Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump com.sap.cloud.security.xsuaa:token-client from 3.5.7 to 3.6.3 in /sdm

Open
Number: #293
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: None
Comments: 0
Created: September 01, 2025 at 05:58 PM UTC
(9 months ago)
Updated: September 01, 2025 at 05:58 PM UTC
(9 months ago)
Labels:
dependencies java
Description:

Bumps com.sap.cloud.security.xsuaa:token-client from 3.5.7 to 3.6.3.

Release notes

Sourced from com.sap.cloud.security.xsuaa:token-client's releases.

3.6.3

  • Updated license informations in POM files back to original value

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.4
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

3.6.2

  • Improve logging before token key retrieval fallback
  • remove repository config for old sonatype plugin
  • added version references to POMs and other minor informations
  • Update README.md for using correct path to SpringTokenClientConfigura…
  • Maven central preparation

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
  • Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0
  • Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
  • Bump log4j2.version from 2.25.0 to 2.25.1
  • Bump commons-io:commons-io from 2.19.0 to 2.20.0
  • Bump reactor.version from 3.7.7 to 3.7.8
  • Bump spring.core.version from 6.2.8 to 6.2.9
  • Bump spring.security.version from 6.5.1 to 6.5.2
  • Bump spring.boot.version from 3.5.3 to 3.5.4
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0
  • Bump spring.security.version from 6.5.0 to 6.5.1
  • Bump spring.boot.version from 3.5.0 to 3.5.3

3.6.1

  • Fix spring retry configuration for token service
  • added documentation of retry feature to README
  • Improve error message when client certificate for proof token validation is missing

Dependency upgrades

  • Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22
  • bump caffeine version to 3.2.0
  • Bump org.mockito:mockito-core from 5.17.0 to 5.18.0
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5
  • Bump com.sap.cloud.environment.servicebinding:java-bom
  • Bump org.json:json from 20250107 to 20250517
  • Bump commons-io:commons-io from 2.18.0 to 2.19.0
  • Bump spring.core.version from 6.2.5 to 6.2.7
  • Bump io.github.hakky54:logcaptor from 2.10.2 to 2.11.0
  • Bump spring.security.version from 6.4.4 to 6.4.5
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.4.4
  • Bump spring.boot.version from 3.4.4 to 3.4.5

... (truncated)

Changelog

Sourced from com.sap.cloud.security.xsuaa:token-client's changelog.

3.6.3

  • Updated license informations in POM files back to original value

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.4
  • Bump org.assertj:assertj-core from 3.27.3 to 3.27.4

3.6.2

  • Improve logging before token key retrieval fallback
  • remove repository config for old sonatype plugin
  • added version references to POMs and other minor informations
  • Update README.md for using correct path to SpringTokenClientConfigura…
  • Maven central preparation

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
  • Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0
  • Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
  • Bump log4j2.version from 2.25.0 to 2.25.1
  • Bump commons-io:commons-io from 2.19.0 to 2.20.0
  • Bump reactor.version from 3.7.7 to 3.7.8
  • Bump spring.core.version from 6.2.8 to 6.2.9
  • Bump spring.security.version from 6.5.1 to 6.5.2
  • Bump spring.boot.version from 3.5.3 to 3.5.4
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0
  • Bump spring.security.version from 6.5.0 to 6.5.1
  • Bump spring.boot.version from 3.5.0 to 3.5.3

3.6.1

  • Fix spring retry configuration for token service
  • added documentation of retry feature to README
  • Improve error message when client certificate for proof token validation is missing

Dependency upgrades

  • Bump org.eclipse.jetty.version from 12.0.21 to 12.0.22
  • bump caffeine version to 3.2.0
  • Bump org.mockito:mockito-core from 5.17.0 to 5.18.0
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5
  • Bump com.sap.cloud.environment.servicebinding:java-bom
  • Bump org.json:json from 20250107 to 20250517
  • Bump commons-io:commons-io from 2.18.0 to 2.19.0
  • Bump spring.core.version from 6.2.5 to 6.2.7

... (truncated)

Commits
  • bc3a376 Release 3.6.3 (#1831)
  • 92faf55 updated license informations in POM files back to original value (#1830)
  • 0e7376a Bump com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.4 (#1829)
  • b532fd9 Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#1828)
  • bbb1046 Release 3.6.2 (#1827)
  • 8c621a0 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2 (#1801)
  • 1802602 Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0 (#1825)
  • 2de9652 Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24 (#1826)
  • f3302ef Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 (#1804)
  • 647ff9e Bump log4j2.version from 2.25.0 to 2.25.1 (#1805)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
Files Changed:
1
Additions:
+1
Deletions:
-1
Package Dependencies
Package:
com.sap.cloud.security.xsuaa:token-client
Ecosystem:
maven
Version Change:
3.5.7 → 3.6.3
Update Type:
Minor
Path:
/sdm
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 6317981
UUID: 2790493529
Node ID: PR_kwDOMXZUU86mU41Z
Host: GitHub
Repository: cap-java/sdm
Merge State: Unknown