Bump the dependencies group with 55 updates

[dependabot]

Bumps the dependencies group with 55 updates:

Package	From	To
org.apache.logging.log4j:log4j-api	2.24.3	2.25.2
org.apache.logging.log4j:log4j-api-test	2.24.3	2.25.2
org.apache.logging.log4j:log4j-iostreams	2.24.3	2.25.2
org.apache.logging.log4j:log4j-jpl	2.24.3	2.25.2
org.apache.logging.log4j:log4j-slf4j2-impl	2.24.3	2.25.2
org.apache.logging.log4j:log4j-slf4j-impl	2.24.3	2.25.2
org.apache.logging.log4j:log4j-to-jul	2.24.3	2.25.2
org.apache.logging.log4j:log4j-to-slf4j	2.24.3	2.25.2
org.apache.commons:commons-csv	1.14.0	1.14.1
ch.qos.logback:logback-core	1.5.18	1.5.22
org.apache.groovy:groovy-bom	4.0.27	5.0.3
tools.jackson:jackson-bom	3.0.0	3.0.3
org.junit:junit-bom	5.13.4	6.0.1
org.junit.jupiter:junit-jupiter-engine	5.13.4	6.0.1
org.mockito:mockito-bom	5.18.0	5.21.0
org.assertj:assertj-core	3.27.3	3.27.6
net.bytebuddy:byte-buddy	1.17.6	1.18.2
commons-codec:commons-codec	1.18.0	1.20.0
commons-io:commons-io	2.20.0	2.21.0
org.apache.commons:commons-lang3	3.17.0	3.20.0
org.apache.commons:commons-pool2	2.12.1	2.13.0
com.google.guava:guava	33.4.8-jre	33.5.0-jre
com.google.guava:guava-testlib	33.4.8-jre	33.5.0-jre
com.h2database:h2	2.3.232	2.4.240
org.jmdns:jmdns	3.6.1	3.6.2
net.java.dev.jna:jna	5.17.0	5.18.1
net.javacrumbs.json-unit:json-unit	4.1.1	5.1.0
com.vlkan.log4j2:log4j2-logstash-layout	0.18	1.0.5
org.apache.maven:maven-core	3.9.10	3.9.11
org.apache.maven:maven-model	3.9.10	3.9.11
org.openjdk.nashorn:nashorn-core	15.6	15.7
org.eclipse.platform:org.eclipse.osgi	3.23.100	3.24.0
org.xmlunit:xmlunit-core	2.10.3	2.11.0
org.xmlunit:xmlunit-matchers	2.10.3	2.11.0
com.github.spotbugs:spotbugs-annotations	4.9.3	4.9.8
io.fabric8:docker-maven-plugin	0.46.0	0.48.0
org.tukaani:xz	1.10	1.11
com.github.luben:zstd-jni	1.5.7-4	1.5.7-6
org.apache.commons:commons-compress	1.27.1	1.28.0
com.google.code.gson:gson	2.13.1	2.13.2
org.wiremock:wiremock	3.13.1	3.13.2
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.20.1
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.20.0	2.20.1
co.elastic.clients:elasticsearch-java	9.2.0	9.2.2
org.elasticsearch.client:elasticsearch-rest-client	9.2.0	9.2.2
org.mongodb:bson	5.5.1	5.6.2
org.mongodb:mongodb-driver-core	5.5.1	5.6.2
org.mongodb:mongodb-driver-sync	5.5.1	5.6.2
ch.qos.logback:logback-classic	1.5.18	1.5.22
org.springframework:spring-framework-bom	6.2.9	7.0.2
org.springframework:spring-core	6.2.9	7.0.2
org.springframework.boot:spring-boot-autoconfigure	3.5.3	4.0.0
org.springframework.boot:spring-boot-starter-test	3.5.3	4.0.0
org.springframework.boot:spring-boot-starter-log4j2	3.5.3	4.0.0
org.springframework.cloud:spring-cloud-context	4.3.0	5.0.0

Updates org.apache.logging.log4j:log4j-api from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.2

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.2

Updates org.apache.commons:commons-csv from 1.14.0 to 1.14.1

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV 1.14.1 Release Notes

The Apache Commons CSV team is pleased to announce the release of Apache Commons CSV 1.14.1.

This document contains the release notes for the 1.14.1 version of Apache Commons CSV. Commons CSV reads and writes files in Comma Separated Value (CSV) format variations.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version include:

Fixed Bugs

• CSV-318: CSVPrinter.printRecord(Stream) hangs if given a parallel stream. Thanks to Joseph Shraibman, Gary Gregory.
• CSV-318: CSVPrinter now uses an internal lock instead of synchronized methods. Thanks to Joseph Shraibman, Gary Gregory.

•       org.apache.commons.csv.CSVPrinter.printRecords(ResultSet) now writes one record at a time using a lock. Thanks to Gary Gregory.
  

Changes

•       Bump org.apache.commons:commons-parent from 81 to 85 [#542](https://github.com/apache/commons-csv/issues/542). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.18.0 to 2.20.0. Thanks to Gary Gregory.
  

•       Bump com.opencsv:opencsv from 5.10 to 5.11.2 [#545](https://github.com/apache/commons-csv/issues/545), [#551](https://github.com/apache/commons-csv/issues/551), [#553](https://github.com/apache/commons-csv/issues/553). Thanks to Gary Gregory, Dependabot.
  

•       Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 [#556](https://github.com/apache/commons-csv/issues/556). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-codec:commons-codec from 1.18.0 to 1.19.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CSV website:

https://commons.apache.org/proper/commons-csv/

Download page: https://commons.apache.org/proper/commons-csv/download_csv.cgi

Have fun! -Apache Commons CSV team

---

Commits

• e14ef86 Ignore macOS file
• d8724bf Prepare for the release candidate 1.14.1 RC1
• b76971c Prepare for the next release candidate
• b66814e Merge pull request #557 from apache/dependabot/github_actions/github/codeql-a...
• 9c95e92 Bump github/codeql-action from 3.29.2 to 3.29.4
• 1fb3716 Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
• 7b72c50 Merge some string literals
• 9658373 Update the GitHub pull request template for AI
• 67192a9 Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 59164c8 Bump com.opencsv:opencsv from 5.11.1 to 5.11.2 #553
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.22

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.22

2025-12-11 Release of logback version 1.5.22

• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in issues/986.

• Logback now takes the overridden toString() method of Throwable subclasses into account when printing stack traces. This issue was reported in LOGBACK-543 by Alvin Chee, with a fix provided in PR 404 by Brett Kail.

• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

... (truncated)

Commits

• 572379a prepare release 1.5.22
• 39d17ea fix status printing of variable substitution when the variable name contains ...
• 75509a9 fix PR 404, LOGBACK-543
• 8eb9356 remove unused import
• 6131a3a use a slightly more sophisticated guard for printing status messages
• 9efca21 add no-args constructor to support various serialization frameworks
• 1bea580 minor comment edits
• bd07fdd update angus, greenmail versions
• aef993c start work on 1.5.22-SNAPSHOT
• fed6f37 prepare release 1.5.21
• Additional commits viewable in compare view

Updates org.apache.groovy:groovy-bom from 4.0.27 to 5.0.3

Commits

• See full diff in compare view

Updates tools.jackson:jackson-bom from 3.0.0 to 3.0.3

Commits

• a280bf7 [maven-release-plugin] prepare release jackson-bom-3.0.3
• 71ce3c9 Prep for 3.0.3 release
• 69acf34 Merge branch '2.x' into 3.0
• 3001d78 Merge pull request #116 from FasterXML/tatu/2.21/115-fix-cyclonedx-backport-i...
• 9370292 makeAggregateBom -> makeBom
• 3e4db58 Backport #115 in 2.x for 2.21
• 09f71f8 ...
• ada83b5 Post-release dep version bump
• 4edcd2f [maven-release-plugin] prepare for next development iteration
• 8328126 [maven-release-plugin] prepare release jackson-bom-3.0.2
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

... (truncated)

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 5.13.4 to 6.0.1

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

... (truncated)

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.18.0 to 5.21.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

• 2025-09-20 - 11 commit(s) by Adrian-Kim, Giulio Longfils, Rafael Winterhalter, dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 [(#3730)](mockito/mockito#3730)
• Introducing the Ability to Mock Construction of Generic Types (#2401) [(#3729)](mockito/mockito#3729)
• Bump com.gradle.develocity from 4.1.1 to 4.2 [(#3726)](mockito/mockito#3726)
• Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 [(#3725)](mockito/mockito#3725)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 [(#3720)](mockito/mockito#3720)
• Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 [(#3719)](mockito/mockito#3719)
• Bump actions/setup-java from 4 to 5 [(#3715)](mockito/mockito#3715)
• Bump com.gradle.develocity from 4.1 to 4.1.1 [(#3713)](mockito/mockito#3713)
• Bump bytebuddy from 1.17.6 to 1.17.7 [(#3712)](mockito/mockito#3712)
• test: Use Assume.assumeThat for SequencedCollection tests [(#3711)](mockito/mockito#3711)
• Fix #3709 [(#3710)](mockito/mockito#3710)
• feat: Add support for JDK21 Sequenced Collections. [(#3708)](mockito/mockito#3708)
• Introducing the Ability to Mock Construction of Generic Types [(#2401)](mockito/mockito#2401)

v5.19.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.19.0

... (truncated)

Commits

• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• 58ba445 Forbid mocking WeakReference with inline mock maker (#3759)
• 966d600 Bump actions/upload-artifact from 4 to 5 (#3756)
• 632bf7b Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 (#3755)
• 8564b43 Fix primitives support in GenericArrayReturnType for Android (#3753)
• bf3a809 Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 (#3744)
• cffddd4 Bump gradle/actions from 4 to 5 (#3743)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.17.7 #3947
• Upgrade to JUnit BOM 5.13.4 #3947

Guava

• Upgrade to Guava 33.4.8-jre #3947

v3.27.4

🚫 Deprecated

Core

• Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
• Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
• Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

• Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

• Migrate to the Central Publisher Portal, enable snapshot publishing #3881

... (truncated)

Commits

• 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
• e189652 Add missing export for org.assertj.core.annotation (#3951)
• 0cb489e Update Maven Central URL
• 7286309 [maven-release-plugin] prepare for next development iteration
• dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
• 1d0defc Add missing permission to release workflow
• 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
• bdd7106 Add CodeQL custom workflow
• a93d7e6 Remove EOL Java 24
• 26ea866 Update production dependencies (#3947)
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.6 to 1.18.2

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Commits

• f1b5bb6 [maven-release-plugin] prepare release byte-buddy-1.18.2
• fe283b2 [release] Release new version
• 509da7c Correct modifier masks.
• 25d778f Fix typo.
• ee31734 Add support for Valhalla modifiers.
• 5b84e81 Fix javadoc and avoid local storage.
• f290bda Avoid running equals tests on annotations due to bugs.
• 7e753c6 Make gradle plugin configuration cache friendly (#1874)
• 0afa8ea Oppdaterer checksums og POM.
• 600a833 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.20.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.20.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.20.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add org.apache.commons.codec.digest.Crc16. Thanks to Fredrik Kjellberg, Gary Gregory.
  

•         Add builders to org.apache.commons.codec.digest streams and deprecate some old constructors. Thanks to Gary Gregory.
  

•         Add builder to Base16 streams and deprecate some old constructors. Thanks to Gary Gregory.
  

•         Add support for SHAKE128-256 and SHAKE256-512 to `DigestUtils` and `MessageDigestAlgorithms` on Java 25 and up. Thanks to Gary Gregory.
  

•         Add BaseNCodec.AbstractBuilder.setDecodeTable(byte[]) and refactor subclasses. Thanks to Gary Gregory.
  

Changes

•         Deprecate all but one Base32 constructor in favor of the builder added in version 1.17.0. Thanks to Gary Gregory.
  

•         Deprecate all but one Base64 constructor in favor of the builder added in version 1.17.0. Thanks to Gary Gregory.
  

•         BaseNCodecInputStream subclasses are now type-safe to match its matching BaseNCodec. Thanks to Gary Gregory.
  

•         BaseNCodecOutputStream subclasses are now type-safe to match its matching BaseNCodec. Thanks to Gary Gregory.
  

•         Bump org.apache.commons:commons-parent from 85 to 91. Thanks to Gary Gregory, Dependabot.
  

•         [test] Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a

... (truncated)

Commits

• b20db1f Merge branch 'master' into release
• cb344d6 Use leaf in overview
• 004966b Better package description
• 1320800 Use HTTPS in URL
• fcb8bf6 Use component logo
• af58c1a Use final
• 4368bfe Add dependabot email [skip ci]
• cb2b7b6 Clarify comment
• 48bb283 Bump github/codeql-action from 4.30.9 to 4.31.2 (#414)
• f61c2e6 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#413)
• Additional commits viewable in compare view

Updates commons-io:commons-io from 2.20.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.21.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.21.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.21.0: Java 8 or later is required.

New features

o FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_RB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_QB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], int, int, long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(int, long). Thanks to Gary Gregory. o Add length unit support in FileSystem limits. Thanks to Piotr P. Karwasz. o Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation. Thanks to Piotr P. Karwasz. o Add org.apache.commons.io.file.PathUtils.getPath(String, String). Thanks to Gary Gregory. o Add org.apache.commons.io.channels.ByteArraySeekableByteChannel. Thanks to Gary Gregory. o Add IOIterable.asIterable(). Thanks to Gary Gregory. o Add NIO channel support to AbstractStreamBuilder. Thanks to Piotr P. Karwasz. o Add CloseShieldChannel to close-shielded NIO Channels #786. Thanks to Piotr P. Karwasz. o Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize #790. Thanks to Piotr P. Karwasz.

Fixed Bugs

o When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading. Thanks to Gary Gregory. o When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE. Thanks to Gary Gregory. o ValidatingObjectInputStream does not validate dynamic proxy interfaces. Thanks to Stanislav Fort, Gary Gregory. o BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set. Thanks to Piotr P. Karwasz. o BoundedInputStream.available() correctly accounts for the maximum read limit. Thanks to Piotr P. Karwasz. o Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int). Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow. Thanks to Piotr P. Karwasz. o Javadoc general improvements. Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray() now throws EOFException when not eno...

Description has been truncated