Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

Bump the dependencies group across 1 directory with 10 updates

Open
Number: #1664
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 1
Created: September 15, 2025 at 10:47 AM UTC
(about 2 months ago)
Updated: September 16, 2025 at 10:11 AM UTC
(about 2 months ago)
Labels:
dependencies java
Description:

Bumps the dependencies group with 10 updates in the / directory:

Package From To
io.smallrye:jandex-maven-plugin 3.4.0 3.5.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.2 3.5.4
org.apache.maven.plugins:maven-failsafe-plugin 3.5.2 3.5.4
net.revelc.code.formatter:formatter-maven-plugin 2.25.0 2.29.0
org.apache.maven.plugins:maven-javadoc-plugin 3.11.2 3.11.3
org.apache.maven.plugins:maven-gpg-plugin 3.2.7 3.2.8
com.segment.analytics.java:analytics 3.5.1 3.5.2
org.apache.commons:commons-compress 1.27.1 1.28.0
io.specto:hoverfly-java-junit5 0.20.0 0.20.2
org.assertj:assertj-core 3.27.3 3.27.4

Updates io.smallrye:jandex-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from io.smallrye:jandex-maven-plugin's releases.

3.5.0

  • #575 Jandex2Gizmo#classDescOf() should use the ClassDesc cache
  • #574 Annotations in Method hashCode?
  • #568 Reproducible Jandex indexes
  • #561 Should we move ArC Methods.MethodKey into Jandex?
  • #560 Should we cache ArrayType#name() result for the usual suspects?
Commits

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.3

🐛 Bug Fixes

👻 Maintenance

... (truncated)

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.3

🐛 Bug Fixes

👻 Maintenance

... (truncated)

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.3

🐛 Bug Fixes

👻 Maintenance

... (truncated)

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates net.revelc.code.formatter:formatter-maven-plugin from 2.25.0 to 2.29.0

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.11.3

🚨 Removed

🚀 New features and improvements

🐛 Bug Fixes

  • Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @​fridrich
  • [MJAVADOC-826] - Don't try to modify project source roots (#358) @​oehme

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

... (truncated)

Commits
  • 8357bc2 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.3
  • ab6e97e Bump commons-io:commons-io from 2.19.0 to 2.20.0
  • 83788c1 Bump org.apache.commons:commons-text from 1.13.1 to 1.14.0
  • 99ee1fc Bump org.apache.commons:commons-lang3 in /src/it/projects/MJAVADOC-787
  • 18bfeb8 Maven Archiver 3.6.4 (#1226)
  • 63618bb Bump org.apache.commons:commons-lang3 (#1224)
  • 81afff9 Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#1223)
  • 8bcdebf Add Apache 2.0 LICENSE file (#1220)
  • 2299072 Make the legacyMode consistent and actually useful (#1217)
  • 33c9f01 Be consistent about data encoding when copying files (#1215)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • 8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
  • 7012821 Fix issueManagement, ciManagement system and url
  • a9a8c84 Make empty classifier null (not empty string) (#287)
  • a8368b0 Add .mvn
  • f0e45e0 Update parent POM to 45 (#284)
  • cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
  • 5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
  • 8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
  • 54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
  • a6a412d Remove old JIRA issue link
  • Additional commits viewable in compare view

Updates com.segment.analytics.java:analytics from 3.5.1 to 3.5.2

Changelog

Sourced from com.segment.analytics.java:analytics's changelog.

Version 3.5.2 (May 12, 2025)

  • [Chore] Depenency upgrades
Commits
  • 924efe1 [maven-release-plugin] prepare release analytics-parent-3.5.2
  • 26519bc Updating changelog for 3.5.2 release
  • c57a583 Bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre (#500)
  • fca4a60 Bump retrofit to fix CVEe (#504)
  • 3b1b290 This commit will update the okhttp version to 4.12.0 in pom.xml. This update ...
  • 3e255c7 Bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre (#496)
  • 336bcfd Bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre (#491)
  • 2253257 Change Nonnull & Nullable annotation to jakarta.annotation (#488)
  • a7641c5 Bump com.google.guava:guava from 33.2.0-jre to 33.2.1-jre (#483)
  • d381d89 Export github issues to jira
  • Additional commits viewable in compare view

Updates org.apache.commons:commons-compress from 1.27.1 to 1.28.0

Changelog

Sourced from org.apache.commons:commons-compress's changelog.

Apache Commons Compress 1.28.0 Release Notes

The Apache Commons Compress team is pleased to announce the release of Apache Commons Compress 1.28.0.

Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This is a feature and maintenance release. Java 8 or later is required.

This release updates Apache Commons Lang to 3.18.0 to pick up the fix for CVE-2025-48924 (https://nvd.nist.gov/vuln/detail/CVE-2025-48924), but is not affected by it.

Changes in this version

Changes in this version include the following.

New Features

  •        Add GzipParameters.getModificationInstant(). Thanks to Gary Gregory. 

  •        Add GzipParameters.setModificationInstant(Instant). Thanks to Gary Gregory. 

  •        Add GzipParameters.OS, setOS(OS), getOS(). Thanks to Gary Gregory. 

  •        Add GzipParameters.toString(). Thanks to Gary Gregory.
  • COMPRESS-638: Add GzipParameters.setFileNameCharset(Charset) and getFileNameCharset() to override the default ISO-8859-1 Charset #602. Thanks to vincexjl, Gary Gregory, Piotr P. Karwasz.
  •        Add support for gzip extra subfields, see GzipParameters.setExtra(HeaderExtraField) [#604](https://github.com/apache/commons-compress/issues/604). Thanks to ddeschenes-1, Gary Gregory. 

  •        Add CompressFilterOutputStream and refactor to use. Thanks to Gary Gregory. 

  •        Add ZipFile.stream(). Thanks to Gary Gregory. 

  •        GzipCompressorInputStream reads the modification time (MTIME) and stores its value incorrectly multiplied by 1,000. Thanks to Danny Deschenes, Gary Gregory. 

  •        GzipCompressorInputStream writes the modification time (MTIME) the value incorrectly divided by 1,000. Thanks to Danny Deschenes, Gary Gregory. 

  •        Add optional FHCRC to GZIP header [#627](https://github.com/apache/commons-compress/issues/627). Thanks to Danny Deschenes, Gary Gregory. 

  •        Add GzipCompressorInputStream.Builder allowing to customize the file name and comment Charsets. Thanks to Gary Gregory. 

  •        Add GzipCompressorInputStream.Builder.setOnMemberStart(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 

  •        Add GzipCompressorInputStream.Builder.setOnMemberEnd(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 

  •        Add PMD check to default Maven goal. Thanks to Gary Gregory. 

  •        Add SevenZFile.Builder.setMaxMemoryLimitKiB(int). Thanks to Gary Gregory. 

  •        Add MemoryLimitException.MemoryLimitException(long, int, Throwable) and deprecate MemoryLimitException.MemoryLimitException(long, int, Exception). Thanks to Gary Gregory.
  • COMPRESS-692: Add support for zstd compression in zip archives. Thanks to Mehmet Karaman, Andrey Loskutov, Gary Gregory.
  •        Add support for XZ compression in ZIP archives. Thanks to Gary Gregory.
  • COMPRESS-695: Add ZipArchiveInputStream.createZstdInputStream(InputStream) to provide a different InputStream implementation for Zstandard (Zstd) #649. Thanks to Gary Gregory.
  •        Add org.apache.commons.compress.harmony.pack200.Pack200Exception.Pack200Exception(String, Throwable). Thanks to Gary Gregory.
  • COMPRESS-697: Move BitStream.nextBit() method to BitInputStream #663. Thanks to Fredrik Kjellberg, Gary Gregory.
  •        Add org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 

  •        Add org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 

  •        Add org.apache.commons.compress.compressors.xz.XZCompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 

  •        Add org.apache.commons.compress.compressors.xz.XZCompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 

  •        Add org.apache.commons.compress.compressors.xz.ZstdCompressorOutputStream.builder/Builder() [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 

  •        Add org.apache.commons.compress.compressors.xz.ZstdConstants [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz.

... (truncated)

Commits

Updates io.specto:hoverfly-java-junit5 from 0.20.0 to 0.20.2

Commits
  • bb2e50c [Gradle Release Plugin] - pre tag commit: '0.20.2'.
  • 63362fa JUnit5 module should compile the base hoverfly module
  • 1ec4bb5 Update docs
  • 222f599 [Gradle Release Plugin] - new version commit: '0.20.2-SNAPSHOT'.
  • 2496b2a [Gradle Release Plugin] - new version commit: '0.20.2-SNAPSHOT'.
  • 42e7e70 [Gradle Release Plugin] - pre tag commit: '0.20.1'.
  • c4e1dd0 Update README
  • ed54635 #316: improve exception handling for validating response body file path
  • 818ae2e Bump jinja2 from 3.1.5 to 3.1.6 in /docs
  • ac8b62f Remove reference to gitter
  • Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.4

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.4

:no_entry_sign: Deprecated

Core

  • Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
  • Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
  • Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

:bug: Bug Fixes

Core

  • Fix thread-safety in AbstractDateAssert #3874

:zap: Improvements

  • Migrate to the Central Publisher Portal, enable snapshot publishing #3881

Core

  • Annotate fail methods with custom @Contract #3882

:heart: Contributors

Thanks to all the contributors who worked on this release:

@​kelunik

Commits
  • 7a64cde [maven-release-plugin] prepare release assertj-build-3.27.4
  • feb5f6f Annotate fail methods with custom @Contract (#3882)
  • 43e8b65 Deprecate org.assertj.core.util.CheckReturnValue in favor of `org.assertj.c...
  • 1bf8cd6 Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of `org.asser...
  • 72d08b2 Deprecate org.assertj.core.annotations.Beta in favor of `org.assertj.core.a...
  • 475c2eb Polish
  • fdc9bc5 Skip tests during snapshot publishing
  • 8f4a1b5 Migrate to the Central Publisher Portal, enable snapshot publishing (#3881...

    Description has been truncated

Pull Request Statistics
Commits:
0
Files Changed:
0
Additions:
+0
Deletions:
-0
Package Dependencies
Package:
 org.apache.maven.plugins:maven-surefire-plugin
Ecosystem:
maven
Version Change:
3.5.2 → 3.5.4
Update Type:
Patch
Package:
org.assertj:assertj-core
Ecosystem:
maven
Version Change:
3.27.3 → 3.27.4
Update Type:
Patch
Package:
org.apache.commons:commons-compress
Ecosystem:
maven
Version Change:
1.27.1 → 1.28.0
Update Type:
Minor
Package:
org.apache.maven.plugins:maven-javadoc-plugin
Ecosystem:
maven
Version Change:
3.11.2 → 3.11.3
Update Type:
Patch
Package:
org.apache.maven.plugins:maven-failsafe-plugin
Ecosystem:
maven
Version Change:
3.5.2 → 3.5.4
Update Type:
Patch
Package:
org.apache.maven.plugins:maven-gpg-plugin
Ecosystem:
maven
Version Change:
3.2.7 → 3.2.8
Update Type:
Patch
Package:
io.smallrye:jandex-maven-plugin
Ecosystem:
maven
Version Change:
3.4.0 → 3.5.0
Update Type:
Minor
Package:
net.revelc.code.formatter:formatter-maven-plugin
Ecosystem:
maven
Version Change:
2.25.0 → 2.29.0
Update Type:
Minor
Package:
io.specto:hoverfly-java-junit5
Ecosystem:
maven
Version Change:
0.20.0 → 0.20.2
Update Type:
Patch
Package:
com.segment.analytics.java:analytics
Ecosystem:
maven
Version Change:
3.5.1 → 3.5.2
Update Type:
Patch
Security Advisories
Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs
GHSA-j288-q9x7-2f5v CVE-2025-48924 MODERATE
Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 ...
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 7886148
UUID: 3417392355
Node ID: PR_kwDOC3lgPM6om1pZ
Host: GitHub
Repository: quarkusio/code.quarkus.io