Skip to content

Bump the maven-minor-patch group across 1 directory with 8 updates#85

Merged
nilsbehlen merged 1 commit into
masterfrom
dependabot/maven/maven-minor-patch-e2fb366646
Jun 30, 2026
Merged

Bump the maven-minor-patch group across 1 directory with 8 updates#85
nilsbehlen merged 1 commit into
masterfrom
dependabot/maven/maven-minor-patch-e2fb366646

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven-minor-patch group with 8 updates in the / directory:

Package From To
com.squareup.okio:okio 3.4.0 3.17.0
com.google.code.gson:gson 2.10.1 2.14.0
org.slf4j:slf4j-simple 2.0.5 2.0.18
com.auth0:java-jwt 4.5.1 4.5.2
org.apache.maven.plugins:maven-surefire-plugin 3.5.3 3.5.6
org.apache.maven.plugins:maven-shade-plugin 3.2.4 3.6.2
org.apache.maven.plugins:maven-compiler-plugin 3.13.0 3.15.0
org.jacoco:jacoco-maven-plugin 0.8.8 0.8.15

Updates com.squareup.okio:okio from 3.4.0 to 3.17.0

Changelog

Sourced from com.squareup.okio:okio's changelog.

Version 3.17.0

2026-03-11

  • New: Adjust down the Kotlin stdlib dependency to [Kotlin 2.1.21][kotlin_2_1_21]. Okio is built with an up-to-date Kotlin compiler (2.2.21), but depends on an older kotlin-stdlib. We're doing this so you can update Okio and Kotlin independently.

  • Fix: Return the correct timestamp in FileMetadata.createdAtMillis on Kotlin/Native on UNIX platforms. We were incorrectly using the POSIX ctime (change time) instead of the birthtime. With this fix Okio now prefers statx() over stat() on native platforms. This API first appeared in Linux in 4.11 (2017) and Android in API 30 (2020).

Version 3.16.4

2025-11-17

  • Fix: Don't delay triggering timeouts. In 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

Version 3.16.3

2025-11-14

This release is the same as 3.16.2. We forgot to cherry-pick a commit before we released!

Version 3.16.2

2025-10-14

  • Fix: okio-assetfilesystem APIs now correctly restored as visible to Kotlin.

Version 3.16.1

2025-10-09

  • Fix: Don't crash when calling Socket.shutdownOutput() or shutdownInput() on an SSLSocket on Android API 21. This method throws an UnsupportedOperationException, so we now catch that and close the underlying stream instead.

Version 3.16.0

2025-07-29

  • Fix: Change Socket.asOkioSocket() to resolve its source InputStream and OutputStream

... (truncated)

Commits
  • 80a5023 Prepare for release 3.17.0.
  • 65c0c26 Switch to FileMetadata to use statx instead of stat on Linux and Apple platfo...
  • b11f17b Remove Kotlin/JS IR default parameter workarounds. (#1786)
  • b35f473 Update Gradle to v9.4.0 (#1785)
  • cbcee31 Update actions/upload-artifact action to v7 (#1783)
  • fc7aecb Update dependency com.android.tools.build:gradle to v9.0.1 (#1781)
  • 79aa267 Drop isWasm() early return workaround for KT-60212. (#1777)
  • 45459dc Fix result of an 'errnoToIOException' call is not thrown. inside `PosixFileSy...
  • 9fbab0f Decode env variables in WASI tests (#1773)
  • 50abe89 Stop using AssertJ (#1771)
  • Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.10.1 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

  • Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

    When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

    With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

  • Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

    This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

  • Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

    Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

  • Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

    This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

  • Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

    The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

  • Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

    This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

  • Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

New Contributors

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Gson 2.13.2

The main changes in this release are just newer dependencies.

... (truncated)

Commits
  • 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
  • a3024fd Bump the maven group with 13 updates (#3002)
  • 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
  • 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
  • 53d703e Update outdated comment regarding serializable types (#3012)
  • 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
  • f4d371d Fix duplicate key detection when first value is null (#3006)
  • 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
  • 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
  • b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
  • Additional commits viewable in compare view

Updates org.slf4j:slf4j-simple from 2.0.5 to 2.0.18

Updates com.auth0:java-jwt from 4.5.1 to 4.5.2

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.2

Added

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.2 (2026-04-29)

Full Changelog

Added

Commits
  • 695fd2b Release 4.5.2 (#765)
  • 4ac3178 Release 4.5.2
  • d056a79 Bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3 in /li...
  • 37f195a Bump com.fasterxml.jackson.core:jackson-databind in /lib
  • dba4c93 Chore: Bump update commons-beanutils dependency (#761)
  • 84d4c8f Merge branch 'master' into chore/bump-commons-beanutils
  • 5c923d4 Chore: Add SCA scan workflow (#762)
  • 09a4da5 Merge branch 'master' into chore/add-sca-scan
  • ef47e64 Chore: Add SCA scan workflow
  • 3fcfbcb Chore: Bump update commons-beanutils dependency
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

  • Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

... (truncated)

Commits
  • 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
  • e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
  • dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
  • 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
  • 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
  • 04ad9a2 Use surefire 3.5.5 by project itself for testing
  • 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
  • a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
  • e838393 deploy 3.5.x branch to nexus
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.2.4 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.2

🐛 Bug Fixes

  • Bug: Extra JARs and Artifacts were not subjected to filtering (#785) @​cstamas

👻 Maintenance

📦 Dependency updates

3.6.1

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

... (truncated)

Commits
  • ad8de59 [maven-release-plugin] prepare release maven-shade-plugin-3.6.2
  • 8eb19dc Drop unneeded dependencies (#788)
  • 397b2cd Drop excessive dependencies (#786)
  • eca6398 Bug: Extra JARs and Artifacts were not subjected to filtering (#785)
  • 7edce17 Update to parent POM v 47 (#781)
  • 3171a34 Mockito improvements (#783)
  • 678844b Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#782)
  • 73ec909 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780)
  • 5f7a877 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#778)
  • 73c5247 chore: remove junit3 reference (#762)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

3.14.0

... (truncated)

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.8 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

  • JaCoCo now officially supports Java 26 (GitHub #2076).
  • Experimental support for Java 27 class files (GitHub #2004).
  • Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
  • Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
  • Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
  • Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
  • Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
  • Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
  • For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

  • Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
  • Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
  • For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
  • Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

  • JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

0.8.14

New Features

  • JaCoCo now officially supports Java 25 (GitHub #1950).
  • Experimental support for Java 26 class files (GitHub #1870).
  • Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
  • Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
  • Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
  • Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
  • Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
  • Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
  • Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
  • Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

  • Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
  • Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

  • JaCoCo now depends on ASM 9.9 (GitHub #1965).

0.8.13

New Features

  • JaCoCo now officially supports Java 23 and Java 24 (GitHub #1757, #1631, #1867).
  • Experimental support for Java 25 class files (GitHub #1807).
  • Calculation of line coverage for Kotlin inline functions (GitHub #1670).
  • Calculation of line coverage for Kotlin inline functions with reified type parameter (GitHub #1670, #1700).
  • Calculation of coverage for Kotlin JvmSynthetic functions (GitHub #1700).
  • Part of bytecode generated by the Kotlin Compose compiler plugin is filtered out during generation of report (GitHub #1616).

... (truncated)

Commits
  • 6c5260a Prepare release v0.8.15
  • 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
  • ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
  • 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
  • 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
  • 85b8ddf Upgrade ASM to 9.10.1 (#2134)
  • 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
  • 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
  • 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
  • 3e18f17 Require at least JDK 21 for build (#2128)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 30, 2026
Bumps the maven-minor-patch group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.squareup.okio:okio](https://github.com/square/okio) | `3.4.0` | `3.17.0` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.10.1` | `2.14.0` |
| org.slf4j:slf4j-simple | `2.0.5` | `2.0.18` |
| [com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.5.1` | `4.5.2` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.6` |
| [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.2.4` | `3.6.2` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.13.0` | `3.15.0` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.8` | `0.8.15` |



Updates `com.squareup.okio:okio` from 3.4.0 to 3.17.0
- [Changelog](https://github.com/square/okio/blob/master/CHANGELOG.md)
- [Commits](square/okio@parent-3.4.0...parent-3.17.0)

Updates `com.google.code.gson:gson` from 2.10.1 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.10.1...gson-parent-2.14.0)

Updates `org.slf4j:slf4j-simple` from 2.0.5 to 2.0.18

Updates `com.auth0:java-jwt` from 4.5.1 to 4.5.2
- [Release notes](https://github.com/auth0/java-jwt/releases)
- [Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/java-jwt@4.5.1...4.5.2)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.6)

Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.2.4 to 3.6.2
- [Release notes](https://github.com/apache/maven-shade-plugin/releases)
- [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.2.4...maven-shade-plugin-3.6.2)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.13.0 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.13.0...maven-compiler-plugin-3.15.0)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.8 to 0.8.15
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.8...v0.8.15)

---
updated-dependencies:
- dependency-name: com.auth0:java-jwt
  dependency-version: 4.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-minor-patch
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-minor-patch
- dependency-name: com.squareup.okio:okio
  dependency-version: 3.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-minor-patch
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-minor-patch
- dependency-name: org.apache.maven.plugins:maven-shade-plugin
  dependency-version: 3.6.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-minor-patch
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-minor-patch
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.15
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-minor-patch
- dependency-name: org.slf4j:slf4j-simple
  dependency-version: 2.0.18
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the maven-minor-patch group with 8 updates Bump the maven-minor-patch group across 1 directory with 8 updates Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/maven-minor-patch-e2fb366646 branch from f5e1b31 to fa4539b Compare June 30, 2026 12:57
@nilsbehlen nilsbehlen merged commit 8d25174 into master Jun 30, 2026
6 checks passed
@nilsbehlen nilsbehlen deleted the dependabot/maven/maven-minor-patch-e2fb366646 branch June 30, 2026 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant