Skip to content

chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates#1116

Merged
bot-sdk-js merged 1 commit intomainfrom
dependabot/maven/main/production-minor-patch-ff2289b480
Mar 10, 2026
Merged

chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates#1116
bot-sdk-js merged 1 commit intomainfrom
dependabot/maven/main/production-minor-patch-ff2289b480

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the production-minor-patch group with 13 updates in the / directory:

Package From To
org.apache.maven:maven-core 3.9.12 3.9.13
org.apache.maven:maven-plugin-api 3.9.12 3.9.13
org.apache.maven:maven-compat 3.9.12 3.9.13
io.swagger.core.v3:swagger-models 2.2.43 2.2.44
org.assertj:assertj-vavr 0.4.3 0.5.0
org.yaml:snakeyaml 2.5 2.6
com.sap.cloud.security:java-bom 3.6.6 3.6.8
io.vavr:vavr 1.0.0 1.0.1
org.checkerframework:checker-qual 3.53.1 3.54.0
com.google.errorprone:error_prone_annotations 2.47.0 2.48.0
io.spiffe:java-spiffe-core 0.8.15 0.8.16
io.spiffe:grpc-netty-linux 0.8.15 0.8.16
joda-time:joda-time 2.14.0 2.14.1

Updates org.apache.maven:maven-core from 3.9.12 to 3.9.13

Updates org.apache.maven:maven-plugin-api from 3.9.12 to 3.9.13

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.13

🐛 Bug Fixes

  • Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @​cstamas
  • [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • 39d686b [maven-release-plugin] prepare release maven-3.9.13
  • 1779f34 Maven Resolver 1.9.27 (#11732)
  • 18a5264 Bump resolverVersion from 1.9.25 to 1.9.26 (#11725)
  • c081a92 Update Maven plugin versions in default-bindings.xml
  • dea5f14 Bug: SecDispatcher is managed by legacy Plexus DI (#11711)
  • 5bcfc50 Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706)
  • 067cb25 Bump actions/cache from 5.0.2 to 5.0.3 (#11688)
  • d898a51 Fix build
  • 71656a5 Bump org.apache.maven:maven-parent from 45 to 47
  • ad17267 Bump actions/checkout from 6.0.1 to 6.0.2 (#11666)
  • Additional commits viewable in compare view

Updates org.apache.maven:maven-compat from 3.9.12 to 3.9.13

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.13

🐛 Bug Fixes

  • Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @​cstamas
  • [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • 39d686b [maven-release-plugin] prepare release maven-3.9.13
  • 1779f34 Maven Resolver 1.9.27 (#11732)
  • 18a5264 Bump resolverVersion from 1.9.25 to 1.9.26 (#11725)
  • c081a92 Update Maven plugin versions in default-bindings.xml
  • dea5f14 Bug: SecDispatcher is managed by legacy Plexus DI (#11711)
  • 5bcfc50 Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706)
  • 067cb25 Bump actions/cache from 5.0.2 to 5.0.3 (#11688)
  • d898a51 Fix build
  • 71656a5 Bump org.apache.maven:maven-parent from 45 to 47
  • ad17267 Bump actions/checkout from 6.0.1 to 6.0.2 (#11666)
  • Additional commits viewable in compare view

Updates org.apache.maven:maven-plugin-api from 3.9.12 to 3.9.13

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.13

🐛 Bug Fixes

  • Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @​cstamas
  • [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • 39d686b [maven-release-plugin] prepare release maven-3.9.13
  • 1779f34 Maven Resolver 1.9.27 (#11732)
  • 18a5264 Bump resolverVersion from 1.9.25 to 1.9.26 (#11725)
  • c081a92 Update Maven plugin versions in default-bindings.xml
  • dea5f14 Bug: SecDispatcher is managed by legacy Plexus DI (#11711)
  • 5bcfc50 Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706)
  • 067cb25 Bump actions/cache from 5.0.2 to 5.0.3 (#11688)
  • d898a51 Fix build
  • 71656a5 Bump org.apache.maven:maven-parent from 45 to 47
  • ad17267 Bump actions/checkout from 6.0.1 to 6.0.2 (#11666)
  • Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-models from 2.2.43 to 2.2.44

Updates org.assertj:assertj-vavr from 0.4.3 to 0.5.0

Release notes

Sourced from org.assertj:assertj-vavr's releases.

v0.5.0

What's Changed

New Contributors

Full Changelog: assertj/assertj-vavr@v0.4.3...v0.5.0

Commits

Updates org.apache.maven:maven-compat from 3.9.12 to 3.9.13

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.13

🐛 Bug Fixes

  • Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @​cstamas
  • [3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @​cstamas

👻 Maintenance

📦 Dependency updates

Commits
  • 39d686b [maven-release-plugin] prepare release maven-3.9.13
  • 1779f34 Maven Resolver 1.9.27 (#11732)
  • 18a5264 Bump resolverVersion from 1.9.25 to 1.9.26 (#11725)
  • c081a92 Update Maven plugin versions in default-bindings.xml
  • dea5f14 Bug: SecDispatcher is managed by legacy Plexus DI (#11711)
  • 5bcfc50 Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706)
  • 067cb25 Bump actions/cache from 5.0.2 to 5.0.3 (#11688)
  • d898a51 Fix build
  • 71656a5 Bump org.apache.maven:maven-parent from 45 to 47
  • ad17267 Bump actions/checkout from 6.0.1 to 6.0.2 (#11666)
  • Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

Updates com.sap.cloud.security:java-bom from 3.6.6 to 3.6.8

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.6.8

3.6.8

  • Fix hybrid authentication issue where IAS Configuration was incorrectly used for XSUAA token exchange instead of XSUAA Configuration in HybridIdentityServicesAutoConfiguration

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.6 to 12.1.7

3.6.7

  • Fix FIPS compatibility by using default KeyManagerFactory algorithm instead of hardcoded "SunX509"
  • Fix "Connection pool shut down" exception by properly reusing cached SSL connections

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.5 to 12.1.6
  • Bump io.projectreactor:reactor-core from 3.8.2 to 3.8.3
  • Bump io.projectreactor:reactor-test from 3.8.2 to 3.8.3
  • Bump org.mockito:mockito-core from 5.21.0 to 5.22.0
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5
Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

3.6.8

  • Fix hybrid authentication issue where IAS Configuration was incorrectly used for XSUAA token exchange instead of XSUAA Configuration in HybridIdentityServicesAutoConfiguration

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.6 to 12.1.7

3.6.7

  • Fix FIPS compatibility by using default KeyManagerFactory algorithm instead of hardcoded "SunX509"
  • Fix "Connection pool shut down" exception by properly reusing cached SSL connections

Dependency upgrades

  • Bump org.eclipse.jetty:jetty-bom from 12.1.5 to 12.1.6
  • Bump io.projectreactor:reactor-core from 3.8.2 to 3.8.3
  • Bump io.projectreactor:reactor-test from 3.8.2 to 3.8.3
  • Bump org.mockito:mockito-core from 5.21.0 to 5.22.0
  • Bump org.assertj:assertj-core from 3.27.6 to 3.27.7
  • Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5
Commits

Updates io.vavr:vavr from 1.0.0 to 1.0.1

Release notes

Sourced from io.vavr:vavr's releases.

v1.0.1

Fixes a native HashMap serialization bug, which serialized the internal HashArrayMappedTrie structure including the pre-computed hash values of keys.

For keys like enums that use Object.hashCode() (non-deterministic across JVM restarts), these stored hash values would differ in another process, causing lookups to fail.

giphy-3

Full Changelog: vavr-io/vavr@v1.0.0...v1.0.1

Commits
  • ee2a57b [maven-release-plugin] prepare release v1.0.1 [ci skip]
  • 9f4e95e update project version to 1.0.1-SNAPSHOT
  • 08e55f4 Added the serialization proxy pattern to HashMap (#3242)
  • See full diff in compare view

Updates org.checkerframework:checker-qual from 3.53.1 to 3.54.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.54.0

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

  • Added -AinferOutputDirectory.
  • Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

  • Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

  • Renamed field message to key.
  • Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.54.0 (2026-03-02)

User-visible changes

Command-line arguments:

  • Added -AinferOutputDirectory.
  • Removed long-deprecated -Alint=forbidnonnullarraycomponents.

New command-line argument -Aonelinemsg puts error messages on a single line. This is useful when using a tool that only shows the first line of the error.

The command-line argument -Anomsgtext surrounds the error key with brackets instead of parenthesis. This matches Java error messages.

Implementation details

In AnnotatedTypeFactory, canonicalAnnotation() returns a non-null value.

In AnnotationClassLoader:

  • Renamed hasWellDefinedTargetMetaAnnotation() to isTypeQualifierAnnotation(). The method now returns true for annotations bearing @InvisibleQualifier or @SubtypeOf, in addition to the existing @Target(TYPE_USE) check.

In TestDiagnostic:

  • Renamed field message to key.
  • Added new nullable field message for the full message without the key.

Removed classes and methods that have been deprecated for more than two years.

Closed issues

#6874, #7471, #7475, #7486.

Commits
  • a6eff70 new release 3.54.0
  • fd34700 Prep for release.
  • edb6e7a Print error key in brackets (#7525)
  • a79b1de Show details of the error message in test failures (#7513)
  • a5ecc22 Clone the JDK using the same fork and branch as CF (#7491)
  • 2770c52 Update cimg/base Docker tag to v2026.03
  • bba6bc9 Update plugin com-gradleup-shadow to v9.3.2
  • 3a6d4d4 Update error-prone monorepo to v2.48.0
  • 70aa5f3 Update plugin net-ltgt-errorprone to v5.1.0
  • 0dbd3e7 Prepare for javac AST changes
  • Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_annotations from 2.47.0 to 2.48.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.48.0

Changes:

New checks:

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Commits
  • 7cec0a0 Release Error Prone 2.48.0
  • 01c603a Extend MissingTestCall to check for member references.
  • 3d817b0 Handle var in UnnecessaryBoxedVariable
  • ad26f3e Add ConcurrentHashMap.keys() and ConcurrentHashMap.elements() to `JdkObso...
  • 7926dbc Fix MustBeClosedChecker crash on flexible constructors.
  • d08f003 Check for jakarta annotations in DI checks
  • 171448c Add android internal GuardedBy to ACCEPTED_GUARDED_BY_ANNOTATIONS
  • 5cb6075 Remove the MissingTestCall:MatchGraphVerify flag.
  • ab81681 Improve crash messages for fixes that don't apply
  • fe9bb21 Add a test to confirm that TimeUnitMismatch catches `seconds * 1000 + nanos /...
  • Additional commits viewable in compare view

Updates io.spiffe:java-spiffe-core from 0.8.15 to 0.8.16

Release notes

Sourced from io.spiffe:java-spiffe-core's releases.

v0.8.16

Fixed

  • Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
  • Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
  • Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
  • Validate presence of JWT audience claim during parsing (#399)

Dependency updates

  • Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
  • Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
  • Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)
Changelog

Sourced from io.spiffe:java-spiffe-core's changelog.

[0.8.16] - 2026-02-25

Fixed

  • Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
  • Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
  • Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
  • Validate presence of JWT audience claim during parsing (#399)

Dependency updates

  • Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
  • Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
  • Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Build

  • Simplify Dependabot config and group coupled Gradle dependencies (#403)
Commits
  • 393a892 chore(release): prepare release 0.8.16 (#407)
  • be7416e chore(deps): bump com.nimbusds:nimbus-jose-jwt from 10.7 to 10.8 (#409)
  • 4bd0149 chore(ci): bump java-spiffe-helper ci charts versions (#408)
  • 753812a chore(ci): simplify dependabot config and group coupled gradle deps (#403)
  • c616b61 Bump gradle-wrapper from 9.3.0 to 9.3.1 (#401)
  • f8e1695 Bump grpcVersion from 1.78.0 to 1.79.0 (#402)
  • 157d491 Bump gradle-wrapper from 9.2.1 to 9.3.0 (#400)
  • 4d1cee3 fix(core): harden parsing and cache edge cases (#399)
  • 8bf98fb fix(x509source): ensure atomic snapshot of SVID and bundles (#397)
  • f9969c1 fix(spiffeid): require spiffe:// prefix when parsing IDs (#398)
  • Additional commits viewable in compare view

Updates io.spiffe:grpc-netty-linux from 0.8.15 to 0.8.16

Release notes

Sourced from io.spiffe:grpc-netty-linux's releases.

v0.8.16

Fixed

  • Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
  • Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
  • Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
  • Validate presence of JWT audience claim during parsing (#399)

Dependency updates

  • Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
  • Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
  • Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)
Changelog

Sourced from io.spiffe:grpc-netty-linux's changelog.

[0.8.16] - 2026-02-25

Fixed

  • Require spiffe:// prefix when parsing SPIFFE IDs, tightening scheme validation (#398)
  • Ensure atomic snapshot of X.509 SVID and bundles in DefaultX509Source, preventing torn reads under concurrency (#397)
  • Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399)
  • Validate presence of JWT audience claim during parsing (#399)

Dependency updates

  • Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402)
  • Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409)
  • Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401)

Build

  • Simplify Dependabot config and group coupled Gradle dependencies (#403)
Commits
  • 393a892 chore(release): prepare release 0.8.16 (#407)
  • be7416e chore(deps): bump com.nimbusds:nimbus-jose-jwt from 10.7 to 10.8 (#409)
  • 4bd0149 chore(ci): bump java-spiffe-helper ci charts versions (#408)
  • 753812a chore(ci): simplify dependabot config and group coupled gradle deps (#403)
  • c616b61 Bump gradle-wrapper from 9.3.0 to 9.3.1 (#401)
  • f8e1695 Bump grpcVersion from 1.78.0 to 1.79.0 (#402)
  • 157d491 Bump gradle-wrapper from 9.2.1 to 9.3.0 (#400)
  • 4d1cee3 fix(core): harden parsing and cache edge cases (#399)
  • 8bf98fb fix(x509source): ensure atomic snapshot of SVID and bundles (#397)
  • f9969c1 fix(spiffeid): require spiffe:// prefix when parsing IDs (#398)
  • Additional commits viewable in compare view

Updates joda-time:joda-time from 2.14.0 to 2.14.1

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.14.1

See the change notes for more information.

What's Changed

@dependabot
chore: [DevOps] bump the production-minor-patch group across 1 direct…
75e9201 
…ory with 13 updates

Bumps the production-minor-patch group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| org.apache.maven:maven-core | `3.9.12` | `3.9.13` |
| [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.12` | `3.9.13` |
| [org.apache.maven:maven-compat](https://github.com/apache/maven) | `3.9.12` | `3.9.13` |
| io.swagger.core.v3:swagger-models | `2.2.43` | `2.2.44` |
| [org.assertj:assertj-vavr](https://github.com/assertj/assertj-vavr) | `0.4.3` | `0.5.0` |
| [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) | `2.5` | `2.6` |
| [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration) | `3.6.6` | `3.6.8` |
| [io.vavr:vavr](https://github.com/vavr-io/vavr) | `1.0.0` | `1.0.1` |
| [org.checkerframework:checker-qual](https://github.com/typetools/checker-framework) | `3.53.1` | `3.54.0` |
| [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) | `2.47.0` | `2.48.0` |
| [io.spiffe:java-spiffe-core](https://github.com/spiffe/java-spiffe) | `0.8.15` | `0.8.16` |
| [io.spiffe:grpc-netty-linux](https://github.com/spiffe/java-spiffe) | `0.8.15` | `0.8.16` |
| [joda-time:joda-time](https://github.com/JodaOrg/joda-time) | `2.14.0` | `2.14.1` |



Updates `org.apache.maven:maven-core` from 3.9.12 to 3.9.13

Updates `org.apache.maven:maven-plugin-api` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.12...maven-3.9.13)

Updates `org.apache.maven:maven-compat` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.12...maven-3.9.13)

Updates `org.apache.maven:maven-plugin-api` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.12...maven-3.9.13)

Updates `io.swagger.core.v3:swagger-models` from 2.2.43 to 2.2.44

Updates `org.assertj:assertj-vavr` from 0.4.3 to 0.5.0
- [Release notes](https://github.com/assertj/assertj-vavr/releases)
- [Commits](assertj/assertj-vavr@v0.4.3...v0.5.0)

Updates `org.apache.maven:maven-compat` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.12...maven-3.9.13)

Updates `org.yaml:snakeyaml` from 2.5 to 2.6
- [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.6..snakeyaml-2.5)

Updates `com.sap.cloud.security:java-bom` from 3.6.6 to 3.6.8
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](SAP/cloud-security-services-integration-library@3.6.6...3.6.8)

Updates `io.vavr:vavr` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/vavr-io/vavr/releases)
- [Commits](vavr-io/vavr@v1.0.0...v1.0.1)

Updates `org.checkerframework:checker-qual` from 3.53.1 to 3.54.0
- [Release notes](https://github.com/typetools/checker-framework/releases)
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md)
- [Commits](typetools/checker-framework@checker-framework-3.53.1...checker-framework-3.54.0)

Updates `com.google.errorprone:error_prone_annotations` from 2.47.0 to 2.48.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](google/error-prone@v2.47.0...v2.48.0)

Updates `io.spiffe:java-spiffe-core` from 0.8.15 to 0.8.16
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/java-spiffe@v0.8.15...v0.8.16)

Updates `io.spiffe:grpc-netty-linux` from 0.8.15 to 0.8.16
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/java-spiffe@v0.8.15...v0.8.16)

Updates `joda-time:joda-time` from 2.14.0 to 2.14.1
- [Release notes](https://github.com/JodaOrg/joda-time/releases)
- [Changelog](https://github.com/JodaOrg/joda-time/blob/main/RELEASE-NOTES.txt)
- [Commits](JodaOrg/joda-time@v2.14.0...v2.14.1)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.core.v3:swagger-models
  dependency-version: 2.2.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.assertj:assertj-vavr
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.yaml:snakeyaml
  dependency-version: '2.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 3.6.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.vavr:vavr
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.checkerframework:checker-qual
  dependency-version: 3.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: com.google.errorprone:error_prone_annotations
  dependency-version: 2.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:java-spiffe-core
  dependency-version: 0.8.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:grpc-netty-linux
  dependency-version: 0.8.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: joda-time:joda-time
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 9, 2026
@bot-sdk-js bot-sdk-js enabled auto-merge (squash) March 10, 2026 10:24
@bot-sdk-js bot-sdk-js merged commit cdeee1b into main Mar 10, 2026
13 checks passed
@bot-sdk-js bot-sdk-js deleted the dependabot/maven/main/production-minor-patch-ff2289b480 branch March 10, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bot-sdk-js bot-sdk-js bot-sdk-js approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bot-sdk-js