Skip to content

chore: [DevOps] bump the production-minor-patch group with 18 updates#1161

Merged
sap-cloud-sdk-bot[bot] merged 1 commit intomainfrom
dependabot/maven/main/production-minor-patch-6bf01168a4
Apr 28, 2026
Merged

chore: [DevOps] bump the production-minor-patch group with 18 updates#1161
sap-cloud-sdk-bot[bot] merged 1 commit intomainfrom
dependabot/maven/main/production-minor-patch-6bf01168a4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 28, 2026

Bumps the production-minor-patch group with 18 updates:

Package From To
org.springframework:spring-framework-bom 6.2.17 6.2.18
org.apache.maven:maven-core 3.9.14 3.9.15
org.apache.maven:maven-plugin-api 3.9.14 3.9.15
org.apache.maven:maven-compat 3.9.14 3.9.15
io.swagger.core.v3:swagger-models 2.2.45 2.2.48
io.swagger.parser.v3:swagger-parser 2.1.39 2.1.40
io.swagger.parser.v3:swagger-parser-core 2.1.39 2.1.40
org.codehaus.woodstox:stax2-api 4.2.2 4.3.0
commons-codec:commons-codec 1.21.0 1.22.0
org.projectlombok:lombok 1.18.44 1.18.46
com.sap.cloud.security:java-bom 4.0.3 4.0.4
com.google.code.gson:gson 2.13.2 2.14.0
commons-io:commons-io 2.21.0 2.22.0
org.apache.httpcomponents.client5:httpclient5 5.6 5.6.1
com.google.errorprone:error_prone_annotations 2.48.0 2.49.0
io.netty:netty-bom 4.1.132.Final 4.2.12.Final
io.spiffe:java-spiffe-core 0.8.16 0.8.17
io.spiffe:grpc-netty-linux 0.8.16 0.8.17

Updates org.springframework:spring-framework-bom from 6.2.17 to 6.2.18

Release notes

Sourced from org.springframework:spring-framework-bom's releases.

v6.2.18

⭐ New Features

  • Improve SpringValidatorAdapter and MethodValidationAdapter performance #36624
  • Add missing @Deprecated(forRemoval = true) for deleted in 7.0 #36591
  • Deprecate methodIdentification() in CacheAspectSupport for removal #36576
  • Improve error handling in multipart codecs #36564
  • LazyConnectionDataSourceProxy does not work well with Hibernate's multi-tenancy by schema strategy #36529
  • MySQL Error 149 (Galera/WSREP conflict) not translated to ConcurrencyFailureException in Spring JDBC/ORM #36510

🐞 Bug Fixes

  • Handle Kotlin nullable value class param correctly in CoroutineUtils #36643
  • NullPointerException in ServerSentEvent when trying to set id or event properties #36634
  • @Sql fails if DataSource is wrapped in a TransactionAwareDataSourceProxy #36630
  • WebDataBinder unnecessarily instantiates collections when using the "!" and "_" prefixes #36627
  • Cache pollution from high-cardinality FieldError default messages in MessageSourceSupport #36623
  • ContentCachingRequestWrapper does not allow unlimited content caching #36620
  • MergedAnnotation does not use ClassLoader for method or field #36614
  • AnnotationBeanNameGenerator fails when an annotation references a non-existent class #36588
  • FileSystemResource does not strictly follow the Resource#isReadable() contract #36585
  • Query not hidden in DefaultClientResponse checkpoint #36571
  • LazyConnectionDataSourceProxy does not pass on holdability to target Connection #36530
  • DefaultJmsListenerContainer may hang in an endless loop in doShutdown #36511
  • Inconsistent codings resolution in resource resolvers #36508

📔 Documentation

  • Clarify semantics of HttpMethod.valueOf() #36653
  • Document that spring.profiles.active is ignored by @ActiveProfiles #36636
  • Document whitespace semantics in SpEL expressions #36629
  • MergedAnnotation.asAnnotationAttributes() Javadoc incorrectly states that it creates an immutable map #36568
  • Introduce Kotlin examples for Bean Overrides (@MockitoBean, etc.) #36542
  • Fix incorrect cross-reference links in AbstractEnvironment Javadoc #36517

🔨 Dependency Upgrades

  • Upgrade to Micrometer 1.15.11 #36661
  • Upgrade to Reactor 2024.0.17 #36660
Commits
  • 6b11724 Release v6.2.18
  • f6671e7 Upgrade to Reactor 2024.0.17 and Micrometer 1.15.11
  • b338fdd Add doOnDiscard in MultipartHttpMessageReader
  • 4e3f264 Add missing tests for WebRequestDataBinder
  • 9e0b83e Polish WebRequestDataBinderTests
  • af4b122 Extract ServletRequestParameterPropertyValuesTests
  • 623ccd1 Revise "Skip binding entirely when field is not allowed"
  • 69068ba Further clarify semantics of HttpMethod.valueOf()
  • f182f9a Clarify semantics of HttpMethod.valueOf()
  • 9d14448 Improve SpEL tests for Elvis and Ternary operators
  • Additional commits viewable in compare view

Updates org.apache.maven:maven-core from 3.9.14 to 3.9.15

Updates org.apache.maven:maven-plugin-api from 3.9.14 to 3.9.15

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.15

📝 Documentation updates

📦 Dependency updates

Commits
  • 98b2cdb [maven-release-plugin] prepare release maven-3.9.15
  • 221f0b5 Use new Maven logos in documentation
  • 4329770 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11932)
  • f341795 Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1
  • f37986d Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#11865)
  • 9ac23b0 Bump actions/cache from 5.0.3 to 5.0.4 (#11813)
  • 3f0b263 Update README.md
  • 4b79fff document the only supported value: 4.0.0
  • 32a0564 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#11790)
  • 465a93c [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.apache.maven:maven-compat from 3.9.14 to 3.9.15

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.15

📝 Documentation updates

📦 Dependency updates

Commits
  • 98b2cdb [maven-release-plugin] prepare release maven-3.9.15
  • 221f0b5 Use new Maven logos in documentation
  • 4329770 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11932)
  • f341795 Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1
  • f37986d Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#11865)
  • 9ac23b0 Bump actions/cache from 5.0.3 to 5.0.4 (#11813)
  • 3f0b263 Update README.md
  • 4b79fff document the only supported value: 4.0.0
  • 32a0564 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#11790)
  • 465a93c [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.apache.maven:maven-plugin-api from 3.9.14 to 3.9.15

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.15

📝 Documentation updates

📦 Dependency updates

Commits
  • 98b2cdb [maven-release-plugin] prepare release maven-3.9.15
  • 221f0b5 Use new Maven logos in documentation
  • 4329770 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11932)
  • f341795 Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1
  • f37986d Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#11865)
  • 9ac23b0 Bump actions/cache from 5.0.3 to 5.0.4 (#11813)
  • 3f0b263 Update README.md
  • 4b79fff document the only supported value: 4.0.0
  • 32a0564 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#11790)
  • 465a93c [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates io.swagger.core.v3:swagger-models from 2.2.45 to 2.2.48

Updates io.swagger.parser.v3:swagger-parser from 2.1.39 to 2.1.40

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.40 released!

  • Update peter-evans/create-pull-request to v8 (#2308)
  • chore: bump core version to 2.2.48 (#2306)
  • fix: ensure maxYamlCodePoints is reliably set and cleaned up in large file tests (#2305)
  • Update gh actions (#2300)
Commits

Updates io.swagger.parser.v3:swagger-parser-core from 2.1.39 to 2.1.40

Updates io.swagger.parser.v3:swagger-parser-core from 2.1.39 to 2.1.40

Updates org.apache.maven:maven-compat from 3.9.14 to 3.9.15

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.15

📝 Documentation updates

📦 Dependency updates

Commits
  • 98b2cdb [maven-release-plugin] prepare release maven-3.9.15
  • 221f0b5 Use new Maven logos in documentation
  • 4329770 Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#11932)
  • f341795 Bump org.codehaus.plexus:plexus-utils from 3.6.0 to 3.6.1
  • f37986d Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#11865)
  • 9ac23b0 Bump actions/cache from 5.0.3 to 5.0.4 (#11813)
  • 3f0b263 Update README.md
  • 4b79fff document the only supported value: 4.0.0
  • 32a0564 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#11790)
  • 465a93c [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.codehaus.woodstox:stax2-api from 4.2.2 to 4.3.0

Commits
  • 92c7525 [maven-release-plugin] prepare release stax2-api-4.3.0
  • 7b962fc Merge pull request #35 from FasterXML/tatu/4.3/34-java8-baseline
  • e14a205 Fix #34: increase Java baseline to Java 8 (from 6)
  • edd4992 Fix CI deprecation warning
  • 97fd521 Update Maven wrapper
  • 3280734 Update to 4.3.0-SNAPSHOT
  • 35ccd37 Merge pull request #33 from winfriedgerlach/fix-expand-bug-in-Array-decoders
  • 84b2fc8 Update release notes
  • 6e4752d fix indentation
  • 1082731 fix: ArrayDecoders can run into ArrayIndexOutOfBoundsException when start != 0
  • Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.21.0 to 1.22.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.22.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

  • CODEC-326: Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.
  •         Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.
  • CODEC-335: Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.

Fixed Bugs

  • CODEC-249: Fix Incorrect transform of CH digraph according Metaphone basic rules #423. Thanks to Shalu Jha, Andrey, Gary Gregory.
  • CODEC-317: ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.
  •         Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.
  • CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.

Changes

  •         Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

Commits

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

  • PLATFORM: JDK26 support added #4019.
  • PLATFORM: Spring Tools Suite 5 supported #3985.
  • BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
  • BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
  • BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.
Commits
  • 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
  • fcdab3f [version] pre-release version bump
  • 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
  • 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
  • 2be766c Merge branch 'jackson3-final-touches'
  • 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
  • e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
  • 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
  • 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
  • e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
  • Additional commits viewable in compare view

Updates com.sap.cloud.security:java-bom from 4.0.3 to 4.0.4

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

4.0.4

improve domain validation handling

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

4.0.4

  • Improve domain validation handling in JwtValidatorBuilder for IAS tokens
Commits

Updates com.google.code.gson:gson from 2.13.2 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

  • Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

    When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

    With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

  • Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

    This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

  • Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

    Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

  • Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

    This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

  • Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

    The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

  • Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

    This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

  • Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

New Contributors

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Commits
  • 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
  • a3024fd Bump the maven group with 13 updates (#3002)
  • 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
  • 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
  • 53d703e Update outdated comment regarding serializable types (#3012)
  • 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
  • f4d371d Fix duplicate key detection when first value is null (#3006)
  • 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
  • 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
  • b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
  • Additional commits viewable in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates org.apache.httpcomponents.client5:httpclient5 from 5.6 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

  • Fix SCRAM final response handling. Contributed by Arturo Bernal

  • Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

  • Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

  • Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

  • HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

  • HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

  • HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

  • Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

  • DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

  • HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

  • Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Commits
  • 4f86ca6 HttpClient 5.6.1 release
  • 1b2bafe Updated release notes for HttpClient 5.6.1 release
  • 1acf00b Fix SCRAM final response handling
  • 49549ab Auth challenge parsing code improvement
  • fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
  • 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
  • c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
  • 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
  • 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
  • 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
  • Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_annotations from 2.48.0 to 2.49.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

  • Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
  • Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
  • Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
  • New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Commits
  • 89d75c1 Release Error Prone 2.49.0
  • 0b7b03b Fix up some javadoc on `ModifySourceCollectionInStream.isStreamApiInvocationO...
  • fe5a7b1 Remove old FieldMatchers API
  • d54a1d1 Fix up some Finally javadocs.
  • d93b319 [RefactorSwitch] bugfix comment handling
  • ff59782 [IfChainToSwitch] cleanup redundant conditions in ternary. No functional cha...
  • 43b6df6 Generalise DuplicateAssertion to handle check* methods.
  • 2c4346f Fix a bug in BooleanLiteral: it currently suggests replacing `Boolean.FALSE...
  • 559039b [IfChainToSwitch] doc-only change. fix typo in code comments.
  • 393c61c [IfChainToSwitch] enhance code generation to emit unnamed variables, when sup...
  • Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.1.132.Final to 4.2.12.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: netty/netty@netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

@dependabot
chore: [DevOps] bump the production-minor-patch group with 18 updates
3d02064 
Bumps the production-minor-patch group with 18 updates:

| Package | From | To |
| --- | --- | --- |
| [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) | `6.2.17` | `6.2.18` |
| org.apache.maven:maven-core | `3.9.14` | `3.9.15` |
| [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.14` | `3.9.15` |
| [org.apache.maven:maven-compat](https://github.com/apache/maven) | `3.9.14` | `3.9.15` |
| io.swagger.core.v3:swagger-models | `2.2.45` | `2.2.48` |
| [io.swagger.parser.v3:swagger-parser](https://github.com/swagger-api/swagger-parser) | `2.1.39` | `2.1.40` |
| io.swagger.parser.v3:swagger-parser-core | `2.1.39` | `2.1.40` |
| [org.codehaus.woodstox:stax2-api](https://github.com/FasterXML/stax2-api) | `4.2.2` | `4.3.0` |
| [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.21.0` | `1.22.0` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.44` | `1.18.46` |
| [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration) | `4.0.3` | `4.0.4` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.2` | `2.14.0` |
| commons-io:commons-io | `2.21.0` | `2.22.0` |
| [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) | `5.6` | `5.6.1` |
| [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) | `2.48.0` | `2.49.0` |
| [io.netty:netty-bom](https://github.com/netty/netty) | `4.1.132.Final` | `4.2.12.Final` |
| [io.spiffe:java-spiffe-core](https://github.com/spiffe/java-spiffe) | `0.8.16` | `0.8.17` |
| [io.spiffe:grpc-netty-linux](https://github.com/spiffe/java-spiffe) | `0.8.16` | `0.8.17` |


Updates `org.springframework:spring-framework-bom` from 6.2.17 to 6.2.18
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.2.17...v6.2.18)

Updates `org.apache.maven:maven-core` from 3.9.14 to 3.9.15

Updates `org.apache.maven:maven-plugin-api` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.14...maven-3.9.15)

Updates `org.apache.maven:maven-compat` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.14...maven-3.9.15)

Updates `org.apache.maven:maven-plugin-api` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.14...maven-3.9.15)

Updates `io.swagger.core.v3:swagger-models` from 2.2.45 to 2.2.48

Updates `io.swagger.parser.v3:swagger-parser` from 2.1.39 to 2.1.40
- [Release notes](https://github.com/swagger-api/swagger-parser/releases)
- [Commits](swagger-api/swagger-parser@v2.1.39...v2.1.40)

Updates `io.swagger.parser.v3:swagger-parser-core` from 2.1.39 to 2.1.40

Updates `io.swagger.parser.v3:swagger-parser-core` from 2.1.39 to 2.1.40

Updates `org.apache.maven:maven-compat` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.14...maven-3.9.15)

Updates `org.codehaus.woodstox:stax2-api` from 4.2.2 to 4.3.0
- [Commits](FasterXML/stax2-api@stax2-api-4.2.2...stax2-api-4.3.0)

Updates `commons-codec:commons-codec` from 1.21.0 to 1.22.0
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](apache/commons-codec@rel/commons-codec-1.21.0...rel/commons-codec-1.22.0)

Updates `org.projectlombok:lombok` from 1.18.44 to 1.18.46
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](projectlombok/lombok@v1.18.44...v1.18.46)

Updates `com.sap.cloud.security:java-bom` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](SAP/cloud-security-services-integration-library@4.0.3...4.0.4)

Updates `com.google.code.gson:gson` from 2.13.2 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.2...gson-parent-2.14.0)

Updates `commons-io:commons-io` from 2.21.0 to 2.22.0

Updates `org.apache.httpcomponents.client5:httpclient5` from 5.6 to 5.6.1
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt)
- [Commits](apache/httpcomponents-client@rel/v5.6...rel/v5.6.1)

Updates `com.google.errorprone:error_prone_annotations` from 2.48.0 to 2.49.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](google/error-prone@v2.48.0...v2.49.0)

Updates `io.netty:netty-bom` from 4.1.132.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](netty/netty@netty-4.1.132.Final...netty-4.2.12.Final)

Updates `io.spiffe:java-spiffe-core` from 0.8.16 to 0.8.17
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/java-spiffe@v0.8.16...v0.8.17)

Updates `io.spiffe:grpc-netty-linux` from 0.8.16 to 0.8.17
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/java-spiffe@v0.8.16...v0.8.17)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-core
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.core.v3:swagger-models
  dependency-version: 2.2.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser-core
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser-core
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.codehaus.woodstox:stax2-api
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: commons-io:commons-io
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.google.errorprone:error_prone_annotations
  dependency-version: 2.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:java-spiffe-core
  dependency-version: 0.8.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:grpc-netty-linux
  dependency-version: 0.8.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 28, 2026
@sap-cloud-sdk-bot sap-cloud-sdk-bot Bot enabled auto-merge (squash) April 28, 2026 10:51
@sap-cloud-sdk-bot sap-cloud-sdk-bot Bot merged commit 033be69 into main Apr 28, 2026
13 checks passed
@sap-cloud-sdk-bot sap-cloud-sdk-bot Bot deleted the dependabot/maven/main/production-minor-patch-6bf01168a4 branch April 28, 2026 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sap-cloud-sdk-bot sap-cloud-sdk-bot[bot] sap-cloud-sdk-bot[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants