Skip to content

Bump the minor-patch group in /ams-spring-boot-shopping with 7 updates#14

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/ams-spring-boot-shopping/minor-patch-654be92010
Open

Bump the minor-patch group in /ams-spring-boot-shopping with 7 updates#14
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/ams-spring-boot-shopping/minor-patch-654be92010

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the minor-patch group in /ams-spring-boot-shopping with 7 updates:

Package From To
com.sap.cloud.security:java-bom 3.5.7 3.6.8
com.sap.cloud.security.ams:ams-bom 4.0.5 4.0.6
com.sap.cloud.sdk:sdk-bom 5.24.0 5.27.0
com.fasterxml.jackson.core:jackson-databind 2.15.2 2.21.1
com.opencsv:opencsv 5.8 5.12.0
org.apache.maven.plugins:maven-compiler-plugin 3.14.0 3.15.0
org.apache.maven.plugins:maven-surefire-plugin 3.1.2 3.5.5

Updates com.sap.cloud.security:java-bom from 3.5.7 to 3.6.8

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.6.8

3.6.8

  • Fix hybrid authentication issue where IAS Configuration was incorrectly used for XSUAA token exchange instead of XSUAA Configuration in HybridIdentityServicesAutoConfiguration

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.6 to 12.1.7

3.6.7

  • Fix FIPS compatibility by using default KeyManagerFactory algorithm instead of hardcoded "SunX509"
  • Fix "Connection pool shut down" exception by properly reusing cached SSL connections

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.5 to 12.1.6
  • Bump io.projectreactor:reactor-core from 3.8.2 to 3.8.3
  • Bump io.projectreactor:reactor-test from 3.8.2 to 3.8.3
  • Bump org.mockito:mockito-core from 5.21.0 to 5.22.0
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

3.6.6

  • added Token Exchange support to Security Library for ID Token exchange and XSUAA Token exchange

Dependency upgrades

  • Update Spring dependencies (#1907)
  • Bump the prod-deps-ver group with 9 updates (#1902)
  • Bump the dev-deps group with 3 updates (#1901)
  • Bump io.projectreactor:reactor-test from 3.7.11 to 3.8.2 (#1892)
  • Configure Dependabot with dependency groups (#1900)
  • Bump org.sonatype.central:central-publishing-maven-plugin (#1894)
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6 (#1895)
  • Bump org.json:json from 20250517 to 20251224 (#1898)
  • Bump ch.qos.logback:logback-core from 1.5.19 to 1.5.25 in /token-client (#1899)
  • Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (#1873)
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.27.0 to 3.28.0 (#1874)
  • Bump reactor.version from 3.7.11 to 3.7.12 (#1875)
  • Bump spring.core.version from 6.2.11 to 6.2.12 (#1878)
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.6.0 to 4.9.8.1 (#1880)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.6 to 4.9.8 (#1881)
  • Bump spring.security.version from 6.5.5 to 6.5.6 (#1882)
  • Bump spring.security.oauth2.version from 6.5.5 to 6.5.6 (#1883)
  • Bump ch.qos.logback:logback-core from 1.5.13 to 1.5.19 in /token-client (#1884)

3.6.5

Dependency upgrades

  • Bump org.sonatype.central:central-publishing-maven-plugin (#1867)
  • Bump io.projectreactor:reactor-test from 3.7.9 to 3.7.11 (#1868)
  • Remove version pinning for nimbus-jose-jwt
  • Update jetty dependency to 12.0.27 (#1865)

... (truncated)

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.6.8

  • Fix hybrid authentication issue where IAS Configuration was incorrectly used for XSUAA token exchange instead of XSUAA Configuration in HybridIdentityServicesAutoConfiguration

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.6 to 12.1.7

3.6.7

  • Fix FIPS compatibility by using default KeyManagerFactory algorithm instead of hardcoded "SunX509"
  • Fix "Connection pool shut down" exception by properly reusing cached SSL connections

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.5 to 12.1.6
  • Bump io.projectreactor:reactor-core from 3.8.2 to 3.8.3
  • Bump io.projectreactor:reactor-test from 3.8.2 to 3.8.3
  • Bump org.mockito:mockito-core from 5.21.0 to 5.22.0
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

3.6.6

  • added Token Exchange support to Security Library for ID Token exchange and XSUAA Token exchange

Dependency upgrades

  • Update Spring dependencies (#1907)
  • Bump the prod-deps-ver group with 9 updates (#1902)
  • Bump the dev-deps group with 3 updates (#1901)
  • Bump io.projectreactor:reactor-test from 3.7.11 to 3.8.2 (#1892)
  • Configure Dependabot with dependency groups (#1900)
  • Bump org.sonatype.central:central-publishing-maven-plugin (#1894)
  • Bump org.apache.httpcomponents.client5:httpclient5 from 5.5.1 to 5.6 (#1895)
  • Bump org.json:json from 20250517 to 20251224 (#1898)
  • Bump ch.qos.logback:logback-core from 1.5.19 to 1.5.25 in /token-client (#1899)
  • Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 (#1873)
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.27.0 to 3.28.0 (#1874)
  • Bump reactor.version from 3.7.11 to 3.7.12 (#1875)
  • Bump spring.core.version from 6.2.11 to 6.2.12 (#1878)
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.6.0 to 4.9.8.1 (#1880)
  • Bump com.github.spotbugs:spotbugs-annotations from 4.9.6 to 4.9.8 (#1881)
  • Bump spring.security.version from 6.5.5 to 6.5.6 (#1882)
  • Bump spring.security.oauth2.version from 6.5.5 to 6.5.6 (#1883)
  • Bump ch.qos.logback:logback-core from 1.5.13 to 1.5.19 in /token-client (#1884)

3.6.5

Dependency upgrades

... (truncated)

Commits

Updates com.sap.cloud.security.ams:ams-bom from 4.0.5 to 4.0.6

Commits

Updates com.sap.cloud.sdk:sdk-bom from 5.24.0 to 5.27.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-bom's releases.

Release 5.27.0

5.27.0 - March 13, 2026

All Release Changes

🔧 Compatibility Notes

  • [Connectivity Destination Service] Migrated to Apache Httpclient 5.
    • The replacement for HttpClientAccessor is ApacheHttpClient5Accessor

✨ New Functionality

  • [OpenAPI] SAP Cloud SDK OpenAPI Generator now supports apache-httpclient library besides Spring RestTemplate through the newly introduced module openapi-core-apache.
  • [IAS] Add IasOptions.withTokenFormat() to allow specifying token format

🐛 Fixed Issues

  • [OData v4] Binary deserialization can now handle both Base64URL and Base64.

All Commits

New Contributors

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.27.0

... (truncated)

Commits
  • f35ad1a Update to version 5.27.0
  • 72f1c0c feat: [OpenAPI] GZIP encoding (#1110)
  • 7c47325 fix: deserialization bug for Base64Url (#1114)
  • cdeee1b chore: [DevOps] bump the production-minor-patch group across 1 directory with...
  • 69c2d37 chore: [DevOps] bump the test group with 2 updates (#1115)
  • 77c73bb feat: add configurable token_format parameter for IAS token exchange (#1113)
  • 8a3ec7e chore: [DevOps] bump the test group with 2 updates (#1108)
  • a34208c chore: [DevOps] bump the github-actions group with 2 updates (#1106)
  • eda4f70 chore: [DevOps] bump the production-minor-patch group with 14 updates (#1101)
  • 2be68fe chore: [DevOps] bump org.apache.maven.plugins:maven-surefire-plugin from 3.5....
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.15.2 to 2.21.1

Commits

Updates com.opencsv:opencsv from 5.8 to 5.12.0

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor-patch group in /ams-spring-boot-shopping with 7 updates
3244a5b 
Bumps the minor-patch group in /ams-spring-boot-shopping with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration) | `3.5.7` | `3.6.8` |
| [com.sap.cloud.security.ams:ams-bom](https://github.com/SAP/cloud-identity-developer-guide) | `4.0.5` | `4.0.6` |
| [com.sap.cloud.sdk:sdk-bom](https://github.com/SAP/cloud-sdk-java) | `5.24.0` | `5.27.0` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.15.2` | `2.21.1` |
| com.opencsv:opencsv | `5.8` | `5.12.0` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.15.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.1.2` | `3.5.5` |


Updates `com.sap.cloud.security:java-bom` from 3.5.7 to 3.6.8
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](SAP/cloud-security-services-integration-library@3.5.7...3.6.8)

Updates `com.sap.cloud.security.ams:ams-bom` from 4.0.5 to 4.0.6
- [Commits](https://github.com/SAP/cloud-identity-developer-guide/commits)

Updates `com.sap.cloud.sdk:sdk-bom` from 5.24.0 to 5.27.0
- [Release notes](https://github.com/SAP/cloud-sdk-java/releases)
- [Changelog](https://github.com/SAP/cloud-sdk-java/blob/main/release_notes.md)
- [Commits](SAP/cloud-sdk-java@rel/5.24.0...rel/5.27.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.2 to 2.21.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.opencsv:opencsv` from 5.8 to 5.12.0

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.15.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.1.2 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.1.2...surefire-3.5.5)

---
updated-dependencies:
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 3.6.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: com.sap.cloud.security.ams:ams-bom
  dependency-version: 4.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
- dependency-name: com.sap.cloud.sdk:sdk-bom
  dependency-version: 5.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: com.opencsv:opencsv
  dependency-version: 5.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants