Skip to content

chore(deps): bump the low-risk group with 7 updates#348

Merged
RichardSlater merged 1 commit intomainfrom
dependabot/maven/low-risk-dabdad834f
Feb 23, 2026
Merged

chore(deps): bump the low-risk group with 7 updates#348
RichardSlater merged 1 commit intomainfrom
dependabot/maven/low-risk-dabdad834f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 23, 2026

Bumps the low-risk group with 7 updates:

Package From To
ch.qos.logback:logback-core 1.5.31 1.5.32
ch.qos.logback:logback-classic 1.5.31 1.5.32
nl.jqno.equalsverifier:equalsverifier 4.3.1 4.4.1
com.fasterxml.jackson:jackson-bom 2.21.0 2.21.1
org.springframework.boot:spring-boot-dependencies 3.5.10 3.5.11
org.apache.maven.plugins:maven-failsafe-plugin 3.5.4 3.5.5
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.5

Updates ch.qos.logback:logback-core from 1.5.31 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e807335 prepare release 1.5.32
  • dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
  • 8e32278 added simple test for appender definitiob via file inclusion
  • 834dbed start work on 1.5.32-SNAPSHOT
  • See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.31 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e807335 prepare release 1.5.32
  • dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
  • 8e32278 added simple test for appender definitiob via file inclusion
  • 834dbed start work on 1.5.32-SNAPSHOT
  • See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.31 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e807335 prepare release 1.5.32
  • dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
  • 8e32278 added simple test for appender definitiob via file inclusion
  • 834dbed start work on 1.5.32-SNAPSHOT
  • See full diff in compare view

Updates nl.jqno.equalsverifier:equalsverifier from 4.3.1 to 4.4.1

Release notes

Sourced from nl.jqno.equalsverifier:equalsverifier's releases.

Release equalsverifier-4.4.1

For a list of changes in this version, see CHANGELOG.md.

Release equalsverifier-4.4

For a list of changes in this version, see CHANGELOG.md.

Changelog

Sourced from nl.jqno.equalsverifier:equalsverifier's changelog.

[4.4.1] - 2026-02-23

Fixed

  • A regression where floats and doubles are checked (and throw an exception) that are static (Issue 1183), transient (Issue 1184) or ignored with #withIgnoredFields().

[4.4] - 2026-02-21

Added

  • Proper support for JEP 500: "Prepare to Make Final Mean Final", where the JDK emits a warning (or, if so configured, throws an exception) when final fields are mutated.
    • #withFactory() method to provide instances to EqualsVerifier so it doesn't have to mutate final fields;
    • Overloads for #withRedefinedSuperclass() and #withRedefinedSubclass() to do the same;
    • Overloads for #withPrefabValues() and #withPrefabValuesForField() where you explicitly provide a copy of the "red" value, because EqualsVerifier will not be able to make a copy of that value without using final field mutation.
    • .set(Mode.finalMeansFinal() so EqualsVerifier refuses to mutate final fields even when still possible: this is useful when migrating to a newer JDK where this is an issue.
    • Documentation: see the chapter on this subject in the manual.
  • Prefab values for java.lang.Number.

Changed

  • For doubles and floats, EqualsVerifier now uses 0.0 and -0.0 instead of NaN to test edge case handling without triggering precondition exceptions. For boxed Double/Float, it now suggests equals() over Double.compare()/Float.compare() (they behave identically).
Commits
  • 3fadf02 Bumps version to 4.4.1
  • cea5157 Updates CHANGELOG for release
  • bfaaee3 Merge pull request #1185 from jqno/dependabot/maven/dependencies-190f324d1e
  • e588ba7 Bump org.apache.maven.plugins:maven-surefire-plugin
  • fc72387 Fixes regression with floats and doubles
  • 99cb250 Prepares for next development iteration
  • a6d4e87 Bumps version to 4.4
  • 17a917a Updates CHANGELOG for release
  • 0df7252 Updates CHANGELOG
  • 2842295 Merge pull request #1181 from jqno/final-means-final
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1

Commits
  • 08a5a9a [maven-release-plugin] prepare release jackson-bom-2.21.1
  • 5b03376 Prep for 2.21.1 release
  • 1d78778 Merge branch '2.20' into 2.21
  • cd46b24 Post-release dep version bump
  • 17179ff [maven-release-plugin] prepare for next development iteration
  • 2a26844 [maven-release-plugin] prepare release jackson-bom-2.20.2
  • 6adf11b Prep for 2.20.2 release
  • 441df8a Post-release version bump
  • a1b4814 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.10 to 3.5.11

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.11

🐞 Bug Fixes

  • Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #49039
  • server.jetty.threads.max is ignored when using virtual threads #48982
  • Docker credential helpers with file extensions cannot be executed on Windows #48965

📔 Documentation

  • Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #49211
  • Document that use of non idiomatic format for '@Value' still apply for environment variables #49054
  • Document naming convention for custom test-scoped starters #49014
  • LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #48996
  • ApplicationContextAssert documents a non-existent assertion in getFailure() #48973
  • Highlight the importance of the preStop hook when configuring Kubernetes probes #48936

🔨 Dependency Upgrades

  • Upgrade to AssertJ 3.27.7 #49075
  • Upgrade to Groovy 4.0.30 #49076
  • Upgrade to Hibernate 6.6.42.Final #49077
  • Upgrade to Jaybird 6.0.4 #49078
  • Upgrade to JBoss Logging 3.6.2.Final #49079
  • Upgrade to Jetty 12.0.32 #49080
  • Upgrade to jOOQ 3.19.30 #49081
  • Upgrade to Logback 1.5.32 #49243
  • Upgrade to Micrometer 1.15.9 #49064
  • Upgrade to Micrometer Tracing 1.5.9 #49065
  • Upgrade to MySQL 9.6.0 #49083
  • Upgrade to Netty 4.1.131.Final #49165
  • Upgrade to Postgresql 42.7.10 #49201
  • Upgrade to Reactor Bom 2024.0.15 #49066
  • Upgrade to Spring Authorization Server 1.5.6 #49067
  • Upgrade to Spring Data Bom 2025.0.9 #49068
  • Upgrade to Spring Framework 6.2.16 #49069
  • Upgrade to Spring GraphQL 1.4.5 #49070
  • Upgrade to Spring Integration 6.5.7 #49071
  • Upgrade to Spring Kafka 3.3.13 #49244
  • Upgrade to Spring LDAP 3.3.6 #49072
  • Upgrade to Spring Pulsar 1.2.15 #49073
  • Upgrade to Spring Security 6.5.8 #49225
  • Upgrade to Spring Session 3.5.5 #49074
  • Upgrade to Tomcat 10.1.52 #49084
  • Upgrade to Undertow 2.3.23.Final #49166

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dsyer, @​linkian209, @​nosan, @​quaff, @​scordio, and @​srt

Commits
  • 3728f97 Release v3.5.11
  • 54ab3c5 Align "noteworthy" issues in release notes with Spring Framework
  • 996664f Temporarily switch Docker to overlay2
  • 91cc0dd Upgrade to Spring Session 3.5.5
  • f439fd3 Show docker version and docker info when running system tests
  • ec94645 Print CI docker images in system test
  • 33a7890 Upgrade to Spring Integration 6.5.7
  • 1cf8668 Upgrade to Spring Authorization Server 1.5.6
  • 679254a Upgrade to Spring Pulsar 1.2.15
  • c022218 Upgrade to Spring Kafka 3.3.13
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
org.springframework.boot:spring-boot-dependencies [>= 4.a0, < 5]

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the low-risk group with 7 updates
5030775 
Bumps the low-risk group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [ch.qos.logback:logback-core](https://github.com/qos-ch/logback) | `1.5.31` | `1.5.32` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.31` | `1.5.32` |
| [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) | `4.3.1` | `4.4.1` |
| [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.21.0` | `2.21.1` |
| [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.5.10` | `3.5.11` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |


Updates `ch.qos.logback:logback-core` from 1.5.31 to 1.5.32
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.31...v_1.5.32)

Updates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.31...v_1.5.32)

Updates `ch.qos.logback:logback-classic` from 1.5.31 to 1.5.32
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.31...v_1.5.32)

Updates `nl.jqno.equalsverifier:equalsverifier` from 4.3.1 to 4.4.1
- [Release notes](https://github.com/jqno/equalsverifier/releases)
- [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md)
- [Commits](jqno/equalsverifier@equalsverifier-4.3.1...equalsverifier-4.4.1)

Updates `com.fasterxml.jackson:jackson-bom` from 2.21.0 to 2.21.1
- [Commits](FasterXML/jackson-bom@jackson-bom-2.21.0...jackson-bom-2.21.1)

Updates `org.springframework.boot:spring-boot-dependencies` from 3.5.10 to 3.5.11
- [Release notes](https://github.com/spring-projects/spring-boot/releases)
- [Commits](spring-projects/spring-boot@v3.5.10...v3.5.11)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: nl.jqno.equalsverifier:equalsverifier
  dependency-version: 4.4.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: low-risk
- dependency-name: com.fasterxml.jackson:jackson-bom
  dependency-version: 2.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.springframework.boot:spring-boot-dependencies
  dependency-version: 3.5.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: low-risk
...

Signed-off-by: dependabot[bot] <support@github.com>
Copilot AI review requested due to automatic review settings February 23, 2026 09:18
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Feb 23, 2026
@dependabot dependabot Bot review requested due to automatic review settings February 23, 2026 09:18
@RichardSlater
Copy link
Copy Markdown
Contributor

RichardSlater commented Feb 23, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines Bot commented Feb 23, 2026

Azure Pipelines successfully started running 1 pipeline(s).

RichardSlater
RichardSlater approved these changes Feb 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@RichardSlater RichardSlater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Low-risk group, standard pre-approved change.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Feb 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RichardSlater RichardSlater merged commit 23236d8 into main Feb 23, 2026
2 checks passed
@RichardSlater RichardSlater deleted the dependabot/maven/low-risk-dabdad834f branch February 23, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RichardSlater RichardSlater RichardSlater approved these changes

Assignees

@RichardSlater RichardSlater

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RichardSlater