chore: [DevOps] bump the production-minor-patch group across 1 directory with 9 updates

[dependabot]

Bumps the production-minor-patch group with 9 updates in the / directory:

Package	From	To
org.wiremock:wiremock	3.10.0	3.11.0
commons-codec:commons-codec	1.17.2	1.18.0
com.sap.cloud.security:java-bom	3.5.7	3.5.8
io.vavr:vavr	0.10.5	0.10.6
com.google.code.gson:gson	2.11.0	2.12.1
com.auth0:java-jwt	4.4.0	4.5.0
org.apache.httpcomponents.client5:httpclient5	5.4.1	5.4.2
org.checkerframework:checker-qual	3.48.4	3.49.0
joda-time:joda-time	2.13.0	2.13.1

Updates org.wiremock:wiremock from 3.10.0 to 3.11.0

Release notes

Sourced from org.wiremock:wiremock's releases.

3.11.0

🚀 New Features

• Support filename capabilities for Multipart's part (#2888) @​aatifansari

🐞 Bug fixes

• Always use the system default TransformerFactory in FormatXmlHelper (#2918) @​ianprime0509
• Disable problematic protocol update for httpclient 5.4 (#2951) @​sven-carstens
• make EqualToXmlPattern namespace aware by default. (#2945) @​RafeArnold

📦 Dependency updates

• Bump jetty 12 version to 12.0.16 (#2947) @​leeturner
• Bump com.networknt:json-schema-validator from 1.5.4 to 1.5.5 (#2935) @​dependabot
• Bump com.diffplug.spotless from 7.0.1 to 7.0.2 (#2934) @​dependabot
• Bump org.mockito:mockito-core from 5.14.2 to 5.15.2 (#2924) @​dependabot
• Bump com.diffplug.spotless from 6.25.0 to 7.0.1 (#2930) @​dependabot
• Bump org.mockito:mockito-junit-jupiter from 5.14.2 to 5.15.2 (#2925) @​dependabot
• Bump org.scala-lang:scala-library from 2.13.15 to 2.13.16 (#2932) @​dependabot
• Bump versions.junitJupiter from 5.11.3 to 5.11.4 (#2916) @​dependabot
• Bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre (#2917) @​dependabot

✍ Other changes

• improve performance of EqualToXmlPattern. (#2944) @​RafeArnold
• Update after-pattern.yaml to fix typo (#2949) @​ascopes
• Fix serialization of nested AdvancedPathPattern where @​JsonUnwrapped is used (#2919) @​leeturner
• Throw descriptive exception when no suitable HttpServerFactory extension was found (#2920) @​andipabst

Commits

• dd8e739 Fixed test broken by suppression of HTTPS upgrade by the Apache HTTP Client
• a7d9ac8 Bumped minor version
• bd17065 Merge pull request #2918 from ianprime0509/xml-default-instance
• 63a3a12 Update after-pattern.yaml to fix typo (#2949)
• 437e3ec Disable problematic protocol update for httpclient 5.4 (#2951)
• c3f3319 Bump jetty 12 version to 12.0.16 (#2947)
• 9ccb1c8 improve performance of EqualToXmlPattern. (#2944)
• f913265 Make EqualToXmlPattern namespace aware by default. (#2945)
• 6217b77 Merge pull request #2943 from Ashish-CodeJourney/master
• afe7de8 Merge pull request #1 from Ashish-CodeJourney/Ashish-CodeJourney-patch-1
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.17.2 to 1.18.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.18.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.18.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add Base32.Builder.setHexDecodeTable(boolean). Thanks to Gary Gregory, Julian Reschke.
  

•         Add Base32.Builder.setHexEncodeTable(boolean). Thanks to Gary Gregory, Julian Reschke.
  

Changes

•         Bump org.apache.commons:commons-parent from 78 to 79. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Commits

• 5f76abb Update contributing file from user feedback
• a38de95 Prepare for the next release candidate
• 0689dc8 Prepare for the next release candidate
• 4098222 Port from Doxia 1 to 2
• ebb29e9 Make test fixture package private
• 110a9f8 Don't need to end a paragraph with an extra line break
• 6444237 Remove background color from site page
• 9062af4 Merge branch 'master' of
• 963ee73 Include more in the source assembly
• 94b9c51 Add a file extension to TODO file
• Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 3.5.7 to 3.5.8

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.5.8

• [spring-security] Fix error handling for reactive token validation

Dependency upgrades

• Downgrade org.wiremock:wiremock-standalone from 3.10.0 to 3.9.2
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2
• Bump io.projectreactor:reactor-test from 3.7.1 to 3.7.2
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3
• Bump spring.boot.version from 3.4.1 to 3.4.2
• Bump spring.core.version from 6.2.1 to 6.2.2
• Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2
• Bump org.mockito:mockito-core from 5.14.2 to 5.15.2

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.5.8

• [spring-security] Fix error handling for reactive token validation

Dependency upgrades

• Downgrade org.wiremock:wiremock-standalone from 3.10.0 to 3.9.2
• Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2
• Bump io.projectreactor:reactor-test from 3.7.1 to 3.7.2
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3
• Bump spring.boot.version from 3.4.1 to 3.4.2
• Bump spring.core.version from 6.2.1 to 6.2.2
• Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2
• Bump org.mockito:mockito-core from 5.14.2 to 5.15.2

Commits

• 31569aa Set release version to 3.5.8 (#1710)
• a94f7be Reactor fix and wiremock downgrade (#1709)
• 2293491 Bump org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2 (#1708)
• e64878e Bump io.projectreactor:reactor-test from 3.7.1 to 3.7.2 (#1699)
• 52f6023 Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#1703)
• d7bf44c Bump spring.boot.version from 3.4.1 to 3.4.2 (#1705)
• e12bcea Bump spring.core.version from 6.2.1 to 6.2.2 (#1701)
• 93c7214 Bump io.projectreactor:reactor-core from 3.7.1 to 3.7.2 (#1700)
• a86623d Bump org.mockito:mockito-core from 5.14.2 to 5.15.2 (#1698)
• See full diff in compare view

Updates io.vavr:vavr from 0.10.5 to 0.10.6

Release notes

Sourced from io.vavr:vavr's releases.

Patch Release 0.10.6

This release brings Virtual-Thread-friendliness and documentation updates.

This is the last planned patch release for the 0.10.x train. 0.11.x incoming!

Changes

• Replace synchronization by Lock in FutureImpl by @​Koziolek in vavr-io/vavr#2912
• Replace synchronized by Lock in Future#find by @​Koziolek in vavr-io/vavr#2910
• Replace synchronized by lock in functions generator by @​Koziolek in vavr-io/vavr#2909
• Remove outdated comment by @​bvkatwijk in vavr-io/vavr#2957
• Fix CheckedRunnableTest#shouldApplyAnUncheckedFunctionThatThrows by @​bvkatwijk in vavr-io/vavr#2954

Full Changelog: vavr-io/vavr@v0.10.5...v0.10.6

Committers

🎉 MANY THANKS TO ALL COMMITTERS! 🎉

• ⭐️@​Koziolek
• ⭐️@​bvkatwijk
• ⭐️@​pivovarit

Commits

• feeec95 [maven-release-plugin] prepare release v0.10.6
• dcbaf35 Update Copyright to 2025 (#2964)
• 661d46a Fix CheckedRunnableTest#shouldApplyAnUncheckedFunctionThatThrows (#2956)
• 75250e3 Remove outdated comment (#2957)
• 9b25d02 Use new 'vavrjava' ASCII art in README (#2920)
• c2008cc Use new 'vavrjava' ASCII art for 0.x versions as well (#2919)
• 42a302c Use 'https://vavr.io' instead of 'http://vavr.io' (#2918)
• 58bd285 Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.5.0 (#2917)
• 2267f62 Bump org.junit.jupiter:junit-jupiter from 5.11.2 to 5.11.3 (#2916)
• d5a86e4 Replace synchronization by Lock in FutureImpl (#2912)
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.11.0 to 2.12.1

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.11.1

The only difference between this release and 2.11.0 is that OSGi declarations in the Gson jar now specify that com.google.errorprone.annotations is an optional dependency, not a required one. If you do not use OSGi then there is no effective change.

Gson 2.12.0

What's Changed

The biggest change is that we no longer support Java 7. People who still need to run on Java 7 will need to use an earlier version of Gson.

Other changes:

• Allow registering adapters for JsonElement again by @​Marcono1234 in google/gson#2789
• Add nesting limit for JsonReader by @​Marcono1234 in google/gson#2588
• Add @CheckReturnValue to our packages. by @​cpovirk in google/gson#2693
• Add NullSafeTypeAdapter to prevent TypeAdapter.nullSafe() from returning nested null-safe type adapters (#2729) by @​lyubomyr-shaydariv in google/gson#2731
• Support Properties subclasses in GsonTypes.getMapKeyAndValueTypes by @​panic08 in google/gson#2758
• Enforce rawType to be a Class in ParameterizedTypeImpl by @​panic08 in google/gson#2759
• Remove AccessController usage for enum adapter by @​Marcono1234 in google/gson#2704
• Fix typeArguments array not being cloned when resolving ParameterizedType with changed owner by @​TBlueF in google/gson#2706
• Remove duplicated declaration of required OSGi execution environment by @​HannesWell in google/gson#2711
• Move bnd.bnd file configuration into 'bnd' element of bnd-maven-plugin by @​HannesWell in google/gson#2712
• Move enum and JsonElement adapter classes to separate class files by @​Marcono1234 in google/gson#2727
• EnumTypeAdapter constructor optimization by @​esaulpaugh in google/gson#2734
• OSGi / bnd: Remove the self-Import of gson.annotations by @​chrisrueger in google/gson#2735

New Contributors

• @​cpovirk made their first contribution in google/gson#2693
• @​jabagawee made their first contribution in google/gson#2701
• @​TBlueF made their first contribution in google/gson#2706
• @​HannesWell made their first contribution in google/gson#2711
• @​esaulpaugh made their first contribution in google/gson#2734
• @​chrisrueger made their first contribution in google/gson#2735
• @​panic08 made their first contribution in google/gson#2756

Full Changelog: google/gson@gson-parent-2.11.0...gson-parent-2.12.0

Commits

• 29e3d1d [maven-release-plugin] prepare release gson-parent-2.12.1
• be456cf Make the import of com.google.errorprone optional (#2795)
• b2e26fa Bump the github-actions group with 3 updates (#2785)
• 10bdd6d Simplify collection type adapters slightly. (#2791)
• ab9c54f [maven-release-plugin] prepare for next development iteration
• aaf7a12 [maven-release-plugin] prepare release gson-parent-2.12.0
• a2b1c3c Allow registering adapters for JsonElement again (#2789)
• e5dce84 Bump the maven group with 8 updates (#2784)
• 84e5f16 Bump the maven group with 7 updates (#2777)
• 9f3e577 Bump the github-actions group with 2 updates (#2778)
• Additional commits viewable in compare view

Updates com.auth0:java-jwt from 4.4.0 to 4.5.0

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.0

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.0 (2025-01-29)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-28)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-22)

Full Changelog

Added

• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Commits

• ee7332b Release 4.5.0 (#716)
• 051e1c3 Release 4.5.0
• 293a77b Modified WorkFlow (#715)
• 05bc002 added JAVA_HOME
• 38ff89e Release 4.5.0 (#714)
• ca4f842 Release 4.5.0
• 51be7df Added JAVA_HOME (#713)
• dcbc560 added JAVA_HOME path
• 2b0b2ba Upgraded Plugin (#711)
• 6e76728 upgraded plugin
• Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.1 to 5.4.2

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.4.2

This is a maintenance release that upgrades HttpCore to version 5.3.3 and fixes several regressions reported since the last release. One of the regressions could cause connection leaks and eventual connection pool exhaustion in case of proxy authentication failure when establishing a tunnel via the proxy.

Change Log

• Upgraded HttpCore to version 5.3.3 Contributed by Oleg Kalnichevski

• Improved internal state representation of the internal async execution runtime in order to prevent potential race conditions. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2357, regression: Classic HttpClient fails to release connection in case of a proxy authentication failure. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2355, regression: Reset protocol version in the execution context on a 200 response to CONNECT request. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2354: ResponseCachingPolicy to allow caching of responses with "must-revalidate" in shared caches with Authorization headers. The change aligns with RFC 9111 Section 5.2.2.2 (#609). Contributed by Arturo Bernal

• Do not add Upgrade header if Connection header already present (the caller manually manages connection state). Contributed by Oleg Kalnichevski

• Avoid logging HTTP message version where it can be a hint, not an actual protocol version Contributed by Oleg Kalnichevski

• IDN encode hostnames with Unicode characters prior to DNS resolution (#608). Contributed by Arturo Bernal

• HTTPCLIENT-2353: Fixed rejection of certificates with IDN encoded identities. (#607) Contributed by Arturo Bernal

Commits

• 34f1b02 HttpClient 5.4.2 release
• 2145d2c Updated release notes for HttpClient 5.4.2 release
• 7e48abb Upgraded HttpCore to version 5.3.3
• 1119d49 Disabled a test case that fails intermittently with GitHub Actions, pending r...
• 9433bca Improved internal state representation of the internal async execution runtim...
• 7f56b8e HTTPCLIENT-2357, regression: Classic HttpClient fails to release connect in c...
• 8958b36 HTTPCLIENT-2355, regression: Reset protocol version in the execution context ...
• f7f8069 Upgraded HttpCore to version 5.3.2
• d048550 Fix HTTPCLIENT-2354 by updating ResponseCachingPolicy to allow caching of res...
• 5ab09ea Do not add Upgrade header if Connection header already present (the calle...
• Additional commits viewable in compare view

Updates org.checkerframework:checker-qual from 3.48.4 to 3.49.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.49.0

Version 3.49.0 (February 3, 2025)

User-visible changes:

The Optional Checker is more precise for Optional values resulting from operations on container types (e.g., List, Map, Iterable). It supports two new annotations:

• @NonEmpty
• @UnknownNonEmpty

The Signature Checker no longer supports @BinaryNameWithoutPackage because it is equivalent to @Identifier; use @Identifier instead.

The JavaStubifier implementation now appears in package org.checkerframework.framework.stubifier.JavaStubifier.

Closed issues:

#6935, #6936, #6939.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.49.0 (February 3, 2025)

User-visible changes:

The Optional Checker is more precise for Optional values resulting from operations on container types (e.g., List, Map, Iterable). It supports two new annotations:

• @NonEmpty
• @UnknownNonEmpty

The Signature Checker no longer supports @BinaryNameWithoutPackage because it is equivalent to @Identifier; use @Identifier instead.

The JavaStubifier implementation now appears in package org.checkerframework.framework.stubifier.JavaStubifier.

Closed issues:

#6935, #6936, #6939.

Commits

• 8ae32b8 new release 3.49.0
• 8521889 Prep for release.
• 637c79a Improve diagnostics
• 1f69ec2 Update dependency gradle to v8.12.1 (#6937)
• 64e84df Fix Gradle deprecation warnings
• b7aea1e Update to Gradle 8.12
• b48f3b4 Fix favicon problem. (#6964)
• de51e9f Use built in file tools rather than exec in Gradle code
• 3531816 Move code that adds favicon to separate task
• 441b527 Remove exec from settings in Gradle code
• Additional commits viewable in compare view

Updates joda-time:joda-time from 2.13.0 to 2.13.1

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.13.1

See the change notes for more information.

What's Changed

• Update time zone data to 2025agtz by @​github-actions in JodaOrg/joda-time#805

Full Changelog: JodaOrg/joda-time@v2.13.0...v2.13.1

Commits

• 935d44e Release v2.13.1
• f42d2d0 Update time zone data to 2025agtz (#805)
• 3fcd96c Update CI fuzz version
• 8430877 Add workflow dispatch
• 2ce9b4c Update changes.xml
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[newtork]

Revert until discussed. Dependency update be handled separately.

Changelog:
Do not add Upgrade header if Connection header already present (the caller manually manages connection state).

Suggested change

	<httpclient5.version>5.4.2</httpclient5.version>
	<httpclient5.version>5.4.1</httpclient5.version>

[CharlesDuboisSAP]

apache/httpcomponents-client@5ab09ea