From 290851d12b346281e4f4ab4fd83f15a24308b235 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 30 Jan 2026 17:23:19 +0000 Subject: [PATCH 1/2] chore: Phase 1A non-breaking dependency updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update 19 dependencies and 4 Maven plugins with drop-in replacements: Apache Commons (6): - commons-text: 1.13.1 → 1.15.0 - commons-compress: 1.26.0 → 1.28.0 (security critical) - commons-validator: 1.9.0 → 1.10.1 - commons-net: 3.11.1 → 3.12.0 - commons-exec: 1.4.0 → 1.5.0 - commons-digester3: 3.2 → 3.3 Security Libraries (3): - encoder: 1.2.1 → 1.4.0 (synchronized with encoder-jsp) - encoder-jsp: 1.2.3 → 1.4.0 (synchronized with encoder) - spring-security-crypto: 6.3.9 → 6.4.4 Utility Libraries (5): - guava: 33.4.8-jre → 33.5.0-jre - zxing-core: 3.5.3 → 3.5.4 (synchronized with javase) - zxing-javase: 3.5.3 → 3.5.4 (synchronized with core) - twelvemonkeys-common-lang: 3.12.0 → 3.13.0 - annotations (JetBrains): 24.1.0 → 26.0.2-1 Test Dependencies (3): - mockito-core: 5.8.0 → 5.21.0 (synchronized with junit-jupiter) - mockito-junit-jupiter: 5.8.0 → 5.21.0 (synchronized with core) - assertj-core: 3.24.2 → 3.27.6 Maven Plugins (4): - jacoco-maven-plugin: 0.8.11 → 0.8.15 - maven-pmd-plugin: 3.27.0 → 3.28.0 - pmd-core: 7.10.0 → 7.20.0 (synchronized with pmd-java) - pmd-java: 7.10.0 → 7.20.0 (synchronized with pmd-core) - maven-surefire-plugin: 3.2.5 → 3.5.4 All updates are backward compatible with zero code changes required. All version synchronization requirements met. Fixes #2253 Co-authored-by: Michael Yingbull --- pom.xml | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/pom.xml b/pom.xml index 4a6292c88a9..e9f9d91d760 100644 --- a/pom.xml +++ b/pom.xml @@ -213,7 +213,7 @@ org.apache.commons commons-text - 1.13.1 + 1.15.0 @@ -248,7 +248,7 @@ commons-validator commons-validator - 1.9.0 + 1.10.1 @@ -276,7 +276,7 @@ org.apache.commons commons-digester3 - 3.2 + 3.3 commons-beanutils @@ -293,7 +293,7 @@ org.apache.commons commons-compress - 1.26.0 + 1.28.0 org.apache.commons @@ -306,7 +306,7 @@ commons-net commons-net - 3.11.1 + 3.12.0 @@ -492,7 +492,7 @@ org.springframework.security spring-security-crypto - 6.3.9 + 6.4.4 @@ -554,7 +554,7 @@ com.twelvemonkeys.common common-lang - 3.12.0 + 3.13.0 @@ -805,12 +805,12 @@ com.google.zxing core - 3.5.3 + 3.5.4 com.google.zxing javase - 3.5.3 + 3.5.4 @@ -1164,12 +1164,12 @@ org.owasp.encoder encoder-jsp - 1.2.3 + 1.4.0 org.owasp.encoder encoder - 1.2.1 + 1.4.0 @@ -1202,7 +1202,7 @@ org.apache.commons commons-exec - 1.4.0 + 1.5.0 @@ -1215,7 +1215,7 @@ org.jetbrains annotations - 24.1.0 + 26.0.2-1 compile @@ -1265,7 +1265,7 @@ org.mockito mockito-core - 5.8.0 + 5.21.0 test @@ -1275,7 +1275,7 @@ org.assertj assertj-core - 3.24.2 + 3.27.6 test @@ -1314,7 +1314,7 @@ com.google.guava guava - 33.4.8-jre + 33.5.0-jre @@ -1444,7 +1444,7 @@ org.jacoco jacoco-maven-plugin - 0.8.11 + 0.8.15 @@ -1640,30 +1640,30 @@ org.apache.maven.plugins maven-pmd-plugin - 3.27.0 + 3.28.0 21 - + utils/pmd_rules.xml - + false 100 true false - + true ${project.build.directory}/pmd/pmd.cache - + html ${project.build.directory}/pmd - + target/generated-sources @@ -1677,12 +1677,12 @@ net.sourceforge.pmd pmd-core - 7.10.0 + 7.20.0 net.sourceforge.pmd pmd-java - 7.10.0 + 7.20.0 @@ -1690,7 +1690,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.5 + 3.5.4 @@ -1889,7 +1889,7 @@ org.mockito mockito-junit-jupiter - 5.8.0 + 5.21.0 test From ed0bd61bcc185289a0fa3cbfa8b26937e94d47e1 Mon Sep 17 00:00:00 2001 From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com> Date: Fri, 30 Jan 2026 19:55:57 +0000 Subject: [PATCH 2/2] chore: revert spring-security-crypto to 6.3.9 Co-authored-by: Michael Yingbull --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e9f9d91d760..b51053ea6ff 100644 --- a/pom.xml +++ b/pom.xml @@ -492,7 +492,7 @@ org.springframework.security spring-security-crypto - 6.4.4 + 6.3.9