main/vulns/avro/PYSEC-2023-188.yaml","https://www.openwall.com/lists/oss-security/2023/09/29/6","https://security.netapp.com/advisory/ntap-20240621-0006","https://github.com/advisories/GHSA-rhrv-645h-fjfh"],"source_kind":"github","identifiers":["GHSA-rhrv-645h-fjfh","CVE-2023-39410"],"repository_url":"https://github.com/apache/avro","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"1.11.3","vulnerable_version_range":"\u003e= 0, \u003c 1.11.3"}],"ecosystem":"pypi","package_name":"avro"},{"versions":[{"first_patched_version":"1.11.3","vulnerable_version_range":"\u003c 1.11.3"}],"ecosystem":"maven","package_name":"org.apache.avro:avro"}],"created_at":"2023-09-29T23:05:49.825Z","updated_at":"2025-02-13T19:16:15.000Z","epss_percentage":0.00045,"epss_percentile":0.13698}],"docker_usage_url":"https://docker.ecosyste.ms/usage/maven/org.apache.avro:avro","docker_dependents_count":4536,"docker_downloads_count":2611791504,"usage_url":"https://repos.ecosyste.ms/usage/maven/org.apache.avro:avro","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/maven/org.apache.avro:avro/dependencies","status":null,"funding_links":[],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.avro:avro/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.avro:avro/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.avro:avro/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages/org.apache.avro:avro/related_packages","maintainers":[],"registry":{"name":"repo1.maven.org","url":"https://repo.maven.apache.org/maven2","ecosystem":"maven","default":true,"packages_count":517647,"maintainers_count":0,"namespaces_count":68787,"keywords_count":32037,"github":"maven-central","metadata":{"funded_packages_count":24975},"icon_url":"https://github.com/maven-central.png","created_at":"2022-07-21T16:40:13.074Z","updated_at":"2025-06-06T05:59:03.422Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/repo1.maven.org/namespaces"}},"unique_repositories_count":119,"unique_repositories_count_past_30_days":0,"recent_issues":[{"uuid":"4325308070","node_id":"PR_kwDOKJTg4s7VdEcA","number":4,"state":"closed","title":"Bump the maven group across 11 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:45:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T20:09:19.000Z","updated_at":"2026-04-25T16:45:24.000Z","time_to_close":74164,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.zookeeper:zookeeper","old_version":"3.4.14","new_version":"3.8.6"},{"name":"org.apache.mina:mina-core","old_version":"2.2.1","new_version":"2.2.4","repository_url":"https://github.com/apache/mina"},{"name":"com.google.protobuf:protobuf-java","old_version":"3.24.0","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"com.squareup.okhttp3:okhttp","old_version":"3.14.9","new_version":"4.9.2","repository_url":"https://github.com/square/okhttp"},{"name":"org.hibernate:hibernate-validator","old_version":"5.4.3.Final","new_version":"6.2.0.Final"},{"name":"org.apache.avro:avro","old_version":"1.11.1","new_version":"1.11.4"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.87","new_version":"9.0.117"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.2.11","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.15.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.57.1","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.10.3","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-consumer directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-provider directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 15 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.zookeeper:zookeeper | `3.4.14` | `3.8.6` |\n| [org.apache.mina:mina-core](https://github.com/apache/mina) | `2.2.1` | `2.2.4` |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.24.0` | `3.25.5` |\n| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `3.14.9` | `4.9.2` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.avro:avro | `1.11.1` | `1.11.4` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.87` | `9.0.117` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.2.11` | `1.2.13` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.15.2` | `2.18.6` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.57.1` | `1.75.0` |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.10.3` | `1.1.10.4` |\n\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-maven-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-native-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-spring-boot/dubbo-spring-boot-starters/dubbo-zookeeper-curator5-spring-boot-starter directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 3 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper, org.apache.commons:commons-compress and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.mina:mina-core` from 2.2.1 to 2.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/4134a125d8830c67c21b97c28f2bf706801bdd13\"\u003e\u003ccode\u003e4134a12\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/ccc85e38a1b1b494444246b6cd9d98419dee8912\"\u003e\u003ccode\u003eccc85e3\u003c/code\u003e\u003c/a\u003e Fixing another link issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/bfb75f2490953fa4753da57ef742fdeb5e0ef3ea\"\u003e\u003ccode\u003ebfb75f2\u003c/code\u003e\u003c/a\u003e Rollbacked to source plugin 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/625a52405acabe624a2bf9e68f8743ec46474b37\"\u003e\u003ccode\u003e625a524\u003c/code\u003e\u003c/a\u003e Trying to get maven source plugin to the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/252130da0fd76d9c2399b75a9f1a13efa313f133\"\u003e\u003ccode\u003e252130d\u003c/code\u003e\u003c/a\u003e Solved some link issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/859e7aaa6f039032c3063daa92e86d94eac11cc5\"\u003e\u003ccode\u003e859e7aa\u003c/code\u003e\u003c/a\u003e Fixed a bad \u003ca href=\"https://github.com/link\"\u003e\u003ccode\u003e@​link\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/f58344115703a883074941f54fccd92aeeb4382e\"\u003e\u003ccode\u003ef583441\u003c/code\u003e\u003c/a\u003e Fixed some compilation issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/b1dc83a3a8ceef10cff1daa957320ac043fc03d8\"\u003e\u003ccode\u003eb1dc83a\u003c/code\u003e\u003c/a\u003e Fixed some javadoc issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/06a51073ebddd1a969ba50ea41e8bb262c065169\"\u003e\u003ccode\u003e06a5107\u003c/code\u003e\u003c/a\u003e Rollbacked maven source plugin to 3.2.1, because since 3.3.0 the build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/97918866b79f35bcf00a5e7090e02c15ab82b1db\"\u003e\u003ccode\u003e9791886\u003c/code\u003e\u003c/a\u003e Added some missing spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/mina/compare/2.2.1...2.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 3.24.0 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.24.0...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.squareup.okhttp3:okhttp` from 3.14.9 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/square/okhttp/blob/master/CHANGELOG.md\"\u003ecom.squareup.okhttp3:okhttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003ch2\u003eVersion 5.3.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-18\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\ntimeouts to fire later than they were supposed to.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.4][okio_3_16_4].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-16\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eThis release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade: [Okio 3.16.3][okio_3_16_3].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-10-30\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Add tags to \u003ccode\u003eCall\u003c/code\u003e, including computable tags. Use this to attach application-specific\nmetadata to a \u003ccode\u003eCall\u003c/code\u003e in an \u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e. The tag can be read in any other\n\u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"kotlin\"\u003e\u003ccode\u003e  override fun intercept(chain: Interceptor.Chain): Response {\n    chain.call().tag(MyAnalyticsTag::class) {\n      MyAnalyticsTag(...)\n    }\n\u003cpre\u003e\u003ccode\u003ereturn chain.proceed(chain.request())\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Support request bodies on HTTP/1.1 connection upgrades.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: \u003ccode\u003eEventListener.plus()\u003c/code\u003e makes it easier to observe events in multiple listeners.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't spam logs with \u003cem\u003e‘Method isLoggable in android.util.Log not mocked.’\u003c/em\u003e when using\nOkHttp in Robolectric and Paparazzi tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Kotlin 2.2.21][kotlin_2_2_21].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.2][okio_3_16_2].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail\n[16 KB ELF alignment checks][elf_alignment].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d\"\u003e\u003ccode\u003e3edf17c\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7\"\u003e\u003ccode\u003e262b3cd\u003c/code\u003e\u003c/a\u003e Handle strict module handling on JDK17 (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6707\"\u003e#6707\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6742\"\u003e#6742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c\"\u003e\u003ccode\u003ef574ea2\u003c/code\u003e\u003c/a\u003e Cherry pick fix for CVE-2021-0341 onto 4.9.x (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6741\"\u003e#6741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518\"\u003e\u003ccode\u003e1fd7c0a\u003c/code\u003e\u003c/a\u003e Make it more difficult to accidentally log sensitive headers (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6551\"\u003e#6551\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6740\"\u003e#6740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6\"\u003e\u003ccode\u003eb0397cc\u003c/code\u003e\u003c/a\u003e 4.9.x GitHub builds update (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6732\"\u003e#6732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd\"\u003e\u003ccode\u003eeb5a834\u003c/code\u003e\u003c/a\u003e Prepare next development version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf\"\u003e\u003ccode\u003e63dcd95\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/d2e28ab672d5734a76f97f48174a3e6e8339e183\"\u003e\u003ccode\u003ed2e28ab\u003c/code\u003e\u003c/a\u003e Silently ignore 'bio == null' NullPointerExceptions (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6534\"\u003e#6534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/cbeaf8f955fff9caa5652ccc6c1393ec8b993799\"\u003e\u003ccode\u003ecbeaf8f\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/8fd74a7482effe1ca8847a28b29262415dbb7faa\"\u003e\u003ccode\u003e8fd74a7\u003c/code\u003e\u003c/a\u003e Conscrypt 2.5.1 Upgrade (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6263\"\u003e#6263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/square/okhttp/compare/parent-3.14.9...parent-4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-validator` from 5.4.3.Final to 6.2.0.Final\n\nUpdates `org.apache.avro:avro` from 1.11.1 to 1.11.4\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.87 to 9.0.117\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.11 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2648b9e7fbb47426c89b9c93b411c07484e8f277\"\u003e\u003ccode\u003e2648b9e\u003c/code\u003e\u003c/a\u003e prepare release 1.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3\"\u003e\u003ccode\u003ebb09515\u003c/code\u003e\u003c/a\u003e fix CVE-2023-6378\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/45732949bfb845df04cbe65292cf48aaa090cb1d\"\u003e\u003ccode\u003e4573294\u003c/code\u003e\u003c/a\u003e start work on 1.2.13-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/a388193052c298ca87cc64192319df723288c6ab\"\u003e\u003ccode\u003ea388193\u003c/code\u003e\u003c/a\u003e Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/de44dc422bc3da1d7808283851324d960b492d4d\"\u003e\u003ccode\u003ede44dc4\u003c/code\u003e\u003c/a\u003e prepare release 1.2.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ca0cf172f680308938515b8a5d69348759ee947c\"\u003e\u003ccode\u003eca0cf17\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/532\"\u003e#532\u003c/a\u003e from joakime/fix-jetty-requestlog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e31609b1980b9ba986344aae3cab7275fa2b4935\"\u003e\u003ccode\u003ee31609b\u003c/code\u003e\u003c/a\u003e removed unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/21e29efb284766f386781175b2ba18585b690154\"\u003e\u003ccode\u003e21e29ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/567\"\u003e#567\u003c/a\u003e from spliffone/LOGBACK-1633\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e869000e1d5901e6aa6f46cc6575ee2137f15b69\"\u003e\u003ccode\u003ee869000\u003c/code\u003e\u003c/a\u003e fix: published POM file contain the wrong scm URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/009ea46cb81a015f2ca312bde6e823581b93b37a\"\u003e\u003ccode\u003e009ea46\u003c/code\u003e\u003c/a\u003e version for next dev cycle\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.11...v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.12.0 to 3.18.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.15.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.57.1 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at the aggregate cluster layer to choose a priority from that combined list. However, it turns out that aggregate clusters don't actually define the LB policy in the aggregate cluster; instead, the aggregate cluster uses a special cluster-provided LB policy that first chooses the underlying cluster and then delegates to the LB policy of the underlying cluster. This change implements that.\u003c/li\u003e\n\u003cli\u003eapi: set size correctly for sets and maps in handling \u003ccode\u003eMetadata\u003c/code\u003e values to be exchanged during a call (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12229\"\u003e#12229\u003c/a\u003e) (80217275d)\u003c/li\u003e\n\u003cli\u003exds: xdsClient cache transient error for new watchers (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12291\"\u003e#12291\u003c/a\u003e). When a resource update is NACKed, cache the error and update new watchers that get added with that error instead of making them hang.\u003c/li\u003e\n\u003cli\u003exds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e). If a LB policy gives extraneous updates with state CONNECTING, then it was possible to re-create \u003ccode\u003efailOverTimer\u003c/code\u003e which would then wait the 10 seconds for the child to finish CONNECTING. We only want to give the child one opportunity after transitioning out of READY/IDLE.\u003c/li\u003e\n\u003cli\u003exds: Use a different log name for \u003ccode\u003eXdsClientImpl\u003c/code\u003e and \u003ccode\u003eControlPlaneClient\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12287\"\u003e#12287\u003c/a\u003e). \u003ccode\u003eControlPlaneClient\u003c/code\u003e uses \u0026quot;xds-cp-client\u0026quot; now instead of \u0026quot;xds-client\u0026quot; while logging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Netty 4.1.124.Final (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e). This implicitly disables \u003ccode\u003eNettyAdaptiveCumulator\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/11284\"\u003e#11284\u003c/a\u003e), which can have a performance impact. We delayed upgrading Netty to give time to rework the optimization, but we've gone too long already without upgrading which causes problems for vulnerability tracking.\u003c/li\u003e\n\u003cli\u003ebazel: Use \u003ccode\u003ejar_jar\u003c/code\u003e to avoid xds deps (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12243\"\u003e#12243\u003c/a\u003e) (8f09b9689). The //xds and //xds:orca targets now use \u003ccode\u003ejar_jar\u003c/code\u003e to shade the protobuf generated code. This allows them to use their own private copy of the protos and drop direct Bazel dependencies on cel-spec, grpc, rules_go, com_github_cncf_xds, envoy_api, com_envoyproxy_protoc_gen_validate, and opencensus_proto. This mirrors the shading of protobuf messages done for grpc-xds provided on Maven Central and should simplify dependency management\u003c/li\u003e\n\u003cli\u003eProtobuf upgraded to 3.25.8\u003c/li\u003e\n\u003cli\u003eproto-google-common-protos upgraded to 2.59.2\u003c/li\u003e\n\u003cli\u003es2a-proto upgraded to 1.1.2\u003c/li\u003e\n\u003cli\u003egoogle-cloud-logging upgraded to 3.23.1 (used by gcp-observability)\u003c/li\u003e\n\u003cli\u003eOpenTelemetry upgraded to 1.52.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify requirements for creating a cross-user Channel. (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12181\"\u003e#12181\u003c/a\u003e). The \u003ccode\u003e@SystemApi\u003c/code\u003e runtime visibility requirement isn't really new. It has always been implicit in the required INTERACT_ACROSS_USERS permission, which can only be held by system apps in production. Now deprecated \u003ccode\u003eBinderChannelBuilder#bindAsUser\u003c/code\u003e has always required SDK_INT \u0026gt;= 30. This change just copies that requirement forward to its replacement APIs in \u003ccode\u003eAndroidComponentAddress\u003c/code\u003e and the TARGET_ANDROID_USER \u003ccode\u003eNameResolver.Args\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eapi: Add more Javadoc for \u003ccode\u003eNameResolver.Listener2\u003c/code\u003e interface (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12220\"\u003e#12220\u003c/a\u003e) (d352540a0)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/benjaminp\"\u003e\u003ccode\u003e@​benjaminp\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/werkt\"\u003e\u003ccode\u003e@​werkt\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/vimanikag\"\u003e\u003ccode\u003e@​vimanikag\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.74.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecompiler: Default to \u003ccode\u003e@generated=omit\u003c/code\u003e (f8700a13a). This omits \u003ccode\u003ejavax.annotation.Generated\u003c/code\u003e from the generated code and makes the \u003ccode\u003eorg.apache.tomcat:annotations-api\u003c/code\u003e compile-only dependency unnecessary (README and examples changes forthcoming; we delayed those changes until the release landed). You can use the option \u003ccode\u003e@generated=javax\u003c/code\u003e for the previous behavior, but please also file an issue so we can develop alternatives\u003c/li\u003e\n\u003cli\u003ecompiler: generate blocking v2 unary calls that throw StatusException (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12126\"\u003e#12126\u003c/a\u003e) (a16d65591). Previously, the new blocking stub API was identical to the older blocking stub for unary RPCs and used the unchecked \u003ccode\u003eStatusRuntimeException\u003c/code\u003e. However, feedback demonstrated it was confusing to mix that with the checked \u003ccode\u003eStatusException\u003c/code\u003e in \u003ccode\u003eBlockingClientCall\u003c/code\u003e. Now the new blocking stub uses StatusException throughout. grpc-java continues to support the old generated code, but the version of protoc-gen-grpc-java will dictate which API you see. If you support multiple generated code versions, you can use the older blocking v1 stub for unary RPCs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Fix a race that caused RPCs to hang on start when a GOAWAY was received while the RPCs’ headers were being written to the OS (b04c673fd, 15c757398). This was a very old race, not a recent regression. All streams should now properly fail instead of hanging, although in some cases they may be transparently retried\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/3abc0e6e1f4981017b7117e47e1844a318a51f24\"\u003e\u003ccode\u003e3abc0e6\u003c/code\u003e\u003c/a\u003e Bump version to 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/cbfe6c1ccaf0d9480daa8faa3e37a117adb798ba\"\u003e\u003ccode\u003ecbfe6c1\u003c/code\u003e\u003c/a\u003e Update README etc to reference 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a0f3520ad0bf5186f84d48b7df6e2555e8b16da8\"\u003e\u003ccode\u003ea0f3520\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12295\"\u003e#12295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/7ef13f40a6d9cdaccd0c064b5bd3745f9518781e\"\u003e\u003ccode\u003e7ef13f4\u003c/code\u003e\u003c/a\u003e Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/14fd8eff28d55fae4a791b256602d83a5fb9d848\"\u003e\u003ccode\u003e14fd8ef\u003c/code\u003e\u003c/a\u003e xds: xdsClient caches transient error for new watchers (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/653d076c605a9066cf6ae484921058580df2437d\"\u003e\u003ccode\u003e653d076\u003c/code\u003e\u003c/a\u003e xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a5c2b1aa51608b1fff016a313d8ee65f92e8d23d\"\u003e\u003ccode\u003ea5c2b1a\u003c/code\u003e\u003c/a\u003e netty: Count sent RST_STREAMs against limit (1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/0d3e8283a8105a7bbf1bf746d96cac1e363de2e3\"\u003e\u003ccode\u003e0d3e828\u003c/code\u003e\u003c/a\u003e xds: Use a different log name for XdsClientImpl and ControlPlaneClient (1.75....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/d750e9df576a63f8b0d55eefc730282dc60f99d1\"\u003e\u003ccode\u003ed750e9d\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.1.124.Final (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/19c579e8a93cc0660df1523b5740eae9aa888a09\"\u003e\u003ccode\u003e19c579e\u003c/code\u003e\u003c/a\u003e Bump versions of dependencies (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12252\"\u003e#12252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-java/compare/v1.57.1...v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.10.3 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.0 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GizzZmo/dubbo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GizzZmo/dubbo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GizzZmo%2Fdubbo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4242176397","node_id":"PR_kwDOIdXQSs7RlzU0","number":12,"state":"closed","title":"Bump the maven group across 8 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","java","type:build","module:mixed-spark","module:mixed-trino","module:mixed-flink"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-14T00:24:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T23:22:33.000Z","updated_at":"2026-04-14T00:24:37.000Z","time_to_close":262923,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":9,"packages":[{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.13.5","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.derby:derby","old_version":"10.14.2.0","new_version":"10.17.1.0"},{"name":"io.netty:netty-codec-http2","old_version":"4.1.129.Final","new_version":"4.1.132.Final","repository_url":"https://github.com/netty/netty"},{"name":"org.apache.hive:hive-exec","old_version":"2.1.1","new_version":"4.0.1"},{"name":"org.assertj:assertj-core","old_version":"3.21.0","new_version":"3.27.7","repository_url":"https://github.com/assertj/assertj"},{"name":"org.apache.avro:avro","old_version":"1.10.1","new_version":"1.11.4"},{"name":"commons-io:commons-io","old_version":"2.4","new_version":"2.14.0"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.13.5` | `2.18.6` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.derby:derby | `10.14.2.0` | `10.17.1.0` |\n| [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.1.129.Final` | `4.1.132.Final` |\n| org.apache.hive:hive-exec | `2.1.1` | `4.0.1` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.21.0` | `3.27.7` |\n| org.apache.avro:avro | `1.10.1` | `1.11.4` |\n| commons-io:commons-io | `2.4` | `2.14.0` |\n\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-flink/amoro-mixed-flink-common directory: [org.assertj:assertj-core](https://github.com/assertj/assertj).\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-flink/amoro-mixed-flink-common-iceberg-bridge directory: [org.assertj:assertj-core](https://github.com/assertj/assertj).\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.3/amoro-mixed-spark-3.3 directory: org.apache.hive:hive-exec.\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.4/amoro-mixed-spark-3.4 directory: org.apache.hive:hive-exec.\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.5/amoro-mixed-spark-3.5 directory: org.apache.hive:hive-exec.\nBumps the maven group with 3 updates in the /amoro-format-mixed/amoro-mixed-trino directory: org.apache.hive:hive-exec, org.apache.avro:avro and commons-io:commons-io.\nBumps the maven group with 6 updates in the /amoro-openapi-sdk directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.13.5` | `2.18.6` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.derby:derby | `10.14.2.0` | `10.17.1.0` |\n| [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.1.129.Final` | `4.1.132.Final` |\n| org.apache.hive:hive-exec | `3.1.3` | `4.0.1` |\n\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.13.5 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.13.5...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.derby:derby` from 10.14.2.0 to 10.17.1.0\n\nUpdates `io.netty:netty-codec-http2` from 4.1.129.Final to 4.1.132.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/netty/netty/releases\"\u003eio.netty:netty-codec-http2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enetty-4.1.132.Final\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-33871, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv\"\u003eHTTP/2 CONTINUATION Frame Flood Denial of Service\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-33870, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8\"\u003eHTTP Request Smuggling via Chunked Extension Quoted-String Parsing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16248\"\u003enetty/netty#16248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake RefCntOpenSslContext.deallocate more robust (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16253\"\u003e#16253\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16257\"\u003enetty/netty#16257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to gcc for arm 10.3-2021.07 (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16255\"\u003e#16255\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16263\"\u003enetty/netty#16263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP2: Correctly account for padding when decompress by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16265\"\u003enetty/netty#16265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate JDK versions to latest patch releases (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16254\"\u003e#16254\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16267\"\u003enetty/netty#16267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Automatic backporting workflow from 4.1 to 4.2 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16274\"\u003enetty/netty#16274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Backport PRs must be created with personal access tokens by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16277\"\u003enetty/netty#16277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Add more porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16284\"\u003enetty/netty#16284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Some polishing of the porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16292\"\u003enetty/netty#16292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16303\"\u003enetty/netty#16303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Support more branch freedom for auto-porting by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16310\"\u003enetty/netty#16310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the precedence of + is higher than \u0026gt;\u0026gt; (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16312\"\u003e#16312\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16316\"\u003enetty/netty#16316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16320\"\u003enetty/netty#16320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky PooledByteBufAllocatorTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16324\"\u003enetty/netty#16324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix pooled arena accounting tests  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16326\"\u003enetty/netty#16326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix RunInFastThreadLocalThreadExtension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16328\"\u003enetty/netty#16328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: AdaptivePoolingAllocator: call \u003ccode\u003eunreserveMatchingBuddy(...)\u003c/code\u003e if \u003ccode\u003ebyteBuf\u003c/code\u003e initialization failed by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16331\"\u003enetty/netty#16331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Mark LoggingHandlerTest with \u003ca href=\"https://github.com/Isolated\"\u003e\u003ccode\u003e@​Isolated\u003c/code\u003e\u003c/a\u003e to fix flaky build by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16340\"\u003enetty/netty#16340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky HTTP/2 test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16348\"\u003enetty/netty#16348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky RenegotiateTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16355\"\u003enetty/netty#16355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix HTTP/2 push frame test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16353\"\u003enetty/netty#16353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSSL test: Don't depend on property value in test (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16346\"\u003e#16346\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16362\"\u003enetty/netty#16362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Don't assume CertificateFactory is thread-safe by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16364\"\u003enetty/netty#16364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16334\"\u003e#16334\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16368\"\u003enetty/netty#16368\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16372\"\u003enetty/netty#16372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix leak in SniHandlerTest (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16367\"\u003e#16367\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16377\"\u003enetty/netty#16377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16373\"\u003enetty/netty#16373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove reference counting from size classed chunks (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16306\"\u003e#16306\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16379\"\u003enetty/netty#16379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16384\"\u003enetty/netty#16384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by \u003ca href=\"https://github.com/samlandfried\"\u003e\u003ccode\u003e@​samlandfried\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16280\"\u003enetty/netty#16280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix autoport fetching into the existing branch - again by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16417\"\u003enetty/netty#16417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16419\"\u003enetty/netty#16419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16421\"\u003enetty/netty#16421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Whitelist JMH annotation processing in microbench module by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16430\"\u003enetty/netty#16430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: HTTP2: Ensure preface is flushed in all cases  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16432\"\u003enetty/netty#16432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16437\"\u003enetty/netty#16437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16435\"\u003enetty/netty#16435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16446\"\u003enetty/netty#16446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16448\"\u003enetty/netty#16448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16459\"\u003enetty/netty#16459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16456\"\u003enetty/netty#16456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Epoll: Add null checks for safety reasons by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16463\"\u003enetty/netty#16463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16464\"\u003enetty/netty#16464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/ec119d487b3a27e4ac118e7e1d97f0c96a85f4a3\"\u003e\u003ccode\u003eec119d4\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.132.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819\"\u003e\u003ccode\u003e60e53c9\u003c/code\u003e\u003c/a\u003e Stricter HTTP/1.1 chunk extension parsing (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16537\"\u003e#16537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85\"\u003e\u003ccode\u003e9f47a7b\u003c/code\u003e\u003c/a\u003e Limit the number of Continuation frames per HTTP2 Headers (\u003ca href=\"https://redirect.github.com/netty/netty/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5\"\u003e\u003ccode\u003e10c1603\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/df6599790dc2c6810e253e9a14903f450e7aeffe\"\u003e\u003ccode\u003edf65997\u003c/code\u003e\u003c/a\u003e Epoll: setTcpMg5Sig(...) might overflow (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16511\"\u003e#16511\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16520\"\u003e#16520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/692ec8772dffdfbc9f3dc57bb4379d9338822ebd\"\u003e\u003ccode\u003e692ec87\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/3ac3f37e6dcfec658f4cb02935452ea25bb891f5\"\u003e\u003ccode\u003e3ac3f37\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: remove \u003ccode\u003eensureAccessible()\u003c/code\u003e call in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/5a0072ba96adde85936cb511cb8e24aef0bda811\"\u003e\u003ccode\u003e5a0072b\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16468\"\u003e#16468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/779fce7ff70da741633c22ec80870008fa655d35\"\u003e\u003ccode\u003e779fce7\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (\u003ca href=\"https://redirect.github.com/netty/netty/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/56d84e13175d1f33f6d8732e2bdd0e36d32db9a7\"\u003e\u003ccode\u003e56d84e1\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.129.Final...netty-4.1.132.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 2.1.1 to 4.0.1\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.avro:avro` from 1.10.1 to 1.11.4\n\nUpdates `commons-io:commons-io` from 2.4 to 2.14.0\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.1.1 to 4.0.1\n\nUpdates `org.apache.avro:avro` from 1.10.1 to 1.11.4\n\nUpdates `commons-io:commons-io` from 2.4 to 2.14.0\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.13.5 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.13.5...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.derby:derby` from 10.14.2.0 to 10.17.1.0\n\nUpdates `io.netty:netty-codec-http2` from 4.1.129.Final to 4.1.132.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/netty/netty/releases\"\u003eio.netty:netty-codec-http2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enetty-4.1.132.Final\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-33871, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv\"\u003eHTTP/2 CONTINUATION Frame Flood Denial of Service\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-33870, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8\"\u003eHTTP Request Smuggling via Chunked Extension Quoted-String Parsing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16248\"\u003enetty/netty#16248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake RefCntOpenSslContext.deallocate more robust (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16253\"\u003e#16253\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16257\"\u003enetty/netty#16257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to gcc for arm 10.3-2021.07 (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16255\"\u003e#16255\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16263\"\u003enetty/netty#16263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP2: Correctly account for padding when decompress by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16265\"\u003enetty/netty#16265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate JDK versions to latest patch releases (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16254\"\u003e#16254\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16267\"\u003enetty/netty#16267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Automatic backporting workflow from 4.1 to 4.2 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16274\"\u003enetty/netty#16274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Backport PRs must be created with personal access tokens by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16277\"\u003enetty/netty#16277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Add more porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16284\"\u003enetty/netty#16284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Some polishing of the porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16292\"\u003enetty/netty#16292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16303\"\u003enetty/netty#16303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Support more branch freedom for auto-porting by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16310\"\u003enetty/netty#16310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the precedence of + is higher than \u0026gt;\u0026gt; (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16312\"\u003e#16312\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16316\"\u003enetty/netty#16316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16320\"\u003enetty/netty#16320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky PooledByteBufAllocatorTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16324\"\u003enetty/netty#16324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix pooled arena accounting tests  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16326\"\u003enetty/netty#16326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix RunInFastThreadLocalThreadExtension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16328\"\u003enetty/netty#16328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: AdaptivePoolingAllocator: call \u003ccode\u003eunreserveMatchingBuddy(...)\u003c/code\u003e if \u003ccode\u003ebyteBuf\u003c/code\u003e initialization failed by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16331\"\u003enetty/netty#16331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Mark LoggingHandlerTest with \u003ca href=\"https://github.com/Isolated\"\u003e\u003ccode\u003e@​Isolated\u003c/code\u003e\u003c/a\u003e to fix flaky build by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16340\"\u003enetty/netty#16340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky HTTP/2 test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16348\"\u003enetty/netty#16348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky RenegotiateTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16355\"\u003enetty/netty#16355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix HTTP/2 push frame test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16353\"\u003enetty/netty#16353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSSL test: Don't depend on property value in test (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16346\"\u003e#16346\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16362\"\u003enetty/netty#16362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Don't assume CertificateFactory is thread-safe by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16364\"\u003enetty/netty#16364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16334\"\u003e#16334\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16368\"\u003enetty/netty#16368\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16372\"\u003enetty/netty#16372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix leak in SniHandlerTest (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16367\"\u003e#16367\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16377\"\u003enetty/netty#16377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16373\"\u003enetty/netty#16373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove reference counting from size classed chunks (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16306\"\u003e#16306\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16379\"\u003enetty/netty#16379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16384\"\u003enetty/netty#16384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by \u003ca href=\"https://github.com/samlandfried\"\u003e\u003ccode\u003e@​samlandfried\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16280\"\u003enetty/netty#16280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix autoport fetching into the existing branch - again by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16417\"\u003enetty/netty#16417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16419\"\u003enetty/netty#16419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16421\"\u003enetty/netty#16421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Whitelist JMH annotation processing in microbench module by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16430\"\u003enetty/netty#16430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: HTTP2: Ensure preface is flushed in all cases  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16432\"\u003enetty/netty#16432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16437\"\u003enetty/netty#16437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16435\"\u003enetty/netty#16435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16446\"\u003enetty/netty#16446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16448\"\u003enetty/netty#16448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16459\"\u003enetty/netty#16459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16456\"\u003enetty/netty#16456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Epoll: Add null checks for safety reasons by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16463\"\u003enetty/netty#16463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16464\"\u003enetty/netty#16464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/ec119d487b3a27e4ac118e7e1d97f0c96a85f4a3\"\u003e\u003ccode\u003eec119d4\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.132.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819\"\u003e\u003ccode\u003e60e53c9\u003c/code\u003e\u003c/a\u003e Stricter HTTP/1.1 chunk extension parsing (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16537\"\u003e#16537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85\"\u003e\u003ccode\u003e9f47a7b\u003c/code\u003e\u003c/a\u003e Limit the number of Continuation frames per HTTP2 Headers (\u003ca href=\"https://redirect.github.com/netty/netty/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5\"\u003e\u003ccode\u003e10c1603\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/df6599790dc2c6810e253e9a14903f450e7aeffe\"\u003e\u003ccode\u003edf65997\u003c/code\u003e\u003c/a\u003e Epoll: setTcpMg5Sig(...) might overflow (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16511\"\u003e#16511\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16520\"\u003e#16520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/692ec8772dffdfbc9f3dc57bb4379d9338822ebd\"\u003e\u003ccode\u003e692ec87\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/3ac3f37e6dcfec658f4cb02935452ea25bb891f5\"\u003e\u003ccode\u003e3ac3f37\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: remove \u003ccode\u003eensureAccessible()\u003c/code\u003e call in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/5a0072ba96adde85936cb511cb8e24aef0bda811\"\u003e\u003ccode\u003e5a0072b\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16468\"\u003e#16468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/779fce7ff70da741633c22ec80870008fa655d35\"\u003e\u003ccode\u003e779fce7\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (\u003ca href=\"https://redirect.github.com/netty/netty/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/56d84e13175d1f33f6d8732e2bdd0e36d32db9a7\"\u003e\u003ccode\u003e56d84e1\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.129.Final...netty-4.1.132.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 3.1.3 to 4.0.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xxubai/amoro/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/xxubai/amoro/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xxubai%2Famoro/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4161865451","node_id":"PR_kwDORx4z787OUc2e","number":7,"state":"open","title":"build(deps): bump the maven group across 14 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-28T22:37:30.000Z","updated_at":"2026-03-28T22:46:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"},{"name":"org.bitbucket.b_c:jose4j","old_version":"Fuzzing-SNAPSHOT","new_version":"0.9.6"},{"name":"com.nimbusds:nimbus-jose-jwt","old_version":"9.30.1","new_version":"9.37.4"},{"name":"com.google.guava:guava","old_version":"31.1-jre","new_version":"32.0.0-jre","repository_url":"https://github.com/google/guava"},{"name":"com.google.protobuf:protobuf-java","old_version":"4.0.0-rc-2","new_version":"4.27.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.3"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.2","new_version":"2.25.3"},{"name":"org.jboss.xnio:xnio-api","old_version":"3.8.8.Final","new_version":"3.8.14.Final"},{"name":"com.esotericsoftware.yamlbeans:yamlbeans","old_version":"Fuzzing-SNAPSHOT","new_version":"1.17","repository_url":"https://github.com/EsotericSoftware/yamlbeans"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core and org.apache.cxf:cxf-rt-frontend-jaxrs.\nBumps the maven group with 1 update in the /projects/async-http-client/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\nBumps the maven group with 1 update in the /projects/jose4j/project-parent/fuzz-targets directory: [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j).\nBumps the maven group with 1 update in the /projects/nimbus-jwt/nimbus-jwt-fuzzer directory: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt).\nBumps the maven group with 2 updates in the /projects/opencensus-java/project-parent/fuzz-targets directory: [com.google.guava:guava](https://github.com/google/guava) and [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf).\nBumps the maven group with 1 update in the /projects/pdfbox/project-parent/fuzz-targets directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/struts/struts2-fuzzer/webapp directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/xnio-api/xnio-fuzzer directory: org.jboss.xnio:xnio-api.\nBumps the maven group with 1 update in the /projects/yamlbeans/project-parent/fuzz-targets directory: [com.esotericsoftware.yamlbeans:yamlbeans](https://github.com/EsotericSoftware/yamlbeans).\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\nUpdates `org.bitbucket.b_c:jose4j` from Fuzzing-SNAPSHOT to 0.9.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.nimbusds:nimbus-jose-jwt` from 9.30.1 to 9.37.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f64e094030ab82659dbfaea8c489cc56291539cf\"\u003e\u003ccode\u003ef64e094\u003c/code\u003e\u003c/a\u003e Makes the abstract class BaseJWEProvider public (iss \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/521\"\u003e#521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ad6fed330a6bc5dbcb343aafd085ffd0d15c07d7\"\u003e\u003ccode\u003ead6fed3\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.35\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/81c7f24cc8a49f0f87c530e50d750bb1db22b4a8\"\u003e\u003ccode\u003e81c7f24\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/24aaaf02edf5d1ae4cc449b3d81a9151f26953dc\"\u003e\u003ccode\u003e24aaaf0\u003c/code\u003e\u003c/a\u003e Bumps jacoco-maven-plugin to 0.8.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ff01cd912fe53ee2946170781fe243564920be94\"\u003e\u003ccode\u003eff01cd9\u003c/code\u003e\u003c/a\u003e Adds new JWKSet.filter method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/9c7ca65e0f85a286b8ed32886f40266075f785c7\"\u003e\u003ccode\u003e9c7ca65\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.36\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/61118382fa75f27b29d89f9438361dbd15485c53\"\u003e\u003ccode\u003e6111838\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/11d0767dea84e47cff18236dcfe300845a781fcb\"\u003e\u003ccode\u003e11d0767\u003c/code\u003e\u003c/a\u003e Updates maven-surefire-plugin, removes config workaround for maven-surefire-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/43118defa2dbf9ef4d3a451f6c45b4021d52f24b\"\u003e\u003ccode\u003e43118de\u003c/code\u003e\u003c/a\u003e Adds JWTClaimsSet.getListClaim method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f50158f96675591b27a327b4597280dfda4aac07\"\u003e\u003ccode\u003ef50158f\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.37\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.4..9.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.guava:guava` from 31.1-jre to 32.0.0-jre\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/guava/releases\"\u003ecom.google.guava:guava's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e32.0.0\u003c/h2\u003e\n\u003ch3\u003eMaven\u003c/h3\u003e\n\u003cpre lang=\"xml\"\u003e\u003ccode\u003e\u0026lt;dependency\u0026gt;\r\n  \u0026lt;groupId\u0026gt;com.google.guava\u0026lt;/groupId\u0026gt;\r\n  \u0026lt;artifactId\u0026gt;guava\u0026lt;/artifactId\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-jre\u0026lt;/version\u0026gt;\r\n  \u0026lt;!-- or, for Android: --\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-android\u0026lt;/version\u0026gt;\r\n\u0026lt;/dependency\u0026gt;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eJar files\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar\"\u003e32.0.0-jre.jar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar\"\u003e32.0.0-android.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGuava requires \u003ca href=\"https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies\"\u003eone runtime dependency\u003c/a\u003e, which you can download here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar\"\u003efailureaccess-1.0.1.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJavadoc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/docs/\"\u003e32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/docs/\"\u003e32.0.0-android\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJDiff\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/diffs/\"\u003e32.0.0-jre vs. 31.1-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/diffs/\"\u003e32.0.0-android vs. 31.1-android\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/androiddiffs/\"\u003e32.0.0-android vs. 32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003ch4\u003eSecurity fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReimplemented \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e to further address CVE-2020-8908 (\u003ca href=\"https://redirect.github.com/google/guava/issues/4011\"\u003e#4011\u003c/a\u003e) and CVE-2023-2976 (\u003ca href=\"https://redirect.github.com/google/guava/issues/2575\"\u003e#2575\u003c/a\u003e). (feb83a1c8f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhile CVE-2020-8908 was officially closed when we deprecated \u003ccode\u003eFiles.createTempDir\u003c/code\u003e in \u003ca href=\"https://github.com/google/guava/releases/tag/v30.0\"\u003eGuava 30.0\u003c/a\u003e, we've heard from users that even recent versions of Guava have been listed as vulnerable in \u003cem\u003eother\u003c/em\u003e databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under \u0026quot;Incompatible changes\u0026quot; below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we \u003ca href=\"https://github.com/google/guava#important-warnings\"\u003ewarn that \u003ccode\u003ecommon.io\u003c/code\u003e in particular may not work under Windows\u003c/a\u003e, we didn't intend to regress support.) Sorry for the trouble.\u003c/p\u003e\n\u003ch4\u003eIncompatible changes\u003c/h4\u003e\n\u003cp\u003eAlthough this release bumps Guava's major version number, it makes \u003cstrong\u003eno binary-incompatible changes to the \u003ccode\u003eguava\u003c/code\u003e artifact\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eOne change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThe new implementations of \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e \u003ca href=\"https://redirect.github.com/google/guava/issues/6535\"\u003ethrow an exception under Windows\u003c/a\u003e.\u003c/strong\u003e This is fixed in \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e. Sorry for the trouble.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eguava-gwt\u003c/code\u003e now \u003ca href=\"https://redirect.github.com/google/guava/issues/6627\"\u003erequires\u003c/a\u003e GWT \u003ca href=\"https://github.com/gwtproject/gwt/releases/tag/2.10.0\"\u003e2.10.0\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThis release makes a binary-incompatible change to a \u003ccode\u003e@Beta\u003c/code\u003e API in the \u003cstrong\u003eseparate artifact\u003c/strong\u003e \u003ccode\u003eguava-testlib\u003c/code\u003e. Specifically, we changed the return type of \u003ccode\u003eTestingExecutors.sameThreadScheduledExecutor\u003c/code\u003e to \u003ccode\u003eListeningScheduledExecutorService\u003c/code\u003e. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/guava/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 4.0.0-rc-2 to 4.27.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.3\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3\n\nUpdates `org.jboss.xnio:xnio-api` from 3.8.8.Final to 3.8.14.Final\n\nUpdates `com.esotericsoftware.yamlbeans:yamlbeans` from Fuzzing-SNAPSHOT to 1.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/EsotericSoftware/yamlbeans/commits/1.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/0ai-Cyberviser/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/0ai-Cyberviser/oss-fuzz/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/0ai-Cyberviser%2Foss-fuzz/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4161864691","node_id":"PR_kwDORx4z787OUcud","number":6,"state":"closed","title":"build(deps): bump the maven group across 8 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-28T23:04:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-28T22:37:02.000Z","updated_at":"2026-03-28T23:04:16.000Z","time_to_close":1633,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":12,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.apache.cxf:cxf-rt-transports-http","old_version":"Fuzzing-SNAPSHOT","new_version":"3.1.16"},{"name":"org.apache.tika:tika-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.2.2","repository_url":"https://github.com/apache/tika"},{"name":"org.asynchttpclient:async-http-client","old_version":"Fuzzing-SNAPSHOT","new_version":"2.0.35","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 3 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core, org.apache.cxf:cxf-rt-frontend-jaxrs and org.apache.cxf:cxf-rt-transports-http.\nBumps the maven group with 1 update in the /projects/apache-tika/project-parent/fuzz-targets directory: [org.apache.tika:tika-core](https://github.com/apache/tika).\nBumps the maven group with 2 updates in the /projects/async-http-client/project-parent/fuzz-targets directory: [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) and org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.apache.cxf:cxf-rt-transports-http` from Fuzzing-SNAPSHOT to 3.1.16\n\nUpdates `org.apache.tika:tika-core` from Fuzzing-SNAPSHOT to 3.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/tika/blob/main/CHANGES.txt\"\u003eorg.apache.tika:tika-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eRelease 4.0.0-BETA1 - ???\u003c/p\u003e\n\u003cp\u003eBREAKING CHANGES\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMoved towards default json based configuration (TIKA-4544 and many others).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes implementation modules have been reorganized by\nresource (tika-pipes-solr) vs task (tika-pipes-fetcher-solr)\n(TIKA-4543). Note that the file-system pipes components have\nbeen taken out of tika-pipes-core and placed in their own\npf4j module: tika-pipes-file-system.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes implementation modules are now pf4j plugins (TIKA-4519).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes core classes have been moved to a new module: tika-pipes-core,\nand the FileSystem pipes components have moved (TIKA-4334).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMetadataListFilter has been renamed MetadataFilter, and\nMetadataFilter has been removed (TIKA-4546).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved several modules, including: tika-batch (TIKA-4333), snaps deployment (TIKA-4502),\ndotnet (TIKA-4332), advanced media module (TIKA-4500), tika-dl module (TIKA-4499),\ntika-fuzzing module (TIKA-4506).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHeaders are no longer injected into the body/content of MSG files (TIKA-4345). Please open\na ticket if you need this behavior across email formats.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI changes in the EmbeddedStreamTranslator (TIKA-4518).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved DigestingParser (TIKA-4607).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOTHER CHANGES\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix concurrency bug in TikaToXMP (TIKA-4393)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRelease 3.3.0 - ???\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eVarious fixes based on regression testing (TIKA-4563).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove zip parsing (TIKA-4650).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd detection of compressed bmp (TIKA-4511).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow per file timeouts in tika-pipes (TIKA-4497).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd matroska detector (TIKA-1180).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow multiple values for many Dublin Core keys (TIKA-4466).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtract macros by default in tika-app's commandline and gui (TIKA-4472).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/apache/tika/commits/3.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.asynchttpclient:async-http-client` from Fuzzing-SNAPSHOT to 2.0.35\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commits/async-http-client-project-2.0.35\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/0ai-Cyberviser/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/0ai-Cyberviser/oss-fuzz/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/0ai-Cyberviser%2Foss-fuzz/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4071113238","node_id":"PR_kwDOCCeu5c7KXZRf","number":5,"state":"closed","title":"build(deps): bump the maven group across 15 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-10T23:41:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-13T13:24:34.000Z","updated_at":"2026-04-10T23:41:36.000Z","time_to_close":2456221,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":17,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"},{"name":"org.bitbucket.b_c:jose4j","old_version":"Fuzzing-SNAPSHOT","new_version":"0.9.6"},{"name":"com.nimbusds:nimbus-jose-jwt","old_version":"9.30.1","new_version":"9.37.4"},{"name":"com.google.guava:guava","old_version":"31.1-jre","new_version":"32.0.0-jre","repository_url":"https://github.com/google/guava"},{"name":"com.google.protobuf:protobuf-java","old_version":"4.0.0-rc-2","new_version":"4.27.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.3"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.2","new_version":"2.25.3"},{"name":"org.jboss.xnio:xnio-api","old_version":"3.8.8.Final","new_version":"3.8.14.Final"},{"name":"com.esotericsoftware.yamlbeans:yamlbeans","old_version":"Fuzzing-SNAPSHOT","new_version":"1.17","repository_url":"https://github.com/EsotericSoftware/yamlbeans"},{"name":"org.zeroturnaround:zt-zip","old_version":"Fuzzing-SNAPSHOT","new_version":"1.13","repository_url":"https://github.com/zeroturnaround/zt-zip"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core and org.apache.cxf:cxf-rt-frontend-jaxrs.\nBumps the maven group with 1 update in the /projects/async-http-client/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\nBumps the maven group with 1 update in the /projects/jose4j/project-parent/fuzz-targets directory: [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j).\nBumps the maven group with 1 update in the /projects/nimbus-jwt/nimbus-jwt-fuzzer directory: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt).\nBumps the maven group with 2 updates in the /projects/opencensus-java/project-parent/fuzz-targets directory: [com.google.guava:guava](https://github.com/google/guava) and [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf).\nBumps the maven group with 1 update in the /projects/pdfbox/project-parent/fuzz-targets directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/struts/struts2-fuzzer/webapp directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/xnio-api/xnio-fuzzer directory: org.jboss.xnio:xnio-api.\nBumps the maven group with 1 update in the /projects/yamlbeans/project-parent/fuzz-targets directory: [com.esotericsoftware.yamlbeans:yamlbeans](https://github.com/EsotericSoftware/yamlbeans).\nBumps the maven group with 1 update in the /projects/zt-zip/project-parent/fuzz-targets directory: [org.zeroturnaround:zt-zip](https://github.com/zeroturnaround/zt-zip).\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\nUpdates `org.bitbucket.b_c:jose4j` from Fuzzing-SNAPSHOT to 0.9.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.nimbusds:nimbus-jose-jwt` from 9.30.1 to 9.37.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f64e094030ab82659dbfaea8c489cc56291539cf\"\u003e\u003ccode\u003ef64e094\u003c/code\u003e\u003c/a\u003e Makes the abstract class BaseJWEProvider public (iss \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/521\"\u003e#521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ad6fed330a6bc5dbcb343aafd085ffd0d15c07d7\"\u003e\u003ccode\u003ead6fed3\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.35\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/81c7f24cc8a49f0f87c530e50d750bb1db22b4a8\"\u003e\u003ccode\u003e81c7f24\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/24aaaf02edf5d1ae4cc449b3d81a9151f26953dc\"\u003e\u003ccode\u003e24aaaf0\u003c/code\u003e\u003c/a\u003e Bumps jacoco-maven-plugin to 0.8.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ff01cd912fe53ee2946170781fe243564920be94\"\u003e\u003ccode\u003eff01cd9\u003c/code\u003e\u003c/a\u003e Adds new JWKSet.filter method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/9c7ca65e0f85a286b8ed32886f40266075f785c7\"\u003e\u003ccode\u003e9c7ca65\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.36\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/61118382fa75f27b29d89f9438361dbd15485c53\"\u003e\u003ccode\u003e6111838\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/11d0767dea84e47cff18236dcfe300845a781fcb\"\u003e\u003ccode\u003e11d0767\u003c/code\u003e\u003c/a\u003e Updates maven-surefire-plugin, removes config workaround for maven-surefire-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/43118defa2dbf9ef4d3a451f6c45b4021d52f24b\"\u003e\u003ccode\u003e43118de\u003c/code\u003e\u003c/a\u003e Adds JWTClaimsSet.getListClaim method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f50158f96675591b27a327b4597280dfda4aac07\"\u003e\u003ccode\u003ef50158f\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.37\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.4..9.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.guava:guava` from 31.1-jre to 32.0.0-jre\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/guava/releases\"\u003ecom.google.guava:guava's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e32.0.0\u003c/h2\u003e\n\u003ch3\u003eMaven\u003c/h3\u003e\n\u003cpre lang=\"xml\"\u003e\u003ccode\u003e\u0026lt;dependency\u0026gt;\r\n  \u0026lt;groupId\u0026gt;com.google.guava\u0026lt;/groupId\u0026gt;\r\n  \u0026lt;artifactId\u0026gt;guava\u0026lt;/artifactId\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-jre\u0026lt;/version\u0026gt;\r\n  \u0026lt;!-- or, for Android: --\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-android\u0026lt;/version\u0026gt;\r\n\u0026lt;/dependency\u0026gt;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eJar files\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar\"\u003e32.0.0-jre.jar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar\"\u003e32.0.0-android.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGuava requires \u003ca href=\"https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies\"\u003eone runtime dependency\u003c/a\u003e, which you can download here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar\"\u003efailureaccess-1.0.1.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJavadoc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/docs/\"\u003e32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/docs/\"\u003e32.0.0-android\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJDiff\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/diffs/\"\u003e32.0.0-jre vs. 31.1-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/diffs/\"\u003e32.0.0-android vs. 31.1-android\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/androiddiffs/\"\u003e32.0.0-android vs. 32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003ch4\u003eSecurity fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReimplemented \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e to further address CVE-2020-8908 (\u003ca href=\"https://redirect.github.com/google/guava/issues/4011\"\u003e#4011\u003c/a\u003e) and CVE-2023-2976 (\u003ca href=\"https://redirect.github.com/google/guava/issues/2575\"\u003e#2575\u003c/a\u003e). (feb83a1c8f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhile CVE-2020-8908 was officially closed when we deprecated \u003ccode\u003eFiles.createTempDir\u003c/code\u003e in \u003ca href=\"https://github.com/google/guava/releases/tag/v30.0\"\u003eGuava 30.0\u003c/a\u003e, we've heard from users that even recent versions of Guava have been listed as vulnerable in \u003cem\u003eother\u003c/em\u003e databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under \u0026quot;Incompatible changes\u0026quot; below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we \u003ca href=\"https://github.com/google/guava#important-warnings\"\u003ewarn that \u003ccode\u003ecommon.io\u003c/code\u003e in particular may not work under Windows\u003c/a\u003e, we didn't intend to regress support.) Sorry for the trouble.\u003c/p\u003e\n\u003ch4\u003eIncompatible changes\u003c/h4\u003e\n\u003cp\u003eAlthough this release bumps Guava's major version number, it makes \u003cstrong\u003eno binary-incompatible changes to the \u003ccode\u003eguava\u003c/code\u003e artifact\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eOne change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThe new implementations of \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e \u003ca href=\"https://redirect.github.com/google/guava/issues/6535\"\u003ethrow an exception under Windows\u003c/a\u003e.\u003c/strong\u003e This is fixed in \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e. Sorry for the trouble.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eguava-gwt\u003c/code\u003e now \u003ca href=\"https://redirect.github.com/google/guava/issues/6627\"\u003erequires\u003c/a\u003e GWT \u003ca href=\"https://github.com/gwtproject/gwt/releases/tag/2.10.0\"\u003e2.10.0\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThis release makes a binary-incompatible change to a \u003ccode\u003e@Beta\u003c/code\u003e API in the \u003cstrong\u003eseparate artifact\u003c/strong\u003e \u003ccode\u003eguava-testlib\u003c/code\u003e. Specifically, we changed the return type of \u003ccode\u003eTestingExecutors.sameThreadScheduledExecutor\u003c/code\u003e to \u003ccode\u003eListeningScheduledExecutorService\u003c/code\u003e. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/guava/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 4.0.0-rc-2 to 4.27.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.3\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3\n\nUpdates `org.jboss.xnio:xnio-api` from 3.8.8.Final to 3.8.14.Final\n\nUpdates `com.esotericsoftware.yamlbeans:yamlbeans` from Fuzzing-SNAPSHOT to 1.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/EsotericSoftware/yamlbeans/commits/1.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.zeroturnaround:zt-zip` from Fuzzing-SNAPSHOT to 1.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zeroturnaround/zt-zip/blob/master/Changelog.txt\"\u003eorg.zeroturnaround:zt-zip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.13 (2nd May 2018)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible security vulnerability reported by Snyk Security Research Team\u003c/li\u003e\n\u003cli\u003eFixed same-zip bug for transformEntry method\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.12 (1st August 2017)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a resource leakage with ZipInputStream\u003c/li\u003e\n\u003cli\u003eFixed a NoSuchMethodError on Android platforms\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.11 (31st January 2017)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded iterate and unpack methods that accept a Charset\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.10 (28th October 2016)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded user configurable compression level to packEntries()\u003c/li\u003e\n\u003cli\u003eAdded more overloaded methods to the pack() method for convenience\u003c/li\u003e\n\u003cli\u003eBumped embedded Apache Commons from 1.4 to 2.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.9 (20th November 2015)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBumped minimal supported Java version to Java 5\u003c/li\u003e\n\u003cli\u003eAdded support for Java 7 POSIX file permissions\u003c/li\u003e\n\u003cli\u003eAdded ability to create and update byte-array backed ZIP streams\u003c/li\u003e\n\u003cli\u003eAdded ability to specify/replace compression level of ZipEntry\u003c/li\u003e\n\u003cli\u003eAdded BackslashUnpacker for broken (Windows) ZIP archives\u003c/li\u003e\n\u003cli\u003eFixed not closing InputStream after processing each ZipEntrySource\u003c/li\u003e\n\u003cli\u003eFixed buffering when creating and updating ZIP streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.8 (7th July 2014)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved dependency on commons-io\u003c/li\u003e\n\u003cli\u003eZipUtil.pack more memory efficient for large directories\u003c/li\u003e\n\u003cli\u003eFixed preserving compressed state of copied entries\u003c/li\u003e\n\u003cli\u003eFixed packing files from a directory based on an accept filter\u003c/li\u003e\n\u003cli\u003eImproved Charset support\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.6-SNAPSHOT (17th September 2012)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStarted to write a changelog\u003c/li\u003e\n\u003cli\u003eAdded public CI, \u003ca href=\"https://travis-ci.org/\"\u003ehttps://travis-ci.org/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zeroturnaround/zt-zip/commits/zt-zip-1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stweil/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stweil/oss-fuzz/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stweil%2Foss-fuzz/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"},{"uuid":"3949336832","node_id":"PR_kwDOB8jZEs7ELmL5","number":4179,"state":"open","title":"chore(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /streampipes-extensions/streampipes-extensions-all-jvm","user":"dependabot[bot]","labels":["dependencies","java","stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-16T20:01:19.000Z","updated_at":"2026-03-10T01:36:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/streampipes-extensions/streampipes-extensions-all-jvm","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/streampipes/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/streampipes/pull/4179","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fstreampipes/issues/4179","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4179/packages"},{"uuid":"3939373558","node_id":"PR_kwDOOhvQwc7DrAS5","number":12,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /sdk/core/azure-core-serializer-avro-apache","user":"dependabot[bot]","labels":["dependencies","java","no-recent-activity"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-24T09:59:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:39:48.000Z","updated_at":"2026-04-24T09:59:38.000Z","time_to_close":6005981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/sdk/core/azure-core-serializer-avro-apache","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FOCONIS/azure-sdk-for-java/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FOCONIS/azure-sdk-for-java/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FOCONIS%2Fazure-sdk-for-java/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"3939326609","node_id":"PR_kwDOCZq0ys7Dq2GY","number":5968,"state":"closed","title":"chore(deps): Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /java/serving","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-10T20:07:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:29:07.000Z","updated_at":"2026-03-10T20:07:31.000Z","time_to_close":2155102,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/java/serving","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/feast-dev/feast/network/alerts).\n\n\u003c/details\u003e\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/feast-dev/feast/pull/5968\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open with Devin\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e","html_url":"https://github.com/feast-dev/feast/pull/5968","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/feast-dev%2Ffeast/issues/5968","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5968/packages"},{"uuid":"3939307336","node_id":"PR_kwDOEMFYU87Dqx7s","number":637,"state":"open","title":"Bump org.apache.avro:avro from 1.9.2 to 1.11.5","user":"dependabot[bot]","labels":["dependencies","java","stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:25:01.000Z","updated_at":"2026-04-18T06:22:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.9.2","new_version":"1.11.5","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.9.2 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.9.2\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hixiomh/druid/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SNiTEBoBy/druid/pull/637","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SNiTEBoBy%2Fdruid/issues/637","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/637/packages"},{"uuid":"3939305664","node_id":"PR_kwDOGqWZP87DqxjU","number":7290,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /paimon-flink/paimon-flink-cdc","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-25T02:22:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:24:37.000Z","updated_at":"2026-02-25T02:22:48.000Z","time_to_close":968283,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/paimon-flink/paimon-flink-cdc","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/paimon/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/paimon/pull/7290","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fpaimon/issues/7290","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7290/packages"},{"uuid":"3939291345","node_id":"PR_kwDOB8jZEs7Dquas","number":4174,"state":"open","title":"chore(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /streampipes-extensions-management","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:21:15.000Z","updated_at":"2026-03-10T03:01:43.923Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/streampipes-extensions-management","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/streampipes/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/streampipes/pull/4174","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fstreampipes/issues/4174","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4174/packages"},{"uuid":"3939280369","node_id":"PR_kwDOBXext87Dqr9K","number":1783,"state":"open","title":"Build(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /examples/pubsub-publish-avro-example","user":"dependabot[bot]","labels":["size/XS","dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:18:54.000Z","updated_at":"2026-02-18T20:32:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/examples/pubsub-publish-avro-example","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GoogleCloudPlatform/professional-services/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GoogleCloudPlatform/professional-services/pull/1783","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fprofessional-services/issues/1783","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1783/packages"},{"uuid":"3939279881","node_id":"PR_kwDOQXpFtc7Dqr2l","number":20,"state":"open","title":"Bump org.apache.avro:avro from 1.8.2 to 1.11.5","user":"dependabot[bot]","labels":["dependencies","java","1 min review","missing-jira"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:18:46.000Z","updated_at":"2026-02-13T21:49:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.8.2","new_version":"1.11.5","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.8.2 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.8.2\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ImagineLearning/flink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ImagineLearning/flink/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ImagineLearning%2Fflink/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"},{"uuid":"3939275831","node_id":"PR_kwDOG8t4nM7Dqq9J","number":17,"state":"closed","title":"Bump org.apache.avro:avro from 1.7.7 to 1.11.5 in /minifi","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-15T05:16:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:17:54.000Z","updated_at":"2026-02-15T05:16:33.000Z","time_to_close":115111,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.7.7","new_version":"1.11.5","repository_url":null}],"path":"/minifi","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.7.7 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.7.7\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NickJLange/nifi/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Avro from 1.7.7 to 1.11.5 in the minifi module to pull in the latest security patches and bug fixes. Only the dependency version in minifi/pom.xml is updated.\n\n\u003csup\u003eWritten for commit 5f56e9c0d6a61e8b36ad1606a11d66a761e1d6d3. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/NickJLange/nifi/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NickJLange%2Fnifi/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"},{"uuid":"3939270032","node_id":"PR_kwDOBI_qVc7Dqpp1","number":461,"state":"closed","title":"Bump org.apache.avro:avro from 1.7.7 to 1.11.5 in /flink_jobs_v2/ams_ingest_metric","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-10T05:42:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:16:39.000Z","updated_at":"2026-06-10T05:42:32.000Z","time_to_close":10052744,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.7.7","new_version":"1.11.5","repository_url":null}],"path":"/flink_jobs_v2/ams_ingest_metric","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.7.7 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.7.7\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ARGOeu/argo-streaming/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ARGOeu/argo-streaming/pull/461","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARGOeu%2Fargo-streaming/issues/461","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/461/packages"},{"uuid":"3939257389","node_id":"PR_kwDOBI_qVc7DqmyD","number":460,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.3 to 1.11.5 in /flink_jobs_v3/profiles-manager","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-10T05:42:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:13:59.000Z","updated_at":"2026-06-10T05:42:32.000Z","time_to_close":10052903,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.3","new_version":"1.11.5","repository_url":null}],"path":"/flink_jobs_v3/profiles-manager","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.3 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.3\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ARGOeu/argo-streaming/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ARGOeu/argo-streaming/pull/460","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARGOeu%2Fargo-streaming/issues/460","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/460/packages"},{"uuid":"3939256593","node_id":"PR_kwDOAFGgvc7Dqmmb","number":27141,"state":"open","title":"build(deps): Bump org.apache.avro:avro from 1.12.0 to 1.12.1","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:13:47.000Z","updated_at":"2026-02-13T21:20:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/prestodb/presto/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/prestodb/presto/pull/27141","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/prestodb%2Fpresto/issues/27141","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27141/packages"},{"uuid":"3939249684","node_id":"PR_kwDOAJ4pT87DqlCC","number":1781,"state":"open","title":"Bump org.apache.avro:avro from 1.12.0 to 1.12.1 in /shims/cdpdc71/driver","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:12:13.000Z","updated_at":"2026-02-13T23:08:32.516Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":"/shims/cdpdc71/driver","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pentaho/pentaho-hadoop-shims/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pentaho/pentaho-hadoop-shims/pull/1781","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentaho%2Fpentaho-hadoop-shims/issues/1781","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1781/packages"},{"uuid":"3939248635","node_id":"PR_kwDOBezpVM7Dqkyi","number":10493,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.3 to 1.11.5 in /seatunnel-connectors-v2/connector-cdc/connector-cdc-mongodb","user":"dependabot[bot]","labels":["connectors-v2","cdc","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-13T23:53:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:12:01.000Z","updated_at":"2026-02-13T23:53:35.000Z","time_to_close":9685,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.3","new_version":"1.11.5","repository_url":null}],"path":"/seatunnel-connectors-v2/connector-cdc/connector-cdc-mongodb","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.3 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.3\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/seatunnel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/seatunnel/pull/10493","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fseatunnel/issues/10493","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10493/packages"},{"uuid":"3939247557","node_id":"PR_kwDOAJ4pT87Dqki4","number":1780,"state":"open","title":"Bump org.apache.avro:avro from 1.12.0 to 1.12.1 in /shims/emr770/driver","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:11:47.000Z","updated_at":"2026-02-13T21:19:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":"/shims/emr770/driver","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pentaho/pentaho-hadoop-shims/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pentaho/pentaho-hadoop-shims/pull/1780","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentaho%2Fpentaho-hadoop-shims/issues/1780","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1780/packages"}],"issue_packages":[{"old_version":"1.11.1","new_version":"1.11.4","update_type":"patch","path":null,"pr_created_at":"2026-04-24T20:09:19.000Z","version_change":"1.11.1 → 1.11.4","issue":{"uuid":"4325308070","node_id":"PR_kwDOKJTg4s7VdEcA","number":4,"state":"closed","title":"Bump the maven group across 11 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:45:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T20:09:19.000Z","updated_at":"2026-04-25T16:45:24.000Z","time_to_close":74164,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.zookeeper:zookeeper","old_version":"3.4.14","new_version":"3.8.6"},{"name":"org.apache.mina:mina-core","old_version":"2.2.1","new_version":"2.2.4","repository_url":"https://github.com/apache/mina"},{"name":"com.google.protobuf:protobuf-java","old_version":"3.24.0","new_version":"3.25.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"com.squareup.okhttp3:okhttp","old_version":"3.14.9","new_version":"4.9.2","repository_url":"https://github.com/square/okhttp"},{"name":"org.hibernate:hibernate-validator","old_version":"5.4.3.Final","new_version":"6.2.0.Final"},{"name":"org.apache.avro:avro","old_version":"1.11.1","new_version":"1.11.4"},{"name":"org.apache.tomcat.embed:tomcat-embed-core","old_version":"8.5.87","new_version":"9.0.117"},{"name":"commons-io:commons-io","old_version":"2.11.0","new_version":"2.14.0"},{"name":"ch.qos.logback:logback-classic","old_version":"1.2.11","new_version":"1.2.13","repository_url":"https://github.com/qos-ch/logback"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.commons:commons-lang3","old_version":"3.12.0","new_version":"3.18.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.15.2","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"io.grpc:grpc-netty-shaded","old_version":"1.57.1","new_version":"1.75.0","repository_url":"https://github.com/grpc/grpc-java"},{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"org.xerial.snappy:snappy-java","old_version":"1.1.10.3","new_version":"1.1.10.4","repository_url":"https://github.com/xerial/snappy-java"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-consumer directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-demo/dubbo-demo-native/dubbo-demo-native-provider directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 15 updates in the /dubbo-dependencies-bom directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.zookeeper:zookeeper | `3.4.14` | `3.8.6` |\n| [org.apache.mina:mina-core](https://github.com/apache/mina) | `2.2.1` | `2.2.4` |\n| [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) | `3.24.0` | `3.25.5` |\n| [com.squareup.okhttp3:okhttp](https://github.com/square/okhttp) | `3.14.9` | `4.9.2` |\n| org.hibernate:hibernate-validator | `5.4.3.Final` | `6.2.0.Final` |\n| org.apache.avro:avro | `1.11.1` | `1.11.4` |\n| org.apache.tomcat.embed:tomcat-embed-core | `8.5.87` | `9.0.117` |\n| commons-io:commons-io | `2.11.0` | `2.14.0` |\n| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.2.11` | `1.2.13` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.commons:commons-lang3 | `3.12.0` | `3.18.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.15.2` | `2.18.6` |\n| [io.grpc:grpc-netty-shaded](https://github.com/grpc/grpc-java) | `1.57.1` | `1.75.0` |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [org.xerial.snappy:snappy-java](https://github.com/xerial/snappy-java) | `1.1.10.3` | `1.1.10.4` |\n\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-dependencies/dubbo-dependencies-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-maven-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-native-plugin directory: commons-io:commons-io.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-remoting/dubbo-remoting-zookeeper-curator5 directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 1 update in the /dubbo-spring-boot/dubbo-spring-boot-starters/dubbo-zookeeper-curator5-spring-boot-starter directory: org.apache.zookeeper:zookeeper.\nBumps the maven group with 3 updates in the /dubbo-test/dubbo-test-check directory: org.apache.zookeeper:zookeeper, org.apache.commons:commons-compress and [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client).\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.mina:mina-core` from 2.2.1 to 2.2.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/4134a125d8830c67c21b97c28f2bf706801bdd13\"\u003e\u003ccode\u003e4134a12\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 2.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/ccc85e38a1b1b494444246b6cd9d98419dee8912\"\u003e\u003ccode\u003eccc85e3\u003c/code\u003e\u003c/a\u003e Fixing another link issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/bfb75f2490953fa4753da57ef742fdeb5e0ef3ea\"\u003e\u003ccode\u003ebfb75f2\u003c/code\u003e\u003c/a\u003e Rollbacked to source plugin 3.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/625a52405acabe624a2bf9e68f8743ec46474b37\"\u003e\u003ccode\u003e625a524\u003c/code\u003e\u003c/a\u003e Trying to get maven source plugin to the latest version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/252130da0fd76d9c2399b75a9f1a13efa313f133\"\u003e\u003ccode\u003e252130d\u003c/code\u003e\u003c/a\u003e Solved some link issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/859e7aaa6f039032c3063daa92e86d94eac11cc5\"\u003e\u003ccode\u003e859e7aa\u003c/code\u003e\u003c/a\u003e Fixed a bad \u003ca href=\"https://github.com/link\"\u003e\u003ccode\u003e@​link\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/f58344115703a883074941f54fccd92aeeb4382e\"\u003e\u003ccode\u003ef583441\u003c/code\u003e\u003c/a\u003e Fixed some compilation issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/b1dc83a3a8ceef10cff1daa957320ac043fc03d8\"\u003e\u003ccode\u003eb1dc83a\u003c/code\u003e\u003c/a\u003e Fixed some javadoc issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/06a51073ebddd1a969ba50ea41e8bb262c065169\"\u003e\u003ccode\u003e06a5107\u003c/code\u003e\u003c/a\u003e Rollbacked maven source plugin to 3.2.1, because since 3.3.0 the build fails\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/apache/mina/commit/97918866b79f35bcf00a5e7090e02c15ab82b1db\"\u003e\u003ccode\u003e9791886\u003c/code\u003e\u003c/a\u003e Added some missing spaces\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/apache/mina/compare/2.2.1...2.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 3.24.0 to 3.25.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/9d0ec0f92b5b5fdeeda11f9dcecc1872ff378014\"\u003e\u003ccode\u003e9d0ec0f\u003c/code\u003e\u003c/a\u003e Updating version.json and repo version numbers to: 25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4a197e78ad2430e22e992c5a7727b61ae220f727\"\u003e\u003ccode\u003e4a197e7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18387\"\u003e#18387\u003c/a\u003e from protocolbuffers/cp-lp-25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b5a7cf7cf4b7e39f6b02205e45afe2104a7faf81\"\u003e\u003ccode\u003eb5a7cf7\u003c/code\u003e\u003c/a\u003e Remove RecursiveGroup test case which doesn't exist in 25.x pre-Editions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/f000b7e18fd6921ca02ea4b87608e8cadcb7b64f\"\u003e\u003ccode\u003ef000b7e\u003c/code\u003e\u003c/a\u003e Fix merge conflict by adding optional label to proto2 unittest_lite.proto\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/4728531c162f2f9e8c2ca1add713cfee2db6be3b\"\u003e\u003ccode\u003e4728531\u003c/code\u003e\u003c/a\u003e Add recursion check when parsing unknown fields in Java.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/850fcce9176e2c9070614dab53537760498c926b\"\u003e\u003ccode\u003e850fcce\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1\"\u003e\u003ccode\u003eb704498\u003c/code\u003e\u003c/a\u003e Internal change\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/e67347986eaf7d777a6ee34367fa99f4912423ab\"\u003e\u003ccode\u003ee673479\u003c/code\u003e\u003c/a\u003e Fix cord handling in DynamicMessage and oneofs. (\u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/18375\"\u003e#18375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/8a60b6527a976cfd0028153da3ad8e4ed280e0de\"\u003e\u003ccode\u003e8a60b65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protocolbuffers/protobuf/issues/17704\"\u003e#17704\u003c/a\u003e from protocolbuffers/cp-segv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf/commit/94a26630e362a4771b5ec80eac49f494988ca408\"\u003e\u003ccode\u003e94a2663\u003c/code\u003e\u003c/a\u003e Fixed a SEGV when deep copying a non-reified sub-message.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf/compare/v3.24.0...v3.25.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.squareup.okhttp3:okhttp` from 3.14.9 to 4.9.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/square/okhttp/blob/master/CHANGELOG.md\"\u003ecom.squareup.okhttp3:okhttp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChange Log\u003c/h1\u003e\n\u003ch2\u003eVersion 5.3.2\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-18\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused\ntimeouts to fire later than they were supposed to.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.4][okio_3_16_4].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.1\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-11-16\u003c/em\u003e\u003c/p\u003e\n\u003cp\u003eThis release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade: [Okio 3.16.3][okio_3_16_3].\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eVersion 5.3.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2025-10-30\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Add tags to \u003ccode\u003eCall\u003c/code\u003e, including computable tags. Use this to attach application-specific\nmetadata to a \u003ccode\u003eCall\u003c/code\u003e in an \u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e. The tag can be read in any other\n\u003ccode\u003eEventListener\u003c/code\u003e or \u003ccode\u003eInterceptor\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"kotlin\"\u003e\u003ccode\u003e  override fun intercept(chain: Interceptor.Chain): Response {\n    chain.call().tag(MyAnalyticsTag::class) {\n      MyAnalyticsTag(...)\n    }\n\u003cpre\u003e\u003ccode\u003ereturn chain.proceed(chain.request())\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: Support request bodies on HTTP/1.1 connection upgrades.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew: \u003ccode\u003eEventListener.plus()\u003c/code\u003e makes it easier to observe events in multiple listeners.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix: Don't spam logs with \u003cem\u003e‘Method isLoggable in android.util.Log not mocked.’\u003c/em\u003e when using\nOkHttp in Robolectric and Paparazzi tests.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Kotlin 2.2.21][kotlin_2_2_21].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [Okio 3.16.2][okio_3_16_2].\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail\n[16 KB ELF alignment checks][elf_alignment].\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/3edf17ca8a5048912d19e84d0fc2a7941a97c07d\"\u003e\u003ccode\u003e3edf17c\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.2.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/262b3cde9f6354a31d4d4862bef5a81590687ad7\"\u003e\u003ccode\u003e262b3cd\u003c/code\u003e\u003c/a\u003e Handle strict module handling on JDK17 (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6707\"\u003e#6707\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6742\"\u003e#6742\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/f574ea2f5259d9040f264ddeb582fb1ce563f10c\"\u003e\u003ccode\u003ef574ea2\u003c/code\u003e\u003c/a\u003e Cherry pick fix for CVE-2021-0341 onto 4.9.x (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6741\"\u003e#6741\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/1fd7c0afdc2cee9ba982b07d49662af7f60e1518\"\u003e\u003ccode\u003e1fd7c0a\u003c/code\u003e\u003c/a\u003e Make it more difficult to accidentally log sensitive headers (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6551\"\u003e#6551\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6740\"\u003e#6740\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/b0397cc7a9f755ef8ab1e00c8114531f802f35a6\"\u003e\u003ccode\u003eb0397cc\u003c/code\u003e\u003c/a\u003e 4.9.x GitHub builds update (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6732\"\u003e#6732\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/eb5a8343eab9ba4ec933e8fb80d3f8a0e4eacbcd\"\u003e\u003ccode\u003eeb5a834\u003c/code\u003e\u003c/a\u003e Prepare next development version.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/63dcd95bfa2345bb3f3d4abc6b6dbf36cfb08aaf\"\u003e\u003ccode\u003e63dcd95\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.1.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/d2e28ab672d5734a76f97f48174a3e6e8339e183\"\u003e\u003ccode\u003ed2e28ab\u003c/code\u003e\u003c/a\u003e Silently ignore 'bio == null' NullPointerExceptions (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6534\"\u003e#6534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/cbeaf8f955fff9caa5652ccc6c1393ec8b993799\"\u003e\u003ccode\u003ecbeaf8f\u003c/code\u003e\u003c/a\u003e Prepare for release 4.9.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/square/okhttp/commit/8fd74a7482effe1ca8847a28b29262415dbb7faa\"\u003e\u003ccode\u003e8fd74a7\u003c/code\u003e\u003c/a\u003e Conscrypt 2.5.1 Upgrade (\u003ca href=\"https://redirect.github.com/square/okhttp/issues/6263\"\u003e#6263\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/square/okhttp/compare/parent-3.14.9...parent-4.9.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.hibernate:hibernate-validator` from 5.4.3.Final to 6.2.0.Final\n\nUpdates `org.apache.avro:avro` from 1.11.1 to 1.11.4\n\nUpdates `org.apache.tomcat.embed:tomcat-embed-core` from 8.5.87 to 9.0.117\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `ch.qos.logback:logback-classic` from 1.2.11 to 1.2.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/2648b9e7fbb47426c89b9c93b411c07484e8f277\"\u003e\u003ccode\u003e2648b9e\u003c/code\u003e\u003c/a\u003e prepare release 1.2.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3\"\u003e\u003ccode\u003ebb09515\u003c/code\u003e\u003c/a\u003e fix CVE-2023-6378\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/45732949bfb845df04cbe65292cf48aaa090cb1d\"\u003e\u003ccode\u003e4573294\u003c/code\u003e\u003c/a\u003e start work on 1.2.13-SNAPSHOT\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/a388193052c298ca87cc64192319df723288c6ab\"\u003e\u003ccode\u003ea388193\u003c/code\u003e\u003c/a\u003e Merge branch 'branch_1.2.x' of github.com:qos-ch/logback into branch_1.2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/de44dc422bc3da1d7808283851324d960b492d4d\"\u003e\u003ccode\u003ede44dc4\u003c/code\u003e\u003c/a\u003e prepare release 1.2.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/ca0cf172f680308938515b8a5d69348759ee947c\"\u003e\u003ccode\u003eca0cf17\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/532\"\u003e#532\u003c/a\u003e from joakime/fix-jetty-requestlog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e31609b1980b9ba986344aae3cab7275fa2b4935\"\u003e\u003ccode\u003ee31609b\u003c/code\u003e\u003c/a\u003e removed unused files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/21e29efb284766f386781175b2ba18585b690154\"\u003e\u003ccode\u003e21e29ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/qos-ch/logback/issues/567\"\u003e#567\u003c/a\u003e from spliffone/LOGBACK-1633\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/e869000e1d5901e6aa6f46cc6575ee2137f15b69\"\u003e\u003ccode\u003ee869000\u003c/code\u003e\u003c/a\u003e fix: published POM file contain the wrong scm URL\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/qos-ch/logback/commit/009ea46cb81a015f2ca312bde6e823581b93b37a\"\u003e\u003ccode\u003e009ea46\u003c/code\u003e\u003c/a\u003e version for next dev cycle\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/qos-ch/logback/compare/v_1.2.11...v_1.2.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.commons:commons-lang3` from 3.12.0 to 3.18.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.15.2 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.15.2...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `io.grpc:grpc-netty-shaded` from 1.57.1 to 1.75.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/grpc/grpc-java/releases\"\u003eio.grpc:grpc-netty-shaded's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.75.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebinder: Introduce server pre-authorization (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12127\"\u003e#12127\u003c/a\u003e). grpc-binder clients authorize servers by checking the UID of the sender of the SETUP_TRANSPORT Binder transaction against some SecurityPolicy. But merely binding to an unauthorized server to learn its UID can enable \u0026quot;keep-alive\u0026quot; and \u0026quot;background activity launch\u0026quot; abuse, even if security policy ultimately causes the grpc connection to fail. Pre-authorization mitigates this kind of abuse by resolving addresses and authorizing a candidate server Application's UID before binding to it. Pre-auth is especially important when the server's address is not fixed in advance but discovered by PackageManager lookup.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecore: \u003ccode\u003egrpc-timeout\u003c/code\u003e should always be positive (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12201\"\u003e#12201\u003c/a\u003e) (6dfa03c51). There is a local race between when the deadline is checked before sending the RPC and when the timeout is calculated to put on-the-wire. The code replaced negative timeouts with 0 nanoseconds. gRPC’s PROTOCOL-HTTP2 spec states that timeouts should be positive, so now non-positive values are replaced with 1 nanosecond\u003c/li\u003e\n\u003cli\u003ecore: Improved DEADLINE_EXCEEDED message for delayed calls (6ff8ecac0). Delayed calls are the first calls on a Channel before name resolution has resolved addresses. Previously you could see confusing errors saying the deadline “will be exceeded in” X time. The message tense was simply wrong, and now will be correct: deadline “was exceeded after” X time.\u003c/li\u003e\n\u003cli\u003exds: PriorityLB now only uses the failOverTimer to start additional priorities, not fail RPCs (c4256add4). You should no longer see “Connection timeout for priority” errors.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eImprovements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Count sent RST_STREAMs against \u003ccode\u003eNettyServerBuilder.maxRstFramesPerWindow()\u003c/code\u003e limit (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e). This extends the Rapid Reset tool to also cover MadeYouReset. the reset stream count will cause a 420 \u0026quot;Enhance your calm response\u0026quot; to be sent. This depends on Netty 4.1.124 for a bug fix to actually call the encoder by the frame writer.\u003c/li\u003e\n\u003cli\u003exds: Convert CdsLb to \u003ccode\u003eXdsDepManager\u003c/code\u003e (297ab05ef). This is part of gRFC A74 to have atomic xDS config updates. This is an internal change, but does change the error description seen in certain cases, especially DEADLINE_EXCEEDED on a brand-new channel.\u003c/li\u003e\n\u003cli\u003ecensus: APIs for stats and tracing (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12050\"\u003e#12050\u003c/a\u003e) (919370172). Client channel and server builders with interceptors and factories respectively for stats and tracing.\u003c/li\u003e\n\u003cli\u003estub: simplify \u003ccode\u003eBlockingClientCall\u003c/code\u003e infinite blocking (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12217\"\u003e#12217\u003c/a\u003e) (ba0a7329d). Move deadline computation into overloads with finite timeouts. Blocking calls without timeouts now do not have to read the clock.\u003c/li\u003e\n\u003cli\u003exds: Do RLS fallback policy eagar start (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12211\"\u003e#12211\u003c/a\u003e) (42e1829b3). In gRPC-Java, the xDS clusters were lazily subscribed, which meant the fallback target which is returned in the RLS config wasn’t subscribed until a RPC actually falls back to it. The delayed resource subscription process in gRPC Java made it more susceptible to the effects of the INITIAL_RESOURCE_FETCH_TIMEOUT compared to other programming languages. It also had impact beyond the RLS cache expiration case, for example, when the first time the client initialized the channel, we couldn't fallback when the intended target times out, because of the lazy subscription. This change starts the fallback LB policy for the default target at the start of RLS policy instead of only when falling back to the default target, which fixes the above mentioned problems.\u003c/li\u003e\n\u003cli\u003exds: Aggregate cluster fixes (A75) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12186\"\u003e#12186\u003c/a\u003e) (7e982e48a). The earlier implementation of aggregate clusters concatenated the priorities from the underlying clusters into a single list, so that it could use a single LB policy defined at the aggregate cluster layer to choose a priority from that combined list. However, it turns out that aggregate clusters don't actually define the LB policy in the aggregate cluster; instead, the aggregate cluster uses a special cluster-provided LB policy that first chooses the underlying cluster and then delegates to the LB policy of the underlying cluster. This change implements that.\u003c/li\u003e\n\u003cli\u003eapi: set size correctly for sets and maps in handling \u003ccode\u003eMetadata\u003c/code\u003e values to be exchanged during a call (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12229\"\u003e#12229\u003c/a\u003e) (80217275d)\u003c/li\u003e\n\u003cli\u003exds: xdsClient cache transient error for new watchers (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12291\"\u003e#12291\u003c/a\u003e). When a resource update is NACKed, cache the error and update new watchers that get added with that error instead of making them hang.\u003c/li\u003e\n\u003cli\u003exds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e). If a LB policy gives extraneous updates with state CONNECTING, then it was possible to re-create \u003ccode\u003efailOverTimer\u003c/code\u003e which would then wait the 10 seconds for the child to finish CONNECTING. We only want to give the child one opportunity after transitioning out of READY/IDLE.\u003c/li\u003e\n\u003cli\u003exds: Use a different log name for \u003ccode\u003eXdsClientImpl\u003c/code\u003e and \u003ccode\u003eControlPlaneClient\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12287\"\u003e#12287\u003c/a\u003e). \u003ccode\u003eControlPlaneClient\u003c/code\u003e uses \u0026quot;xds-cp-client\u0026quot; now instead of \u0026quot;xds-client\u0026quot; while logging.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Netty 4.1.124.Final (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e). This implicitly disables \u003ccode\u003eNettyAdaptiveCumulator\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/11284\"\u003e#11284\u003c/a\u003e), which can have a performance impact. We delayed upgrading Netty to give time to rework the optimization, but we've gone too long already without upgrading which causes problems for vulnerability tracking.\u003c/li\u003e\n\u003cli\u003ebazel: Use \u003ccode\u003ejar_jar\u003c/code\u003e to avoid xds deps (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12243\"\u003e#12243\u003c/a\u003e) (8f09b9689). The //xds and //xds:orca targets now use \u003ccode\u003ejar_jar\u003c/code\u003e to shade the protobuf generated code. This allows them to use their own private copy of the protos and drop direct Bazel dependencies on cel-spec, grpc, rules_go, com_github_cncf_xds, envoy_api, com_envoyproxy_protoc_gen_validate, and opencensus_proto. This mirrors the shading of protobuf messages done for grpc-xds provided on Maven Central and should simplify dependency management\u003c/li\u003e\n\u003cli\u003eProtobuf upgraded to 3.25.8\u003c/li\u003e\n\u003cli\u003eproto-google-common-protos upgraded to 2.59.2\u003c/li\u003e\n\u003cli\u003es2a-proto upgraded to 1.1.2\u003c/li\u003e\n\u003cli\u003egoogle-cloud-logging upgraded to 3.23.1 (used by gcp-observability)\u003c/li\u003e\n\u003cli\u003eOpenTelemetry upgraded to 1.52.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eClarify requirements for creating a cross-user Channel. (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12181\"\u003e#12181\u003c/a\u003e). The \u003ccode\u003e@SystemApi\u003c/code\u003e runtime visibility requirement isn't really new. It has always been implicit in the required INTERACT_ACROSS_USERS permission, which can only be held by system apps in production. Now deprecated \u003ccode\u003eBinderChannelBuilder#bindAsUser\u003c/code\u003e has always required SDK_INT \u0026gt;= 30. This change just copies that requirement forward to its replacement APIs in \u003ccode\u003eAndroidComponentAddress\u003c/code\u003e and the TARGET_ANDROID_USER \u003ccode\u003eNameResolver.Args\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eapi: Add more Javadoc for \u003ccode\u003eNameResolver.Listener2\u003c/code\u003e interface (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12220\"\u003e#12220\u003c/a\u003e) (d352540a0)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eThanks to\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/benjaminp\"\u003e\u003ccode\u003e@​benjaminp\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/werkt\"\u003e\u003ccode\u003e@​werkt\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/kilink\"\u003e\u003ccode\u003e@​kilink\u003c/code\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/vimanikag\"\u003e\u003ccode\u003e@​vimanikag\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.74.0\u003c/h2\u003e\n\u003ch3\u003eBehavior Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecompiler: Default to \u003ccode\u003e@generated=omit\u003c/code\u003e (f8700a13a). This omits \u003ccode\u003ejavax.annotation.Generated\u003c/code\u003e from the generated code and makes the \u003ccode\u003eorg.apache.tomcat:annotations-api\u003c/code\u003e compile-only dependency unnecessary (README and examples changes forthcoming; we delayed those changes until the release landed). You can use the option \u003ccode\u003e@generated=javax\u003c/code\u003e for the previous behavior, but please also file an issue so we can develop alternatives\u003c/li\u003e\n\u003cli\u003ecompiler: generate blocking v2 unary calls that throw StatusException (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12126\"\u003e#12126\u003c/a\u003e) (a16d65591). Previously, the new blocking stub API was identical to the older blocking stub for unary RPCs and used the unchecked \u003ccode\u003eStatusRuntimeException\u003c/code\u003e. However, feedback demonstrated it was confusing to mix that with the checked \u003ccode\u003eStatusException\u003c/code\u003e in \u003ccode\u003eBlockingClientCall\u003c/code\u003e. Now the new blocking stub uses StatusException throughout. grpc-java continues to support the old generated code, but the version of protoc-gen-grpc-java will dictate which API you see. If you support multiple generated code versions, you can use the older blocking v1 stub for unary RPCs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enetty: Fix a race that caused RPCs to hang on start when a GOAWAY was received while the RPCs’ headers were being written to the OS (b04c673fd, 15c757398). This was a very old race, not a recent regression. All streams should now properly fail instead of hanging, although in some cases they may be transparently retried\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/3abc0e6e1f4981017b7117e47e1844a318a51f24\"\u003e\u003ccode\u003e3abc0e6\u003c/code\u003e\u003c/a\u003e Bump version to 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/cbfe6c1ccaf0d9480daa8faa3e37a117adb798ba\"\u003e\u003ccode\u003ecbfe6c1\u003c/code\u003e\u003c/a\u003e Update README etc to reference 1.75.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a0f3520ad0bf5186f84d48b7df6e2555e8b16da8\"\u003e\u003ccode\u003ea0f3520\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12295\"\u003e#12295\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/7ef13f40a6d9cdaccd0c064b5bd3745f9518781e\"\u003e\u003ccode\u003e7ef13f4\u003c/code\u003e\u003c/a\u003e Release v1.75.0 (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12294\"\u003e#12294\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/14fd8eff28d55fae4a791b256602d83a5fb9d848\"\u003e\u003ccode\u003e14fd8ef\u003c/code\u003e\u003c/a\u003e xds: xdsClient caches transient error for new watchers (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/653d076c605a9066cf6ae484921058580df2437d\"\u003e\u003ccode\u003e653d076\u003c/code\u003e\u003c/a\u003e xds: Avoid PriorityLb re-enabling timer on duplicate CONNECTING (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12289\"\u003e#12289\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/a5c2b1aa51608b1fff016a313d8ee65f92e8d23d\"\u003e\u003ccode\u003ea5c2b1a\u003c/code\u003e\u003c/a\u003e netty: Count sent RST_STREAMs against limit (1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12288\"\u003e#12288\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/0d3e8283a8105a7bbf1bf746d96cac1e363de2e3\"\u003e\u003ccode\u003e0d3e828\u003c/code\u003e\u003c/a\u003e xds: Use a different log name for XdsClientImpl and ControlPlaneClient (1.75....\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/d750e9df576a63f8b0d55eefc730282dc60f99d1\"\u003e\u003ccode\u003ed750e9d\u003c/code\u003e\u003c/a\u003e Upgrade to Netty 4.1.124.Final (v1.75.x backport) (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12286\"\u003e#12286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/grpc/grpc-java/commit/19c579e8a93cc0660df1523b5740eae9aa888a09\"\u003e\u003ccode\u003e19c579e\u003c/code\u003e\u003c/a\u003e Bump versions of dependencies (\u003ca href=\"https://redirect.github.com/grpc/grpc-java/issues/12252\"\u003e#12252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/grpc/grpc-java/compare/v1.57.1...v1.75.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.xerial.snappy:snappy-java` from 1.1.10.3 to 1.1.10.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xerial/snappy-java/releases\"\u003eorg.xerial.snappy:snappy-java's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.10.4\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eSecurity Fix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"\u003eCVE-2023-43642\u003c/a\u003e Fixed SnappyInputStream so as not to allocate too large memory when decompressing data with an extremely large chunk size by \u003ca href=\"https://github.com/tunnelshade\"\u003e\u003ccode\u003e@​tunnelshade\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003ecode change\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis does not affect users only using Snappy.compress/uncompress methods\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly used before) by \u003ca href=\"https://github.com/xerial\"\u003e\u003ccode\u003e@​xerial\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/508\"\u003exerial/snappy-java#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport JDK21 (no internal change)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🔗 Dependency Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.11 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/485\"\u003exerial/snappy-java#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.3 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/483\"\u003exerial/snappy-java#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.12 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/487\"\u003exerial/snappy-java#487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/502\"\u003exerial/snappy-java#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/496\"\u003exerial/snappy-java#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate scalafmt-core to 3.7.14 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/501\"\u003exerial/snappy-java#501\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt to 1.9.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/505\"\u003exerial/snappy-java#505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate native libraries by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/503\"\u003exerial/snappy-java#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠  Internal Updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate airframe-log to 23.7.4 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/486\"\u003exerial/snappy-java#486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.0 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/488\"\u003exerial/snappy-java#488\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/500\"\u003exerial/snappy-java#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.8.6 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/497\"\u003exerial/snappy-java#497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate sbt-scalafmt to 2.5.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/499\"\u003exerial/snappy-java#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.1 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/504\"\u003exerial/snappy-java#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate airframe-log to 23.9.2 by \u003ca href=\"https://github.com/xerial-bot\"\u003e\u003ccode\u003e@​xerial-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/509\"\u003exerial/snappy-java#509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eOther Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate NOTICE by \u003ca href=\"https://github.com/imsudiproy\"\u003e\u003ccode\u003e@​imsudiproy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/xerial/snappy-java/pull/492\"\u003exerial/snappy-java#492\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ehttps://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"\u003e\u003ccode\u003e9f8c3cf\u003c/code\u003e\u003c/a\u003e Merge pull request from GHSA-55g7-9cwv-5qfv\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/49d700175f18ed5f8c5d371b7c2f80c75979bd68\"\u003e\u003ccode\u003e49d7001\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.2 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/509\"\u003e#509\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/1f07c3182c2dc89d4226e9a6d8945b8458870a0a\"\u003e\u003ccode\u003e1f07c31\u003c/code\u003e\u003c/a\u003e Update native libraries for f2e97f27be0dc6c691369040ba8a673bface484c (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/503\"\u003e#503\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/13f8db197c4c44f0b6a02240c04205e8362b8e62\"\u003e\u003ccode\u003e13f8db1\u003c/code\u003e\u003c/a\u003e Update sbt to 1.9.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/505\"\u003e#505\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/f2e97f27be0dc6c691369040ba8a673bface484c\"\u003e\u003ccode\u003ef2e97f2\u003c/code\u003e\u003c/a\u003e feature: Upgrade the internal snappy version to 1.1.10 (1.1.8 was wrongly use...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/98b22256fe4ed00ccaadd2dac98b1622563cc50b\"\u003e\u003ccode\u003e98b2225\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.9.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/504\"\u003e#504\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/9f29b5c0f869d4027a4d5c1464907a79152013bf\"\u003e\u003ccode\u003e9f29b5c\u003c/code\u003e\u003c/a\u003e Update NOTICE (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/492\"\u003e#492\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/55639b55de52e1c06ac9a7df6844f85313407955\"\u003e\u003ccode\u003e55639b5\u003c/code\u003e\u003c/a\u003e Update sbt-scalafmt to 2.5.1 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/499\"\u003e#499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/a5d81a6589360f299ae7ec35a79c317fd78e795d\"\u003e\u003ccode\u003ea5d81a6\u003c/code\u003e\u003c/a\u003e Update airframe-log to 23.8.6 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/497\"\u003e#497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xerial/snappy-java/commit/6495da1af211e993cd0750c9c70b69d458c4a570\"\u003e\u003ccode\u003e6495da1\u003c/code\u003e\u003c/a\u003e Update scalafmt-core to 3.7.14 (\u003ca href=\"https://redirect.github.com/xerial/snappy-java/issues/501\"\u003e#501\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xerial/snappy-java/compare/v1.1.10.3...v1.1.10.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `commons-io:commons-io` from 2.11.0 to 2.14.0\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.7.0 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.8.1 to 3.8.6\n\nUpdates `org.apache.zookeeper:zookeeper` from 3.4.14 to 3.8.6\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `org.asynchttpclient:async-http-client` from 2.12.3 to 2.14.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/releases\"\u003eorg.asynchttpclient:async-http-client's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eAHC v2.14.5 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-cmxv-58fp-fm3g\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.4...async-http-client-project-2.14.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eAHC v2.12.4 Release\u003c/h2\u003e\n\u003ch2\u003eSecurity Advisory\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\"\u003ehttps://github.com/AsyncHttpClient/async-http-client/security/advisories/GHSA-mfj5-cf8g-g2fv\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cp\u003eThis is a breaking release. \u003ccode\u003eRequestBuilderBase.java\u003c/code\u003e has a new method added. This is in response to \u003ccode\u003eGHSA-mfj5-cf8g-g2fv\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/ae557ad35246721c09dafb2976609cd0004e78ae\"\u003e\u003ccode\u003eae557ad\u003c/code\u003e\u003c/a\u003e Release 2.14.5: Security fixes and dependency upgrades\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commit/6afba08b39a10c2a85bb1b38e14ada224cd40705\"\u003e\u003ccode\u003e6afba08\u003c/code\u003e\u003c/a\u003e Release 2.12.4 with CVE Fix: 2024-53990\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/compare/async-http-client-project-2.12.3...async-http-client-project-2.14.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GizzZmo/dubbo/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GizzZmo/dubbo/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GizzZmo%2Fdubbo/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"1.10.1","new_version":"1.11.4","update_type":"minor","path":null,"pr_created_at":"2026-04-10T23:22:33.000Z","version_change":"1.10.1 → 1.11.4","issue":{"uuid":"4242176397","node_id":"PR_kwDOIdXQSs7RlzU0","number":12,"state":"closed","title":"Bump the maven group across 8 directories with 9 updates","user":"dependabot[bot]","labels":["dependencies","java","type:build","module:mixed-spark","module:mixed-trino","module:mixed-flink"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-14T00:24:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-10T23:22:33.000Z","updated_at":"2026-04-14T00:24:37.000Z","time_to_close":262923,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"maven","update_count":9,"packages":[{"name":"org.apache.commons:commons-compress","old_version":"1.23.0","new_version":"1.26.0"},{"name":"com.fasterxml.jackson.core:jackson-core","old_version":"2.13.5","new_version":"2.18.6","repository_url":"https://github.com/FasterXML/jackson-core"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.20.0","new_version":"2.25.4"},{"name":"org.apache.derby:derby","old_version":"10.14.2.0","new_version":"10.17.1.0"},{"name":"io.netty:netty-codec-http2","old_version":"4.1.129.Final","new_version":"4.1.132.Final","repository_url":"https://github.com/netty/netty"},{"name":"org.apache.hive:hive-exec","old_version":"2.1.1","new_version":"4.0.1"},{"name":"org.assertj:assertj-core","old_version":"3.21.0","new_version":"3.27.7","repository_url":"https://github.com/assertj/assertj"},{"name":"org.apache.avro:avro","old_version":"1.10.1","new_version":"1.11.4"},{"name":"commons-io:commons-io","old_version":"2.4","new_version":"2.14.0"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.13.5` | `2.18.6` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.derby:derby | `10.14.2.0` | `10.17.1.0` |\n| [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.1.129.Final` | `4.1.132.Final` |\n| org.apache.hive:hive-exec | `2.1.1` | `4.0.1` |\n| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.21.0` | `3.27.7` |\n| org.apache.avro:avro | `1.10.1` | `1.11.4` |\n| commons-io:commons-io | `2.4` | `2.14.0` |\n\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-flink/amoro-mixed-flink-common directory: [org.assertj:assertj-core](https://github.com/assertj/assertj).\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-flink/amoro-mixed-flink-common-iceberg-bridge directory: [org.assertj:assertj-core](https://github.com/assertj/assertj).\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.3/amoro-mixed-spark-3.3 directory: org.apache.hive:hive-exec.\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.4/amoro-mixed-spark-3.4 directory: org.apache.hive:hive-exec.\nBumps the maven group with 1 update in the /amoro-format-mixed/amoro-mixed-spark/v3.5/amoro-mixed-spark-3.5 directory: org.apache.hive:hive-exec.\nBumps the maven group with 3 updates in the /amoro-format-mixed/amoro-mixed-trino directory: org.apache.hive:hive-exec, org.apache.avro:avro and commons-io:commons-io.\nBumps the maven group with 6 updates in the /amoro-openapi-sdk directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| org.apache.commons:commons-compress | `1.23.0` | `1.26.0` |\n| [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.13.5` | `2.18.6` |\n| org.apache.logging.log4j:log4j-core | `2.20.0` | `2.25.4` |\n| org.apache.derby:derby | `10.14.2.0` | `10.17.1.0` |\n| [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.1.129.Final` | `4.1.132.Final` |\n| org.apache.hive:hive-exec | `3.1.3` | `4.0.1` |\n\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.13.5 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.13.5...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.derby:derby` from 10.14.2.0 to 10.17.1.0\n\nUpdates `io.netty:netty-codec-http2` from 4.1.129.Final to 4.1.132.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/netty/netty/releases\"\u003eio.netty:netty-codec-http2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enetty-4.1.132.Final\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-33871, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv\"\u003eHTTP/2 CONTINUATION Frame Flood Denial of Service\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-33870, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8\"\u003eHTTP Request Smuggling via Chunked Extension Quoted-String Parsing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16248\"\u003enetty/netty#16248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake RefCntOpenSslContext.deallocate more robust (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16253\"\u003e#16253\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16257\"\u003enetty/netty#16257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to gcc for arm 10.3-2021.07 (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16255\"\u003e#16255\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16263\"\u003enetty/netty#16263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP2: Correctly account for padding when decompress by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16265\"\u003enetty/netty#16265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate JDK versions to latest patch releases (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16254\"\u003e#16254\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16267\"\u003enetty/netty#16267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Automatic backporting workflow from 4.1 to 4.2 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16274\"\u003enetty/netty#16274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Backport PRs must be created with personal access tokens by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16277\"\u003enetty/netty#16277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Add more porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16284\"\u003enetty/netty#16284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Some polishing of the porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16292\"\u003enetty/netty#16292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16303\"\u003enetty/netty#16303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Support more branch freedom for auto-porting by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16310\"\u003enetty/netty#16310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the precedence of + is higher than \u0026gt;\u0026gt; (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16312\"\u003e#16312\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16316\"\u003enetty/netty#16316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16320\"\u003enetty/netty#16320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky PooledByteBufAllocatorTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16324\"\u003enetty/netty#16324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix pooled arena accounting tests  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16326\"\u003enetty/netty#16326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix RunInFastThreadLocalThreadExtension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16328\"\u003enetty/netty#16328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: AdaptivePoolingAllocator: call \u003ccode\u003eunreserveMatchingBuddy(...)\u003c/code\u003e if \u003ccode\u003ebyteBuf\u003c/code\u003e initialization failed by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16331\"\u003enetty/netty#16331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Mark LoggingHandlerTest with \u003ca href=\"https://github.com/Isolated\"\u003e\u003ccode\u003e@​Isolated\u003c/code\u003e\u003c/a\u003e to fix flaky build by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16340\"\u003enetty/netty#16340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky HTTP/2 test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16348\"\u003enetty/netty#16348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky RenegotiateTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16355\"\u003enetty/netty#16355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix HTTP/2 push frame test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16353\"\u003enetty/netty#16353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSSL test: Don't depend on property value in test (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16346\"\u003e#16346\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16362\"\u003enetty/netty#16362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Don't assume CertificateFactory is thread-safe by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16364\"\u003enetty/netty#16364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16334\"\u003e#16334\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16368\"\u003enetty/netty#16368\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16372\"\u003enetty/netty#16372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix leak in SniHandlerTest (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16367\"\u003e#16367\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16377\"\u003enetty/netty#16377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16373\"\u003enetty/netty#16373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove reference counting from size classed chunks (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16306\"\u003e#16306\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16379\"\u003enetty/netty#16379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16384\"\u003enetty/netty#16384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by \u003ca href=\"https://github.com/samlandfried\"\u003e\u003ccode\u003e@​samlandfried\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16280\"\u003enetty/netty#16280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix autoport fetching into the existing branch - again by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16417\"\u003enetty/netty#16417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16419\"\u003enetty/netty#16419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16421\"\u003enetty/netty#16421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Whitelist JMH annotation processing in microbench module by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16430\"\u003enetty/netty#16430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: HTTP2: Ensure preface is flushed in all cases  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16432\"\u003enetty/netty#16432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16437\"\u003enetty/netty#16437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16435\"\u003enetty/netty#16435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16446\"\u003enetty/netty#16446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16448\"\u003enetty/netty#16448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16459\"\u003enetty/netty#16459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16456\"\u003enetty/netty#16456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Epoll: Add null checks for safety reasons by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16463\"\u003enetty/netty#16463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16464\"\u003enetty/netty#16464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/ec119d487b3a27e4ac118e7e1d97f0c96a85f4a3\"\u003e\u003ccode\u003eec119d4\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.132.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819\"\u003e\u003ccode\u003e60e53c9\u003c/code\u003e\u003c/a\u003e Stricter HTTP/1.1 chunk extension parsing (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16537\"\u003e#16537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85\"\u003e\u003ccode\u003e9f47a7b\u003c/code\u003e\u003c/a\u003e Limit the number of Continuation frames per HTTP2 Headers (\u003ca href=\"https://redirect.github.com/netty/netty/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5\"\u003e\u003ccode\u003e10c1603\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/df6599790dc2c6810e253e9a14903f450e7aeffe\"\u003e\u003ccode\u003edf65997\u003c/code\u003e\u003c/a\u003e Epoll: setTcpMg5Sig(...) might overflow (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16511\"\u003e#16511\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16520\"\u003e#16520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/692ec8772dffdfbc9f3dc57bb4379d9338822ebd\"\u003e\u003ccode\u003e692ec87\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/3ac3f37e6dcfec658f4cb02935452ea25bb891f5\"\u003e\u003ccode\u003e3ac3f37\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: remove \u003ccode\u003eensureAccessible()\u003c/code\u003e call in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/5a0072ba96adde85936cb511cb8e24aef0bda811\"\u003e\u003ccode\u003e5a0072b\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16468\"\u003e#16468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/779fce7ff70da741633c22ec80870008fa655d35\"\u003e\u003ccode\u003e779fce7\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (\u003ca href=\"https://redirect.github.com/netty/netty/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/56d84e13175d1f33f6d8732e2bdd0e36d32db9a7\"\u003e\u003ccode\u003e56d84e1\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.129.Final...netty-4.1.132.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 2.1.1 to 4.0.1\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.avro:avro` from 1.10.1 to 1.11.4\n\nUpdates `commons-io:commons-io` from 2.4 to 2.14.0\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.assertj:assertj-core` from 3.21.0 to 3.27.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/assertj/assertj/releases\"\u003eorg.assertj:assertj-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.27.7\u003c/h2\u003e\n\u003ch2\u003e:lock: Security\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix XXE vulnerability in \u003ccode\u003eisXmlEqualTo\u003c/code\u003e assertion (CVE-2026-24400)\n\u003cul\u003e\n\u003cli\u003eSee GHSA-rqfh-9r24-8c9r for details; many thanks to \u003ca href=\"https://github.com/wxt201\"\u003e\u003ccode\u003e@​wxt201\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/Song-Li\"\u003e\u003ccode\u003e@​Song-Li\u003c/code\u003e\u003c/a\u003e for responsibly reporting it!\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:no_entry_sign: Deprecated\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e with no replacement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNavigation to \u003ccode\u003eassertj-core\u003c/code\u003e or \u003ccode\u003eguava\u003c/code\u003e types from \u003ccode\u003eassertj-guava\u003c/code\u003e Javadoc site has unnecessary header \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3478\"\u003e#3478\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:hammer: Dependency Upgrades\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Byte Buddy 1.18.3\u003c/li\u003e\n\u003cli\u003eUpgrade to JUnit BOM 5.14.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eGuava\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Guava 33.5.0-jre\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.27.6\u003c/h2\u003e\n\u003ch2\u003e:bug: Bug Fixes\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd missing export for \u003ccode\u003eorg.assertj.core.annotation\u003c/code\u003e \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3951\"\u003e#3951\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e:heart: Contributors\u003c/h2\u003e\n\u003cp\u003eThanks to all the contributors who worked on this release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/duponter\"\u003e\u003ccode\u003e@​duponter\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.27.5\u003c/h2\u003e\n\u003ch2\u003e:zap: Improvements\u003c/h2\u003e\n\u003ch3\u003eCore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eByteBuddy in AssertJ 3.27.4 not compatible with Java 25 \u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3946\"\u003e#3946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/e84071667f5f8f13084af9dfa54cee5fd9db18db\"\u003e\u003ccode\u003ee840716\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release assertj-build-3.27.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a\"\u003e\u003ccode\u003e85ca7eb\u003c/code\u003e\u003c/a\u003e Deprecate \u003ccode\u003eXmlStringPrettyFormatter\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/77081dc5eb107141df80f95bd0149b468e451341\"\u003e\u003ccode\u003e77081dc\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/b68fc24a9de28f28a486fc5b887c1b8a003a5823\"\u003e\u003ccode\u003eb68fc24\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/0cf5bb6c50f6ead3deaa2a2ff50ef1e7d933c8a3\"\u003e\u003ccode\u003e0cf5bb6\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003ekotlin.version\u003c/code\u003e from 2.1.0 to 2.2.21\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/d393ef1f5e48c89d47d7cf6d1eae359ceda0a126\"\u003e\u003ccode\u003ed393ef1\u003c/code\u003e\u003c/a\u003e Abort tests when symbolic links cannot be created (\u003ca href=\"https://redirect.github.com/assertj/assertj/issues/3788\"\u003e#3788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/22124331e9922af5a43ab50f7a9a25b65be53be1\"\u003e\u003ccode\u003e2212433\u003c/code\u003e\u003c/a\u003e Add IntelliJ custom inspection for test class names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/5717d025cfe0f4c66de20f3253c0b0ecba259aa1\"\u003e\u003ccode\u003e5717d02\u003c/code\u003e\u003c/a\u003e Update JetBrains icon\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/a8ec20bd42ed01f9cc6f654046c7dd424b0af07c\"\u003e\u003ccode\u003ea8ec20b\u003c/code\u003e\u003c/a\u003e Add icon for JetBrains products\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/assertj/assertj/commit/c05fb3d052b415fb2d6051df939f3b7903a76afe\"\u003e\u003ccode\u003ec05fb3d\u003c/code\u003e\u003c/a\u003e Bump Maven to 3.9.12 and Wrapper to 3.3.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/assertj/assertj/compare/assertj-core-3.21.0...assertj-build-3.27.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.3.9 to 4.0.1\n\nUpdates `org.apache.hive:hive-exec` from 2.1.1 to 4.0.1\n\nUpdates `org.apache.avro:avro` from 1.10.1 to 1.11.4\n\nUpdates `commons-io:commons-io` from 2.4 to 2.14.0\n\nUpdates `org.apache.commons:commons-compress` from 1.23.0 to 1.26.0\n\nUpdates `com.fasterxml.jackson.core:jackson-core` from 2.13.5 to 2.18.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/9a46ef8ccac2f15cba1c82059fbcc3883798478a\"\u003e\u003ccode\u003e9a46ef8\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release jackson-core-2.18.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/5f192db9c84c1e7a9e6ab7f631a77d4ac0719cb4\"\u003e\u003ccode\u003e5f192db\u003c/code\u003e\u003c/a\u003e Prep for 2.18.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/b0c428e6f993e1b5ece5c1c3cb2523e887cd52cf\"\u003e\u003ccode\u003eb0c428e\u003c/code\u003e\u003c/a\u003e Enforce \u003ccode\u003eStreamReadConstraints.maxNumberLength\u003c/code\u003e for non-blocking (async) pars...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/7c8b6d52632ff87dd40483df44a2b74d3048882c\"\u003e\u003ccode\u003e7c8b6d5\u003c/code\u003e\u003c/a\u003e Add test for nesting for \u003ccode\u003eDataInput\u003c/code\u003e-backed \u003ccode\u003eJsonParser\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1550\"\u003e#1550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/97a647b9d4bd03d31716d5565a73965c9ae2f396\"\u003e\u003ccode\u003e97a647b\u003c/code\u003e\u003c/a\u003e Update CI: JDK 23 -\u0026gt; 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/1601331cd5c7d79037904e4803a4c35cc9fdd4e0\"\u003e\u003ccode\u003e1601331\u003c/code\u003e\u003c/a\u003e (backport from 2.21) Fix \u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1548\"\u003e#1548\u003c/a\u003e: validate max doc length for fixed buffer inpu...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/fae2542708621b49cdc61ec5b29574ad054ed76f\"\u003e\u003ccode\u003efae2542\u003c/code\u003e\u003c/a\u003e release notes update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/70c99ba8eccf6f8ad2754bccb113daac823f03ba\"\u003e\u003ccode\u003e70c99ba\u003c/code\u003e\u003c/a\u003e Update UTF8DataInputJsonParser.java (\u003ca href=\"https://redirect.github.com/FasterXML/jackson-core/issues/1512\"\u003e#1512\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/caea665e6364bb46a4e7101fd763e9ef8568f132\"\u003e\u003ccode\u003ecaea665\u003c/code\u003e\u003c/a\u003e Post-release dep version bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/FasterXML/jackson-core/commit/635d3bd80a44a8a84b04cfdd007ceb9a31dc95f1\"\u003e\u003ccode\u003e635d3bd\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/FasterXML/jackson-core/compare/jackson-core-2.13.5...jackson-core-2.18.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.25.4\n\nUpdates `org.apache.derby:derby` from 10.14.2.0 to 10.17.1.0\n\nUpdates `io.netty:netty-codec-http2` from 4.1.129.Final to 4.1.132.Final\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/netty/netty/releases\"\u003eio.netty:netty-codec-http2's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003enetty-4.1.132.Final\u003c/h2\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-33871, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv\"\u003eHTTP/2 CONTINUATION Frame Flood Denial of Service\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-33870, \u003ca href=\"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8\"\u003eHTTP Request Smuggling via Chunked Extension Quoted-String Parsing\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16248\"\u003enetty/netty#16248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake RefCntOpenSslContext.deallocate more robust (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16253\"\u003e#16253\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16257\"\u003enetty/netty#16257\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate to gcc for arm 10.3-2021.07 (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16255\"\u003e#16255\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16263\"\u003enetty/netty#16263\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eHTTP2: Correctly account for padding when decompress by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16265\"\u003enetty/netty#16265\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate JDK versions to latest patch releases (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16254\"\u003e#16254\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16267\"\u003enetty/netty#16267\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Automatic backporting workflow from 4.1 to 4.2 by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16274\"\u003enetty/netty#16274\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Backport PRs must be created with personal access tokens by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16277\"\u003enetty/netty#16277\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Add more porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16284\"\u003enetty/netty#16284\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Some polishing of the porting workflows by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16292\"\u003enetty/netty#16292\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16303\"\u003enetty/netty#16303\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Support more branch freedom for auto-porting by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16310\"\u003enetty/netty#16310\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: the precedence of + is higher than \u0026gt;\u0026gt; (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16312\"\u003e#16312\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16316\"\u003enetty/netty#16316\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16320\"\u003enetty/netty#16320\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky PooledByteBufAllocatorTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16324\"\u003enetty/netty#16324\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix pooled arena accounting tests  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16326\"\u003enetty/netty#16326\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix RunInFastThreadLocalThreadExtension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16328\"\u003enetty/netty#16328\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: AdaptivePoolingAllocator: call \u003ccode\u003eunreserveMatchingBuddy(...)\u003c/code\u003e if \u003ccode\u003ebyteBuf\u003c/code\u003e initialization failed by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16331\"\u003enetty/netty#16331\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Mark LoggingHandlerTest with \u003ca href=\"https://github.com/Isolated\"\u003e\u003ccode\u003e@​Isolated\u003c/code\u003e\u003c/a\u003e to fix flaky build by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16340\"\u003enetty/netty#16340\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky HTTP/2 test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16348\"\u003enetty/netty#16348\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix flaky RenegotiateTest by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16355\"\u003enetty/netty#16355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix HTTP/2 push frame test by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16353\"\u003enetty/netty#16353\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSSL test: Don't depend on property value in test (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16346\"\u003e#16346\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16362\"\u003enetty/netty#16362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Don't assume CertificateFactory is thread-safe by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16364\"\u003enetty/netty#16364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16334\"\u003e#16334\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16368\"\u003enetty/netty#16368\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16372\"\u003enetty/netty#16372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix leak in SniHandlerTest (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16367\"\u003e#16367\u003c/a\u003e) by \u003ca href=\"https://github.com/normanmaurer\"\u003e\u003ccode\u003e@​normanmaurer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16377\"\u003enetty/netty#16377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16373\"\u003enetty/netty#16373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove reference counting from size classed chunks (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16306\"\u003e#16306\u003c/a\u003e) by \u003ca href=\"https://github.com/chrisvest\"\u003e\u003ccode\u003e@​chrisvest\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16379\"\u003enetty/netty#16379\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16384\"\u003enetty/netty#16384\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by \u003ca href=\"https://github.com/samlandfried\"\u003e\u003ccode\u003e@​samlandfried\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16280\"\u003enetty/netty#16280\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix autoport fetching into the existing branch - again by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16417\"\u003enetty/netty#16417\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16419\"\u003enetty/netty#16419\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16421\"\u003enetty/netty#16421\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Whitelist JMH annotation processing in microbench module by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16430\"\u003enetty/netty#16430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: HTTP2: Ensure preface is flushed in all cases  by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16432\"\u003enetty/netty#16432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16437\"\u003enetty/netty#16437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16435\"\u003enetty/netty#16435\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16446\"\u003enetty/netty#16446\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16448\"\u003enetty/netty#16448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16459\"\u003enetty/netty#16459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16456\"\u003enetty/netty#16456\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: Epoll: Add null checks for safety reasons by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16463\"\u003enetty/netty#16463\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAuto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by \u003ca href=\"https://github.com/netty-project-bot\"\u003e\u003ccode\u003e@​netty-project-bot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/netty/netty/pull/16464\"\u003enetty/netty#16464\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/ec119d487b3a27e4ac118e7e1d97f0c96a85f4a3\"\u003e\u003ccode\u003eec119d4\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release netty-4.1.132.Final\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819\"\u003e\u003ccode\u003e60e53c9\u003c/code\u003e\u003c/a\u003e Stricter HTTP/1.1 chunk extension parsing (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16537\"\u003e#16537\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85\"\u003e\u003ccode\u003e9f47a7b\u003c/code\u003e\u003c/a\u003e Limit the number of Continuation frames per HTTP2 Headers (\u003ca href=\"https://redirect.github.com/netty/netty/issues/13969\"\u003e#13969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5\"\u003e\u003ccode\u003e10c1603\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/df6599790dc2c6810e253e9a14903f450e7aeffe\"\u003e\u003ccode\u003edf65997\u003c/code\u003e\u003c/a\u003e Epoll: setTcpMg5Sig(...) might overflow (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16511\"\u003e#16511\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16520\"\u003e#16520\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/692ec8772dffdfbc9f3dc57bb4379d9338822ebd\"\u003e\u003ccode\u003e692ec87\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/3ac3f37e6dcfec658f4cb02935452ea25bb891f5\"\u003e\u003ccode\u003e3ac3f37\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: AdaptivePoolingAllocator: remove \u003ccode\u003eensureAccessible()\u003c/code\u003e call in ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/5a0072ba96adde85936cb511cb8e24aef0bda811\"\u003e\u003ccode\u003e5a0072b\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (\u003ca href=\"https://redirect.github.com/netty/netty/issues/16468\"\u003e#16468\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/779fce7ff70da741633c22ec80870008fa655d35\"\u003e\u003ccode\u003e779fce7\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (\u003ca href=\"https://redirect.github.com/netty/netty/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/netty/netty/commit/56d84e13175d1f33f6d8732e2bdd0e36d32db9a7\"\u003e\u003ccode\u003e56d84e1\u003c/code\u003e\u003c/a\u003e Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/netty/netty/compare/netty-4.1.129.Final...netty-4.1.132.Final\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hive:hive-exec` from 3.1.3 to 4.0.1\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/xxubai/amoro/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/xxubai/amoro/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/xxubai%2Famoro/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4","update_type":null,"path":null,"pr_created_at":"2026-03-28T22:37:30.000Z","version_change":"Fuzzing-SNAPSHOT → 1.11.4","issue":{"uuid":"4161865451","node_id":"PR_kwDORx4z787OUc2e","number":7,"state":"open","title":"build(deps): bump the maven group across 14 directories with 16 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-28T22:37:30.000Z","updated_at":"2026-03-28T22:46:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":16,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"},{"name":"org.bitbucket.b_c:jose4j","old_version":"Fuzzing-SNAPSHOT","new_version":"0.9.6"},{"name":"com.nimbusds:nimbus-jose-jwt","old_version":"9.30.1","new_version":"9.37.4"},{"name":"com.google.guava:guava","old_version":"31.1-jre","new_version":"32.0.0-jre","repository_url":"https://github.com/google/guava"},{"name":"com.google.protobuf:protobuf-java","old_version":"4.0.0-rc-2","new_version":"4.27.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.3"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.2","new_version":"2.25.3"},{"name":"org.jboss.xnio:xnio-api","old_version":"3.8.8.Final","new_version":"3.8.14.Final"},{"name":"com.esotericsoftware.yamlbeans:yamlbeans","old_version":"Fuzzing-SNAPSHOT","new_version":"1.17","repository_url":"https://github.com/EsotericSoftware/yamlbeans"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core and org.apache.cxf:cxf-rt-frontend-jaxrs.\nBumps the maven group with 1 update in the /projects/async-http-client/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\nBumps the maven group with 1 update in the /projects/jose4j/project-parent/fuzz-targets directory: [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j).\nBumps the maven group with 1 update in the /projects/nimbus-jwt/nimbus-jwt-fuzzer directory: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt).\nBumps the maven group with 2 updates in the /projects/opencensus-java/project-parent/fuzz-targets directory: [com.google.guava:guava](https://github.com/google/guava) and [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf).\nBumps the maven group with 1 update in the /projects/pdfbox/project-parent/fuzz-targets directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/struts/struts2-fuzzer/webapp directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/xnio-api/xnio-fuzzer directory: org.jboss.xnio:xnio-api.\nBumps the maven group with 1 update in the /projects/yamlbeans/project-parent/fuzz-targets directory: [com.esotericsoftware.yamlbeans:yamlbeans](https://github.com/EsotericSoftware/yamlbeans).\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\nUpdates `org.bitbucket.b_c:jose4j` from Fuzzing-SNAPSHOT to 0.9.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.nimbusds:nimbus-jose-jwt` from 9.30.1 to 9.37.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f64e094030ab82659dbfaea8c489cc56291539cf\"\u003e\u003ccode\u003ef64e094\u003c/code\u003e\u003c/a\u003e Makes the abstract class BaseJWEProvider public (iss \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/521\"\u003e#521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ad6fed330a6bc5dbcb343aafd085ffd0d15c07d7\"\u003e\u003ccode\u003ead6fed3\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.35\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/81c7f24cc8a49f0f87c530e50d750bb1db22b4a8\"\u003e\u003ccode\u003e81c7f24\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/24aaaf02edf5d1ae4cc449b3d81a9151f26953dc\"\u003e\u003ccode\u003e24aaaf0\u003c/code\u003e\u003c/a\u003e Bumps jacoco-maven-plugin to 0.8.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ff01cd912fe53ee2946170781fe243564920be94\"\u003e\u003ccode\u003eff01cd9\u003c/code\u003e\u003c/a\u003e Adds new JWKSet.filter method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/9c7ca65e0f85a286b8ed32886f40266075f785c7\"\u003e\u003ccode\u003e9c7ca65\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.36\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/61118382fa75f27b29d89f9438361dbd15485c53\"\u003e\u003ccode\u003e6111838\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/11d0767dea84e47cff18236dcfe300845a781fcb\"\u003e\u003ccode\u003e11d0767\u003c/code\u003e\u003c/a\u003e Updates maven-surefire-plugin, removes config workaround for maven-surefire-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/43118defa2dbf9ef4d3a451f6c45b4021d52f24b\"\u003e\u003ccode\u003e43118de\u003c/code\u003e\u003c/a\u003e Adds JWTClaimsSet.getListClaim method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f50158f96675591b27a327b4597280dfda4aac07\"\u003e\u003ccode\u003ef50158f\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.37\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.4..9.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.guava:guava` from 31.1-jre to 32.0.0-jre\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/guava/releases\"\u003ecom.google.guava:guava's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e32.0.0\u003c/h2\u003e\n\u003ch3\u003eMaven\u003c/h3\u003e\n\u003cpre lang=\"xml\"\u003e\u003ccode\u003e\u0026lt;dependency\u0026gt;\r\n  \u0026lt;groupId\u0026gt;com.google.guava\u0026lt;/groupId\u0026gt;\r\n  \u0026lt;artifactId\u0026gt;guava\u0026lt;/artifactId\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-jre\u0026lt;/version\u0026gt;\r\n  \u0026lt;!-- or, for Android: --\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-android\u0026lt;/version\u0026gt;\r\n\u0026lt;/dependency\u0026gt;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eJar files\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar\"\u003e32.0.0-jre.jar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar\"\u003e32.0.0-android.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGuava requires \u003ca href=\"https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies\"\u003eone runtime dependency\u003c/a\u003e, which you can download here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar\"\u003efailureaccess-1.0.1.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJavadoc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/docs/\"\u003e32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/docs/\"\u003e32.0.0-android\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJDiff\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/diffs/\"\u003e32.0.0-jre vs. 31.1-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/diffs/\"\u003e32.0.0-android vs. 31.1-android\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/androiddiffs/\"\u003e32.0.0-android vs. 32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003ch4\u003eSecurity fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReimplemented \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e to further address CVE-2020-8908 (\u003ca href=\"https://redirect.github.com/google/guava/issues/4011\"\u003e#4011\u003c/a\u003e) and CVE-2023-2976 (\u003ca href=\"https://redirect.github.com/google/guava/issues/2575\"\u003e#2575\u003c/a\u003e). (feb83a1c8f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhile CVE-2020-8908 was officially closed when we deprecated \u003ccode\u003eFiles.createTempDir\u003c/code\u003e in \u003ca href=\"https://github.com/google/guava/releases/tag/v30.0\"\u003eGuava 30.0\u003c/a\u003e, we've heard from users that even recent versions of Guava have been listed as vulnerable in \u003cem\u003eother\u003c/em\u003e databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under \u0026quot;Incompatible changes\u0026quot; below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we \u003ca href=\"https://github.com/google/guava#important-warnings\"\u003ewarn that \u003ccode\u003ecommon.io\u003c/code\u003e in particular may not work under Windows\u003c/a\u003e, we didn't intend to regress support.) Sorry for the trouble.\u003c/p\u003e\n\u003ch4\u003eIncompatible changes\u003c/h4\u003e\n\u003cp\u003eAlthough this release bumps Guava's major version number, it makes \u003cstrong\u003eno binary-incompatible changes to the \u003ccode\u003eguava\u003c/code\u003e artifact\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eOne change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThe new implementations of \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e \u003ca href=\"https://redirect.github.com/google/guava/issues/6535\"\u003ethrow an exception under Windows\u003c/a\u003e.\u003c/strong\u003e This is fixed in \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e. Sorry for the trouble.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eguava-gwt\u003c/code\u003e now \u003ca href=\"https://redirect.github.com/google/guava/issues/6627\"\u003erequires\u003c/a\u003e GWT \u003ca href=\"https://github.com/gwtproject/gwt/releases/tag/2.10.0\"\u003e2.10.0\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThis release makes a binary-incompatible change to a \u003ccode\u003e@Beta\u003c/code\u003e API in the \u003cstrong\u003eseparate artifact\u003c/strong\u003e \u003ccode\u003eguava-testlib\u003c/code\u003e. Specifically, we changed the return type of \u003ccode\u003eTestingExecutors.sameThreadScheduledExecutor\u003c/code\u003e to \u003ccode\u003eListeningScheduledExecutorService\u003c/code\u003e. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/guava/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 4.0.0-rc-2 to 4.27.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.3\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3\n\nUpdates `org.jboss.xnio:xnio-api` from 3.8.8.Final to 3.8.14.Final\n\nUpdates `com.esotericsoftware.yamlbeans:yamlbeans` from Fuzzing-SNAPSHOT to 1.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/EsotericSoftware/yamlbeans/commits/1.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/0ai-Cyberviser/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/0ai-Cyberviser/oss-fuzz/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/0ai-Cyberviser%2Foss-fuzz/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4","update_type":null,"path":null,"pr_created_at":"2026-03-28T22:37:02.000Z","version_change":"Fuzzing-SNAPSHOT → 1.11.4","issue":{"uuid":"4161864691","node_id":"PR_kwDORx4z787OUcud","number":6,"state":"closed","title":"build(deps): bump the maven group across 8 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-28T23:04:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-28T22:37:02.000Z","updated_at":"2026-03-28T23:04:16.000Z","time_to_close":1633,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":12,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.apache.cxf:cxf-rt-transports-http","old_version":"Fuzzing-SNAPSHOT","new_version":"3.1.16"},{"name":"org.apache.tika:tika-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.2.2","repository_url":"https://github.com/apache/tika"},{"name":"org.asynchttpclient:async-http-client","old_version":"Fuzzing-SNAPSHOT","new_version":"2.0.35","repository_url":"https://github.com/AsyncHttpClient/async-http-client"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 3 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core, org.apache.cxf:cxf-rt-frontend-jaxrs and org.apache.cxf:cxf-rt-transports-http.\nBumps the maven group with 1 update in the /projects/apache-tika/project-parent/fuzz-targets directory: [org.apache.tika:tika-core](https://github.com/apache/tika).\nBumps the maven group with 2 updates in the /projects/async-http-client/project-parent/fuzz-targets directory: [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) and org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.apache.cxf:cxf-rt-transports-http` from Fuzzing-SNAPSHOT to 3.1.16\n\nUpdates `org.apache.tika:tika-core` from Fuzzing-SNAPSHOT to 3.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/apache/tika/blob/main/CHANGES.txt\"\u003eorg.apache.tika:tika-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eRelease 4.0.0-BETA1 - ???\u003c/p\u003e\n\u003cp\u003eBREAKING CHANGES\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eMoved towards default json based configuration (TIKA-4544 and many others).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes implementation modules have been reorganized by\nresource (tika-pipes-solr) vs task (tika-pipes-fetcher-solr)\n(TIKA-4543). Note that the file-system pipes components have\nbeen taken out of tika-pipes-core and placed in their own\npf4j module: tika-pipes-file-system.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes implementation modules are now pf4j plugins (TIKA-4519).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003etika-pipes core classes have been moved to a new module: tika-pipes-core,\nand the FileSystem pipes components have moved (TIKA-4334).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMetadataListFilter has been renamed MetadataFilter, and\nMetadataFilter has been removed (TIKA-4546).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved several modules, including: tika-batch (TIKA-4333), snaps deployment (TIKA-4502),\ndotnet (TIKA-4332), advanced media module (TIKA-4500), tika-dl module (TIKA-4499),\ntika-fuzzing module (TIKA-4506).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHeaders are no longer injected into the body/content of MSG files (TIKA-4345). Please open\na ticket if you need this behavior across email formats.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI changes in the EmbeddedStreamTranslator (TIKA-4518).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRemoved DigestingParser (TIKA-4607).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eOTHER CHANGES\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix concurrency bug in TikaToXMP (TIKA-4393)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eRelease 3.3.0 - ???\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eVarious fixes based on regression testing (TIKA-4563).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImprove zip parsing (TIKA-4650).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd detection of compressed bmp (TIKA-4511).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow per file timeouts in tika-pipes (TIKA-4497).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd matroska detector (TIKA-1180).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow multiple values for many Dublin Core keys (TIKA-4466).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eExtract macros by default in tika-app's commandline and gui (TIKA-4472).\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/apache/tika/commits/3.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.asynchttpclient:async-http-client` from Fuzzing-SNAPSHOT to 2.0.35\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/AsyncHttpClient/async-http-client/commits/async-http-client-project-2.0.35\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/0ai-Cyberviser/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/0ai-Cyberviser/oss-fuzz/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/0ai-Cyberviser%2Foss-fuzz/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4","update_type":null,"path":null,"pr_created_at":"2026-03-13T13:24:34.000Z","version_change":"Fuzzing-SNAPSHOT → 1.11.4","issue":{"uuid":"4071113238","node_id":"PR_kwDOCCeu5c7KXZRf","number":5,"state":"closed","title":"build(deps): bump the maven group across 15 directories with 17 updates","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-10T23:41:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-13T13:24:34.000Z","updated_at":"2026-04-10T23:41:36.000Z","time_to_close":2456221,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"maven","update_count":17,"packages":[{"name":"org.apache.cxf:cxf-core","old_version":"Fuzzing-SNAPSHOT","new_version":"3.5.11"},{"name":"org.apache.cxf:cxf-rt-frontend-jaxrs","old_version":"Fuzzing-SNAPSHOT","new_version":"2.6.11"},{"name":"org.eclipse.jetty:jetty-server","old_version":"11.0.14","new_version":"11.0.24"},{"name":"org.apache.avro:avro","old_version":"Fuzzing-SNAPSHOT","new_version":"1.11.4"},{"name":"org.eclipse.platform:org.eclipse.core.runtime","old_version":"3.26.100","new_version":"3.29.0","repository_url":"https://github.com/eclipse-platform/eclipse.platform"},{"name":"org.apache.hadoop:hadoop-common","old_version":"Fuzzing-SNAPSHOT","new_version":"3.4.0"},{"name":"org.htmlunit:htmlunit","old_version":"2.7.0","new_version":"3.9.0","repository_url":"https://github.com/HtmlUnit/htmlunit"},{"name":"org.eclipse.jetty:jetty-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.56.v20240826"},{"name":"org.eclipse.jetty:jetty-http","old_version":"Fuzzing-SNAPSHOT","new_version":"12.0.31"},{"name":"org.eclipse.jetty.http2:http2-server","old_version":"Fuzzing-SNAPSHOT","new_version":"9.4.53.v20231009"},{"name":"org.bitbucket.b_c:jose4j","old_version":"Fuzzing-SNAPSHOT","new_version":"0.9.6"},{"name":"com.nimbusds:nimbus-jose-jwt","old_version":"9.30.1","new_version":"9.37.4"},{"name":"com.google.guava:guava","old_version":"31.1-jre","new_version":"32.0.0-jre","repository_url":"https://github.com/google/guava"},{"name":"com.google.protobuf:protobuf-java","old_version":"4.0.0-rc-2","new_version":"4.27.5","repository_url":"https://github.com/protocolbuffers/protobuf"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.3","new_version":"2.25.3"},{"name":"org.apache.logging.log4j:log4j-core","old_version":"2.24.2","new_version":"2.25.3"},{"name":"org.jboss.xnio:xnio-api","old_version":"3.8.8.Final","new_version":"3.8.14.Final"},{"name":"com.esotericsoftware.yamlbeans:yamlbeans","old_version":"Fuzzing-SNAPSHOT","new_version":"1.17","repository_url":"https://github.com/EsotericSoftware/yamlbeans"},{"name":"org.zeroturnaround:zt-zip","old_version":"Fuzzing-SNAPSHOT","new_version":"1.13","repository_url":"https://github.com/zeroturnaround/zt-zip"}],"path":null,"ecosystem":"maven"},"body":"Bumps the maven group with 2 updates in the /projects/apache-cxf/project-parent/fuzz-targets directory: org.apache.cxf:cxf-core and org.apache.cxf:cxf-rt-frontend-jaxrs.\nBumps the maven group with 1 update in the /projects/async-http-client/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server.\nBumps the maven group with 1 update in the /projects/avro/project-parent/fuzz-targets directory: org.apache.avro:avro.\nBumps the maven group with 1 update in the /projects/eclipse-equinox/equinox-fuzzer directory: [org.eclipse.platform:org.eclipse.core.runtime](https://github.com/eclipse-platform/eclipse.platform).\nBumps the maven group with 1 update in the /projects/hadoop/project-parent/fuzz-targets directory: org.apache.hadoop:hadoop-common.\nBumps the maven group with 1 update in the /projects/htmlunit/htmlunit-fuzzer directory: [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit).\nBumps the maven group with 3 updates in the /projects/jetty/project-parent/fuzz-targets directory: org.eclipse.jetty:jetty-server, org.eclipse.jetty:jetty-http and org.eclipse.jetty.http2:http2-server.\nBumps the maven group with 1 update in the /projects/jose4j/project-parent/fuzz-targets directory: [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j).\nBumps the maven group with 1 update in the /projects/nimbus-jwt/nimbus-jwt-fuzzer directory: [com.nimbusds:nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt).\nBumps the maven group with 2 updates in the /projects/opencensus-java/project-parent/fuzz-targets directory: [com.google.guava:guava](https://github.com/google/guava) and [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf).\nBumps the maven group with 1 update in the /projects/pdfbox/project-parent/fuzz-targets directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/struts/struts2-fuzzer/webapp directory: org.apache.logging.log4j:log4j-core.\nBumps the maven group with 1 update in the /projects/xnio-api/xnio-fuzzer directory: org.jboss.xnio:xnio-api.\nBumps the maven group with 1 update in the /projects/yamlbeans/project-parent/fuzz-targets directory: [com.esotericsoftware.yamlbeans:yamlbeans](https://github.com/EsotericSoftware/yamlbeans).\nBumps the maven group with 1 update in the /projects/zt-zip/project-parent/fuzz-targets directory: [org.zeroturnaround:zt-zip](https://github.com/zeroturnaround/zt-zip).\n\nUpdates `org.apache.cxf:cxf-core` from Fuzzing-SNAPSHOT to 3.5.11\n\nUpdates `org.apache.cxf:cxf-rt-frontend-jaxrs` from Fuzzing-SNAPSHOT to 2.6.11\n\nUpdates `org.eclipse.jetty:jetty-server` from 11.0.14 to 11.0.24\n\nUpdates `org.apache.avro:avro` from Fuzzing-SNAPSHOT to 1.11.4\n\nUpdates `org.eclipse.platform:org.eclipse.core.runtime` from 3.26.100 to 3.29.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eclipse-platform/eclipse.platform/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.hadoop:hadoop-common` from Fuzzing-SNAPSHOT to 3.4.0\n\nUpdates `org.htmlunit:htmlunit` from 2.7.0 to 3.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/HtmlUnit/htmlunit/releases\"\u003eorg.htmlunit:htmlunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eHtmlUnit 3.9.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-csp: new lib for CSP\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecommons-logging to 1.3.0, commons-io to 2.15.1, commons-lang3 to 3.14.0\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eenable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor (CVE-2023-49093).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eneko: new HTML named entities parser that is up to 20x faster for common entities and some more fixes\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.9.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.8.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: support trailing commas in function parameters.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eupdated CSS3Parser pool implementation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eimproved detection onf XML/XHtml content when not content type header is set\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.8.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.7.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eINCOMPATIBLE CHANGE: For this version, the processing of WebWindowListener events got many changes/fixes/improvements.                 The main point was to let this work as stable as possible even if many WebWindowListener are registered.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecssparser: Switched from JavaCC to ParserGeneratorCC (\u003ca href=\"https://github.com/tulipcc/ParserGeneratorCC\"\u003ehttps://github.com/tulipcc/ParserGeneratorCC\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003ecore-js: build system switched to maven\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eImplementation of CSS pseudo classes :invalid and :valid improved\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eForm.isValid() checks all form elements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eDocumentation enhancements\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003esupport ComputedCSSStyleDeclaration when JS engine is disabled\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHtmlForm.getElements() is now part of the public api\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed a major memory leak\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e'rel' attribute may contain multiple values, we have to split before checking the value\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003emany more fixes and improvements\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003ePlease have a look at the \u003ca href=\"https://www.htmlunit.org/changes-report.html#a3.7.0\"\u003efull release notes\u003c/a\u003e for details about this release.\u003c/p\u003e\n\u003cp\u003e💕 Thank you to all who have contributed and to the sponsors (more sponsoring is welcome \u003ca href=\"https://github.com/sponsors/rbri\"\u003ehttps://github.com/sponsors/rbri\u003c/a\u003e).\u003c/p\u003e\n\u003ch2\u003eHtmlUnit 3.6.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eHighlights\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThis release is not compatible with 2.xx versions - please read the \u003ca href=\"https://www.htmlunit.org/migration.html\"\u003emigration info\u003c/a\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/a599e36ecc0b19a2ea76b73f7f48365fbb87c28a\"\u003e\u003ccode\u003ea599e36\u003c/code\u003e\u003c/a\u003e version 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/d4c11058e71b6ba5eaaf5d9565c1634b4bbeec1e\"\u003e\u003ccode\u003ed4c1105\u003c/code\u003e\u003c/a\u003e core-js 3.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/51f0eefd545bca2c17f12f237ba228a08aac4f7f\"\u003e\u003ccode\u003e51f0eef\u003c/code\u003e\u003c/a\u003e exclude commons.logging from httpcomponents\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/65986a459f15da0eed1616d91efdd65f99120334\"\u003e\u003ccode\u003e65986a4\u003c/code\u003e\u003c/a\u003e code style\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/1587961cf4043ea776d38683e53470993bc70771\"\u003e\u003ccode\u003e1587961\u003c/code\u003e\u003c/a\u003e lib updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/2a972ced6e7cc147a29c86c0e962f2696f9cc4ed\"\u003e\u003ccode\u003e2a972ce\u003c/code\u003e\u003c/a\u003e htmx 1.9.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/792e8456cd76f7cfd04587d539bd4fa929599000\"\u003e\u003ccode\u003e792e845\u003c/code\u003e\u003c/a\u003e new subproject htmlunit-csp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e07ba67cc1b030f90a2ad9882f271429345b008d\"\u003e\u003ccode\u003ee07ba67\u003c/code\u003e\u003c/a\u003e fix ms driver check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/e015082aa909fd9e1c2b5f9b26553ddc0ddbbcab\"\u003e\u003ccode\u003ee015082\u003c/code\u003e\u003c/a\u003e enable FEATURE_SECURE_PROCESSING for the MSXML XSLProcessor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/HtmlUnit/htmlunit/commit/77aeaa85e1fc69e929858ae700b24528275d8d07\"\u003e\u003ccode\u003e77aeaa8\u003c/code\u003e\u003c/a\u003e another minor neko update\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/HtmlUnit/htmlunit/compare/HtmlUnit-2.7...3.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.eclipse.jetty:jetty-server` from Fuzzing-SNAPSHOT to 9.4.56.v20240826\n\nUpdates `org.eclipse.jetty:jetty-http` from Fuzzing-SNAPSHOT to 12.0.31\n\nUpdates `org.eclipse.jetty.http2:http2-server` from Fuzzing-SNAPSHOT to 9.4.53.v20231009\n\nUpdates `org.bitbucket.b_c:jose4j` from Fuzzing-SNAPSHOT to 0.9.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.nimbusds:nimbus-jose-jwt` from 9.30.1 to 9.37.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f64e094030ab82659dbfaea8c489cc56291539cf\"\u003e\u003ccode\u003ef64e094\u003c/code\u003e\u003c/a\u003e Makes the abstract class BaseJWEProvider public (iss \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/521\"\u003e#521\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ad6fed330a6bc5dbcb343aafd085ffd0d15c07d7\"\u003e\u003ccode\u003ead6fed3\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.35\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/81c7f24cc8a49f0f87c530e50d750bb1db22b4a8\"\u003e\u003ccode\u003e81c7f24\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/24aaaf02edf5d1ae4cc449b3d81a9151f26953dc\"\u003e\u003ccode\u003e24aaaf0\u003c/code\u003e\u003c/a\u003e Bumps jacoco-maven-plugin to 0.8.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/ff01cd912fe53ee2946170781fe243564920be94\"\u003e\u003ccode\u003eff01cd9\u003c/code\u003e\u003c/a\u003e Adds new JWKSet.filter method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/9c7ca65e0f85a286b8ed32886f40266075f785c7\"\u003e\u003ccode\u003e9c7ca65\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.36\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/61118382fa75f27b29d89f9438361dbd15485c53\"\u003e\u003ccode\u003e6111838\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare for next development iteration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/11d0767dea84e47cff18236dcfe300845a781fcb\"\u003e\u003ccode\u003e11d0767\u003c/code\u003e\u003c/a\u003e Updates maven-surefire-plugin, removes config workaround for maven-surefire-p...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/43118defa2dbf9ef4d3a451f6c45b4021d52f24b\"\u003e\u003ccode\u003e43118de\u003c/code\u003e\u003c/a\u003e Adds JWTClaimsSet.getListClaim method\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f50158f96675591b27a327b4597280dfda4aac07\"\u003e\u003ccode\u003ef50158f\u003c/code\u003e\u003c/a\u003e [maven-release-plugin] prepare release 9.37\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.37.4..9.30.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.guava:guava` from 31.1-jre to 32.0.0-jre\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/google/guava/releases\"\u003ecom.google.guava:guava's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e32.0.0\u003c/h2\u003e\n\u003ch3\u003eMaven\u003c/h3\u003e\n\u003cpre lang=\"xml\"\u003e\u003ccode\u003e\u0026lt;dependency\u0026gt;\r\n  \u0026lt;groupId\u0026gt;com.google.guava\u0026lt;/groupId\u0026gt;\r\n  \u0026lt;artifactId\u0026gt;guava\u0026lt;/artifactId\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-jre\u0026lt;/version\u0026gt;\r\n  \u0026lt;!-- or, for Android: --\u0026gt;\r\n  \u0026lt;version\u0026gt;32.0.0-android\u0026lt;/version\u0026gt;\r\n\u0026lt;/dependency\u0026gt;\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch3\u003eJar files\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar\"\u003e32.0.0-jre.jar\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar\"\u003e32.0.0-android.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eGuava requires \u003ca href=\"https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies\"\u003eone runtime dependency\u003c/a\u003e, which you can download here:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar\"\u003efailureaccess-1.0.1.jar\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJavadoc\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/docs/\"\u003e32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/docs/\"\u003e32.0.0-android\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eJDiff\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-jre/api/diffs/\"\u003e32.0.0-jre vs. 31.1-jre\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/diffs/\"\u003e32.0.0-android vs. 31.1-android\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"http://guava.dev/releases/32.0.0-android/api/androiddiffs/\"\u003e32.0.0-android vs. 32.0.0-jre\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChangelog\u003c/h3\u003e\n\u003ch4\u003eSecurity fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eReimplemented \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e to further address CVE-2020-8908 (\u003ca href=\"https://redirect.github.com/google/guava/issues/4011\"\u003e#4011\u003c/a\u003e) and CVE-2023-2976 (\u003ca href=\"https://redirect.github.com/google/guava/issues/2575\"\u003e#2575\u003c/a\u003e). (feb83a1c8f)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhile CVE-2020-8908 was officially closed when we deprecated \u003ccode\u003eFiles.createTempDir\u003c/code\u003e in \u003ca href=\"https://github.com/google/guava/releases/tag/v30.0\"\u003eGuava 30.0\u003c/a\u003e, we've heard from users that even recent versions of Guava have been listed as vulnerable in \u003cem\u003eother\u003c/em\u003e databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e class, which had a similar issue) to eliminate the insecure behavior entirely. This change could technically affect users in a number of different ways (discussed under \u0026quot;Incompatible changes\u0026quot; below), but in practice, the only problem users are likely to encounter is with Windows. If you are using those APIs under Windows, you should skip 32.0.0 and go straight to \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e which fixes the problem. (Unfortunately, we didn't think of the Windows problem until after the release. And while we \u003ca href=\"https://github.com/google/guava#important-warnings\"\u003ewarn that \u003ccode\u003ecommon.io\u003c/code\u003e in particular may not work under Windows\u003c/a\u003e, we didn't intend to regress support.) Sorry for the trouble.\u003c/p\u003e\n\u003ch4\u003eIncompatible changes\u003c/h4\u003e\n\u003cp\u003eAlthough this release bumps Guava's major version number, it makes \u003cstrong\u003eno binary-incompatible changes to the \u003ccode\u003eguava\u003c/code\u003e artifact\u003c/strong\u003e.\u003c/p\u003e\n\u003cp\u003eOne change could cause issues for Widows users, and a few other changes could cause issues for users in more usual situations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eThe new implementations of \u003ccode\u003eFiles.createTempDir\u003c/code\u003e and \u003ccode\u003eFileBackedOutputStream\u003c/code\u003e \u003ca href=\"https://redirect.github.com/google/guava/issues/6535\"\u003ethrow an exception under Windows\u003c/a\u003e.\u003c/strong\u003e This is fixed in \u003ca href=\"https://github.com/google/guava/releases/tag/v32.0.1\"\u003e32.0.1\u003c/a\u003e. Sorry for the trouble.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eguava-gwt\u003c/code\u003e now \u003ca href=\"https://redirect.github.com/google/guava/issues/6627\"\u003erequires\u003c/a\u003e GWT \u003ca href=\"https://github.com/gwtproject/gwt/releases/tag/2.10.0\"\u003e2.10.0\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eThis release makes a binary-incompatible change to a \u003ccode\u003e@Beta\u003c/code\u003e API in the \u003cstrong\u003eseparate artifact\u003c/strong\u003e \u003ccode\u003eguava-testlib\u003c/code\u003e. Specifically, we changed the return type of \u003ccode\u003eTestingExecutors.sameThreadScheduledExecutor\u003c/code\u003e to \u003ccode\u003eListeningScheduledExecutorService\u003c/code\u003e. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/google/guava/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `com.google.protobuf:protobuf-java` from 4.0.0-rc-2 to 4.27.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protocolbuffers/protobuf/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.3 to 2.25.3\n\nUpdates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3\n\nUpdates `org.jboss.xnio:xnio-api` from 3.8.8.Final to 3.8.14.Final\n\nUpdates `com.esotericsoftware.yamlbeans:yamlbeans` from Fuzzing-SNAPSHOT to 1.17\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/EsotericSoftware/yamlbeans/commits/1.17\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `org.zeroturnaround:zt-zip` from Fuzzing-SNAPSHOT to 1.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/zeroturnaround/zt-zip/blob/master/Changelog.txt\"\u003eorg.zeroturnaround:zt-zip's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e1.13 (2nd May 2018)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a possible security vulnerability reported by Snyk Security Research Team\u003c/li\u003e\n\u003cli\u003eFixed same-zip bug for transformEntry method\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.12 (1st August 2017)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a resource leakage with ZipInputStream\u003c/li\u003e\n\u003cli\u003eFixed a NoSuchMethodError on Android platforms\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.11 (31st January 2017)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded iterate and unpack methods that accept a Charset\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.10 (28th October 2016)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdded user configurable compression level to packEntries()\u003c/li\u003e\n\u003cli\u003eAdded more overloaded methods to the pack() method for convenience\u003c/li\u003e\n\u003cli\u003eBumped embedded Apache Commons from 1.4 to 2.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.9 (20th November 2015)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBumped minimal supported Java version to Java 5\u003c/li\u003e\n\u003cli\u003eAdded support for Java 7 POSIX file permissions\u003c/li\u003e\n\u003cli\u003eAdded ability to create and update byte-array backed ZIP streams\u003c/li\u003e\n\u003cli\u003eAdded ability to specify/replace compression level of ZipEntry\u003c/li\u003e\n\u003cli\u003eAdded BackslashUnpacker for broken (Windows) ZIP archives\u003c/li\u003e\n\u003cli\u003eFixed not closing InputStream after processing each ZipEntrySource\u003c/li\u003e\n\u003cli\u003eFixed buffering when creating and updating ZIP streams\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.8 (7th July 2014)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved dependency on commons-io\u003c/li\u003e\n\u003cli\u003eZipUtil.pack more memory efficient for large directories\u003c/li\u003e\n\u003cli\u003eFixed preserving compressed state of copied entries\u003c/li\u003e\n\u003cli\u003eFixed packing files from a directory based on an accept filter\u003c/li\u003e\n\u003cli\u003eImproved Charset support\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e1.6-SNAPSHOT (17th September 2012)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eStarted to write a changelog\u003c/li\u003e\n\u003cli\u003eAdded public CI, \u003ca href=\"https://travis-ci.org/\"\u003ehttps://travis-ci.org/\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/zeroturnaround/zt-zip/commits/zt-zip-1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/stweil/oss-fuzz/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/stweil/oss-fuzz/pull/5","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/stweil%2Foss-fuzz/issues/5","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/streampipes-extensions/streampipes-extensions-all-jvm","pr_created_at":"2026-02-16T20:01:19.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3949336832","node_id":"PR_kwDOB8jZEs7ELmL5","number":4179,"state":"open","title":"chore(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /streampipes-extensions/streampipes-extensions-all-jvm","user":"dependabot[bot]","labels":["dependencies","java","stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-16T20:01:19.000Z","updated_at":"2026-03-10T01:36:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/streampipes-extensions/streampipes-extensions-all-jvm","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/streampipes/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/streampipes/pull/4179","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fstreampipes/issues/4179","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4179/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/sdk/core/azure-core-serializer-avro-apache","pr_created_at":"2026-02-13T21:39:48.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3939373558","node_id":"PR_kwDOOhvQwc7DrAS5","number":12,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /sdk/core/azure-core-serializer-avro-apache","user":"dependabot[bot]","labels":["dependencies","java","no-recent-activity"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-24T09:59:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:39:48.000Z","updated_at":"2026-04-24T09:59:38.000Z","time_to_close":6005981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/sdk/core/azure-core-serializer-avro-apache","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/FOCONIS/azure-sdk-for-java/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/FOCONIS/azure-sdk-for-java/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/FOCONIS%2Fazure-sdk-for-java/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/java/serving","pr_created_at":"2026-02-13T21:29:07.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3939326609","node_id":"PR_kwDOCZq0ys7Dq2GY","number":5968,"state":"closed","title":"chore(deps): Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /java/serving","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-10T20:07:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:29:07.000Z","updated_at":"2026-03-10T20:07:31.000Z","time_to_close":2155102,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/java/serving","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/feast-dev/feast/network/alerts).\n\n\u003c/details\u003e\n\u003c!-- devin-review-badge-begin --\u003e\n\n---\n\n\u003ca href=\"https://app.devin.ai/review/feast-dev/feast/pull/5968\" target=\"_blank\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1\"\u003e\n    \u003cimg src=\"https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1\" alt=\"Open with Devin\"\u003e\n  \u003c/picture\u003e\n\u003c/a\u003e\n\u003c!-- devin-review-badge-end --\u003e","html_url":"https://github.com/feast-dev/feast/pull/5968","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/feast-dev%2Ffeast/issues/5968","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5968/packages"}},{"old_version":"1.9.2","new_version":"1.11.5","update_type":"minor","path":null,"pr_created_at":"2026-02-13T21:25:01.000Z","version_change":"1.9.2 → 1.11.5","issue":{"uuid":"3939307336","node_id":"PR_kwDOEMFYU87Dqx7s","number":637,"state":"open","title":"Bump org.apache.avro:avro from 1.9.2 to 1.11.5","user":"dependabot[bot]","labels":["dependencies","java","stale"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:25:01.000Z","updated_at":"2026-04-18T06:22:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.9.2","new_version":"1.11.5","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.9.2 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.9.2\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hixiomh/druid/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/SNiTEBoBy/druid/pull/637","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/SNiTEBoBy%2Fdruid/issues/637","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/637/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/paimon-flink/paimon-flink-cdc","pr_created_at":"2026-02-13T21:24:37.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3939305664","node_id":"PR_kwDOGqWZP87DqxjU","number":7290,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /paimon-flink/paimon-flink-cdc","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-02-25T02:22:40.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:24:37.000Z","updated_at":"2026-02-25T02:22:48.000Z","time_to_close":968283,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/paimon-flink/paimon-flink-cdc","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/paimon/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/paimon/pull/7290","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fpaimon/issues/7290","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7290/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/streampipes-extensions-management","pr_created_at":"2026-02-13T21:21:15.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3939291345","node_id":"PR_kwDOB8jZEs7Dquas","number":4174,"state":"open","title":"chore(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /streampipes-extensions-management","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:21:15.000Z","updated_at":"2026-03-10T03:01:43.923Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/streampipes-extensions-management","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/streampipes/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/streampipes/pull/4174","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fstreampipes/issues/4174","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4174/packages"}},{"old_version":"1.11.4","new_version":"1.11.5","update_type":"patch","path":"/examples/pubsub-publish-avro-example","pr_created_at":"2026-02-13T21:18:54.000Z","version_change":"1.11.4 → 1.11.5","issue":{"uuid":"3939280369","node_id":"PR_kwDOBXext87Dqr9K","number":1783,"state":"open","title":"Build(deps): bump org.apache.avro:avro from 1.11.4 to 1.11.5 in /examples/pubsub-publish-avro-example","user":"dependabot[bot]","labels":["size/XS","dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:18:54.000Z","updated_at":"2026-02-18T20:32:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps)","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.4","new_version":"1.11.5","repository_url":null}],"path":"/examples/pubsub-publish-avro-example","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.4 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.4\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GoogleCloudPlatform/professional-services/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GoogleCloudPlatform/professional-services/pull/1783","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fprofessional-services/issues/1783","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1783/packages"}},{"old_version":"1.8.2","new_version":"1.11.5","update_type":"minor","path":null,"pr_created_at":"2026-02-13T21:18:46.000Z","version_change":"1.8.2 → 1.11.5","issue":{"uuid":"3939279881","node_id":"PR_kwDOQXpFtc7Dqr2l","number":20,"state":"open","title":"Bump org.apache.avro:avro from 1.8.2 to 1.11.5","user":"dependabot[bot]","labels":["dependencies","java","1 min review","missing-jira"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:18:46.000Z","updated_at":"2026-02-13T21:49:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.8.2","new_version":"1.11.5","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.8.2 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.8.2\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ImagineLearning/flink/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ImagineLearning/flink/pull/20","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ImagineLearning%2Fflink/issues/20","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/20/packages"}},{"old_version":"1.7.7","new_version":"1.11.5","update_type":"minor","path":"/minifi","pr_created_at":"2026-02-13T21:17:54.000Z","version_change":"1.7.7 → 1.11.5","issue":{"uuid":"3939275831","node_id":"PR_kwDOG8t4nM7Dqq9J","number":17,"state":"closed","title":"Bump org.apache.avro:avro from 1.7.7 to 1.11.5 in /minifi","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-15T05:16:25.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:17:54.000Z","updated_at":"2026-02-15T05:16:33.000Z","time_to_close":115111,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.7.7","new_version":"1.11.5","repository_url":null}],"path":"/minifi","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.7.7 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.7.7\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/NickJLange/nifi/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nUpgrade Avro from 1.7.7 to 1.11.5 in the minifi module to pull in the latest security patches and bug fixes. Only the dependency version in minifi/pom.xml is updated.\n\n\u003csup\u003eWritten for commit 5f56e9c0d6a61e8b36ad1606a11d66a761e1d6d3. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/NickJLange/nifi/pull/17","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/NickJLange%2Fnifi/issues/17","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/17/packages"}},{"old_version":"1.7.7","new_version":"1.11.5","update_type":"minor","path":"/flink_jobs_v2/ams_ingest_metric","pr_created_at":"2026-02-13T21:16:39.000Z","version_change":"1.7.7 → 1.11.5","issue":{"uuid":"3939270032","node_id":"PR_kwDOBI_qVc7Dqpp1","number":461,"state":"closed","title":"Bump org.apache.avro:avro from 1.7.7 to 1.11.5 in /flink_jobs_v2/ams_ingest_metric","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-10T05:42:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:16:39.000Z","updated_at":"2026-06-10T05:42:32.000Z","time_to_close":10052744,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.7.7","new_version":"1.11.5","repository_url":null}],"path":"/flink_jobs_v2/ams_ingest_metric","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.7.7 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.7.7\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ARGOeu/argo-streaming/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ARGOeu/argo-streaming/pull/461","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARGOeu%2Fargo-streaming/issues/461","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/461/packages"}},{"old_version":"1.11.3","new_version":"1.11.5","update_type":"patch","path":"/flink_jobs_v3/profiles-manager","pr_created_at":"2026-02-13T21:13:59.000Z","version_change":"1.11.3 → 1.11.5","issue":{"uuid":"3939257389","node_id":"PR_kwDOBI_qVc7DqmyD","number":460,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.3 to 1.11.5 in /flink_jobs_v3/profiles-manager","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-10T05:42:22.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:13:59.000Z","updated_at":"2026-06-10T05:42:32.000Z","time_to_close":10052903,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.3","new_version":"1.11.5","repository_url":null}],"path":"/flink_jobs_v3/profiles-manager","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.3 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.3\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ARGOeu/argo-streaming/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ARGOeu/argo-streaming/pull/460","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ARGOeu%2Fargo-streaming/issues/460","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/460/packages"}},{"old_version":"1.12.0","new_version":"1.12.1","update_type":"patch","path":null,"pr_created_at":"2026-02-13T21:13:47.000Z","version_change":"1.12.0 → 1.12.1","issue":{"uuid":"3939256593","node_id":"PR_kwDOAFGgvc7Dqmmb","number":27141,"state":"open","title":"build(deps): Bump org.apache.avro:avro from 1.12.0 to 1.12.1","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:13:47.000Z","updated_at":"2026-02-13T21:20:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":null,"ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/prestodb/presto/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/prestodb/presto/pull/27141","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/prestodb%2Fpresto/issues/27141","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27141/packages"}},{"old_version":"1.12.0","new_version":"1.12.1","update_type":"patch","path":"/shims/cdpdc71/driver","pr_created_at":"2026-02-13T21:12:13.000Z","version_change":"1.12.0 → 1.12.1","issue":{"uuid":"3939249684","node_id":"PR_kwDOAJ4pT87DqlCC","number":1781,"state":"open","title":"Bump org.apache.avro:avro from 1.12.0 to 1.12.1 in /shims/cdpdc71/driver","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:12:13.000Z","updated_at":"2026-02-13T23:08:32.516Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":"/shims/cdpdc71/driver","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pentaho/pentaho-hadoop-shims/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pentaho/pentaho-hadoop-shims/pull/1781","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentaho%2Fpentaho-hadoop-shims/issues/1781","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1781/packages"}},{"old_version":"1.11.3","new_version":"1.11.5","update_type":"patch","path":"/seatunnel-connectors-v2/connector-cdc/connector-cdc-mongodb","pr_created_at":"2026-02-13T21:12:01.000Z","version_change":"1.11.3 → 1.11.5","issue":{"uuid":"3939248635","node_id":"PR_kwDOBezpVM7Dqkyi","number":10493,"state":"closed","title":"Bump org.apache.avro:avro from 1.11.3 to 1.11.5 in /seatunnel-connectors-v2/connector-cdc/connector-cdc-mongodb","user":"dependabot[bot]","labels":["connectors-v2","cdc","java"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-13T23:53:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-13T21:12:01.000Z","updated_at":"2026-02-13T23:53:35.000Z","time_to_close":9685,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.11.3","new_version":"1.11.5","repository_url":null}],"path":"/seatunnel-connectors-v2/connector-cdc/connector-cdc-mongodb","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.11.3 to 1.11.5.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.11.3\u0026new-version=1.11.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/seatunnel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/apache/seatunnel/pull/10493","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/apache%2Fseatunnel/issues/10493","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10493/packages"}},{"old_version":"1.12.0","new_version":"1.12.1","update_type":"patch","path":"/shims/emr770/driver","pr_created_at":"2026-02-13T21:11:47.000Z","version_change":"1.12.0 → 1.12.1","issue":{"uuid":"3939247557","node_id":"PR_kwDOAJ4pT87Dqki4","number":1780,"state":"open","title":"Bump org.apache.avro:avro from 1.12.0 to 1.12.1 in /shims/emr770/driver","user":"dependabot[bot]","labels":["dependencies","java"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-02-13T21:11:47.000Z","updated_at":"2026-02-13T21:19:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"org.apache.avro:avro","old_version":"1.12.0","new_version":"1.12.1","repository_url":null}],"path":"/shims/emr770/driver","ecosystem":"maven"},"body":"Bumps org.apache.avro:avro from 1.12.0 to 1.12.1.\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.avro:avro\u0026package-manager=maven\u0026previous-version=1.12.0\u0026new-version=1.12.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pentaho/pentaho-hadoop-shims/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pentaho/pentaho-hadoop-shims/pull/1780","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pentaho%2Fpentaho-hadoop-shims/issues/1780","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1780/packages"}}]}