Sourced from org.assertj:assertj-vavr's releases.

v0.5.0

What's Changed

• Added VavrInstanceOfAssertFactories helper class by @​edudar in assertj/assertj-vavr#207
• Deprecated and not used code by @​mchmielarz in assertj/assertj-vavr#213
• Replace assertj-parent-pom with assertj-parent 3.27.6 by @​scordio in assertj/assertj-vavr#243
• rework README.MD by @​pivovarit in assertj/assertj-vavr#253
• upgrade assertj-parent to 3.27.7 by @​pivovarit in assertj/assertj-vavr#252
• fix assertions returning inaccessible types by @​pivovarit in assertj/assertj-vavr#254

New Contributors

• @​edudar made their first contribution in assertj/assertj-vavr#207
• @​scordio made their first contribution in assertj/assertj-vavr#243

Full Changelog: https://github.com/assertj/assertj-vavr/compare/v0.4.3...v0.5.0

• c5470bf [maven-release-plugin] prepare release v0.5.0
• 06cec56 fix the release job (#257)
• 9590ce7 pin remaining GitHub Actions workflows (#256)
• bfe9e91 configure release job (#255)
• 60f8e08 fix assertions returning inaccessible types (#254)
• 02c21fe upgrade assertj-parent to 3.27.7 (#252)
• 36d1e00 rework README.MD (#253)
• b73e8d1 Bump the github-actions group with 2 updates (#250)
• 0651106 Bump the github-actions group with 2 updates (#246)
• 5ff1309 Update CODEOWNERS to include new owner (#249)
• Additional commits viewable in compare view

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Sourced from io.vavr:vavr's releases.

v1.0.1

Fixes a native HashMap serialization bug, which serialized the internal HashArrayMappedTrie structure including the pre-computed hash values of keys.

For keys like enums that use Object.hashCode() (non-deterministic across JVM restarts), these stored hash values would differ in another process, causing lookups to fail.

Full Changelog: https://github.com/vavr-io/vavr/compare/v1.0.0...v1.0.1

• ee2a57b [maven-release-plugin] prepare release v1.0.1 [ci skip]
• 9f4e95e update project version to 1.0.1-SNAPSHOT
• 08e55f4 Added the serialization proxy pattern to HashMap (#3242)
• See full diff in compare view

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.54.0

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

• Added -AinferOutputDirectory.
• Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

• Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

• Renamed field message to key.
• Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

• a6eff70 new release 3.54.0
• fd34700 Prep for release.
• edb6e7a Print error key in brackets (#7525)
• a79b1de Show details of the error message in test failures (#7513)
• a5ecc22 Clone the JDK using the same fork and branch as CF (#7491)
• 2770c52 Update cimg/base Docker tag to v2026.03
• bba6bc9 Update plugin com-gradleup-shadow to v9.3.2
• 3a6d4d4 Update error-prone monorepo to v2.48.0
• 70aa5f3 Update plugin net-ltgt-errorprone to v5.1.0
• 0dbd3e7 Prepare for javac AST changes
• Additional commits viewable in compare view

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (https://github.com/google/error-prone/commit/8e84edf1beedc99ff2cff3c21a7adec578ad053e)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: https://github.com/google/error-prone/compare/v2.47.0...v2.48.0

• 7cec0a0 Release Error Prone 2.48.0
• 01c603a Extend MissingTestCall to check for member references.
• 3d817b0 Handle var in UnnecessaryBoxedVariable
• ad26f3e Add ConcurrentHashMap.keys() and ConcurrentHashMap.elements() to `JdkObso...
• 7926dbc Fix MustBeClosedChecker crash on flexible constructors.
• d08f003 Check for jakarta annotations in DI checks
• 171448c Add android internal GuardedBy to ACCEPTED_GUARDED_BY_ANNOTATIONS
• 5cb6075 Remove the MissingTestCall:MatchGraphVerify flag.
• ab81681 Improve crash messages for fixes that don't apply
• fe9bb21 Add a test to confirm that TimeUnitMismatch catches `seconds * 1000 + nanos /...
• Additional commits viewable in compare view

Sourced from io.spiffe:java-spiffe-core's releases.

v0.8.16

Fixed

• Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
• Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
• Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
• Validate presence of JWT audience claim during parsing (#399)

Dependency updates

• Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
• Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
• Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Sourced from io.spiffe:java-spiffe-core's changelog.

[0.8.16] - 2026-02-25

Fixed

• Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
• Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
• Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
• Validate presence of JWT audience claim during parsing (#399)

Dependency updates

• Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
• Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
• Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Build

• Simplify Dependabot config and group coupled Gradle dependencies (#403)

• 393a892 chore(release): prepare release 0.8.16 (#407)
• be7416e chore(deps): bump com.nimbusds:nimbus-jose-jwt from 10.7 to 10.8 (#409)
• 4bd0149 chore(ci): bump java-spiffe-helper ci charts versions (#408)
• 753812a chore(ci): simplify dependabot config and group coupled gradle deps (#403)
• c616b61 Bump gradle-wrapper from 9.3.0 to 9.3.1 (#401)
• f8e1695 Bump grpcVersion from 1.78.0 to 1.79.0 (#402)
• 157d491 Bump gradle-wrapper from 9.2.1 to 9.3.0 (#400)
• 4d1cee3 fix(core): harden parsing and cache edge cases (#399)
• 8bf98fb fix(x509source): ensure atomic snapshot of SVID and bundles (#397)
• f9969c1 fix(spiffeid): require spiffe:// prefix when parsing IDs (#398)
• Additional commits viewable in compare view

Sourced from io.spiffe:grpc-netty-linux's releases.

v0.8.16

Fixed

• Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
• Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
• Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
• Validate presence of JWT audience claim during parsing (#399)

Dependency updates

• Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
• Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
• Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Sourced from io.spiffe:grpc-netty-linux's changelog.

[0.8.16] - 2026-02-25

Fixed

• Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
• Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
• Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
• Validate presence of JWT audience claim during parsing (#399)

Dependency updates

• Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
• Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
• Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Build

• Simplify Dependabot config and group coupled Gradle dependencies (#403)

• 393a892 chore(release): prepare release 0.8.16 (#407)
• be7416e chore(deps): bump com.nimbusds:nimbus-jose-jwt from 10.7 to 10.8 (#409)
• 4bd0149 chore(ci): bump java-spiffe-helper ci charts versions (#408)
• 753812a chore(ci): simplify dependabot config and group coupled gradle deps (#403)
• c616b61 Bump gradle-wrapper from 9.3.0 to 9.3.1 (#401)
• f8e1695 Bump grpcVersion from 1.78.0 to 1.79.0 (#402)
• 157d491 Bump gradle-wrapper from 9.2.1 to 9.3.0 (#400)
• 4d1cee3 fix(core): harden parsing and cache edge cases (#399)
• 8bf98fb fix(x509source): ensure atomic snapshot of SVID and bundles (#397)
• f9969c1 fix(spiffeid): require spiffe:// prefix when parsing IDs (#398)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions