Bump the maven group across 17 directories with 10 updates by dependabot[bot] · Pull Request #56 · khulnasoft/BenchWeb

dependabot · 2026-03-26T21:42:24Z

Bumps the maven group with 1 update in the /frameworks/Java/activeweb directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/isocket-nio directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/javalin directory: gg.jte:jte.
Bumps the maven group with 1 update in the /frameworks/Java/jooby directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /frameworks/Java/light-java directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/microhttp directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/netty directory: io.netty:netty-codec-http.
Bumps the maven group with 1 update in the /frameworks/Java/ninja-standalone directory: com.fasterxml.jackson.core:jackson-core.
Bumps the maven group with 1 update in the /frameworks/Java/restexpress directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /frameworks/Java/simple-server directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/smart-socket directory: org.apache.logging.log4j:log4j-core.
Bumps the maven group with 1 update in the /frameworks/Java/undertow directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/undertow-jersey directory: io.undertow:undertow-core.
Bumps the maven group with 1 update in the /frameworks/Java/vertx directory: io.vertx:vertx-core.
Bumps the maven group with 1 update in the /frameworks/Java/wicket directory: org.apache.wicket:wicket-core.
Bumps the maven group with 1 update in the /frameworks/Kotlin/kooby directory: org.postgresql:postgresql.
Bumps the maven group with 1 update in the /frameworks/Prolog/tuProlog directory: io.vertx:vertx-web.

Updates com.fasterxml.jackson.core:jackson-core from 2.9.9 to 2.18.6

Commits

9a46ef8 [maven-release-plugin] prepare release jackson-core-2.18.6
5f192db Prep for 2.18.6 release
b0c428e Enforce StreamReadConstraints.maxNumberLength for non-blocking (async) pars...
7c8b6d5 Add test for nesting for DataInput-backed JsonParser (#1550)
97a647b Update CI: JDK 23 -> 25
1601331 (backport from 2.21) Fix #1548: validate max doc length for fixed buffer inpu...
fae2542 release notes update
70c99ba Update UTF8DataInputJsonParser.java (#1512)
caea665 Post-release dep version bump
635d3bd [maven-release-plugin] prepare for next development iteration
Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3

Updates gg.jte:jte from 2.2.3 to 3.1.16

Release notes

Sourced from gg.jte:jte's releases.

3.1.16

GHSA-vh22-6c6h-rm8q Fix jte HTML templates with script tags or script attributes that include a Javascript template string (backticks) are subject to XSS. (thanks to https://github.com/Petersoj for reporting and reviewing the bugfix) It is strongly advised to upgrade as soon as possible if you use jte to output variables in Javascript template strings.

#416 Fix compilation in module enabled applications (thanks to @rickardoberg)

3.1.15

#401 spring-boot-starter: temporarily revert #398 (Add template change watcher for livereload), since the devtools dependency causes issues with production builds. This will get re-introduced, when we find a proper solution for it

3.1.14

#398 spring-boot-starter: Add template change watcher for livereload (thanks to @tschuehly!)

3.1.13

#365 Suppress warnings in generated Java source files. Thanks @rpost!

#381 make jte a non-optional dependency of spring-boot-starter-3

#385 Update property names to use kebab-case format and update Spring Boot to version 3.3.4. Thanks @tschuehly!

#388 Add spring-boot-starter dependency to jte-spring-boot-starters. Thanks @tschuehly!

#378 Add new property gg.jte.expose-request-attributes to jte-spring-boot-starter-3. Thanks @blaluc!

3.1.12

#359 fix for comments between html attributes (thanks to @tschuehly for finding & reporting)

3.1.11

#356 add defer and inert to the list of boolean attributes (thanks to @marcospereira)

#357 use of modern Java features and APIs internally (thanks to @marcospereira)

#358 add jte-jsp-converter-jakarta module (preview)

3.1.10

#328 Fix ${"\\"} causes "Unexpected end of template expression", thanks to @mhdeeb

#326 fix unsafe output in html tag content

#333 Update Gradle to 8.6 and add wrapper validation, thanks to @leonard84

#339 Maven Plugin: Fix Kotlin compiler args parameter setting, thanks to @marcospereira

3.1.9

Hotfix for #325, HTML Comments Inside Content Blocks Cause Compilation Failure in jte 3.1.7/3.1.8

Thank you @PsychotherapistSam for reporting!

3.1.8

Caution! There is a bug with HTML comments in this release. Please upgrade to 3.1.9 instead.

#324 Fix Kotlin models extension code generation for tags/templates in subfolders. Thanks @marcospereira for this quick hotfix!

3.1.7

Caution! There is a bug with HTML comments and with Kotlin model generation in this release. Please upgrade to 3.1.9 instead.
#311 Use Stream#toList() instead of collect(). Thanks to @MariusVolkhart This change could potentially break user code for these public methods:
 public List<String> TemplateEngine#generateAll()
 public List<String> TemplateEngine#precompileAll()

... (truncated)

Commits

d50dce8 Bump version to 3.1.16
a6fb00d Merge commit from fork
0c7d4ad Fix compilation in module enabled applications (#416)
6f5434e ci: Re-arrange workflows to remove duplication (#410)
190ced3 Fix broken link
afc0dac Bump version to 3.1.16-SNAPSHOT for further development
0b4d997 Bump version to 3.1.15
1ea5060 Revert "Add template change watcher for livereload (#398)"
1513abf Bump version to 3.1.15-SNAPSHOT for further development
6c22d52 Bump version to 3.1.14
Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.4 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

fix: ensure Connection.isValid() returns true even if prepared statements deallocate @vlsi (#3655)

🧰 Maintenance

chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)

chore: fix the default branch name for dependency-submission action @vlsi (#3650)

chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

⬆️ Dependencies

chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)

chore(deps): update oracle-actions/setup-java action to v1.4.2 @renovate-bot (#3643)

fix(deps): update dependency checkstyle to v10.25.0 @renovate-bot (#3644)

chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25 @renovate-bot (#3648)

fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite.gradle.plugin to v7.7.0 @renovate-bot (#3649)

chore(deps): update plugin com.gradle.develocity to v4.0.2 @renovate-bot (#3647)

chore(deps): update codecov/codecov-action digest to 15559ed @renovate-bot (#3636)

chore(deps): update dependency gradle to v8.14.1 @renovate-bot (#3637)

chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.21 - autoclosed @renovate-bot (#3638)

chore(deps): update dependency sbt/sbt to v1.11.0 @renovate-bot (#3640)

fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.13 @renovate-bot (#3639)

v42.7.6

Changes

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later reverted) [PR #3510](pgjdbc/pgjdbc#3510)

feat:Use a single simple query for all startup parameters, so groupStartupParameters is no longer needed [PR #3613](pgjdbc/pgjdbc#3613)

Bug Fixes

Protocol & Connection Handling

fix: Send extra_float_digits=3 for PostgreSQL 12+ as well [PR #3491](pgjdbc/pgjdbc#3491)

fix: Fixed handling of protocol 3.2 and wider cancel keys [PR #3592](pgjdbc/pgjdbc#3592)

fix: Made PgConnection#abort compatible with Java 24 [PR #3582](pgjdbc/pgjdbc#3582)

fix: Fixed ArrayIndexOutOfBounds when writing big objects into GSS enabled connections [PR #3500](pgjdbc/pgjdbc#3500)

fix: Added back application name setting [PR #3509](pgjdbc/pgjdbc#3509)

Metadata & Catalog Handling

fix: Set column name explicitly when using current_database() in queries [PR #3526](pgjdbc/pgjdbc#3526)

fix: Use query to find the current catalog instead of relying on the database in the connection URL [pull #3565](pgjdbc/pgjdbc#3565)

fix: Refactored empty resultset to use empty result set if the catalog is not correct [PR #3588](pgjdbc/pgjdbc#3588)

API Improvements

fix: Undeprecated Fastpath API and fixed deprecation warnings [PR #3493](pgjdbc/pgjdbc#3493)

fix: Undeprecated sslfactoryarg [PR #3496](pgjdbc/pgjdbc#3496)

fix: Added PgMessageType and used static variables for protocol literals [PR #3609](pgjdbc/pgjdbc#3609)

fix: Add the ability to turn off automatic LSN flush [PR #3403](pgjdbc/pgjdbc#3403)

fix: isValid incorrectly called execute, instead of executeWithFlags [PR #3631](pgjdbc/pgjdbc#3631). Fixes [Issue #3630](pgjdbc/pgjdbc#3630)

fix: EOFException on PreparedStatement#toString with unset bytea parameter since 42.7.4 Commit 0a88ea4. Fixes [Issue #3365](pgjdbc/pgjdbc#3365)

Infrastructure & Build Improvements

... (truncated)

Commits

9217ed1 Merge commit from fork
cb10dce fix: ensure Connection.isValid() returns true even if prepared statements dea...
10e3546 chore: bump slf4j and logback versions used for pgjdbc-osgi-test
6c5ea88 chore: fix the default branch name for dependency-submission action
5616d5f chore(deps): update oracle-actions/setup-java action to v1.4.2
0d43f0a fix(deps): update dependency checkstyle to v10.25.0
d0a8890 chore: add gradle/actions/dependency-submission so GitHub shows all dependenc...
7105c75 fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25
d9a6fc6 fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite....
19dff83 chore(deps): update plugin com.gradle.develocity to v4.0.2
Additional commits viewable in compare view

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira
    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits

791c908 Prepare 2.3.21.Final
5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
7e25c8f [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @Deprecated ...
6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
6e4b999 [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.13.3 to 2.18.6

Commits

9a46ef8 [maven-release-plugin] prepare release jackson-core-2.18.6
5f192db Prep for 2.18.6 release
b0c428e Enforce StreamReadConstraints.maxNumberLength for non-blocking (async) pars...
7c8b6d5 Add test for nesting for DataInput-backed JsonParser (#1550)
97a647b Update CI: JDK 23 -> 25
1601331 (backport from 2.21) Fix #1548: validate max doc length for fixed buffer inpu...
fae2542 release notes update
70c99ba Update UTF8DataInputJsonParser.java (#1512)
caea665 Post-release dep version bump
635d3bd [maven-release-plugin] prepare for next development iteration
Additional commits viewable in compare view

Updates io.netty:netty-codec-http from 4.1.108.Final to 4.1.132.Final

Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.1.132.Final

Security

CVE-2026-33871, HTTP/2 CONTINUATION Frame Flood Denial of Service

CVE-2026-33870, HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

What's Changed

Fix Incorrect nanos-to-millis conversion in epoll_wait EINTR retry lo… by @normanmaurer in netty/netty#16248

Make RefCntOpenSslContext.deallocate more robust (#16253) by @normanmaurer in netty/netty#16257

Update to gcc for arm 10.3-2021.07 (#16255) by @normanmaurer in netty/netty#16263

HTTP2: Correctly account for padding when decompress by @normanmaurer in netty/netty#16265

Update JDK versions to latest patch releases (#16254) by @normanmaurer in netty/netty#16267

Backport 4.1: Automatic backporting workflow from 4.1 to 4.2 by @github-actions[bot] in netty/netty#16274

Backport 4.1: Backport PRs must be created with personal access tokens by @chrisvest in netty/netty#16277

Backport 4.1: Add more porting workflows by @netty-project-bot in netty/netty#16284

Backport 4.1: Some polishing of the porting workflows by @netty-project-bot in netty/netty#16292

Backport 4.1: Fix high-order bit aliasing in HttpUtil.validateToken by @netty-project-bot in netty/netty#16303

Auto-port 4.1: Support more branch freedom for auto-porting by @netty-project-bot in netty/netty#16310

fix: the precedence of + is higher than >> (#16312) by @chrisvest in netty/netty#16316

AdaptiveByteBufAllocator: make sure byteBuf.capacity() not greater th… by @chrisvest in netty/netty#16320

Auto-port 4.1: Fix flaky PooledByteBufAllocatorTest by @netty-project-bot in netty/netty#16324

Auto-port 4.1: Fix pooled arena accounting tests by @netty-project-bot in netty/netty#16326

Auto-port 4.1: Fix RunInFastThreadLocalThreadExtension by @netty-project-bot in netty/netty#16328

Auto-port 4.1: AdaptivePoolingAllocator: call unreserveMatchingBuddy(...) if byteBuf initialization failed by @netty-project-bot in netty/netty#16331

Auto-port 4.1: Mark LoggingHandlerTest with @Isolated to fix flaky build by @netty-project-bot in netty/netty#16340

Auto-port 4.1: Fix flaky HTTP/2 test by @netty-project-bot in netty/netty#16348

Auto-port 4.1: Fix flaky RenegotiateTest by @netty-project-bot in netty/netty#16355

Auto-port 4.1: Fix HTTP/2 push frame test by @netty-project-bot in netty/netty#16353

SSL test: Don't depend on property value in test (#16346) by @normanmaurer in netty/netty#16362

Auto-port 4.1: Don't assume CertificateFactory is thread-safe by @netty-project-bot in netty/netty#16364

AdaptivePoolingAllocator: assign a more explicit value to BuddyChunk.freeListCapacity (#16334) by @chrisvest in netty/netty#16368

Auto-port 4.1: Add more diagnostic points to PooledByteBufAllocatorTest.createNewThr… by @netty-project-bot in netty/netty#16372

Fix leak in SniHandlerTest (#16367) by @normanmaurer in netty/netty#16377

Auto-port 4.1: Stabilize AbstractByteBufTest.testBytesInArrayMultipleThreads by @netty-project-bot in netty/netty#16373

Remove reference counting from size classed chunks (#16306) by @chrisvest in netty/netty#16379

Auto-port 4.1: Stabilize AbstractByteBufTest.testToStringMultipleThreads by @netty-project-bot in netty/netty#16384

Fix HttpObjectAggregator leaving connection stuck after 413 with AUTO… by @samlandfried in netty/netty#16280

Auto-port 4.1: Fix autoport fetching into the existing branch - again by @netty-project-bot in netty/netty#16417

Auto-port 4.1: Capture why threads get stuck in testCopyMultipleThreads0 by @netty-project-bot in netty/netty#16419

Auto-port 4.1: Remove unnecessary array access in DefaultAttributeMap.orderedCopyOnInsert by @netty-project-bot in netty/netty#16421

Auto-port 4.1: Whitelist JMH annotation processing in microbench module by @netty-project-bot in netty/netty#16430

Auto-port 4.1: HTTP2: Ensure preface is flushed in all cases by @netty-project-bot in netty/netty#16432

Auto-port 4.1: Fix UnsupportedOperationException in readTrailingHeaders by @netty-project-bot in netty/netty#16437

Auto-port 4.1: Fix client_max_window_bits parameter handling in permessage-deflate extension by @netty-project-bot in netty/netty#16435

Auto-port 4.1: Native transports: Fix possible fd leak when fcntl fails. by @netty-project-bot in netty/netty#16446

Auto-port 4.1: Kqueue: Fix undefined behaviour when GetStringUTFChars fails and SO_ACCEPTFILTER is supported by @netty-project-bot in netty/netty#16448

Auto-port 4.1: Kqueue: Possible overflow when using netty_kqueue_bsdsocket_setAcceptFilter(...) by @netty-project-bot in netty/netty#16459

Auto-port 4.1: Native transports: Fix undefined behaviour when GetStringUTFChars fails while open FD by @netty-project-bot in netty/netty#16456

Auto-port 4.1: Epoll: Add null checks for safety reasons by @netty-project-bot in netty/netty#16463

Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to the same port by @netty-project-bot in netty/netty#16464

... (truncated)

Commits

ec119d4 [maven-release-plugin] prepare release netty-4.1.132.Final
60e53c9 Stricter HTTP/1.1 chunk extension parsing (#16537)
9f47a7b Limit the number of Continuation frames per HTTP2 Headers (#13969)
10c1603 Auto-port 4.1: JdkZlibDecoder: accumulate decompressed output before firing c...
df65997 Epoll: setTcpMg5Sig(...) might overflow (#16511) (#16520)
692ec87 Auto-port 4.1: AdaptivePoolingAllocator: Fix assertion for size class multipl...
3ac3f37 Auto-port 4.1: AdaptivePoolingAllocator: remove ensureAccessible() call in ...
5a0072b Auto-port 4.1: Epoll: Fix support for IP_RECVORIGDSTADDR (#16468)
779fce7 Auto-port 4.1: Epoll: Use correct value to initialize mmsghdr.msg_namelen (#1...
56d84e1 Auto-port 4.1: DnsNameResolver: Skip test if we can not bind TCP and UDP to t...
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.9.9 to 2.18.6

Commits

9a46ef8 [maven-release-plugin] prepare release jackson-core-2.18.6
5f192db Prep for 2.18.6 release
b0c428e Enforce StreamReadConstraints.maxNumberLength for non-blocking (async) pars...
7c8b6d5 Add test for nesting for DataInput-backed JsonParser (#1550)
97a647b Update CI: JDK 23 -> 25
1601331 (backport from 2.21) Fix #1548: validate max doc length for fixed buffer inpu...
fae2542 release notes update
70c99ba Update UTF8DataInputJsonParser.java (#1512)
caea665 Post-release dep version bump
635d3bd [maven-release-plugin] prepare for next development iteration
Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.12.6.1 to 2.12.7.1

Commits

See full diff in compare view

Updates org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira
    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits

791c908 Prepare 2.3.21.Final
5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
7e25c8f [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @Deprecated ...
6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
6e4b999 [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
Additional commits viewable in compare view

Updates io.undertow:undertow-core from 2.3.17.Final to 2.3.21.Final

Release notes

Sourced from io.undertow:undertow-core's releases.

v2.3.21.Final

Release 2.3.21.Final fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira
    Release Notes - Undertow - Version 2.3.21.Final

... (truncated)

Commits

791c908 Prepare 2.3.21.Final
5374f57 Merge pull request #1862 from fl4via/backport-fixes_2.3.x
7e25c8f [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
bd97428 [UNDERTOW-2662] Remove the option to disable the RFC 6265 cookie parsing and ...
e45da52 Revert "[UNDERTOW-2675] Replace the new UndertowOptions by system properties ...
f60b476 Temporarily revert "[UNDERTOW-2662] Remove the option to disable the RFC 6265...
e47fed7 Temporarily revert "[UNDERTOW-2609] Fix the since version in the @Deprecated ...
6484e91 Merge pull request #1861 from fl4via/backport-fixes_2.3.x
6e4b999 [UNDERTOW-2609] Fix the since version in the @Deprecated annotation at HttpSe...
2a7d993 [UNDERTOW-2421] Consolidate cookie attrib code and add support to attributes ...
Additional commits viewable in compare view

Updates io.vertx:vertx-core from 4.5.9 to 4.5.24

Commits

98983a8 Releasing 4.5.24
d007e7b Fix a bug in the removeDots implementation.
03b51c6 Update the Vert.x logging implementation to log better human readable message...
5762bdf Ensure setup is only called once
da78d5c Stabilize test HttpBandwidthLimitingTest.testDynamicOutboundRateUpdateSharedS...
b430d5b Stabilize test by keeping reference to NetClient
bc34930 Ensure setup is only called once
16ba3c6 Restore handling of headers after goaway received
f039681 Set next snapshot version
269c166 Releasing 4.5.23
Additional commits viewable in compare view

Updates org.apache.wicket:wicket-core from 9.18.0 to 9.19.0

Updates org.postgresql:postgresql from 42.7.4 to 42.7.7

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.7

Changes

Security

security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

🐛 Bug Fixes

fix: ensure Connection.isValid() returns true even if prepared statements deallocate @vlsi (#3655)

🧰 Maintenance

chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)

chore: fix the default branch name for dependency-submission action @vlsi (#3650)

chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

⬆️ Dependencies

chore: bump slf4j and logback versions used for pgjdbc-osgi-test @vlsi (#3653)

chore(deps): update oracle-actions/setup-java action to v1.4.2 @renovate-bot (#3643)

fix(deps): update dependency checkstyle to v10.25.0 @renovate-bot (#3644)

chore: add gradle/actions/dependency-submission so GitHub shows all dependencies used when building pgjdbc @vlsi (#3646)

fix(deps): update dependency org.codehaus.groovy:groovy-all to v3.0.25 @renovate-bot (#3648)

fix(deps): update dependency org.openrewrite.rewrite:org.openrewrite.rewrite.gradle.plugin to v7.7.0 @renovate-bot (#3649)

chore(deps): update plugin com.gradle.develocity to v4.0.2 @renovate-bot (#3647)

chore(deps): update codecov/codecov-action digest to 15559ed @renovate-bot (#3636)

chore(deps): update dependency gradle to v8.14.1 @renovate-bot (#3637)

chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.21 - autoclosed @renovate-bot (#3638)

chore(deps): update dependency sbt/sbt to v1.11.0 @renovate-bot (#3640)

fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.13 @renovate-bot (#3639)

v42.7.6

Changes

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.7] (2025-06-10)

Security

security: Client Allows Fallback to Insecure Authentication Despite channelBinding=require configuration. Fix channel binding required handling to reject non-SASL authentication Previously, when channel binding was set to "require", the driver would silently ignore this requirement for non-SASL authentication methods. This could lead to a false sense of security when channel binding was explicitly requested but not actually enforced. The fix ensures that when channel binding is set to "require", the driver will reject connections that use non-SASL authentication methods or when SASL authentication has not completed properly. See the Security Advisory for more detail. Reported by George MacKerron The following CVE-2025-49146 has been issued

Added

test: Added ChannelBindingRequiredTest to verify proper behavior of channel binding settings

[42.7.6]

Features

fix: Enhanced DatabaseMetadata.getIndexInfo() method, added index comment as REMARKS property [PR #3513](pgjdbc/pgjdbc#3513)

Performance Improvements

performance: Improve ResultSetMetadata.fetchFieldMetaData by using IN row values instead of UNION ALL for improved query performance (later rever...
Description has been truncated

Bumps the maven group with 1 update in the /frameworks/Java/activeweb directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core). Bumps the maven group with 1 update in the /frameworks/Java/isocket-nio directory: org.apache.logging.log4j:log4j-core. Bumps the maven group with 1 update in the /frameworks/Java/javalin directory: [gg.jte:jte](https://github.com/casid/jte). Bumps the maven group with 1 update in the /frameworks/Java/jooby directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc). Bumps the maven group with 1 update in the /frameworks/Java/light-java directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow). Bumps the maven group with 1 update in the /frameworks/Java/microhttp directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core). Bumps the maven group with 1 update in the /frameworks/Java/netty directory: [io.netty:netty-codec-http](https://github.com/netty/netty). Bumps the maven group with 1 update in the /frameworks/Java/ninja-standalone directory: [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core). Bumps the maven group with 1 update in the /frameworks/Java/restexpress directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson). Bumps the maven group with 1 update in the /frameworks/Java/simple-server directory: org.apache.logging.log4j:log4j-core. Bumps the maven group with 1 update in the /frameworks/Java/smart-socket directory: org.apache.logging.log4j:log4j-core. Bumps the maven group with 1 update in the /frameworks/Java/undertow directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow). Bumps the maven group with 1 update in the /frameworks/Java/undertow-jersey directory: [io.undertow:undertow-core](https://github.com/undertow-io/undertow). Bumps the maven group with 1 update in the /frameworks/Java/vertx directory: [io.vertx:vertx-core](https://github.com/eclipse/vert.x). Bumps the maven group with 1 update in the /frameworks/Java/wicket directory: org.apache.wicket:wicket-core. Bumps the maven group with 1 update in the /frameworks/Kotlin/kooby directory: [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc). Bumps the maven group with 1 update in the /frameworks/Prolog/tuProlog directory: [io.vertx:vertx-web](https://github.com/vert-x3/vertx-web). Updates `com.fasterxml.jackson.core:jackson-core` from 2.9.9 to 2.18.6 - [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.18.6) Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3 Updates `gg.jte:jte` from 2.2.3 to 3.1.16 - [Release notes](https://github.com/casid/jte/releases) - [Commits](casid/jte@2.2.3...3.1.16) Updates `org.postgresql:postgresql` from 42.7.4 to 42.7.7 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.4...REL42.7.7) Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final - [Release notes](https://github.com/undertow-io/undertow/releases) - [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final) Updates `com.fasterxml.jackson.core:jackson-core` from 2.13.3 to 2.18.6 - [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.18.6) Updates `io.netty:netty-codec-http` from 4.1.108.Final to 4.1.132.Final - [Release notes](https://github.com/netty/netty/releases) - [Commits](netty/netty@netty-4.1.108.Final...netty-4.1.132.Final) Updates `com.fasterxml.jackson.core:jackson-core` from 2.9.9 to 2.18.6 - [Commits](FasterXML/jackson-core@jackson-core-2.9.9...jackson-core-2.18.6) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.12.6.1 to 2.12.7.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3 Updates `org.apache.logging.log4j:log4j-core` from 2.17.1 to 2.25.3 Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final - [Release notes](https://github.com/undertow-io/undertow/releases) - [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final) Updates `io.undertow:undertow-core` from 2.3.17.Final to 2.3.21.Final - [Release notes](https://github.com/undertow-io/undertow/releases) - [Commits](undertow-io/undertow@2.3.17.Final...2.3.21.Final) Updates `io.vertx:vertx-core` from 4.5.9 to 4.5.24 - [Commits](eclipse-vertx/vert.x@4.5.9...4.5.24) Updates `org.apache.wicket:wicket-core` from 9.18.0 to 9.19.0 Updates `org.postgresql:postgresql` from 42.7.4 to 42.7.7 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.4...REL42.7.7) Updates `io.vertx:vertx-web` from 4.3.8 to 4.5.22 - [Commits](vert-x3/vertx-web@4.3.8...4.5.22) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.18.6 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.logging.log4j:log4j-core dependency-version: 2.25.3 dependency-type: direct:production dependency-group: maven - dependency-name: gg.jte:jte dependency-version: 3.1.16 dependency-type: direct:production dependency-group: maven - dependency-name: org.postgresql:postgresql dependency-version: 42.7.7 dependency-type: direct:production dependency-group: maven - dependency-name: io.undertow:undertow-core dependency-version: 2.3.21.Final dependency-type: direct:production dependency-group: maven - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.18.6 dependency-type: direct:production dependency-group: maven - dependency-name: io.netty:netty-codec-http dependency-version: 4.1.132.Final dependency-type: direct:production dependency-group: maven - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.18.6 dependency-type: direct:production dependency-group: maven - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: 2.12.7.1 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.logging.log4j:log4j-core dependency-version: 2.25.3 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.logging.log4j:log4j-core dependency-version: 2.25.3 dependency-type: direct:production dependency-group: maven - dependency-name: io.undertow:undertow-core dependency-version: 2.3.21.Final dependency-type: direct:production dependency-group: maven - dependency-name: io.undertow:undertow-core dependency-version: 2.3.21.Final dependency-type: direct:production dependency-group: maven - dependency-name: io.vertx:vertx-core dependency-version: 4.5.24 dependency-type: direct:production dependency-group: maven - dependency-name: org.apache.wicket:wicket-core dependency-version: 9.19.0 dependency-type: direct:production dependency-group: maven - dependency-name: org.postgresql:postgresql dependency-version: 42.7.7 dependency-type: direct:production dependency-group: maven - dependency-name: io.vertx:vertx-web dependency-version: 4.5.22 dependency-type: direct:production dependency-group: maven ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 26, 2026

dependabot bot mentioned this pull request Mar 26, 2026

Bump the maven group across 17 directories with 10 updates #45

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the maven group across 17 directories with 10 updates#56

Bump the maven group across 17 directories with 10 updates#56
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/maven/frameworks/Java/act/maven-b156f297d7

dependabot bot commented on behalf of github Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 26, 2026

3.1.16

3.1.15

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

v42.7.7

Changes

Security

Added

🐛 Bug Fixes

🧰 Maintenance

⬆️ Dependencies

v42.7.6

Changes

[42.7.7] (2025-06-10)

Security

Added

[42.7.6]

Features

Performance Improvements

Bug Fixes

Protocol & Connection Handling

Metadata & Catalog Handling

API Improvements

Infrastructure & Build Improvements

v2.3.21.Final

netty-4.1.132.Final

Security

What's Changed

v2.3.21.Final

v2.3.21.Final

v42.7.7

Changes

Security

Added

🐛 Bug Fixes

🧰 Maintenance

⬆️ Dependencies

v42.7.6

Changes

[42.7.7] (2025-06-10)

Security

Added

[42.7.6]

Features

Performance Improvements

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants