chore(deps): bump the maven-dependencies group across 1 directory with 25 updates

[dependabot]

Bumps the maven-dependencies group with 25 updates in the /src/inventory-service directory:

Package	From	To
io.quarkus.platform:quarkus-bom	3.29.0	3.29.4
io.quarkus.platform:quarkus-maven-plugin	3.29.0	3.29.4
io.vertx:vertx-core	4.5.12	5.0.5
software.amazon.awssdk:aws-crt-client	2.38.1	2.39.2
software.amazon.awssdk:dynamodb	2.38.1	2.39.2
software.amazon.awssdk:sns	2.38.1	2.39.2
software.amazon.awssdk:ssm	2.38.1	2.39.2
software.amazon.awssdk:eventbridge	2.38.1	2.39.2
software.amazon.awssdk:apache-client	2.38.1	2.39.2
io.opentelemetry:opentelemetry-api	1.52.0	1.56.0
com.datadoghq:dd-trace-api	1.49.0	1.56.0
com.datadoghq:dd-trace-ot	1.49.0	1.56.0
com.fasterxml.jackson.core:jackson-databind	2.19.1	2.20.1
com.fasterxml.jackson.core:jackson-core	2.19.0	2.20.1
org.testcontainers:testcontainers	1.21.1	2.0.2
org.glassfish.jersey.core:jersey-client	3.0.5	4.0.0
io.smallrye:jandex-maven-plugin	3.1.8	3.5.2
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-failsafe-plugin	3.5.3	3.5.4
org.codehaus.mojo:versions-maven-plugin	2.10.0	2.20.1
com.amazonaws:aws-lambda-java-events	3.16.0	3.16.1
ch.qos.logback:logback-classic	1.5.18	1.5.21
software.amazon.awssdk:sfn	2.37.3	2.39.2
software.amazon.awscdk:aws-cdk-lib	2.199.0	2.229.0
org.junit.jupiter:junit-jupiter	5.13.0	6.0.1

Updates io.quarkus.platform:quarkus-bom from 3.29.0 to 3.29.4

Commits

• b9fb0e7 [maven-release-plugin] prepare release 3.29.4
• fa47046 Merge pull request #1665 from gsmet/quarkus-3.29.4
• eff2f4b Upgrade to Quarkus 3.29.4
• 802f793 [maven-release-plugin] prepare for next development iteration
• 1acad47 [maven-release-plugin] prepare release 3.29.3
• 3633a21 Merge pull request #1663 from gsmet/quarkus-3.29.3
• eacdcc1 Upgrade to Quarkus 3.29.3
• 79dfbc6 [maven-release-plugin] prepare for next development iteration
• 8823701 [maven-release-plugin] prepare release 3.29.2
• 6c07614 Merge pull request #1655 from gsmet/quarkus-3.29.2
• Additional commits viewable in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.29.0 to 3.29.4

Commits

• b9fb0e7 [maven-release-plugin] prepare release 3.29.4
• fa47046 Merge pull request #1665 from gsmet/quarkus-3.29.4
• eff2f4b Upgrade to Quarkus 3.29.4
• 802f793 [maven-release-plugin] prepare for next development iteration
• 1acad47 [maven-release-plugin] prepare release 3.29.3
• 3633a21 Merge pull request #1663 from gsmet/quarkus-3.29.3
• eacdcc1 Upgrade to Quarkus 3.29.3
• 79dfbc6 [maven-release-plugin] prepare for next development iteration
• 8823701 [maven-release-plugin] prepare release 3.29.2
• 6c07614 Merge pull request #1655 from gsmet/quarkus-3.29.2
• Additional commits viewable in compare view

Updates io.vertx:vertx-core from 4.5.12 to 5.0.5

Commits

• cc671ef Releasing 5.0.5
• 86c8be2 NumberFormatException thrown when creating DNS Client with IPv6 address (#5753)
• 76606d7 HostAndPortImpl#isDIGIT throws ArrayOtOfboundException (#5752)
• 15ce13b Fix incorrect padded buffer length method calculation.
• 671a109 Mitigate HTTP/2 MYR test on CI
• a108e1d Improve Http1xSendFileTest.testSendFileFailsWhenClientClosesConnection
• 3483039 Clarify how to terminate an http response in the javadoc (#5737)
• 66293ec Fix racy FileSystemTest#testFileWithLock test that should perform retries to ...
• 02bb794 Make proxy pooling test consistent on all versions of Java that we support
• 88f2c95 Keep references on NetClient in socks proxies to avoid them being collected d...
• Additional commits viewable in compare view

Updates software.amazon.awssdk:aws-crt-client from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:dynamodb from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:sns from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:ssm from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:eventbridge from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:apache-client from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:dynamodb from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:sns from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:ssm from 2.38.1 to 2.39.2

Updates software.amazon.awssdk:eventbridge from 2.38.1 to 2.39.2

Updates io.opentelemetry:opentelemetry-api from 1.52.0 to 1.56.0

Release notes

Sourced from io.opentelemetry:opentelemetry-api's releases.

Version 1.56.0

API

Incubator

• Support ExtendedOpenTelemetry in GlobalOpenTelemetry (#7799)

SDK

• Changes to MeterConfig, LoggerConfig, TracerConfig are guaranteed to be eventually visible (#7706)

Metrics

• Stabilize ExemplarFilter (#7768)
• Type specific exemplar reservoirs (#7758)

Extensions

• SDK incubator: Add incubator ComposableRuleBasedSampler (#7787)
• SDK incubator: Add incubator ComposableAnnotatingSampler (#7804)
• SDK incubator: Rename ComposableTraceIdRatioBased to ComposableProbability (#7786)
• Declarative config: BREAKING Remove component provider generic type (#7606)
• Declarative config: Add declarative config support for ExemplarFilter (#7769)
• Declarative config: Fix a few declarative configuration bugs (#7807)

Project tooling

• Move to oracle bare metal benchmark runner (#7740)
• Enable Develocity build scans (#7776)
• Document GPG signing key (#7783)
• Update build to use java 21 (#7784)
• Sync repository-settings.md documentation (#7791)
• Fix gradle deprecation warning (#7780)
• Small alignments of workflows across the 6 Java repos (#7806)
• Implement min java version gradle tooling from instrumentation repo (#7801)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​anuraaga @​breedx-splk @​brunobat @​jack-berg @​jkwatson @​laurit @​robsunday @​ThomasVitale @​trask @​yogurtearl

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-api's changelog.

Version 1.56.0 (2025-11-07)

API

Incubator

• Support ExtendedOpenTelemetry in GlobalOpenTelemetry (#7799)

SDK

• Changes to MeterConfig, LoggerConfig, TracerConfig are guaranteed to be eventually visible (#7706)

Metrics

• Stabilize ExemplarFilter (#7768)
• Type specific exemplar reservoirs (#7758)

Extensions

• SDK incubator: Add incubator ComposableRuleBasedSampler (#7787)
• SDK incubator: Add incubator ComposableAnnotatingSampler (#7804)
• SDK incubator: Rename ComposableTraceIdRatioBased to ComposableProbability (#7786)
• Declarative config: BREAKING Remove component provider generic type (#7606)
• Declarative config: Add declarative config support for ExemplarFilter (#7769)
• Declarative config: Fix a few declarative configuration bugs (#7807)

Project tooling

• Move to oracle bare metal benchmark runner (#7740)
• Enable Develocity build scans (#7776)
• Document GPG signing key (#7783)
• Update build to use java 21 (#7784)
• Sync repository-settings.md documentation (#7791)
• Fix gradle deprecation warning (#7780)

... (truncated)

Commits

• daa49ee [release/v1.56.x] Prepare release 1.56.0 (#7823)
• e27f06d Prepare 1.56.0 (#7817)
• de48d1b Remove component provider generic type (#7606)
• 408f2d8 Add incubator ComposableAnnotatingSampler (#7804)
• 578f82b fix(deps): update dependency com.uber.nullaway:nullaway to v0.12.12 (#7811)
• b10d711 fix(deps): update dependency com.google.api.grpc:proto-google-common-protos t...
• 1c8db7d chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.139...
• 36ca9b8 support ExtendedOpenTelemetry in GlobalOpenTelemetry (#7799)
• 16af749 chore(deps): update weekly update (#7808)
• 3ed2bdb Fix a few declarative configuration bugs (#7807)
• Additional commits viewable in compare view

Updates com.datadoghq:dd-trace-api from 1.49.0 to 1.56.0

Release notes

Sourced from com.datadoghq:dd-trace-api's releases.

1.56.0

Components

Application Security Management (WAF)

• ✨ Add the tags returned by the service to the ai_guard span (#9931 - @​manuel-alvarez-alvarez)
• 🐛 Fix thread-safety in AppSecRequestContext derivatives field (#9923 - @​jandro996)

Build & Tooling

• ✨ Upgrade byte-buddy to 1.18.1 (#9997 - @​sarahchen6)

Configuration

• ✨ Fix AWS request/response payload tagging (#9887 - @​ojproductions)

Continuous Integration Visibility

• 🐛 Make test span serialization idempotent (#9456 - @​daniel-mohedano)

Crash tracking

• ✨ Simplify the default crashtracker message (#9964 - @​amarziali)
• ✨ Handle incomplete crash reports (#9875 - @​amarziali)

Data Streams Monitoring

• 💡 Track schema registry usage (#9974 - @​piochelepiotr)

Database Monitoring

• ✨⚡ Migrate JDBC instrumentation to singleSpanBuilder (#9927 - @​dougqh)
• 🐛 Fix JDBC's SQLCommenter not taking into account semicolons (#9915 - @​na-ji)

Dynamic Instrumentation

• ✨ Add support for DD_THIRD_PARTY_DETECTION_* (#9963 - @​jpbempel)
• ✨ Remove limits of 100 max probes (#9962 - @​jpbempel)
• ✨ Make Code Origin for Spans default on (#9873 - @​jpbempel)

ML Observability (LLMObs)

• 🐛 Set unified service tags on llm obs span start (#9935 - @​gary-huang)

Metrics

• 🐛 Fix npe on ConflatingMetricsAggregator when the resource is null (#9909 - @​amarziali)

OpenFeature

... (truncated)

Commits

• c05874d Add more information for timeout messages (#9999)
• 0614d73 fix(openfeature): Fix Java version requirements for tests (#10003)
• 4842f7f Add the tags returned by the service to the ai_guard span (#9931)
• 8aa326f Implementation of the open feature SDK in the java tracer (#9885)
• cd631ee Upgrade byte-buddy to latest 1.18.1 (#9997)
• b3d2c4a DSMON-1141: Track schema registry usage (#9974)
• 5adec51 Make test span serialization idempotent (#9456)
• f4668ed Fixed right bound for scala-library to correctly update latest dependencies...
• 0f63e5e mark flaky Exception Replay integration test (#9970)
• afc1296 buildSpan -> singleSpanBuilder (#9995)
• Additional commits viewable in compare view

Updates com.datadoghq:dd-trace-ot from 1.49.0 to 1.56.0

Release notes

Sourced from com.datadoghq:dd-trace-ot's releases.

1.56.0

Components

Application Security Management (WAF)

• ✨ Add the tags returned by the service to the ai_guard span (#9931 - @​manuel-alvarez-alvarez)
• 🐛 Fix thread-safety in AppSecRequestContext derivatives field (#9923 - @​jandro996)

Build & Tooling

• ✨ Upgrade byte-buddy to 1.18.1 (#9997 - @​sarahchen6)

Configuration

• ✨ Fix AWS request/response payload tagging (#9887 - @​ojproductions)

Continuous Integration Visibility

• 🐛 Make test span serialization idempotent (#9456 - @​daniel-mohedano)

Crash tracking

• ✨ Simplify the default crashtracker message (#9964 - @​amarziali)
• ✨ Handle incomplete crash reports (#9875 - @​amarziali)

Data Streams Monitoring

• 💡 Track schema registry usage (#9974 - @​piochelepiotr)

Database Monitoring

• ✨⚡ Migrate JDBC instrumentation to singleSpanBuilder (#9927 - @​dougqh)
• 🐛 Fix JDBC's SQLCommenter not taking into account semicolons (#9915 - @​na-ji)

Dynamic Instrumentation

• ✨ Add support for DD_THIRD_PARTY_DETECTION_* (#9963 - @​jpbempel)
• ✨ Remove limits of 100 max probes (#9962 - @​jpbempel)
• ✨ Make Code Origin for Spans default on (#9873 - @​jpbempel)

ML Observability (LLMObs)

• 🐛 Set unified service tags on llm obs span start (#9935 - @​gary-huang)

Metrics

• 🐛 Fix npe on ConflatingMetricsAggregator when the resource is null (#9909 - @​amarziali)

OpenFeature

... (truncated)

Commits

• c05874d Add more information for timeout messages (#9999)
• 0614d73 fix(openfeature): Fix Java version requirements for tests (#10003)
• 4842f7f Add the tags returned by the service to the ai_guard span (#9931)
• 8aa326f Implementation of the open feature SDK in the java tracer (#9885)
• cd631ee Upgrade byte-buddy to latest 1.18.1 (#9997)
• b3d2c4a DSMON-1141: Track schema registry usage (#9974)
• 5adec51 Make test span serialization idempotent (#9456)
• f4668ed Fixed right bound for scala-library to correctly update latest dependencies...
• 0f63e5e mark flaky Exception Replay integration test (#9970)
• afc1296 buildSpan -> singleSpanBuilder (#9995)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.1 to 2.20.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.19.0 to 2.20.1

Commits

• 440a470 [maven-release-plugin] prepare release jackson-core-2.20.1
• 8bb7c4e Prep for 2.20.1 release
• 25f77be Merge branch '2.19' into 2.20
• d7e3877 Post-release dep version bump
• 11b4ac9 [maven-release-plugin] prepare for next development iteration
• 8836225 [maven-release-plugin] prepare release jackson-core-2.19.4
• 68e64f7 Prep for 2.19.4 release
• 6e81a4f Merge branch '2.19' into 2.20
• bad4b9b Post-release dep version bump
• 35ecb54 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.testcontainers:testcontainers from 1.21.1 to 2.0.2

Release notes

Sourced from org.testcontainers:testcontainers's releases.

2.0.2

What's Changed

• Update docker image version to 25.0.5 (#11219) @​eddumelendez
• Set default docker API version to 1.44 (#11216) @​eddumelendez
• Fix ollama example (#11217) @​eddumelendez
• Update testcontainers version to ${GITHUB_REF##*/} (#11125) @github-actions[bot]
• Update docs version to ${GITHUB_REF##*/} (#11126) @github-actions[bot]

🐛 Bug Fixes

• Optimize ScriptSplitter from O(n*m) to O(1) when initializing database (#11130) @​hspragg-godaddy

📖 Documentation

• Update kotest-extensions-testcontainers link (#11138) @​noojung

🧹 Housekeeping

• Add getBaseUrl() to NginxContainer using NGINX_DEFAULT_PORT (#11137) @​ghusta

📦 Dependency updates

• Update docker-java version to 3.7.0 (#11218) @​eddumelendez

2.0.1

What's Changed

• Fixes exclusion of testcontainers-jdbc-test from publication (#11115) @​froque
• Update docs version to ${GITHUB_REF##*/} (#11110) @github-actions[bot]
• Update testcontainers version to ${GITHUB_REF##*/} (#11111) @github-actions[bot]

🐛 Bug Fixes

• Add MySQLR2DBCDatabaseContainer compatible with org.testcontainers.mysql.MySQLContainer (#11119) @​eddumelendez
• Add MariaDBR2DBCDatabaseContainer compatible with org.testcontainers.mariadb.MariaDBContainer (#11117) @​eddumelendez
• Add MSSQLR2DBCDatabaseContainer compatible with org.testcontainers.mssqlserver.MSSQLServerContainer (#11118) @​eddumelendez
• Add PostgreSQLR2DBCDatabaseContainer compatible with org.testcontainers.postgresql.PostgreSQLContainer (#11120) @​eddumelendez

📖 Documentation

• Fix artifact coordinates listed in docs (#11121) @​ox-sag
• Fix doc about Testcontainers JUnit Jupiter coordinates (#11113) @​Chessray

🧹 Housekeeping

• Remove lombok from OracleR2DBCDatabaseContainer (#11116) @​eddumelendez

2.0.0

Testcontainers 2.0.0

... (truncated)

Commits

• 623ea96 Update docker image version to 25.0.5 (#11219)
• 9dcf4f0 Add docker version input in moby-latest workflow
• a434e35 Set version to moby-latest workflow
• f3e4cd5 Update docker-java version to 3.7.0 (#11218)
• 58119ed Set default docker API version to 1.44 (#11216)
• ab25486 Fix ollama example (#11217)
• 73726f4 Cleanup japicmp excludes
• 57e03d0 Optimize ScriptSplitter from O(n*m) to O(1) when initializing database (#11130)
• c504647 Add getBaseUrl() to NginxContainer using NGINX_DEFAULT_PORT (#11137)
• 6cc3506 Update kotest-extensions-testcontainers link (#11138)
• Additional commits viewable in compare view

Updates software.amazon.awssdk:apache-client from 2.38.1 to 2.39.2

Updates org.glassfish.jersey.core:jersey-client from 3.0.5 to 4.0.0

Updates io.smallrye:jandex-maven-plugin from 3.1.8 to 3.5.2

Release notes

Sourced from io.smallrye:jandex-maven-plugin's releases.

3.5.2

What's Changed

• Bump version.maven-plugin-tools from 3.15.1 to 3.15.2 by @​dependabot[bot] in smallrye/jandex#602
• Bump actions/upload-artifact from 4 to 5 by @​dependabot[bot] in smallrye/jandex#603
• Support lookup of method using an override/overridden method by @​MikeEdgar in smallrye/jandex#605
• add DotName.startsWith() by @​Ladicek in smallrye/jandex#609
• Bump net.bytebuddy:byte-buddy from 1.17.8 to 1.18.0 by @​dependabot[bot] in smallrye/jandex#610
• improve AnnotationInstance binary search by @​Ladicek in smallrye/jandex#611
• CI: remove Java 24, add Java 25 and 26-ea by @​Ladicek in smallrye/jandex#612
• release 3.5.2 by @​Ladicek in smallrye/jandex#613

Full Changelog: smallrye/jandex@3.5.1...3.5.2

3.5.1

What's Changed

• Ensure that unannotated known class types are singletons by @​snazy in smallrye/jandex#589
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1 by @​dependabot[bot] in smallrye/jandex#591
• Bump com.igormaznitsa:mvn-jlink-wrapper from 1.2.4 to 1.2.5 by @​dependabot[bot] in smallrye/jandex#592
• Bump org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.0 by @​dependabot[bot] in smallrye/jandex#593
• Bump org.codehaus.mojo:exec-maven-plugin from 3.6.0 to 3.6.1 by @​dependabot[bot] in smallrye/jandex#595
• Bump net.bytebuddy:byte-buddy from 1.17.7 to 1.17.8 by @​dependabot[bot] in smallrye/jandex#596
• Bump actions/setup-node from 5 to 6 by @​dependabot[bot] in smallrye/jandex#597
• Bump org.codehaus.mojo:exec-maven-plugin from 3.6.1 to 3.6.2 by @​dependabot[bot] in smallrye/jandex#599
• add StringBuilderGen to the gizmo2 module by @​Ladicek in smallrye/jandex#600
• release 3.5.1 by @​Ladicek in smallrye/jandex#601

Full Changelog: smallrye/jandex@3.5.0...3.5.1

3.5.0

• #575 Jandex2Gizmo#classDescOf() should use the ClassDesc cache
• #574 Annotations in Method hashCode?
• #568 Reproducible Jandex indexes
• #561 Should we move ArC Methods.MethodKey into Jandex?
• #560 Should we cache ArrayType#name() result for the usual suspects?

3.4.0

• #543 fix type annotations on the outermost annotatable type of a nested type
• #544 Gizmo 2 integration

3.3.2

• #529 fix comment in ClassInfo.simpleName()
• #538 expose the implicit Object bound in the TypeVariable public API
• #540 intern EquivalenceKeys for primitive types and class types of java.*

3.3.1

• #526 ClassInfo#simpleName() behaves inconsistently for nested/top-level classes with a dollar sign in name
• #519 Add IndexView deprecated javadoc notices
• #514 add module-info.class

... (truncated)

Commits

• 14e570f [maven-release-plugin] prepare release 3.5.2
• fd6350e Amendments before release
• 593de1b release 3.5.2
• ad0594a bump Groovy to support JDK 26-ea
• 8b7c2c5 fix AnnotationOverlayTest on JDK 26-ea
• 503de03 CI: remove Java 24, add Java 25 and 26-ea
• ced7298 improve AnnotationInstance binary search
• 1e4eda4 Bump net.bytebuddy:byte-buddy from 1.17.8 to 1.18.0
• 83b7038 add DotName.startsWith()
• 4b0b224 Support lookup of method based on an example method
• Additional commits viewable in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.29.0 to 3.29.4

Commits

• b9fb0e7 [maven-release-plugin] prepare release 3.29.4
• fa47046 Merge pull request #1665 from gsmet/quarkus-3.29.4
• eff2f4b Upgrade to Quarkus 3.29.4
• 802f793 [maven-release-plugin] prepare for next development iteration
• 1acad47 [maven-release-plugin] prepare release 3.29.3
• 3633a21 Merge pull request #1663 from gsmet/quarkus-3.29.3
• eacdcc1 Upgrade to Quarkus 3.29.3
• 79dfbc6 [maven-release-plugin] prepare for next development iteration
• 8823701 [maven-release-plugin] prepare release 3.29.2
• 6c07614 Merge pull request #1655 from gsmet/quarkus-3.29.2
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
• 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
• 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
• 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
• 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
• fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
• 1e63159 Name the shutdown hook (#3170)
• 76e806a feat: enable prevent branch protection rules (#3168)
• 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
• 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (

[claude]

Claude finished @dependabot[bot]'s task —— View job

---

PR Review: Maven Dependencies Update

Review Checklist

• Read and analyze all changed files
• Check major version upgrades for breaking changes
• Review security implications
• Assess performance considerations
• Evaluate test coverage impact
• Provide comprehensive feedback

---

⚠️ Critical Issues Found

Major Version Upgrades Requiring Immediate Attention

1. JUnit Jupiter 5.13.0 → 6.0.1 (MAJOR BREAKING CHANGE)

• Files: src/inventory-service/cdk/pom.xml:20
• CRITICAL: JUnit 6.0.1 introduces significant breaking changes from JUnit 5
• Risk: Tests may fail to compile or run due to API changes
• Action Required: Thorough testing and potential code updates needed

2. Vert.x 4.5.12 → 5.0.5 (MAJOR BREAKING CHANGE)

• REMOVED: The io.vertx:vertx-core dependency was completely removed from inventory-api and inventory-core POMs
• Risk: If any code directly uses Vert.x APIs, this will cause compilation failures
• Good Practice: Removal suggests migration to Quarkus abstractions

3. Testcontainers 1.21.1 → 2.0.2 (MAJOR BREAKING CHANGE)

• Files: Multiple POM files
• Risk: API changes in major version upgrade
• Note: Version inconsistency found - testcontainers:junit-jupiter remains at 1.21.3

4. Java Runtime Upgrade 21 → 25

• Files: Multiple infrastructure configurations, Dockerfiles, GitHub Actions
• Risk: Java 25 is very new and may have compatibility issues
• Concern: Production stability with bleeding-edge JVM

🐛 Bugs and Issues

Version Inconsistencies

1. Testcontainers version mismatch:

   • testcontainers:testcontainers → 2.0.2
   • testcontainers:junit-jupiter → 1.21.3 (not updated)
   • Impact: Potential compatibility issues between different Testcontainers modules

2. Jackson version inconsistency:

   • jackson-databind and jackson-core → 2.20.1
   • jackson-annotations → 2.20 (missing patch version)
   • Impact: Minor, but could cause subtle serialization issues

Potential Compilation Issues

3. Jersey Client 3.0.5 → 4.0.0 (MAJOR)
   • File: src/inventory-service/inventory-core/pom.xml:140
   • Risk: Breaking API changes in major version
   • Needs: Code review for JAX-RS client usage

🔒 Security Considerations

Positive Security Updates

✅ Datadog Trace Libraries: Updated to 1.56.0 - includes security fixes
✅ OpenTelemetry: Updated to 1.56.0 - latest security patches
✅ Logback: Updated to 1.5.21 - security improvements
✅ AWS SDK: Updated to 2.39.2 - latest security patches

Infrastructure Security

✅ Datadog Lambda Extension: Updated from v85 → v90

• Files: CDK, Terraform, SAM template
• Impact: Latest monitoring capabilities and security fixes

⚡ Performance Considerations

Potential Performance Impact

1. Java 25 Runtime:

   • Pros: Latest JVM optimizations and garbage collection improvements
   • Cons: Unproven in production environments, potential stability issues

2. Major Library Updates:

   • JUnit 6.0.1 may have different performance characteristics
   • Testcontainers 2.0.2 includes performance optimizations

🧪 Test Coverage Impact

HIGH RISK - Testing Framework Changes

1. JUnit 6.0.1 Upgrade:

   • Breaking Changes: API modifications from JUnit 5
   • Action Required: All test classes need review and potential updates
   • Files Affected: All test modules in the inventory service

2. Testcontainers 2.0.2:

   • API Changes: Major version upgrade may require test updates
   • Docker Compatibility: Updated to support latest Docker versions

📋 Recommendations

IMMEDIATE ACTION REQUIRED

1. 🚨 BEFORE MERGE: Run full test suite to verify JUnit 6.0.1 compatibility
2. 🚨 BEFORE MERGE: Test Testcontainers integration tests
3. 🚨 BEFORE MERGE: Verify Jersey client functionality still works

Version Fixes Needed

1. Update testcontainers:junit-jupiter to 2.0.2 for consistency
2. Update jackson-annotations to 2.20.1 to match other Jackson libs

Infrastructure Validation

1. Test Java 25 compatibility in staging environment first
2. Monitor Lambda cold starts with new runtime
3. Validate CDK deployment with AWS CDK 2.229.0

Code Quality Recommendations

✅ Good Practice: Removed direct Vert.x dependency, showing proper abstraction usage
✅ Good Practice: Consistent AWS SDK version management with ${aws.sdk.version}
✅ Good Practice: Updated build tools (Maven Surefire, Jandex plugin)

🎯 Summary

Overall Assessment: ⚠️ HIGH RISK - Multiple major version upgrades require careful testing

Key Concerns:

• JUnit 6.0.1 upgrade likely to break existing tests
• Java 25 runtime is bleeding-edge for production
• Version inconsistencies need resolution

Recommended Actions:

1. Run comprehensive test suite before merge
2. Fix version inconsistencies
3. Consider staging the Java runtime upgrade separately
4. Have rollback plan ready

---