Skip to content

chore: [DevOps] bump the production-minor-patch group with 2 updates #887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 12, 2025
Merged

chore: [DevOps] bump the production-minor-patch group with 2 updates #887

merged 1 commit into from
Aug 12, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 12, 2025

Bumps the production-minor-patch group with 2 updates: org.assertj:assertj-core and com.sap.cloud.security:java-bom.

Updates org.assertj:assertj-core from 3.27.3 to 3.27.4

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.4

🚫 Deprecated

Core

  • Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
  • Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
  • Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

  • Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

  • Migrate to the Central Publisher Portal, enable snapshot publishing #3881

Core

  • Annotate fail methods with custom @Contract #3882

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​kelunik

Commits
  • 7a64cde [maven-release-plugin] prepare release assertj-build-3.27.4
  • feb5f6f Annotate fail methods with custom @Contract (#3882)
  • 43e8b65 Deprecate org.assertj.core.util.CheckReturnValue in favor of `org.assertj.c...
  • 1bf8cd6 Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of `org.asser...
  • 72d08b2 Deprecate org.assertj.core.annotations.Beta in favor of `org.assertj.core.a...
  • 475c2eb Polish
  • fdc9bc5 Skip tests during snapshot publishing
  • 8f4a1b5 Migrate to the Central Publisher Portal, enable snapshot publishing (#3881)
  • 7461b68 Fix thread-safety in AbstractDateAssert (#3874)
  • 015f095 Remove EOL Java 23
  • Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 3.6.1 to 3.6.2

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.6.2

  • Improve logging before token key retrieval fallback
  • remove repository config for old sonatype plugin
  • added version references to POMs and other minor informations
  • Update README.md for using correct path to SpringTokenClientConfigura…
  • Maven central preparation

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
  • Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0
  • Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
  • Bump log4j2.version from 2.25.0 to 2.25.1
  • Bump commons-io:commons-io from 2.19.0 to 2.20.0
  • Bump reactor.version from 3.7.7 to 3.7.8
  • Bump spring.core.version from 6.2.8 to 6.2.9
  • Bump spring.security.version from 6.5.1 to 6.5.2
  • Bump spring.boot.version from 3.5.3 to 3.5.4
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0
  • Bump spring.security.version from 6.5.0 to 6.5.1
  • Bump spring.boot.version from 3.5.0 to 3.5.3
Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.6.2

  • Improve logging before token key retrieval fallback
  • remove repository config for old sonatype plugin
  • added version references to POMs and other minor informations
  • Update README.md for using correct path to SpringTokenClientConfigura…
  • Maven central preparation

Dependency upgrades

  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2
  • Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0
  • Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24
  • Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8
  • Bump log4j2.version from 2.25.0 to 2.25.1
  • Bump commons-io:commons-io from 2.19.0 to 2.20.0
  • Bump reactor.version from 3.7.7 to 3.7.8
  • Bump spring.core.version from 6.2.8 to 6.2.9
  • Bump spring.security.version from 6.5.1 to 6.5.2
  • Bump spring.boot.version from 3.5.3 to 3.5.4
  • Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.0 to 4.9.3.1
  • Bump org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.27.0
  • Bump spring.security.version from 6.5.0 to 6.5.1
  • Bump spring.boot.version from 3.5.0 to 3.5.3
Commits
  • bbb1046 Release 3.6.2 (#1827)
  • 8c621a0 Bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.1 to 4.9.3.2 (#1801)
  • 1802602 Bump io.github.hakky54:logcaptor from 2.11.0 to 2.12.0 (#1825)
  • 2de9652 Bump org.eclipse.jetty.version from 12.0.22 to 12.0.24 (#1826)
  • f3302ef Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8 (#1804)
  • 647ff9e Bump log4j2.version from 2.25.0 to 2.25.1 (#1805)
  • 0b119f1 Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#1809)
  • 02c1fef Bump reactor.version from 3.7.7 to 3.7.8 (#1820)
  • d89a04e Bump spring.core.version from 6.2.8 to 6.2.9 (#1816)
  • ab4a352 Bump spring.security.version from 6.5.1 to 6.5.2 (#1817)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: [DevOps] bump the production-minor-patch group with 2 updates
2adae0c 
Bumps the production-minor-patch group with 2 updates: [org.assertj:assertj-core](https://github.com/assertj/assertj) and [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration).


Updates `org.assertj:assertj-core` from 3.27.3 to 3.27.4
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.3...assertj-build-3.27.4)

Updates `com.sap.cloud.security:java-bom` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](SAP/cloud-security-services-integration-library@3.6.1...3.6.2)

---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 3.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Aug 12, 2025
@bot-sdk-js bot-sdk-js enabled auto-merge (squash) August 12, 2025 10:19
@bot-sdk-js bot-sdk-js merged commit f849274 into main Aug 12, 2025
14 checks passed
@bot-sdk-js bot-sdk-js deleted the dependabot/maven/main/production-minor-patch-56833e5e59 branch August 12, 2025 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bot-sdk-js bot-sdk-js bot-sdk-js approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bot-sdk-js