Bump the dependencies group with 7 updates #908

dependabot · 2025-10-27T05:23:35Z

Bumps the dependencies group with 7 updates:

Package	From	To
io.avaje:avaje-config	`4.1`	`4.2`
io.avaje:avaje-http-api	`3.4`	`3.5`
io.avaje:avaje-http-client	`3.4`	`3.5`
io.avaje:avaje-jex	`3.2`	`3.3`
io.avaje:avaje-jsonb	`3.7`	`3.8`
org.apache.maven.plugin-tools:maven-plugin-annotations	`3.15.1`	`3.15.2`
org.apache.maven.plugins:maven-plugin-plugin	`3.15.1`	`3.15.2`

Updates io.avaje:avaje-config from 4.1 to 4.2

Release notes

Sourced from io.avaje:avaje-config's releases.

4.2

What's Changed

Fix Yaml lists by @SentryMan in avaje/avaje-config#216

Improve InitialLoadContext loadedResources key - for unique loaded resources by @rbygrave in avaje/avaje-config#180

Support recursive use of load.properties by @rbygrave in avaje/avaje-config#225

Full Changelog: avaje/avaje-config@4.1...4.2

Commits

00d3bf4 Version 4.2-RC2
3c23234 Support recursive use of load.properties (#225)
74d4a73 Improve InitialLoadContext loadedResources key - for unique loaded resources ...
1cd2461 Merge pull request #224 from avaje/dependabot/maven/master/dependencies-d8d12...
2854e99 Bump ch.qos.logback:logback-classic in the dependencies group
d59161e Merge pull request #223 from avaje/dependabot/maven/master/dependencies-af2b4...
3924f64 Bump ch.qos.logback:logback-classic in the dependencies group
b84831a Merge pull request #222 from avaje/dependabot/maven/master/dependencies-0f528...
59eb8fd Bump org.yaml:snakeyaml from 2.4 to 2.5 in the dependencies group
c861a23 Merge pull request #221 from avaje/dependabot/github_actions/master/actions/s...
Additional commits viewable in compare view

Updates io.avaje:avaje-http-api from 3.4 to 3.5

Updates io.avaje:avaje-http-client from 3.4 to 3.5

Commits

See full diff in compare view

Updates io.avaje:avaje-jex from 3.2 to 3.3

Release notes

Sourced from io.avaje:avaje-jex's releases.

3.3

New Features

A new SSL Plugin has been added to make configuring SSL and mTLS easier than building an SSLContext by hand. See the docs for more details.

A new FileUpload Plugin to handle multipart uploads in avaje/avaje-jex#303

What's Changed

#264 Use AppLog.getLogger() rather than direct System.getLogger() for native-image by @rbygrave in avaje/avaje-jex#265

[SSE] Relax SSE Accept Header Validation by @SentryMan in avaje/avaje-jex#273

Add size limit to Context#bodyAsBytes() by @SentryMan in avaje/avaje-jex#272

Improve API for constructing HTTP error responses by @mechite in avaje/avaje-jex#281

add resource loader config by @SentryMan in avaje/avaje-jex#286

An SSL Plugin by @SentryMan in avaje/avaje-jex#285

Encapsulate SslHttpConfigurator by @SentryMan in avaje/avaje-jex#288

[ssl-plugin] Move default SSLContext to main module by @SentryMan in avaje/avaje-jex#289

Remove unnecessary public modifier by @rbygrave in avaje/avaje-jex#290

Removes baos creation on content length by @SentryMan in avaje/avaje-jex#293

Allow Registering Routes with SPI by @SentryMan in avaje/avaje-jex#295

Use FilterOutputStream in Output Buffer by @SentryMan in avaje/avaje-jex#294

Test everything with jetty by @SentryMan in avaje/avaje-jex#287

Add Startup Time Log by @SentryMan in avaje/avaje-jex#301

add avaje-validator's plugins for inject & http (to parent) by @mechite in avaje/avaje-jex#307

Add a FileUpload Plugin by @SentryMan in avaje/avaje-jex#303

Fix typo in avaje.prisms.version property by @mechite in avaje/avaje-jex#313

New Contributors

@mechite made their first contribution in avaje/avaje-jex#281

Full Changelog: avaje/avaje-jex@3.2...3.3

Commits

47c27e6 3.3
7a3df26 Bump io.avaje:avaje-config from 4.2-RC2 to 4.2 in the dependencies group (#315)
954fcf2 Bump the dependencies group with 19 updates (#314)
6b52832 Fix typo in avaje.prisms.version property (#313)
782835b Bump the dependencies group with 3 updates (#311)
c73b928 Bump the dependencies group with 11 updates (#310)
160b84b 3.3-RC5
a6a74c3 Add a FileUpload Plugin (#303)
12740ae add avaje-validator's plugins for inject & http (to parent) (#307)
c19211b Bump ch.qos.logback:logback-classic in the dependencies group (#308)
Additional commits viewable in compare view

Updates io.avaje:avaje-jsonb from 3.7 to 3.8

Release notes

Sourced from io.avaje:avaje-jsonb's releases.

3.8

What's Changed

Fix record nested generics by @SentryMan in avaje/avaje-jsonb#421

Fix Invalid toJson parameter name by @SentryMan in avaje/avaje-jsonb#422

Support Select Jackson Annotations by @SentryMan in avaje/avaje-jsonb#426

Support Select GSON & Jakarta JSON-B annotations (#426) by @mechite in avaje/avaje-jsonb#427

Update readme (for #427) by @mechite in avaje/avaje-jsonb#429

Do not fail compilation on cascade failure by @SentryMan in avaje/avaje-jsonb#435

Only Log Cascade Warning when in the Same Module by @SentryMan in avaje/avaje-jsonb#439

Fix nested generic classes by @SentryMan in avaje/avaje-jsonb#441

Fix Jackson SPI by @SentryMan in avaje/avaje-jsonb#443

Match Creator Aliases to Fields by @SentryMan in avaje/avaje-jsonb#445

Dependencies

Bump com.fasterxml.jackson.core:jackson-core from 2.19.2 to 2.20.0 in the dependencies group by @dependabot[bot] in avaje/avaje-jsonb#423

Bump io.helidon.webserver:helidon-webserver from 4.2.6 to 4.2.7 in the dependencies group by @dependabot[bot] in avaje/avaje-jsonb#424

Bump org.springframework.boot:spring-boot-dependencies from 3.5.5 to 3.5.6 in the dependencies group by @dependabot[bot] in avaje/avaje-jsonb#430

Bump io.helidon.webserver:helidon-webserver from 4.2.7 to 4.3.0 in the dependencies group by @dependabot[bot] in avaje/avaje-jsonb#431

Bump io.helidon.webserver:helidon-webserver from 4.3.0 to 4.3.1 in the dependencies group by @dependabot[bot] in avaje/avaje-jsonb#437

Full Changelog: avaje/avaje-jsonb@3.7...3.8

Commits

160656b Version 3.8
556ee20 Version 3.8-RC4
5068345 match creator aliases to fields (#445)
1fdfa59 Fix Jackson SPI (#443)
ad0c2a4 Version 3.8-RC3
fca862c fix nested generic classes (#441)
4a0ce8d Merge pull request #439 from SentryMan/fix-cascade-warning
7d14acd Merge pull request #437 from avaje/dependabot/maven/main/dependencies-2ca05fbf2e
ee5922b Bump io.helidon.webserver:helidon-webserver in the dependencies group
e063aac 3.8-RC2 (#436)
Additional commits viewable in compare view

Updates org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2

Release notes

Sourced from org.apache.maven.plugin-tools:maven-plugin-annotations's releases.

3.15.2

📝 Documentation updates

Fix run-on sentence (#1003) @slawekjaranowski

Update document to use Guice constructor injection (#1001) @slawekjaranowski

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#354) @Bukama

👻 Maintenance

Update site descriptors to 2.0 (#1011) @slawekjaranowski

Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method (#1005) @slawekjaranowski

Cleanups dependencies (#1009) @slawekjaranowski

Use injection instead of Component annotation (#1002) @slawekjaranowski

Begin converting this plugin to Guice constructor injection (#1000) @slawekjaranowski

refactor: Replace Plexus AbstractLogEnabled with SLF4J (#999) @slawekjaranowski

Use properties for versions in components.xml (#982) @slawekjaranowski

JDK 25 build fix (#960) @slawekjaranowski

[MPLUGIN-543] - Update to Parent 44 (#390) @Bukama

Add release drafter (#370) @slawekjaranowski

Add PR Automation action (#358) @slawekjaranowski

📦 Dependency updates

Bump org.jsoup:jsoup from 1.18.1 to 1.19.1 (#1013) @slawekjaranowski

Bump org.codehaus.plexus:plexus-testing from 1.6.0 to 1.6.1 (#995) @dependabot[bot]

Bump org.codehaus.plexus:plexus-velocity from 2.2.1 to 2.3.0 (#993) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.17.7 to 1.17.8 (#989) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.3 (#990) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.5.0 (#985) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 (#984) @dependabot[bot]

Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 (#981) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.6 (#983) @dependabot[bot]

Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#978) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.17.6 to 1.17.7 (#980) @dependabot[bot]

Bump asmVersion from 9.8 to 9.9 (#979) @dependabot[bot]

Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 (#974) @dependabot[bot]

Bump org.codehaus.plexus:plexus-velocity from 2.2.0 to 2.2.1 (#975) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#966) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.2 (#964) @dependabot[bot]

Bump maven3Version from 3.9.9 to 3.9.11 (#957) @dependabot[bot]

Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.0 (#958) @dependabot[bot]

Bump org.codehaus.plexus:plexus-xml from 3.0.1 to 3.0.2 (#946) @dependabot[bot]

Bump asmVersion from 9.7.1 to 9.8 (#943) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.17.6 (#403) @dependabot[bot]

Bump org.apache.maven:maven-parent from 44 to 45 (#404) @dependabot[bot]

Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 (#364) @dependabot[bot]

Bump antVersion from 1.10.14 to 1.10.15 (#360) @dependabot[bot]

Commits

f7ed01b [maven-release-plugin] prepare release maven-plugin-tools-3.15.2
ba0297c Bump org.jsoup:jsoup from 1.18.1 to 1.19.1
4ca9fb6 Update site descriptors to 2.0
facedc9 Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method
0e2322a Cleanups dependencies
1d23695 Fix run-on sentence
252c901 Use injection instead of Component annotation
69c653a Update document to use Guice constructor injection
73f78dc Begin converting this plugin to Guice constructor injection
23242f4 refactor: Replace Plexus AbstractLogEnabled with SLF4J
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-plugin-plugin from 3.15.1 to 3.15.2

Release notes

Sourced from org.apache.maven.plugins:maven-plugin-plugin's releases.

3.15.2

📝 Documentation updates

Fix run-on sentence (#1003) @slawekjaranowski

Update document to use Guice constructor injection (#1001) @slawekjaranowski

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#354) @Bukama

👻 Maintenance

Update site descriptors to 2.0 (#1011) @slawekjaranowski

Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method (#1005) @slawekjaranowski

Cleanups dependencies (#1009) @slawekjaranowski

Use injection instead of Component annotation (#1002) @slawekjaranowski

Begin converting this plugin to Guice constructor injection (#1000) @slawekjaranowski

refactor: Replace Plexus AbstractLogEnabled with SLF4J (#999) @slawekjaranowski

Use properties for versions in components.xml (#982) @slawekjaranowski

JDK 25 build fix (#960) @slawekjaranowski

[MPLUGIN-543] - Update to Parent 44 (#390) @Bukama

Add release drafter (#370) @slawekjaranowski

Add PR Automation action (#358) @slawekjaranowski

📦 Dependency updates

Bump org.jsoup:jsoup from 1.18.1 to 1.19.1 (#1013) @slawekjaranowski

Bump org.codehaus.plexus:plexus-testing from 1.6.0 to 1.6.1 (#995) @dependabot[bot]

Bump org.codehaus.plexus:plexus-velocity from 2.2.1 to 2.3.0 (#993) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.17.7 to 1.17.8 (#989) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.3 (#990) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.5.0 (#985) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.19.0 (#984) @dependabot[bot]

Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 (#981) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.6 (#983) @dependabot[bot]

Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#978) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.17.6 to 1.17.7 (#980) @dependabot[bot]

Bump asmVersion from 9.8 to 9.9 (#979) @dependabot[bot]

Bump org.apache.velocity:velocity-engine-core from 2.4 to 2.4.1 (#974) @dependabot[bot]

Bump org.codehaus.plexus:plexus-velocity from 2.2.0 to 2.2.1 (#975) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#966) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.2 (#964) @dependabot[bot]

Bump maven3Version from 3.9.9 to 3.9.11 (#957) @dependabot[bot]

Bump org.codehaus.plexus:plexus-testing from 1.4.0 to 1.6.0 (#958) @dependabot[bot]

Bump org.codehaus.plexus:plexus-xml from 3.0.1 to 3.0.2 (#946) @dependabot[bot]

Bump asmVersion from 9.7.1 to 9.8 (#943) @dependabot[bot]

Bump net.bytebuddy:byte-buddy from 1.15.5 to 1.17.6 (#403) @dependabot[bot]

Bump org.apache.maven:maven-parent from 44 to 45 (#404) @dependabot[bot]

Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 (#364) @dependabot[bot]

Bump antVersion from 1.10.14 to 1.10.15 (#360) @dependabot[bot]

Commits

f7ed01b [maven-release-plugin] prepare release maven-plugin-tools-3.15.2
ba0297c Bump org.jsoup:jsoup from 1.18.1 to 1.19.1
4ca9fb6 Update site descriptors to 2.0
facedc9 Add support for Maven 4 PluginDescriptor.getRequiredJavaVersion() method
0e2322a Cleanups dependencies
1d23695 Fix run-on sentence
252c901 Use injection instead of Component annotation
69c653a Update document to use Guice constructor injection
73f78dc Begin converting this plugin to Guice constructor injection
23242f4 refactor: Replace Plexus AbstractLogEnabled with SLF4J
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [io.avaje:avaje-config](https://github.com/avaje/avaje-config) | `4.1` | `4.2` | | io.avaje:avaje-http-api | `3.4` | `3.5` | | [io.avaje:avaje-http-client](https://github.com/avaje/avaje-http-client) | `3.4` | `3.5` | | [io.avaje:avaje-jex](https://github.com/avaje/avaje-jex) | `3.2` | `3.3` | | [io.avaje:avaje-jsonb](https://github.com/avaje/avaje-jsonb) | `3.7` | `3.8` | | [org.apache.maven.plugin-tools:maven-plugin-annotations](https://github.com/apache/maven-plugin-tools) | `3.15.1` | `3.15.2` | | [org.apache.maven.plugins:maven-plugin-plugin](https://github.com/apache/maven-plugin-tools) | `3.15.1` | `3.15.2` | Updates `io.avaje:avaje-config` from 4.1 to 4.2 - [Release notes](https://github.com/avaje/avaje-config/releases) - [Commits](avaje/avaje-config@4.1...4.2) Updates `io.avaje:avaje-http-api` from 3.4 to 3.5 Updates `io.avaje:avaje-http-client` from 3.4 to 3.5 - [Release notes](https://github.com/avaje/avaje-http-client/releases) - [Commits](https://github.com/avaje/avaje-http-client/commits) Updates `io.avaje:avaje-jex` from 3.2 to 3.3 - [Release notes](https://github.com/avaje/avaje-jex/releases) - [Commits](avaje/avaje-jex@3.2...3.3) Updates `io.avaje:avaje-jsonb` from 3.7 to 3.8 - [Release notes](https://github.com/avaje/avaje-jsonb/releases) - [Commits](avaje/avaje-jsonb@3.7...3.8) Updates `org.apache.maven.plugin-tools:maven-plugin-annotations` from 3.15.1 to 3.15.2 - [Release notes](https://github.com/apache/maven-plugin-tools/releases) - [Commits](apache/maven-plugin-tools@maven-plugin-tools-3.15.1...maven-plugin-tools-3.15.2) Updates `org.apache.maven.plugins:maven-plugin-plugin` from 3.15.1 to 3.15.2 - [Release notes](https://github.com/apache/maven-plugin-tools/releases) - [Commits](apache/maven-plugin-tools@maven-plugin-tools-3.15.1...maven-plugin-tools-3.15.2) --- updated-dependencies: - dependency-name: io.avaje:avaje-config dependency-version: '4.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: io.avaje:avaje-http-api dependency-version: '3.5' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: io.avaje:avaje-http-client dependency-version: '3.5' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: io.avaje:avaje-jex dependency-version: '3.3' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: io.avaje:avaje-jsonb dependency-version: '3.8' dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugin-tools:maven-plugin-annotations dependency-version: 3.15.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-plugin-plugin dependency-version: 3.15.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 27, 2025

github-actions bot approved these changes Oct 27, 2025

View reviewed changes

github-actions bot enabled auto-merge October 27, 2025 05:23

github-actions bot merged commit 68fdcb9 into master Oct 27, 2025
9 checks passed

dependabot bot deleted the dependabot/maven/master/dependencies-52eae61785 branch October 27, 2025 05:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group with 7 updates #908

Bump the dependencies group with 7 updates #908

dependabot bot commented on behalf of github Oct 27, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the dependencies group with 7 updates #908

Bump the dependencies group with 7 updates #908

Conversation

dependabot bot commented on behalf of github Oct 27, 2025

4.2

What's Changed

3.3

New Features

What's Changed

New Contributors

3.8

What's Changed

Dependencies

3.15.2

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.15.2

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant