From 75e920125734b11698448f4d019aae0d8c40080a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Mar 2026 23:17:51 +0000
Subject: [PATCH] chore: [DevOps] bump the production-minor-patch group across
 1 directory with 13 updates

Bumps the production-minor-patch group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| org.apache.maven:maven-core | `3.9.12` | `3.9.13` |
| [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.12` | `3.9.13` |
| [org.apache.maven:maven-compat](https://github.com/apache/maven) | `3.9.12` | `3.9.13` |
| io.swagger.core.v3:swagger-models | `2.2.43` | `2.2.44` |
| [org.assertj:assertj-vavr](https://github.com/assertj/assertj-vavr) | `0.4.3` | `0.5.0` |
| [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) | `2.5` | `2.6` |
| [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration) | `3.6.6` | `3.6.8` |
| [io.vavr:vavr](https://github.com/vavr-io/vavr) | `1.0.0` | `1.0.1` |
| [org.checkerframework:checker-qual](https://github.com/typetools/checker-framework) | `3.53.1` | `3.54.0` |
| [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) | `2.47.0` | `2.48.0` |
| [io.spiffe:java-spiffe-core](https://github.com/spiffe/java-spiffe) | `0.8.15` | `0.8.16` |
| [io.spiffe:grpc-netty-linux](https://github.com/spiffe/java-spiffe) | `0.8.15` | `0.8.16` |
| [joda-time:joda-time](https://github.com/JodaOrg/joda-time) | `2.14.0` | `2.14.1` |



Updates `org.apache.maven:maven-core` from 3.9.12 to 3.9.13

Updates `org.apache.maven:maven-plugin-api` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.12...maven-3.9.13)

Updates `org.apache.maven:maven-compat` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.12...maven-3.9.13)

Updates `org.apache.maven:maven-plugin-api` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.12...maven-3.9.13)

Updates `io.swagger.core.v3:swagger-models` from 2.2.43 to 2.2.44

Updates `org.assertj:assertj-vavr` from 0.4.3 to 0.5.0
- [Release notes](https://github.com/assertj/assertj-vavr/releases)
- [Commits](https://github.com/assertj/assertj-vavr/compare/v0.4.3...v0.5.0)

Updates `org.apache.maven:maven-compat` from 3.9.12 to 3.9.13
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.12...maven-3.9.13)

Updates `org.yaml:snakeyaml` from 2.5 to 2.6
- [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.6..snakeyaml-2.5)

Updates `com.sap.cloud.security:java-bom` from 3.6.6 to 3.6.8
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/SAP/cloud-security-xsuaa-integration/compare/3.6.6...3.6.8)

Updates `io.vavr:vavr` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/vavr-io/vavr/releases)
- [Commits](https://github.com/vavr-io/vavr/compare/v1.0.0...v1.0.1)

Updates `org.checkerframework:checker-qual` from 3.53.1 to 3.54.0
- [Release notes](https://github.com/typetools/checker-framework/releases)
- [Changelog](https://github.com/typetools/checker-framework/blob/master/docs/CHANGELOG.md)
- [Commits](https://github.com/typetools/checker-framework/compare/checker-framework-3.53.1...checker-framework-3.54.0)

Updates `com.google.errorprone:error_prone_annotations` from 2.47.0 to 2.48.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](https://github.com/google/error-prone/compare/v2.47.0...v2.48.0)

Updates `io.spiffe:java-spiffe-core` from 0.8.15 to 0.8.16
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/java-spiffe/compare/v0.8.15...v0.8.16)

Updates `io.spiffe:grpc-netty-linux` from 0.8.15 to 0.8.16
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/java-spiffe/compare/v0.8.15...v0.8.16)

Updates `joda-time:joda-time` from 2.14.0 to 2.14.1
- [Release notes](https://github.com/JodaOrg/joda-time/releases)
- [Changelog](https://github.com/JodaOrg/joda-time/blob/main/RELEASE-NOTES.txt)
- [Commits](https://github.com/JodaOrg/joda-time/compare/v2.14.0...v2.14.1)

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-core
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.core.v3:swagger-models
  dependency-version: 2.2.44
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.assertj:assertj-vavr
  dependency-version: 0.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.yaml:snakeyaml
  dependency-version: '2.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 3.6.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.vavr:vavr
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.checkerframework:checker-qual
  dependency-version: 3.54.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: com.google.errorprone:error_prone_annotations
  dependency-version: 2.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:java-spiffe-core
  dependency-version: 0.8.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:grpc-netty-linux
  dependency-version: 0.8.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: joda-time:joda-time
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 cloudplatform/connectivity-ztis/pom.xml | 4 ++--
 datamodel/openapi/pom.xml               | 2 +-
 dependency-bundles/bom/pom.xml          | 8 ++++----
 pom.xml                                 | 8 ++++----
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/cloudplatform/connectivity-ztis/pom.xml b/cloudplatform/connectivity-ztis/pom.xml
index 4520437cd..715c2dc2d 100644
--- a/cloudplatform/connectivity-ztis/pom.xml
+++ b/cloudplatform/connectivity-ztis/pom.xml
@@ -60,7 +60,7 @@
 		<dependency>
 			<groupId>io.spiffe</groupId>
 			<artifactId>java-spiffe-core</artifactId>
-			<version>0.8.15</version>
+			<version>0.8.16</version>
 			<exclusions>
 				<exclusion>
 					<artifactId>commons-logging</artifactId>
@@ -75,7 +75,7 @@
 		<dependency>
 			<groupId>io.spiffe</groupId>
 			<artifactId>grpc-netty-linux</artifactId>
-			<version>0.8.15</version>
+			<version>0.8.16</version>
 			<scope>runtime</scope>
 		</dependency>
 		<!-- Override grpc versions from spiffe -->
diff --git a/datamodel/openapi/pom.xml b/datamodel/openapi/pom.xml
index c446f1dae..45f882285 100644
--- a/datamodel/openapi/pom.xml
+++ b/datamodel/openapi/pom.xml
@@ -51,7 +51,7 @@
 			<dependency>
 				<groupId>joda-time</groupId>
 				<artifactId>joda-time</artifactId>
-				<version>2.14.0</version>
+				<version>2.14.1</version>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
diff --git a/dependency-bundles/bom/pom.xml b/dependency-bundles/bom/pom.xml
index 40bbb1cbb..e7b3d3751 100644
--- a/dependency-bundles/bom/pom.xml
+++ b/dependency-bundles/bom/pom.xml
@@ -55,14 +55,14 @@
 		<!-- XSUAA -->
 		<!-- Keep this version consistent with the one from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<scp-cf.xsuaa-client.version>3.6.6</scp-cf.xsuaa-client.version>
+		<scp-cf.xsuaa-client.version>3.6.8</scp-cf.xsuaa-client.version>
 		<java-jwt.version>4.5.1</java-jwt.version>
 		<!-- Utility stuff -->
 		<slf4j.version>2.0.17</slf4j.version>
 		<lombok.version>1.18.42</lombok.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
 		<!-- @Nonnull/@Nullable annotations -->
-		<vavr.version>1.0.0</vavr.version>
+		<vavr.version>1.0.1</vavr.version>
 		<guava.version>33.5.0-jre</guava.version>
 		<!-- collection utilities, @Beta annotation -->
 		<commons-io.version>2.21.0</commons-io.version>
@@ -279,13 +279,13 @@
 			<dependency>
 				<groupId>org.checkerframework</groupId>
 				<artifactId>checker-qual</artifactId>
-				<version>3.53.1</version>
+				<version>3.54.0</version>
 			</dependency>
 			<!--  2.10 by Caffeine and 2.11 by Guava  -->
 			<dependency>
 				<groupId>com.google.errorprone</groupId>
 				<artifactId>error_prone_annotations</artifactId>
-				<version>2.47.0</version>
+				<version>2.48.0</version>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
diff --git a/pom.xml b/pom.xml
index b8d724223..cc6cfab90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,19 +102,19 @@
 		<spring-security.version>6.1.5</spring-security.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<assertj-core.version>3.27.7</assertj-core.version>
-		<assertj-vavr.version>0.4.3</assertj-vavr.version>
+		<assertj-vavr.version>0.5.0</assertj-vavr.version>
 		<mockito.version>5.22.0</mockito.version>
 		<jsonassert.version>1.5.3</jsonassert.version>
 		<junit.jupiter.version>6.0.3</junit.jupiter.version>
 		<codemodel.version>2.6</codemodel.version>
 		<olingo-v4.version>5.0.0</olingo-v4.version>
 		<olingo-v2.version>2.0.13</olingo-v2.version>
-		<maven-plugin.version>3.9.12</maven-plugin.version>
+		<maven-plugin.version>3.9.13</maven-plugin.version>
 		<maven-plugin-annotations.version>3.15.2</maven-plugin-annotations.version>
 		<maven-plugin-testing.version>3.5.1</maven-plugin-testing.version>
 		<caffeine.version>3.2.3</caffeine.version>
 		<openapi-generator.version>7.20.0</openapi-generator.version>
-		<io-swagger-core-v3.version>2.2.43</io-swagger-core-v3.version>
+		<io-swagger-core-v3.version>2.2.44</io-swagger-core-v3.version>
 		<io-swagger-parser-v3.version>2.1.38</io-swagger-parser-v3.version>
 		<io-swagger-core.version>1.6.11</io-swagger-core.version>
 		<!--  sync plexus version with transitive dependency coming from "org.twadata.maven:mojo-executor"  -->
@@ -125,7 +125,7 @@
 		<wiremock.version>3.13.2</wiremock.version>
 		<checkstyle.version>12.3.1</checkstyle.version>
 		<byte-buddy.version>1.18.7</byte-buddy.version>
-		<snakeyaml.version>2.5</snakeyaml.version>
+		<snakeyaml.version>2.6</snakeyaml.version>
 		<commons-codec.version>1.21.0</commons-codec.version>
 		<commons-beanutils.version>1.11.0</commons-beanutils.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>