fix(deps): bump the prod-deps group across 1 directory with 12 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the prod-deps group with 12 updates in the / directory:

Package	From	To
org.folio:mod-configuration-client	5.12.1	5.13.0
org.apache.sshd:sshd-sftp	2.17.1	2.18.0
org.apache.sshd:sshd-spring-sftp	2.17.1	2.18.0
io.vertx:vertx-rx-java	4.5.25	4.5.28
commons-net:commons-net	3.12.0	3.13.0
org.folio:mod-di-converter-storage-client	2.4.3	2.5.0
com.github.ben-manes.caffeine:caffeine	3.2.3	3.2.4
org.junit:junit-bom	6.0.3	6.1.0
org.apache.logging.log4j:log4j-bom	2.25.3	2.26.0
org.springframework:spring-framework-bom	7.0.6	7.0.8
io.vertx:vertx-stack-depchain	5.0.12	5.1.2
org.testcontainers:testcontainers-bom	2.0.3	2.0.5

Updates org.folio:mod-configuration-client from 5.12.1 to 5.13.0

Release notes

Sourced from org.folio:mod-configuration-client's releases.

v5.13.0

Trillium (R1-2026) release with dependency upgrades only:

• MODCONF-151 Upgrade module to Vert.x 5.0
• MODCONF-157, FOLIO-4126 Switch maven workflow from Jenkins to GitHub Actions
• MODCONF-160 Bump dependencies for Trillium: Vertx 5.0.11, log4j 2.25.4, …

Changelog

Sourced from org.folio:mod-configuration-client's changelog.

5.13.0 2026-04-22

Trillium (R1-2026) release with dependency upgrades only:

• MODCONF-151 Upgrade module to Vert.x 5.0
• MODCONF-157,FOLIO-4126 Switch maven workflow from Jenkins to GitHub Actions
• MODCONF-160 Bump dependencies for Trillium: Vertx 5.0.11, log4j 2.25.4, …

5.12.0 2025-03-15

Sunflower release with dependency upgrades only:

• MODCONF-146 Add folio-module-descriptor-validator to pom.xml
• FOLREL-615 Update to mod-configuration Java 21
• MODCONF-149 Upgrade all dependencies for Sunflower (R1-2025)

5.11.0 2024-10-23

Ramsons release with dependency upgrades only:

• MODCONF-148: Ramsons deps: RMB 35.3.0, Vert.x 4.5.10, …

5.10.0 2024-03-12

• MODCONF-144 Quesnelia deps: RMB 35.2.0, Vert.x 4.5.4, log4j 2.23.0, …

5.9.2 2023-10-06

Poppy release with dependency upgrades only:

• MODCONF-142 Poppy dependencies: RMB 35.1.0, Vert.x 4.4.5, ...
• MODCONF-139 Java 17

5.9.1 2023-02-09

• MODCONF-134 RMB 35.0.5, Vert.x 4.3.7

5.9.0 2022-10-27

• MODCONF-127 Upgrade to RMB 35.0.0 Vert.x 4.3.4

5.8.0 2022-06-20

• MODCONF-111 RMB 34.0.0

5.7.9 2022-06-20

• MODCONF-113 Revert RMB 34, allow PostgreSQL 10 for Lotus and Kiwi

5.7.8 2022-06-08

... (truncated)

Commits

• 3041b03 [maven-release-plugin] prepare release v5.13.0
• 5dfabfb Add NEWS for 5.13.0 Trillium R1-2026
• e45384e Delete Jenkinsfile-disabled
• bc94769 Merge pull request #172 from folio-org/MODCONF-160
• e7c1d2e MODCONF-160: Bump dependencies for Trillium: Vertx 5.0.11, log4j 2.25.4, …
• a0d76de Merge pull request #169 from folio-org/FOLIO-4126-initial-maven-workflows
• ceb5086 Enable workflow trigger conditions MODCONF-157
• fad75ff Use maven Workflows MODCONF-157
• c0b52e0 Merge pull request #166 from folio-org/MODCONF-151
• 41af434 MODCONF-151: Upgrade module to Vert.x 5.0
• Additional commits viewable in compare view

Updates org.apache.sshd:sshd-sftp from 2.17.1 to 2.18.0

Release notes

Sourced from org.apache.sshd:sshd-sftp's releases.

Apache MINA SSHD 2.18.0

Bug Fixes

• GH-743 Ensure the Java ServiceLoader use a singleton SftpFileSystemProvider
• GH-879 Close SSH channel gracefully on exception in port forwarding
• Security: Improve handling of repository paths in sshd-git. Resolves CVE-2026-48827, announced 2026-05-30.

New Features

• GH-892 Align handling certificates without principals with OpenSSH 10.3

Wildcard principals in host certificates are handled now.

• Putty keys with non-ASCII passphrases

The passphrase needs to be converted to a byte sequence to compute a decryption key for an encrypted private key. This conversion depends on the character encoding. Putty on Windows uses the ANSI codepage set when the key was generated. Apache MINA SSHD now tries multiple encodings in sequence: UTF-8, then the OS encoding, and finally ISO-8859-1 as a last-chance fallback.

Potential Compatibility Issues

• GH-892 Align handling certificates without principals with OpenSSH 10.3

OpenSSH 10.3 changed the way such certificates are handled; see the OpenSSH 10.3 release notes. In Apache MINA SSHD, there is a new flag CoreModuleProperties.ALLOW_EMPTY_CERTIFICATE_PRINCIPALS (by default false) that can be set on an SshClient or SshServer or also on a Session directly. If the value is false, certificates without principals are rejected as in OpenSSH 10.3; if it is true, such certificates are considered to match any user or host name as in OpenSSH < 10.3.

Set the flag on an SshClient or ClientSession to determine the handling of host certificates. Set it on an SshServer or ServerSession to govern the handling of user certificates.

Changelog

Sourced from org.apache.sshd:sshd-sftp's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0
• Version 2.14.0 to 2.15.0
• Version 2.15.0 to 2.16.0
• Version 2.16.0 to 2.17.0
• Version 2.17.0 to 2.17.1

Latest Version

• Version 2.17.1 to 2.18.0

Planned for Next Version

Bug Fixes

New Features

Potential Compatibility Issues

Major Code Re-factoring

Commits

• c2d7b7a [maven-release-plugin] prepare release sshd-2.18.0
• 084cee8 Prepare release documentation
• db0567b Improve git access
• 1285419 GH-743: Use a singleton SftpFileSystemProvider for the ServiceLoader
• 4e820c9 Add test cases to AuthorizedKeysCertificateTest
• a85a3b1 Better handling of Putty keys with non-ASCII passphrases
• 6c215e8 Bump BCFIPS bundles used in a test
• 9def203 Fix annotation to ignore an unstable test
• a0ef7a5 Host certificates: check both public keys for not being revoked
• b11c159 GH-892: Host certificate principals may contain wildcards
• Additional commits viewable in compare view

Updates org.apache.sshd:sshd-spring-sftp from 2.17.1 to 2.18.0

Release notes

Sourced from org.apache.sshd:sshd-spring-sftp's releases.

Apache MINA SSHD 2.18.0

Bug Fixes

• GH-743 Ensure the Java ServiceLoader use a singleton SftpFileSystemProvider
• GH-879 Close SSH channel gracefully on exception in port forwarding
• Security: Improve handling of repository paths in sshd-git. Resolves CVE-2026-48827, announced 2026-05-30.

New Features

• GH-892 Align handling certificates without principals with OpenSSH 10.3

Wildcard principals in host certificates are handled now.

• Putty keys with non-ASCII passphrases

The passphrase needs to be converted to a byte sequence to compute a decryption key for an encrypted private key. This conversion depends on the character encoding. Putty on Windows uses the ANSI codepage set when the key was generated. Apache MINA SSHD now tries multiple encodings in sequence: UTF-8, then the OS encoding, and finally ISO-8859-1 as a last-chance fallback.

Potential Compatibility Issues

• GH-892 Align handling certificates without principals with OpenSSH 10.3

OpenSSH 10.3 changed the way such certificates are handled; see the OpenSSH 10.3 release notes. In Apache MINA SSHD, there is a new flag CoreModuleProperties.ALLOW_EMPTY_CERTIFICATE_PRINCIPALS (by default false) that can be set on an SshClient or SshServer or also on a Session directly. If the value is false, certificates without principals are rejected as in OpenSSH 10.3; if it is true, such certificates are considered to match any user or host name as in OpenSSH < 10.3.

Set the flag on an SshClient or ClientSession to determine the handling of host certificates. Set it on an SshServer or ServerSession to govern the handling of user certificates.

Changelog

Sourced from org.apache.sshd:sshd-spring-sftp's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0
• Version 2.14.0 to 2.15.0
• Version 2.15.0 to 2.16.0
• Version 2.16.0 to 2.17.0
• Version 2.17.0 to 2.17.1

Latest Version

• Version 2.17.1 to 2.18.0

Planned for Next Version

Bug Fixes

New Features

Potential Compatibility Issues

Major Code Re-factoring

Commits

• c2d7b7a [maven-release-plugin] prepare release sshd-2.18.0
• 084cee8 Prepare release documentation
• db0567b Improve git access
• 1285419 GH-743: Use a singleton SftpFileSystemProvider for the ServiceLoader
• 4e820c9 Add test cases to AuthorizedKeysCertificateTest
• a85a3b1 Better handling of Putty keys with non-ASCII passphrases
• 6c215e8 Bump BCFIPS bundles used in a test
• 9def203 Fix annotation to ignore an unstable test
• a0ef7a5 Host certificates: check both public keys for not being revoked
• b11c159 GH-892: Host certificate principals may contain wildcards
• Additional commits viewable in compare view

Updates org.apache.sshd:sshd-spring-sftp from 2.17.1 to 2.18.0

Release notes

Sourced from org.apache.sshd:sshd-spring-sftp's releases.

Apache MINA SSHD 2.18.0

Bug Fixes

• GH-743 Ensure the Java ServiceLoader use a singleton SftpFileSystemProvider
• GH-879 Close SSH channel gracefully on exception in port forwarding
• Security: Improve handling of repository paths in sshd-git. Resolves CVE-2026-48827, announced 2026-05-30.

New Features

• GH-892 Align handling certificates without principals with OpenSSH 10.3

Wildcard principals in host certificates are handled now.

• Putty keys with non-ASCII passphrases

The passphrase needs to be converted to a byte sequence to compute a decryption key for an encrypted private key. This conversion depends on the character encoding. Putty on Windows uses the ANSI codepage set when the key was generated. Apache MINA SSHD now tries multiple encodings in sequence: UTF-8, then the OS encoding, and finally ISO-8859-1 as a last-chance fallback.

Potential Compatibility Issues

• GH-892 Align handling certificates without principals with OpenSSH 10.3

OpenSSH 10.3 changed the way such certificates are handled; see the OpenSSH 10.3 release notes. In Apache MINA SSHD, there is a new flag CoreModuleProperties.ALLOW_EMPTY_CERTIFICATE_PRINCIPALS (by default false) that can be set on an SshClient or SshServer or also on a Session directly. If the value is false, certificates without principals are rejected as in OpenSSH 10.3; if it is true, such certificates are considered to match any user or host name as in OpenSSH < 10.3.

Set the flag on an SshClient or ClientSession to determine the handling of host certificates. Set it on an SshServer or ServerSession to govern the handling of user certificates.

Changelog

Sourced from org.apache.sshd:sshd-spring-sftp's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0
• Version 2.14.0 to 2.15.0
• Version 2.15.0 to 2.16.0
• Version 2.16.0 to 2.17.0
• Version 2.17.0 to 2.17.1

Latest Version

• Version 2.17.1 to 2.18.0

Planned for Next Version

Bug Fixes

New Features

Potential Compatibility Issues

Major Code Re-factoring

Commits

• c2d7b7a [maven-release-plugin] prepare release sshd-2.18.0
• 084cee8 Prepare release documentation
• db0567b Improve git access
• 1285419 GH-743: Use a singleton SftpFileSystemProvider for the ServiceLoader
• 4e820c9 Add test cases to AuthorizedKeysCertificateTest
• a85a3b1 Better handling of Putty keys with non-ASCII passphrases
• 6c215e8 Bump BCFIPS bundles used in a test
• 9def203 Fix annotation to ignore an unstable test
• a0ef7a5 Host certificates: check both public keys for not being revoked
• b11c159 GH-892: Host certificate principals may contain wildcards
• Additional commits viewable in compare view

Updates io.vertx:vertx-rx-java from 4.5.25 to 4.5.28

Updates commons-net:commons-net from 3.12.0 to 3.13.0

Changelog

Sourced from commons-net:commons-net's changelog.

Apache Commons Net 3.13.0 Release Notes

The Apache Commons Net team is pleased to announce the release of Apache Commons Net 3.13.0.

Apache Commons Net library contains a collection of network utilities and protocol implementations. Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, and Whois.

This is a feature and maintenance release. Java 8 or later is required.

For complete information on Apache Commons Net, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Net website:

https://commons.apache.org/proper/commons-net/

Download page: https://commons.apache.org/proper/commons-net/download_net.cgi

New features

o Add DatagramSocketClient.getDefaultTimeoutDuration() and deprecate getDefaultTimeout(). Thanks to Gary Gregory. o NET-741: Add subnet IPv6 handling with SubnetUtils6 #391. Thanks to Maros Orsak, Gary Gregory.

Fixed Bugs

o DaytimeTCPClientTest now should now pass inside most VPNs. Thanks to Henri Biestro, Gary Gregory. o Migrate tests to JUnit5 #358, #359. Thanks to Jakub Kupczyk, Gary Gregory. o Fix malformed Javadoc comments. Thanks to Gary Gregory. o IMAPExportMbox now restores the current thread's interrupt flag when catching InterruptedException. Thanks to Gary Gregory. o IOUtil.readWrite() now restores the current thread's interrupt flag when catching InterruptedException. Thanks to Gary Gregory. o TelnetInputStream now restores the current thread's interrupt flag when catching InterruptedException. Thanks to Gary Gregory. o NET-740: FTP fails to parse listings for Linux vsftpd in Chinese or Japanese #393. Thanks to Jianwei Guo, Gary Gregory. o TelnetInputStream.read() doesn't preserve the original InterruptedException as the cause of its InterruptedIOException. Thanks to Gary Gregory. o FTPClient._storeFile(String, String, InputStream) doesn't always close it's internal socket when an exception is thrown early in processing. Thanks to Gary Gregory. o ListenerList.removeListener(T) now ignores null input to avoid a NullPointerException. Thanks to Gary Gregory. o ListenerList.addListener(T) now ignores null input. Thanks to Gary Gregory. o Fix typo in FTPConnectionClosedException message from FTP.getReply(boolean). Thanks to Gary Gregory. o Reimplement Util.copyReader() with IOUtils.copyLarge(). Thanks to Gary Gregory. o Reimplement Util.copyStream() with IOUtils.copyLarge(). Thanks to Gary Gregory. o Reimplement Util.copyStream() with IOUtils.copyLarge(). Thanks to Gary Gregory. o Deprecate Util.copyReader(Reader, Writer) in favor of IOUtils.copyLarge(Reader, Writer). Thanks to Gary Gregory.

Changes

o Bump org.apache.commons:commons-parent from 85 to 97 #371, #388, #389. Thanks to Gary Gregory, Dependabot. o Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0. Thanks to Gary Gregory, Dependabot.

... (truncated)

Commits

• 35fa0df Prepare for the release candidate 3.13.0 RC1
• 1cc5b6e Prepare for the next release candidate
• a4b246e Reuse IOUtils.copyLarge()
• e5ca262 Javadoc
• 3cb18ec Deprecate Util.copyReader(Reader, Writer) in favor of
• 3373d77 Reimplement Util.copyReader() with IOUtils.copyLarge()
• 3be2077 Reimplement Util.copyStream() with IOUtils.copyLarge()
• 7b41144 Javadoc
• 1b584b4 Fix typo in FTPConnectionClosedException message from
• 3792023 Javadoc
• Additional commits viewable in compare view

Updates org.folio:mod-di-converter-storage-client from 2.4.3 to 2.5.0

Release notes

Sourced from org.folio:mod-di-converter-storage-client's releases.

2.5.0

2025-04-14 2.5.0

• MODDICONV-425 Create new Default Mapping profile for Mosaic invoices
• MODDICONV-429 Upgrade module to Vert.x 5.0
• MODDICONV-427 Delete old association tables

Changelog

Sourced from org.folio:mod-di-converter-storage-client's changelog.

2025-04-14 2.5.0

• MODDICONV-425 Create new Default Mapping profile for Mosaic invoices
• MODDICONV-429 Upgrade module to Vert.x 5.0
• MODDICONV-427 Delete old association tables

2025-03-13 2.4.0

• MODDATAIMP-1102 Empty contributor and vendor reference properties created in order when no values in incoming record
• MODDICONV-409 Update to Java 21 mod-di-converter-storage Sunflower R1 2025

2024-10-29 2.3.0

• MODDICONV-312 Create general associations table
• MODDICONV-373 Disallow create/update of a job profile without actions
• MODDICONV-391 Create migration script for Order mapping profiles
• MODDICONV-399 Upgrade Spring from 5.3.23 to 6.1.13
• MODDICONV-393 Fix inconsistencies in permission namings
• MODDICONV-396 Remove accepted values from Instance, Holdings, Items and Orders mapping profiles
• MODDICONV-403 mod-di-converter-storage Ramsons 2024 R2 - RMB v35.3.x update
• MODDICONV-374 Validate Job Profiles with Modify action at create
• MODDICONV-380 Validate Job Profile with Modify action at Update
• MODDICONV-388 Allow hard delete of Data Import Profiles
• MODDICONV-389 Remove deprecated default job profile 'Create MARC Bibs'
• MODDICONV-390 Move data import profile validation to service layer
• MODDICONV-286 Allow Job Profiles To Be Imported
• MODDICONV-392 Overlay existing profile during job profile import

2024-03-20 2.2.0

• MODDICORE-398 Upgrade mod-di-converter-storage to RMB 35.2.0, Vert.x 4.5.4
• MODDICONV-334 Disallow linking MARC Update action to a MARC Modify
• MODDICONV-367 Disallow action profile creation for MARCbib record with 'Create' action type
• MODDICONV-294 Disallow creation of JobProfile containing Update without Match
• MODDICONV-305 Remove "permissions" interface dependency
• MODDICONV-364 Adjust default QM Authority Create profile to new format
• MODDICONV-363 Add migration script to provide mapping data for "accountNo" field
• MODDICONV-353 Create new default profile for create Authority record

2023-10-12 2.1.0

• MODDICONV-345 Set wrapper ids at jsonb for migrated relations
• MODDICONV-313 Upgrade mod-di-converter-storage to Java 17
• MODDICONV-300 Match and action profiles cannot be re-used in an import job profile - short term fix
• MODDICONV-310 Add wrappers around profiles to build associations.
• MODDICONV-297 Add migration script for profiles with mapping for required subfields.
• MODDICONV-307 Populate "value" with empty string if this field is absent in match profile incoming records.

2022-02-14 v2.0.0

• MODDICONV-259 Rename mod-data-import-converter-storage module to mod-di-converter-storage
• MODDICONV-271 Logging improvement - Configuration
• MODDATAIMP-736 Adjust logging configuration in all DI modules to display datetime in a proper format
• MODDICONV-292 Add validation of Folio Record Type upon linking of Action and Mapping profile
• MODDICONV-281 Enable ability to edit Job profile: Default - Create SRS MARC Authority
• MODDICONV-282 Change Job profile: Default - Create SRS MARC Authority description

... (truncated)

Commits

• 7701d18 [maven-release-plugin] prepare release v2.5.0
• ced68ff Update news
• 11bbc53 Merge pull request #88 from folio-org/dept-upd
• 8e56eec Update dependencies
• 7d9cd15 MODDICONV-427 - Removed tables (#87)
• 37ca77c MODDICONV-429: Upgrade module to Vert.x 5.0 (#84)
• 14860c6 Merge pull request #83 from folio-org/MODDICONV-425
• 9166b91 MODDICONV-425: Remove accepted values
• 311ddf2 MODDICONV-425: Create new Default Mapping profile for Mosaic invoices
• e9afcde MODDICONV-418 - Field mapping profile corruption for orders in Ramsons Test e...
• Additional commits viewable in compare view

Updates com.github.ben-manes.caffeine:caffeine from 3.2.3 to 3.2.4

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.4

• Improved access expiration's read performance by avoiding false sharing effects caused by the timestamp update
• Fixed head-of-line blocking of expiration queues caused by in-flight async entries (#1954)
• Fixed various minor issues found using AI audits
• Added ObjectInputFilter support to JCache

Commits

• 836b65c use a consistent expiration tolerance calculation
• 0dc7daf resurrect in-flight async entries on expiration
• 0bac8b5 handle head-of-line blocking of expiration queues (fixes #1954)
• ff25836 test polish
• f3a6176 Fix JCache close/createCache races and recursive teardown
• 622fbe7 Fix removal in identity views and widen hill-climber counters
• 8da5a7a defer weighing the entry until after the putIfAbsent hit fast-path
• 94ad0ff Record eviction stats before notifying the removal listener consistently
• f94c011 Auto-assert eviction stats alongside notifications.withCause.exclusively
• 2e945e0 Skip timestamp writes within tolerance on the read path.
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

• @​JarvisCraft made their first contribution in junit-team/junit-framework#5633
• @​Maran23 made their first contribution in junit-team/junit-framework#5644

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

• @​mariokhoury4 made their first contribution in junit-team/junit-framework#4574
• @​Ogu1208 made their first contribution in junit-team/junit-framework#5145
• @​HyungGeun94 made their first contribution in junit-team/junit-framework#5271
• @​yalishevant made their first contribution in junit-team/junit-framework#5316
• @​JINU-CHANG made their first contribution in junit-team/junit-framework#5290
• @​jaschdoc made their first contribution in junit-team/junit-framework#5427
• @​kawshikbuet17 made their first contribution in junit-team/junit-framework#5561
• @​msridhar made their first contribution in junit-team/junit-framework#5602

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

• @​vy made their first contribution in junit-team/junit-framework#5041
• @​Pankraz76 made their first contribution in junit-team/junit-framework#5006
• @​arukiidou made their first contribution in junit-team/junit-framework#5066
• @​laeubi made their first contribution in junit-team/junit-framework#5092
• @​jihun4452 made their first contribution in junit-team/junit-framework#5088
• @​TWiStErRob made their first contribution in junit-team/junit-framework#5133

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

• 0dc3af1 Release 6.1.0
• 1d13002 Prepare 6.1.0 release notes
• 072b217 Update plugin spotless to v8.5.0 (#5668)
• 3a53480 Update Gradle to v9.5.1 (#5666)
• 0e18a20 Update zizmorcore/zizmor-action action to v0.5.4 (#5669)
• 0a2634f Update github/codeql-action action to v4.35.5 (#5671)
• 4dbd556 Restructure workflows to have single "status" job (#5670)
• f2194ce Increase timeout to reduce flakiness
• 5c8fdd2 Update dependency org.apache.groovy:groovy to v5.0.6 (#5659)
• 43c6982 Update dependency org.slf4j:slf4j-jdk14 to v2.0.18 (#5667)
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 2.25.3 to 2.26.0

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.26.0

This minor release delivers all the fixes in the [2.25.0, 2.25.4] version range, plus some new fixes, and several other improvements and features.

Added

• Add a new ConfigurationFactory::getConfiguration method accepting multiple URIs (#3775, #3921)
• Add and export org.apache.logging.log4j.core.pattern.NamedInstantPattern enabling users to programmatically access named date & time patterns supported by Pattern Layout (#3789)
• Add log4j.plugin.processor.minAllowedMessageKind annotation processor option to PluginProcessor to filter diagnostic messages by severity. This allows builds that treat compiler notes as errors (e.g. Maven with -Werror) to suppress informational notes emitted during normal plugin processing. (apache/logging-log4j2#3380, #4063)
• Add missing setters to Rfc5424LayoutBuilder

Changed

• Ensure scripts in the global Scripts element have explicit names by throwing a ConfigurationException for unnamed ones. (#3176)
• Simplify file manager registry factory methods (#3968)

Deprecated

• Deprecated withers in builder classes in favor of setters. This change improves API consistency with Log4j Core 3 and helps users adapt to the upcoming changes. (#3750)

Fixed

• Fix script resolution failure when the Scripts element is placed after a ScriptRef in the configuration. (#3336)
• Fix ArrayIndexOutOfBoundsException thrown by ThrowableStackTraceRenderer when the stack trace is modified concurrently (#3940, #3955)
• Fix SLF4JLogger.atFatal() returning atLevel(Level.TRACE) instead of atLevel(Level.FATAL). This was causing FATAL-level log events to be silently discarded when using the fluent API through the log4j-to-slf4j bridge. (#4068, #4089)
• Fix Javadoc references across module boundaries (i.e., cross-references) (#4099, #4100)
• Fix header write in RollingRandomAccessFileManager that was being incorrectly skipped if append=true and the file didn't exist before
• Fix a properties file configuration regression caused by not referenced loggers, appenders, and filters (#4036, #4069)

Removed

• Remove the jvmrunargs lookup. (#3874)

Updated

• Update org.junit:junit-bom to version 5.13.4 (#3850)
• Update org.mongodb:bson to version 5.6.1 (#3961)
• Update org.xerial.snappy:snappy-java to version 1.1.10.8 (#3841)

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

• Restores alignment between documented and actual configuration attributes.
• Fixes formatting and sanitization issues in XML and RFC5424 layouts.
• Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

• Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)

... (truncated)

Commits

• c1ad2a6 Update the project.build.outputTimestamp property
• 8b3a799 Set version to 2.26.0
• 96486eb Merge remote-tracking branch 'origin/2.x' into release/2.26.0
• 8243257 Add documentation for MessageRewritePolicy (#4042)
• 2a15414 Add documentation pointer to the Async HTTP Appender of more-log4j2 (#4062)
• b178cb1 Switch CI to gha/v0 and remove Develocity (#4108)
• 23321de Remove changelog entries for already released changes
• def55fc Add .release.xml and .release-notes.adoc.ftl
• 0e019f2 Move changelog entries
• a487a5d Tidy up changelog
• Additional commits viewable in compare vi...

  Description has been truncated

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml