Skip to content

Bump the dependencies group across 1 directory with 23 updates#9

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/dependencies-42d9ccab98
Closed

Bump the dependencies group across 1 directory with 23 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/gradle/dependencies-42d9ccab98

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown

Bumps the dependencies group with 21 updates in the / directory:

Package From To
com.github.rfresh2:JDA 6.4.31 6.4.32
com.github.rfresh2:MCProtocolLib 1.21.4.49 26.1.2.10
io.netty:netty-bom 4.2.12.Final 4.2.15.Final
org.redisson:redisson 4.3.1 4.5.0
com.viaversion:viaversion-common 5.9.0-20260417.203614-32 5.9.1
com.viaversion:viabackwards-common 5.9.0-20260417.203715-15 5.9.1
com.viaversion:viarewind-common 4.1.0-20260409.155713-7 4.1.1
org.jline:jline 4.0.12 4.1.3
org.postgresql:postgresql 42.7.10 42.7.11
org.jdbi:jdbi3-postgres 3.52.1 3.53.0
com.google.guava:guava 33.5.0-jre 33.6.0-jre
ch.qos.logback:logback-classic 1.5.32 1.5.34
org.slf4j:slf4j-api 2.0.17 2.0.18
tools.jackson:jackson-bom 3.1.2 3.2.0
org.junit:junit-bom 6.0.3 6.1.0
org.testcontainers:testcontainers 2.0.4 2.0.5
org.graalvm.sdk:nativeimage 25.0.2 25.0.3
org.graalvm.buildtools.native 1.0.0 1.1.2
com.gradleup.shadow 9.4.1 9.4.2
io.freefair.lombok 9.2.0 9.5.0
gradle-wrapper 9.4.1 9.5.1

Updates com.github.rfresh2:JDA from 6.4.31 to 6.4.32

Release notes

Sourced from com.github.rfresh2:JDA's releases.

v5.0.0-alpha.8 | alpha.6 Hotfix 2: Electric Boogaloo

Changelog

This release is a follow up hotfix release for 5.0.0-alpha.6 that wasn't completely mitigated by the 5.0.0-alpha.7 hotfix.

Check out the patch notes on 5.0.0-alpha.6 for the cool new stuff.

New Features

N/A

Changes

Removed

N/A

Full Changelog: discord-jda/JDA@v5.0.0-alpha.7...v5.0.0-alpha.8

Installation

Gradle

repositories {
    mavenCentral()
}
dependencies {
    implementation("net.dv8tion:JDA:5.0.0-alpha.8")
}

Maven

<dependency>
    <groupId>net.dv8tion</groupId>
    <artifactId>JDA</artifactId>
    <version>5.0.0-alpha.8</version> 
</dependency>

v5.0.0-alpha.7 | Hotfix for alpha.6

Changelog

This release is a hotfix release for 5.0.0-alpha.6. Check out the patch notes on that version for the cool stuff.

New Features

N/A

Changes

... (truncated)

Commits

Updates com.github.rfresh2:MCProtocolLib from 1.21.4.49 to 26.1.2.10

Updates io.netty:netty-bom from 4.2.12.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.15.Final

Security fixes

  • CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
  • CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-50560: DDoS in io.netty:netty-codec-http2.
  • CVE-2026-50011: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-50009: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
  • CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
  • CVE-2026-50020: request smuggling in io.netty:netty-codec-http.
  • CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
  • CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
  • CVE-2026-50010: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
  • CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
  • CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
  • CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
  • CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
  • CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
  • CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
  • CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
  • CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
  • CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

New Contributors

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

... (truncated)

Commits
  • a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
  • 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
  • 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
  • 76291f5 Fix SCTP and Redis tests (#16893)
  • e067b6e Fix revapi warnings (#16885)
  • 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
  • 541add0 Merge commit from fork
  • 270800e Merge commit from fork
  • 3d45a1e Merge commit from fork
  • 75127ca Merge commit from fork
  • Additional commits viewable in compare view

Updates org.redisson:redisson from 4.3.1 to 4.5.0

Release notes

Sourced from org.redisson:redisson's releases.

redisson-4.5.0

Feature - Array object added (thanks to @​lamnt2008)
Feature - BitVector Store object added
Feature - Fory lib upgraded to 1.1.0
Feature - Micronaut 5.0 support
Feature - readMode setting added for MapOptions, PlainOptions, LocalCachedMapOptions objects
Feature - extended incrementAndGet() method added to RAtomicLong, RAtomicDouble (thanks to @​lamnt2008)
Feature - contains(), range(), iterator() methods added to RVectorSet object
Feature - RMap.keysAsync() method added (thanks to @​sywu14)
Feature - RVectorSet added to RBatch object (thanks to @​sywu14)

Breaking change - map listeners signature changed, field name added (thanks to @​lamnt2008)

Improvement - refactor: remove unnecessary boxing of primitives (thanks to @​MukjepScarlet)

Fixed - RScoredSortedSet Rx and Reactive must handle empty results as absent (thanks to @​ngyngcphu)
Fixed - RGeo Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - RSet Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - RVectorSet Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - PingConnectionHandler race condition
Fixed - UUID type metadata leak in TypedJsonJacksonCodec (thanks to @​wushiyuanmaimob)
Fixed - UUID type inclusion by TypedJsonJackson3Codec
Fixed - buffer truncation in LZ4CodecV2
Fixed - WRONGPASS error on cluster slaves with TLS when password is set at root Config level (regression since 4.4.0) (thanks to @​seakider)
Fixed - release locks for non-existent keys in transactional RMap.fastRemove() (thanks to @​sywu14)

redisson-4.4.0

Feature - Hibernate 7.3.x support Feature - GCRA Rate Limiter added (thanks to @​bandalgomsu) Feature - Non-Reentrant Locks implemented: RLock and RFairLock Feature - entries(count), values(count), keySet(count) methods added to RMultimap Feature - fallbackLoadingToMaster setting added (thanks to @​bandalgomsu) Feature - RRateLimiter.set(RateLimiterArgs) method added (thanks to @​nhancdt2602) Feature - RRateLimiter.update(RateLimiterArgs) method added (thanks to @​nhancdt2602) Feature - RMapCache.putAll() method added with idleTime parameter Feature - RBloomFilter.exists(Collection) method added (thanks to @​nhancdt2602) Feature - MapIncrListener, DequeAddFirstListener, DequeAddLastListener added (thanks to @​nhancdt2602) Feature - SetInterStoreListener, SetUnionStoreListener, SetDiffStoreListener, ScoredSortedSetIncrListener, ScoredSortedSetUnionStoreListener, ScoredSortedSetInterStoreListener, ScoredSortedSetDiffStoreListener added Feature - profileSearch() and profileAggregate() methods added to RSearch Feature - collection field index support for RLiveObject (thanks to @​ngyngcphu) Feature - dnsMonitoringTimes setting added (thanks to @​seakider) Feature - RScoredSortedSet.Aggregate.COUNT option added (thanks to @​TrietMinh23) Feature - RJsonBucket.set() method added with Floating-point homogeneous array precision type (thanks to @​TrietMinh23) ‎Feature - yieldDistanceAs() and shardKRatio() methods added to VectorSimilarityNearestNeighbors params (thanks to @​TrietMinh23) Feature - RedissonClient.shutdownAsync() method added (thanks to @​TrietMinh23) Feature - RStream.nack() method added (thanks to @​lamnt2008) Feature - datastoreMode, primaryDiscoveryMode settings added to Multi Sentinel mode Feature - setSyncConfig(), setQueueSyncConfig(), setTopicSyncConfig() methods added to JMS RedissonConnectionFactory

Improvement - io_uring migration from Netty incubator to graduated transport (4.2)

... (truncated)

Changelog

Sourced from org.redisson:redisson's changelog.

05-June-2026 - 4.5.0 released

Feature - Array object added (thanks to @​lamnt2008)
Feature - BitVector Store object added
Feature - Fory lib upgraded to 1.0.0
Feature - Micronaut 5.0 support
Feature - readMode setting added for MapOptions, PlainOptions, LocalCachedMapOptions objects
Feature - extended incrementAndGet() method added to RAtomicLong, RAtomicDouble (thanks to @​lamnt2008)
Feature - contains(), range(), iterator() methods added to RVectorSet object
Feature - RMap.keysAsync() method added (thanks to @​sywu14)
Feature - RVectorSet added to RBatch object (thanks to @​sywu14)

Breaking change - map listeners signature changed, field name added (thanks to @​lamnt2008)

Improvement - refactor: remove unnecessary boxing of primitives (thanks to @​MukjepScarlet)

Fixed - RScoredSortedSet Rx and Reactive must handle empty results as absent (thanks to @​ngyngcphu)
Fixed - RGeo Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - RSet Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - RVectorSet Rx and Reactive must handle empty results as absent (thanks to @​lamnt2008)
Fixed - PingConnectionHandler race condition
Fixed - UUID type metadata leak in TypedJsonJacksonCodec (thanks to @​wushiyuanmaimob)
Fixed - UUID type inclusion by TypedJsonJackson3Codec
Fixed - buffer truncation in LZ4CodecV2
Fixed - WRONGPASS error on cluster slaves with TLS when password is set at root Config level (regression since 4.4.0) (thanks to @​seakider)
Fixed - release locks for non-existent keys in transactional RMap.fastRemove() (thanks to @​sywu14)

12-May-2026 - 4.4.0 released

Feature - Hibernate 7.3.x support
Feature - GCRA Rate Limiter added (thanks to @​bandalgomsu)
Feature - Non-Reentrant Locks implemented: RLock and RFairLock
Feature - entries(count), values(count), keySet(count) methods added to RMultimap
Feature - fallbackLoadingToMaster setting added (thanks to @​bandalgomsu)
Feature - RRateLimiter.set(RateLimiterArgs) method added (thanks to @​nhancdt2602)
Feature - RRateLimiter.update(RateLimiterArgs) method added (thanks to @​nhancdt2602)
Feature - RMapCache.putAll() method added with idleTime parameter
Feature - RBloomFilter.exists(Collection<T>) method added (thanks to @​nhancdt2602)
Feature - MapIncrListener, DequeAddFirstListener, DequeAddLastListener added (thanks to @​nhancdt2602)
Feature - SetInterStoreListener, SetUnionStoreListener, SetDiffStoreListener, ScoredSortedSetIncrListener, ScoredSortedSetUnionStoreListener, ScoredSortedSetInterStoreListener, ScoredSortedSetDiffStoreListener added
Feature - profileSearch() and profileAggregate() methods added to RSearch
Feature - collection field index support for RLiveObject (thanks to @​ngyngcphu)
Feature - dnsMonitoringTimes setting added (thanks to @​seakider)
Feature - RScoredSortedSet.Aggregate.COUNT option added (thanks to @​TrietMinh23)
Feature - RJsonBucket.set() method added with Floating-point homogeneous array precision type (thanks to @​TrietMinh23)
‎Feature - yieldDistanceAs() and shardKRatio() methods added to VectorSimilarityNearestNeighbors params (thanks to @​TrietMinh23)
Feature - RedissonClient.shutdownAsync() method added (thanks to @​TrietMinh23)
Feature - RStream.nack() method added (thanks to @​lamnt2008)
Feature - datastoreMode, primaryDiscoveryMode settings added to Multi Sentinel mode
Feature - setSyncConfig(), setQueueSyncConfig(), setTopicSyncConfig() methods added to JMS RedissonConnectionFactory

... (truncated)

Commits

Updates com.viaversion:viaversion-common from 5.9.0-20260417.203614-32 to 5.9.1

Updates com.viaversion:viabackwards-common from 5.9.0-20260417.203715-15 to 5.9.1

Updates com.viaversion:viarewind-common from 4.1.0-20260409.155713-7 to 4.1.1

Commits

Updates org.jline:jline from 4.0.12 to 4.1.3

Release notes

Sourced from org.jline:jline's releases.

JLine 4.1.3 is a patch release with important fixes for terminal close handling, raw mode signal behavior, FFM memory management, and shell command argument parsing.

Bug Fixes

  • fix: terminal.close() blocks when pump thread is reading stdin (#1911, fixes #1909)
  • fix: clear ISIG in enterRawMode so Ctrl+C reaches raw-mode readers (#1912)
  • fix: use confined arenas instead of auto arenas in FFM CLibrary (#1913, fixes #1872)
  • fix: swap rows/columns in openpty winsize constructor call (#1914, fixes #1910)
  • fix: fix command argument parsing in DefaultCommandDispatcher (#1924)

Chores

  • chore: add OSS AI helper rules for project conventions (#1917)

Dependencies

  • chore: Bump org.graalvm.buildtools:native-maven-plugin from 1.1.0 to 1.1.1 (#1915)
  • chore: Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6 (#1918)
  • chore: Bump com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0 (#1919)

Full Changelog: jline/jline3@4.1.2...4.1.3

JLine 4.1.2 is a patch release focused on correctness fixes across the parser, terminal I/O, and shell modules.

Bug Fixes

  • fix: echo preserves backslash before unrecognised escape sequences (#1901, fixes #1863)
  • fix: DefaultParser preserves backslashes inside quotes (#1902, fixes #1877)
  • fix: NonBlockingInputStream keeps thread alive after EOF (#1903, fixes #1879)
  • fix: ensure cursor position after alternate screen init (#1904, fixes #1883)
  • fix: use parser for command argument splitting (#1907, fixes #1876)

Dependencies

  • chore: Bump eu.maveniverse.maven.nisse:extension from 0.9.1 to 0.9.2 (#1905)

Full Changelog: jline/jline3@4.1.1...4.1.2

JLine 4.1.1 is a patch release focused on stability fixes. The most notable change corrects the POSIX raw mode defaults (VMIN/VTIME) in enterRawMode, which could cause shell REPL sessions to hang or malfunction on certain platforms. This release also fixes a Display bug where the internal line buffer could alias or reject immutable caller-provided lists, hardens signal registration against null returns, and corrects alternate charset handling in ScreenTerminal.

🐛 Bug Fixes

📦 Dependency updates

  • chore: Bump com.palantir.javaformat:palantir-java-format from 2.90.0 to 2.91.0 (#1898) @​dependabot

... (truncated)

Commits
  • 7f44a23 fix: fix command argument parsing in DefaultCommandDispatcher (#1924)
  • 911e3d6 chore: Bump com.diffplug.spotless:spotless-maven-plugin from 3.5.1 to 3.6.0 (...
  • 15cdac5 chore: Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5....
  • 2d3e1ff chore: Bump org.graalvm.buildtools:native-maven-plugin from 1.1.0 to 1.1.1 (#...
  • 0ac019a fix: terminal.close() blocks when pump thread is reading stdin (#1911)
  • 1d63740 fix: use confined arenas instead of auto arenas in FFM CLibrary (fixes #1872)
  • 1604643 Merge pull request #1912 from jline/dot-tarragon
  • 147ee9c chore: add OSS AI helper rules for project conventions (#1917)
  • 1735c1f fix: swap rows/columns in openpty winsize constructor call (fixes #1910)
  • d9f6b86 fix: add PromptCancelTest from #1908 with timeout and fixture patterns
  • Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.10 to 42.7.11

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.11

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Changes

🐛 Bug Fixes

  • fix: ensure extended protocol messages end with Sync message @​vlsi (#3728)
  • fix: enable cursor-based fetching in extended protocol when transaction started via SQL command @​vlsi (#3996)
  • fix: retry with SSL on IOException when sslMode=ALLOW @​vlsi (#3973)
  • fix: allow fallback to non-SSL connection when sslMode=prefer and sslResponseTimeout kicks in @​vlsi (#3968)
  • fix: catch SecurityException from setContextClassLoader on ForkJoinPool workers @​vlsi (#3962)
  • fix: use compareTo for LogSequenceNumber comparison @​vlsi (#3961)
  • fix: release COPY lock on IOException to prevent connection hang (#3957) @​vlsi (#3960)

🧰 Maintenance

⬆️ Dependencies

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.11] (2026-04-28)

Security

  • fix: Limit SCRAM PBKDF2 iterations accepted from the server. pgjdbc was vulnerable to a client-side denial of service in SCRAM-SHA-256 authentication, where a malicious or compromised PostgreSQL server could specify an extremely large PBKDF2 iteration count, causing the client to consume unbounded CPU and potentially exhaust connection pools. The fix introduces a new scramMaxIterations connection property (defaulting to 100,000) to cap iteration counts before computation begins. See the Security Advisory for more detail. The following CVE-2026-42198 has been issued.

Added

Changed

Fixed

Commits
  • 78e261f fix: Add sources and javadocs to shaded published lib generation
  • 1e09fa0 update Changelog and website for release of 42.7.11 (#4042)
  • d479fa5 Fix scram fix location in changelog and update published artifact developer l...
  • b04fc46 docs: Add scram max iters fix to changelog
  • cf54822 test: Disable scram test on older version without scram_iterations GUC
  • 7dbcc79 test: Add SCRAM max iteration tests
  • c9d41d1 fix: Limit SCRAM PBKDF2 iterations accepted from the server
  • a340cb2 style: replace @​exception with @​throws in getBoolean javadoc
  • 77837f8 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
  • 23af03b chore(deps): update actions/checkout action to v6
  • Additional commits viewable in compare view

Updates org.jdbi:jdbi3-postgres from 3.52.1 to 3.53.0

Release notes

Sourced from org.jdbi:jdbi3-postgres's releases.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

  • Update testcontainers dependency to 2.0.5 (from 1.21.4)
  • Add StatementContext parameter to SqlExceptionHandler and remove return value
Changelog

Sourced from org.jdbi:jdbi3-postgres's changelog.

3.53.0

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has renamed a number of their jar files. Jdbi still supports testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to 2.x, make sure that you reference the org.testcontainers:jdbc and org.testcontainers:junit-jupiter dependencies. Those used to be available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the org.testcontainers:testcontainers-jdbc and org.testcontainers:testcontainers-junit-jupiter dependencies must be available.

  • Update testcontainers dependency to 2.0.5 (from 1.21.4)
  • Add StatementContext parameter to SqlExceptionHandler and remove return value
Commits
  • 5361840 [maven-release-plugin] prepare release v3.53.0
  • 59a8376 Release notes 3.53.0
  • 1f1a5c5 freemarker: disable template class resolution
  • 83465ac Merge remote-tracking branch 'origin/master' into sqlexception-handler-statem...
  • 5d4191f Merge pull request #2969 from hgschmie/testcontainers2
  • 05f9bdb align mysql docker image property name
  • ce9f12c align oracle docker image property name
  • ebceb8a move to testcontainers 2.x
  • 9a42863 add documentation and example
  • d53118f SqlExceptionHandler: add StatementContext parameter, remove confusing return ...
  • Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)
Commits

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

HardenedModelInputStream will no longer accept to deserialize all classes locate...

Description has been truncated

Bumps the dependencies group with 21 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.github.rfresh2:JDA](https://github.com/discord-jda/JDA) | `6.4.31` | `6.4.32` |
| com.github.rfresh2:MCProtocolLib | `1.21.4.49` | `26.1.2.10` |
| [io.netty:netty-bom](https://github.com/netty/netty) | `4.2.12.Final` | `4.2.15.Final` |
| [org.redisson:redisson](https://github.com/redisson/redisson) | `4.3.1` | `4.5.0` |
| com.viaversion:viaversion-common | `5.9.0-20260417.203614-32` | `5.9.1` |
| com.viaversion:viabackwards-common | `5.9.0-20260417.203715-15` | `5.9.1` |
| [com.viaversion:viarewind-common](https://github.com/ViaVersion/viarewind-common) | `4.1.0-20260409.155713-7` | `4.1.1` |
| [org.jline:jline](https://github.com/jline/jline3) | `4.0.12` | `4.1.3` |
| [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.10` | `42.7.11` |
| [org.jdbi:jdbi3-postgres](https://github.com/jdbi/jdbi) | `3.52.1` | `3.53.0` |
| [com.google.guava:guava](https://github.com/google/guava) | `33.5.0-jre` | `33.6.0-jre` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` |
| org.slf4j:slf4j-api | `2.0.17` | `2.0.18` |
| [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `3.1.2` | `3.2.0` |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.3` | `6.1.0` |
| [org.testcontainers:testcontainers](https://github.com/testcontainers/testcontainers-java) | `2.0.4` | `2.0.5` |
| [org.graalvm.sdk:nativeimage](https://github.com/oracle/graal) | `25.0.2` | `25.0.3` |
| [org.graalvm.buildtools.native](https://github.com/graalvm/native-build-tools) | `1.0.0` | `1.1.2` |
| [com.gradleup.shadow](https://github.com/GradleUp/shadow) | `9.4.1` | `9.4.2` |
| [io.freefair.lombok](https://github.com/freefair/gradle-plugins) | `9.2.0` | `9.5.0` |
| [gradle-wrapper](https://github.com/gradle/gradle) | `9.4.1` | `9.5.1` |



Updates `com.github.rfresh2:JDA` from 6.4.31 to 6.4.32
- [Release notes](https://github.com/discord-jda/JDA/releases)
- [Commits](https://github.com/discord-jda/JDA/commits)

Updates `com.github.rfresh2:MCProtocolLib` from 1.21.4.49 to 26.1.2.10

Updates `io.netty:netty-bom` from 4.2.12.Final to 4.2.15.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.2.12.Final...netty-4.2.15.Final)

Updates `org.redisson:redisson` from 4.3.1 to 4.5.0
- [Release notes](https://github.com/redisson/redisson/releases)
- [Changelog](https://github.com/redisson/redisson/blob/master/CHANGELOG.md)
- [Commits](redisson/redisson@redisson-4.3.1...redisson-4.5.0)

Updates `com.viaversion:viaversion-common` from 5.9.0-20260417.203614-32 to 5.9.1

Updates `com.viaversion:viabackwards-common` from 5.9.0-20260417.203715-15 to 5.9.1

Updates `com.viaversion:viarewind-common` from 4.1.0-20260409.155713-7 to 4.1.1
- [Commits](https://github.com/ViaVersion/viarewind-common/commits)

Updates `org.jline:jline` from 4.0.12 to 4.1.3
- [Release notes](https://github.com/jline/jline3/releases)
- [Commits](jline/jline3@4.0.12...4.1.3)

Updates `org.postgresql:postgresql` from 42.7.10 to 42.7.11
- [Release notes](https://github.com/pgjdbc/pgjdbc/releases)
- [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md)
- [Commits](pgjdbc/pgjdbc@REL42.7.10...REL42.7.11)

Updates `org.jdbi:jdbi3-postgres` from 3.52.1 to 3.53.0
- [Release notes](https://github.com/jdbi/jdbi/releases)
- [Changelog](https://github.com/jdbi/jdbi/blob/master/RELEASE_NOTES.md)
- [Commits](jdbi/jdbi@v3.52.1...v3.53.0)

Updates `com.google.guava:guava` from 33.5.0-jre to 33.6.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.32...v_1.5.34)

Updates `org.slf4j:slf4j-api` from 2.0.17 to 2.0.18

Updates `org.slf4j:jul-to-slf4j` from 2.0.17 to 2.0.18

Updates `tools.jackson:jackson-bom` from 3.1.2 to 3.2.0
- [Commits](FasterXML/jackson-bom@jackson-bom-3.1.2...jackson-bom-3.2.0)

Updates `org.junit:junit-bom` from 6.0.3 to 6.1.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.3...r6.1.0)

Updates `org.testcontainers:testcontainers` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](testcontainers/testcontainers-java@2.0.4...2.0.5)

Updates `org.testcontainers:testcontainers-junit-jupiter` from 2.0.4 to 2.0.5
- [Release notes](https://github.com/testcontainers/testcontainers-java/releases)
- [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md)
- [Commits](testcontainers/testcontainers-java@2.0.4...2.0.5)

Updates `org.graalvm.sdk:nativeimage` from 25.0.2 to 25.0.3
- [Release notes](https://github.com/oracle/graal/releases)
- [Commits](oracle/graal@vm-25.0.2...vm-25.0.3)

Updates `org.graalvm.buildtools.native` from 1.0.0 to 1.1.2
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@1.0...1.1.2)

Updates `com.gradleup.shadow` from 9.4.1 to 9.4.2
- [Release notes](https://github.com/GradleUp/shadow/releases)
- [Commits](GradleUp/shadow@9.4.1...9.4.2)

Updates `io.freefair.lombok` from 9.2.0 to 9.5.0
- [Release notes](https://github.com/freefair/gradle-plugins/releases)
- [Commits](freefair/gradle-plugins@9.2.0...9.5.0)

Updates `gradle-wrapper` from 9.4.1 to 9.5.1
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v9.4.1...v9.5.1)

---
updated-dependencies:
- dependency-name: com.github.rfresh2:JDA
  dependency-version: 6.4.32
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.github.rfresh2:MCProtocolLib
  dependency-version: 26.1.2.10
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.15.Final
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.redisson:redisson
  dependency-version: 4.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.viaversion:viaversion-common
  dependency-version: 5.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.viaversion:viabackwards-common
  dependency-version: 5.9.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.viaversion:viarewind-common
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.jline:jline
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.postgresql:postgresql
  dependency-version: 42.7.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.jdbi:jdbi3-postgres
  dependency-version: 3.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.google.guava:guava
  dependency-version: 33.6.0-jre
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.slf4j:slf4j-api
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.slf4j:jul-to-slf4j
  dependency-version: 2.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.testcontainers:testcontainers
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.testcontainers:testcontainers-junit-jupiter
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.graalvm.sdk:nativeimage
  dependency-version: 25.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.graalvm.buildtools.native
  dependency-version: 1.1.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: com.gradleup.shadow
  dependency-version: 9.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: io.freefair.lombok
  dependency-version: 9.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: gradle-wrapper
  dependency-version: 9.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 11, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 18, 2026
@dependabot dependabot Bot deleted the dependabot/gradle/dependencies-42d9ccab98 branch June 18, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants