Bump the production-dependencies group across 1 directory with 23 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the production-dependencies group with 23 updates in the / directory:

Package	From	To
com.fasterxml.jackson.core:jackson-databind	2.19.2	2.20.0
com.fasterxml.jackson.datatype:jackson-datatype-jdk8	2.19.2	2.20.0
com.fasterxml.jackson.module:jackson-module-kotlin	2.19.2	2.20.0
commons-codec:commons-codec	1.18.0	1.19.0
org.rocksdb:rocksdbjni	10.2.1	10.4.2
org.projectlombok:lombok	1.18.38	1.18.42
org.mockito:mockito-core	5.18.0	5.20.0
org.apache.logging.log4j:log4j-api	2.25.0	2.25.2
org.apache.logging.log4j:log4j-slf4j2-impl	2.25.0	2.25.2
org.apache.logging.log4j:log4j-core	2.25.0	2.25.2
commons-io:commons-io	2.19.0	2.20.0
org.yaml:snakeyaml	2.4	2.5
jakarta.xml.bind:jakarta.xml.bind-api	4.0.2	4.0.4
com.google.guava:guava	33.4.8-jre	33.5.0-jre
org.threeten:threetenbp	1.7.1	1.7.2
org.jetbrains.kotlinx:kotlinx-datetime-jvm	0.7.0-0.6.x-compat	0.7.1-0.6.x-compat
org.apache.maven.plugins:maven-compiler-plugin	3.14.0	3.14.1
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-javadoc-plugin	3.11.2	3.12.0
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.codehaus.mojo:flatten-maven-plugin	1.7.2	1.7.3
org.junit:junit-bom	5.12.2	5.13.4
org.graalvm.buildtools:native-maven-plugin	0.10.6	0.11.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits

• 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
• 4d53d9a Prep for 2.20.0
• df3d719 Drop rc2 from version
• 03159dd Post-release version bump
• 3982156 [maven-release-plugin] prepare for next development iteration
• 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
• ddc1e5c Prep for 2.20.0-rc1
• 80b8371 Merge pull request #1025 from k163377/ex
• 50f5527 Update release notes wrt #1025
• 4ab4308 Fix to test that KotlinInvalidNullException is thrown
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jdk8 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.0

Commits

• 5684fc2 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0
• 4d53d9a Prep for 2.20.0
• df3d719 Drop rc2 from version
• 03159dd Post-release version bump
• 3982156 [maven-release-plugin] prepare for next development iteration
• 295e60c [maven-release-plugin] prepare release jackson-module-kotlin-2.20.0-rc1
• ddc1e5c Prep for 2.20.0-rc1
• 80b8371 Merge pull request #1025 from k163377/ex
• 50f5527 Update release notes wrt #1025
• 4ab4308 Fix to test that KotlinInvalidNullException is thrown
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.19.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.19.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.19.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add HmacUtils.hmac(Path). Thanks to Gary Gregory.
  

•         Add HmacUtils.hmacHex(Path). Thanks to Gary Gregory.
  

•         Add PMD check to the default Maven goal. Thanks to Gary Gregory.
  

•         Add SpotBugs check to the default Maven goal. Thanks to Gary Gregory.
  

Fixed Bugs

•         Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.
  

•         Refactor DigestUtils.updateDigest(MessageDigest, File) to use NIO. Thanks to Gary Gregory.
  

• CODEC-328: Clarify Javadoc for org.apache.commons.codec.digest.UnixCrypt.crypt(byte[],String). Thanks to Gary Gregory.

•         Precompile regular expressions in DaitchMokotoffSoundex.Rule. Thanks to Gary Gregory.
  

•         Precompile regular expressions in DaitchMokotoffSoundex.parseRules(Scanner, String, Map, Map). Thanks to Gary Gregory.
  

•         Precompile regular expressions in Lang.loadFromResource(String, Languages). Thanks to Gary Gregory.
  

•         Precompile regular expressions in PhoneticEngine.encode(String, LanguageSet). Thanks to Gary Gregory.
  

•         Precompile regular expressions in org.apache.commons.codec.language.bm.Rule.parse*(*). Thanks to Gary Gregory.
  

•         Remove redundant checks for whitespace in DaitchMokotoffSoundex.soundex(String, boolean). Thanks to Gary Gregory.
  

•         Javadoc typo in Base16.java [#380](https://github.com/apache/commons-codec/issues/380). Thanks to Sebastian Baunsgaard.
  

•         Deprecate unused constant org.apache.commons.codec.language.bm.Rule.ALL. Thanks to Gary Gregory.
  

• CODEC-331: org.apache.commons.codec.language.bm.Rule.parsePhonemeExpr(String) adds duplicate empty phoneme when input ends with |. Thanks to IlikeCode, Gary Gregory.
• CODEC-331: org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) does not remove special characters like punctuation. Thanks to IlikeCode, Gary Gregory.

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.binary.StringUtils. Thanks to Gary Gregory.
  

•         Fix PMD UnusedFormalParameter in private constructor in org.apache.commons.codec.binary.Base16. Thanks to Gary Gregory.
  

•         Fix PMD multiple UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Blake3. Thanks to Gary Gregory.
  

•         Fix PMD UnnecessaryFullyQualifiedName in org.apache.commons.codec.digest.Md5Crypt. Thanks to Gary Gregory.
  

•         Fix PMD EmptyControlStatement in org.apache.commons.codec.language.Metaphone. Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] Medium: org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder.setEncodeTable(byte[]) may expose internal representation by storing an externally mutable object into BaseNCodec$AbstractBuilder.encodeTable [org.apache.commons.codec.binary.BaseNCodec$AbstractBuilder] At BaseNCodec.java:[line 131] EI_EXPOSE_REP2. Thanks to Gary Gregory.
  

•         The method org.apache.commons.codec.binary.BaseNCodec.AbstractBuilder.setLineSeparator(byte...) now makes a defensive copy. Thanks to Gary Gregory.
  

•         Avoid unnecessary String conversion in org.apache.commons.codec.language.bm.PhoneticEngine.applyFinalRules(PhonemeBuilder, Map). Thanks to Gary Gregory.
  

•         Fix SpotBugs [ERROR] High: Potentially dangerous use of non-short-circuit logic in org.apache.commons.codec.language.DaitchMokotoffSoundex.cleanup(String) [org.apache.commons.codec.language.DaitchMokotoffSoundex] At DaitchMokotoffSoundex.java:[line 350] NS_DANGEROUS_NON_SHORT_CIRCUIT. Thanks to Gary Gregory.
  

Changes

... (truncated)

Commits

• 351cb22 Prepare for the release candidate 1.19.0 RC1
• 0d501b6 Prepare for the next release candidate
• d6d4b82 Refactor duplicate code
• 6d6456c No need to exclude abstract test classes from Surefire runs
• 22d62e4 No need to specify the default value for linkXref
• c4daf34 No longer need to override the version of the Jacoco Maven plugin
• 8f2b673 Remove workaround for [SUREFIRE-2253]
• 466a61d Fix Javadoc
• ca27bd3 Fix Checkstyle
• 1dfb4e5 Better internal method name
• Additional commits viewable in compare view

Updates org.rocksdb:rocksdbjni from 10.2.1 to 10.4.2

Release notes

Sourced from org.rocksdb:rocksdbjni's releases.

v10.4.2

10.4.2 (07/09/2025)

Bug Fixes

• Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

• RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

• Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

• Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
• Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
• Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
• Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
• Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

• Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
• Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

• TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

• Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
• Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
• Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.

Changelog

Sourced from org.rocksdb:rocksdbjni's changelog.

10.4.2 (07/09/2025)

Bug Fixes

• Fix a race condition between concurrent DB::Open sharing the same SstFileManager instance.

10.4.1 (07/01/2025)

Behavior Changes

• RocksDB now triggers eligible compactions every 12 hours when periodic compaction is configured. This solves a limitation of the compaction trigger mechanism, which would only trigger compaction after specific events like flush, compaction, or SetOptions.

Bug Fixes

• Fix a bug in BackupEngine that can crash backup due to a null FSWritableFile passed to WritableFileWriter.

10.4.0 (06/20/2025)

New Features

• Add a new CF option memtable_avg_op_scan_flush_trigger that supports triggering memtable flush when an iterator scans through an expensive range of keys, with the average number of skipped keys from the active memtable exceeding the threshold.
• Vector based memtable now supports concurrent writers (DBOptions::allow_concurrent_memtable_write) #13675.
• Add new experimental TransactionOptions::large_txn_commit_optimize_byte_threshold to enable optimizations for large transaction commit by transaction batch data size.
• Add a new option CompactionOptionsUniversal::reduce_file_locking and if it's true, auto universal compaction picking will adjust to minimize locking of input files when bottom priority compactions are waiting to run. This can increase the likelihood of existing L0s being selected for compaction, thereby improving write stall and reducing read regression.
• Add new format_version=7 to aid experimental support of custom compression algorithms with CompressionManager and block-based table. This format version includes changing the format of TableProperties::compression_name.

Public API Changes

• Change NewExternalTableFactory to return a unique_ptr instead of shared_ptr.
• Add an optional min file size requirement for deletion triggered compaction. It can be specified when creating CompactOnDeletionCollectorFactory.

Behavior Changes

• TransactionOptions::large_txn_commit_optimize_threshold now has default value 0 for disabled. TransactionDBOptions::txn_commit_bypass_memtable_threshold now has no effect on transactions.

Bug Fixes

• Fix a bug where CreateColumnFamilyWithImport() could miss the SST file for the memtable flush it triggered. The exported CF then may not contain the updates in the memtable when CreateColumnFamilyWithImport() is called.
• Fix iterator operations returning NotImplemented status if disallow_memtable_writes and paranoid_memory_checks CF options are both set.
• Fixed handling of file checksums in IngestExternalFile() to allow providing checksums using recognized but not necessarily the DB's preferred checksum function, to ease migration between checksum functions.

10.3.0 (05/17/2025)

New Features

• Add new experimental CompactionOptionsFIFO::allow_trivial_copy_when_change_temperature along with CompactionOptionsFIFO::trivial_copy_buffer_size to allow optimizing FIFO compactions with tiering when kChangeTemperature to move files from source tier FileSystem to another tier FileSystem via trivial and direct copying raw sst file instead of reading thru the content of the SST file then rebuilding the table files.
• Add a new field to Compaction Stats in LOG files for the pre-compression size written to each level.
• Add new experimental TransactionOptions::large_txn_commit_optimize_threshold to enable optimizations for large transaction commit with per transaction threshold. TransactionDBOptions::txn_commit_bypass_memtable_threshold is deprecated in favor of this transaction option.
• [internal team use only] Allow an application-defined request_id to be passed to RocksDB and propagated to the filesystem via IODebugContext

Bug Fixes

• Fix a bug where transaction lock upgrade can incorrectly fail with a Deadlock status. This happens when a transaction has a non-zero timeout and tries to upgrade a shared lock that is also held by another transaction.
• Pass wrapped WritableFileWriter pointer to ExternalTableBuilder so that the file checksum can be correctly calculated and returned by SstFileWriter for external table files.
• Fix an infinite-loop bug in transaction locking. This can happen if a transaction reaches lock limit and its time out expires before it attempts to wait for it.
• Fixed a potential data race with CompressionOptions::parallel_threads > 1 and a TablePropertiesCollector overriding BlockAdd().

10.2.0 (04/21/2025)

New Features

• Provide histogram stats COMPACTION_PREFETCH_BYTES to measure number of bytes for RocksDB's prefetching (as opposed to file system's prefetch) on SST file during compaction read
• A new API DB::GetNewestUserDefinedTimestamp is added to return the newest user defined timestamp seen in a column family
• Introduce API IngestWriteBatchWithIndex() for ingesting updates into DB while bypassing memtable writes. This improves performance when writing a large write batch to the DB.
• Add a new CF option memtable_op_scan_flush_trigger that triggers a flush of the memtable if an iterator's Seek()/Next() scans over a certain number of invisible entries from the memtable.

... (truncated)

Commits

• 410c562 Merge pull request #13756 from mszeszko-meta/backport_13609_to_10.4
• 49d0c21 Bump patch version, update HISTORY.md
• b72fe4f Remove stats_ field from SstFileManagerImpl (#13757)
• 8725d90 Update compression libraries to latest releases (#13609)
• 3df9173 10.4.1 Patch Release (#13748)
• c3edaf5 Release 10.4
• f340a2e Port codemod changes from fbcode/rocksdb (#13714)
• 78c83ac Publish/support format_version=7, related enhancements (#13713)
• 190bb0b Disable AutoSkipCompressionManager test (#13715)
• fdc2970 Connect custom compression to crash test and ObjectLibrary (#13710)
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.38 to 1.18.42

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.42 (September 18th, 2025)

• FEATURE: All the various @Log annotations now allow you to change their access level (they still default to private). #2280. Thanks to new contributor Liam Pace!
• BUGFIX: Javadoc parsing was broken in Netbeans and ErrorProne for JDK25 #3940.

v1.18.40 (September 4th, 2025)

• PLATFORM: JDK25 support added #3859.
• BUGFIX: Recent versions of eclipse (or the eclipse-based java lang server for VSCode) caused java.lang.IllegalArgumentException: Document does not match the AST. [Issue #3886](projectlombok/lombok#3886).
• PERFORMANCE: @ExtensionMethod is now significantly faster [Issue #3866](projectlombok/lombok#3866).
• BUGFIX: the command line config tool would emit incorrect output for nullity annotations. [Issue #3931](projectlombok/lombok#3931).
• FEATURE: @Jacksonized @Accessors(fluent=true) automatically creates the relevant annotations such that Jackson correctly identifies fluent accessors. [Issue #3265](projectlombok/lombok#3265), [Issue #3270](projectlombok/lombok#3270).
• IMPROBABLE BREAKING CHANGE: From versions 1.18.16 to 1.18.38, lombok automatically copies certain Jackson annotations (e.g., @JsonProperty) from fields to the corresponding accessors (getters/setters). However, it turned out to be harmful in certain situations. Thus, Lombok does not automatically copy those annotations any more. You can restore the old behavior using the config key lombok.copyJacksonAnnotationsToAccessors = true.

Commits

• 2031eb0 [release] pre-release version bump for v1.18.42
• c95a6c1 Merge branch 'logger-access'
• 71d85ca #2280 Add delivery of this 'access for logging' to the changelog.
• 99ba3e3 [trivial] Slightly reworded the javadoc on each @Log annotation's `access()...
• e9cf11e [trivial][style]
• a6d5568 [deprecation] Marked AccessLevel.MODULE as deprecated. It was written for a...
• 492011d Refactored to use Javac/Eclipse utility function
• c1f7f66 Update copyright in logger files
• f63f40a Add myself to AUTHORS
• 9152c34 Fix failing tests
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.18.0 to 5.20.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

• 2025-09-20 - 11 commit(s) by Adrian-Kim, Giulio Longfils, Rafael Winterhalter, dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 [(#3730)](mockito/mockito#3730)
• Introducing the Ability to Mock Construction of Generic Types (#2401) [(#3729)](mockito/mockito#3729)
• Bump com.gradle.develocity from 4.1.1 to 4.2 [(#3726)](mockito/mockito#3726)
• Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 [(#3725)](mockito/mockito#3725)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 [(#3720)](mockito/mockito#3720)
• Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 [(#3719)](mockito/mockito#3719)
• Bump actions/setup-java from 4 to 5 [(#3715)](mockito/mockito#3715)
• Bump com.gradle.develocity from 4.1 to 4.1.1 [(#3713)](mockito/mockito#3713)
• Bump bytebuddy from 1.17.6 to 1.17.7 [(#3712)](mockito/mockito#3712)
• test: Use Assume.assumeThat for SequencedCollection tests [(#3711)](mockito/mockito#3711)
• Fix #3709 [(#3710)](mockito/mockito#3710)
• feat: Add support for JDK21 Sequenced Collections. [(#3708)](mockito/mockito#3708)
• Introducing the Ability to Mock Construction of Generic Types [(#2401)](mockito/mockito#2401)

v5.19.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.19.0

• 2025-08-15 - 37 commit(s) by Adrian-Kim, Tim van der Lippe, Tran Ngoc Nhan, dependabot[bot], juyeop
• feat: Add support for JDK21 Sequenced Collections. [(#3708)](mockito/mockito#3708)
• Bump actions/checkout from 4 to 5 [(#3707)](mockito/mockito#3707)
• build: Allow overriding 'Created-By' for reproducible builds [(#3704)](mockito/mockito#3704)
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 [(#3703)](mockito/mockito#3703)
• Bump androidx.test:runner from 1.6.2 to 1.7.0 [(#3697)](mockito/mockito#3697)
• Bump org.junit.platform:junit-platform-launcher from 1.13.3 to 1.13.4 [(#3694)](mockito/mockito#3694)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.1.0 to 7.2.1 [(#3693)](mockito/mockito#3693)
• Bump junit-jupiter from 5.13.3 to 5.13.4 [(#3691)](mockito/mockito#3691)
• Bump com.gradle.develocity from 4.0.2 to 4.1 [(#3689)](mockito/mockito#3689)
• Bump com.google.googlejavaformat:google-java-format from 1.27.0 to 1.28.0 [(#3688)](mockito/mockito#3688)
• Bump com.google.googlejavaformat:google-java-format from 1.25.2 to 1.27.0 [(#3686)](mockito/mockito#3686)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.4 to 7.1.0 [(#3685)](mockito/mockito#3685)
• Bump junit-jupiter from 5.13.2 to 5.13.3 [(#3684)](mockito/mockito#3684)
• Bump org.shipkit:shipkit-auto-version from 2.1.0 to 2.1.2 [(#3683)](mockito/mockito#3683)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.2 to 7.0.4 [(#3682)](mockito/mockito#3682)
• Only run release after both Java and Android tests have finished [(#3681)](mockito/mockito#3681)
• Bump org.junit.platform:junit-platform-launcher from 1.12.2 to 1.13.3 [(#3680)](mockito/mockito#3680)
• Bump org.codehaus.groovy:groovy from 3.0.24 to 3.0.25 [(#3679)](mockito/mockito#3679)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.23.0 to 3.23.100 [(#3678)](mockito/mockito#3678)
• Can no longer publish snapshot releases [(#3677)](mockito/mockito#3677)
• Update Gradle to 8.14.2 [(#3676)](mockito/mockito#3676)
• Bump errorprone from 2.23.0 to 2.39.0 [(#3674)](mockito/mockito#3674)
• Correct Junit docs link [(#3672)](mockito/mockito#3672)
• Bump net.ltgt.gradle:gradle-errorprone-plugin from 4.1.0 to 4.3.0 [(#3670)](mockito/mockito#3670)
• Bump junit-jupiter from 5.13.1 to 5.13.2 [(#3669)](mockito/mockito#3669)
• Bump bytebuddy from 1.17.5 to 1.17.6 [(#3668)](mockito/mockito#3668)

... (truncated)

Commits

• 3a1a19e Add support for generic types in MockedConstruction and MockedStatic (#3729)
• f3c957a Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#3730)
• 3cfbd42 Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 (#3725)
• 6f9a04b Bump com.gradle.develocity from 4.1.1 to 4.2 (#3726)
• c75dfb8 Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 (#3720)
• 54474fa Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 (#3719)
• bc06f21 Use Assume.assumeThat for SequencedCollection tests (#3711)
• a10aed0 Bump actions/setup-java from 4 to 5 (#3715)
• 37bb3e5 Fix metadata generation on GraalVM (#3710)
• ef2fd6f Bump com.gradle.develocity from 4.1 to 4.1.1 (#3713)
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-api from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.0 to 2.25.2

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.2

Updates commons-io:commons-io from 2.19.0 to 2.20.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.20.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.20.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.19.1: Java 8 or later is required.

New features

o IO-875: Add org.apache.commons.io.file.CountingPathVisitor.accept(Path, BasicFileAttributes) #743. Thanks to Pierre Baumard, Gary Gregory. o Add org.apache.commons.io.Charsets.isAlias(Charset, String). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.isUTF8(Charset). Thanks to Gary Gregory. o Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset). Thanks to Gary Gregory. o IO-279: Add Tailer ignoreTouch option #757. Thanks to Joerg Budischewski, Gary Gregory.

Fixed Bugs

o [javadoc] Rename parameter of ProxyOutputStream.write(int) #740. Thanks to Jesse Glick. o IO-875: CopyDirectoryVisitor ignores fileFilter #743. Thanks to Pierre Baumard, Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin.getReader(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin.getWriter(Charset) now maps a null Charset to the default Charset. Thanks to Gary Gregory. o FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset #744. Thanks to Ryan Kurtz, Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77]Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE. Thanks to Gary Gregory. o QueueInputStream reads all but the first byte without waiting. #748. Thanks to maxxedev, Piotr P. Karwasz, Gary Gregory. o Javadoc fixes and improvements. Thanks to Gary Gregory. o Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter.accept(File). Thanks to Gary Gregory. o IO-874: FileUtils.forceDelete can delete a broken symlink again #756. Thanks to Andy Russell, Joerg Budischewski. o Fix infinite loop in AbstractByteArrayOutputStream. #758. Thanks to Alex Benusovich.

... (truncated)

Commits

• c224bce Prepare for the release candidate 2.20.0 RC1
• 8981a5c Remove workaround for
• 4ef481f Prepare for the next release candidate
• d23228f Merge branch 'master' of https://github.com/apache/commons-io.git
• 5d2737f Add @​SuppressWarnings
• e5c80d6 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 #761
• 2017ac0 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#761)
• 07ce798 Javadoc
• a828efa Add ciManagement element to POM
• 46bd1c2 Javadoc
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.4 to 2.5

Commits

• 015ab57 [maven-release-plugin] prepare for next development iteration
• 4795519 Update info
• 9c36c69 Introduce devcontainer
• 0c5b3e5 fix: add debug level to internal logger
• a65b131 Merge branch 'master' into devcontainers
• 788a98b Update changes
• 556b4bf Add info for devcontainer
• 0828c39 ops: migrate deployment from OSSRH to Central Portal
• 30d6a3a Add a test for issue 1108
• 2da4c6d Remove unrelated code
• Additional commits viewable in compare view

Updates jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4

Commits

• 1df980a Update API version of : to 4.0.4
• 5548633 fix #315
• b44c5ca activation-api 2.1.4
• b106241 Create TCK challenge template
• d91e825 Merge pull request #322 from jakartaee/4.0.3-RELEASE
• 85e2fb6 Update API version of : to 4.0.4-SNAPSHOT
• cae8cae Update API version of : to 4.0.3
• 256b24e fix: Unmarshalling hexBinary with leading whitespaces yields null (#313)
• 57884ff Fix #316, Unable to override JAXBContextFactory through properties (#317)
• 3cb177a Handle empty string input for parseBase64Binary instead of throwing IllegalAr...
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates org.threeten:threetenbp from 1.7.1 to 1.7.2

Release notes

Sourced from org.threeten:threetenbp's releases.

Release v1.7.2

See the change notes for more information.

Commits

• b3a265a [maven-release-plugin] prepare release v1.7.2
• 03e4f0f Fix GitHub credentials
• 96bb591 Prepare for release v1.7.2
• b565745 Set the TZDB update PR to auto-merge (#206)
• 61d901b Update deployment from OSSRH (#205)
• f8f0527 Update time zone data to 2025bgtz (#203)
• edbc341 Nexus auto-release
• 89fc8a7 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.jetbrains.kotlinx:kotlinx-datetime-jvm from 0.7.0-0.6.x-compat to 0.7.1-0.6.x-compat

Release notes

Sourced from org.jetbrains.kotlinx:kotlinx-datetime-jvm's releases.

v0.7.1

• Add kotlinx.datetime.Instant and kotlinx.datetime.Clock type aliases to, respectively, kotlin.time.Instant and kotlin.time.Clock to make migration more convenient.
• Add a fallback timezone database implementat...

  Description has been truncated

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}