[12.0.x Root pom] Bump the dev-dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the dev-dependencies group with 16 updates in the / directory:

Package	From	To
com.fasterxml.jackson:jackson-bom	2.21.3	2.22.0
io.netty:netty-bom	4.2.14.Final	4.2.15.Final
org.ow2.asm:asm-bom	9.10	9.10.1
org.ow2.asm:asm	9.10	9.10.1
org.ow2.asm:asm-commons	9.10	9.10.1
ch.qos.logback:logback-core	1.5.32	1.5.34
ch.qos.logback:logback-classic	1.5.32	1.5.34
net.java.dev.jna:jna	5.18.1	5.19.0
net.java.dev.jna:jna-jpms	5.18.1	5.19.0
eu.maveniverse.maven.njord:extension3	0.9.6	0.9.7
eu.maveniverse.maven.plugins:njord	0.9.6	0.9.7
org.apache.directory.api:api-asn1-api	2.1.7	2.1.8
org.apache.directory.api:api-ldap-model	2.1.7	2.1.8
org.apache.directory.api:api-ldap-schema-data	2.1.7	2.1.8
org.apache.directory.api:api-util	2.1.7	2.1.8
eu.maveniverse.maven.mimir:extension3	0.11.4	0.12.0

Updates com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.22.0

Commits

• 112e859 [maven-release-plugin] prepare release jackson-bom-2.22.0
• 2cae2ce Prep for 2.22.0 release
• 7955d21 Merge branch '2.21' into 2.x
• 8922a05 Post-release dep version bump
• 1fa9943 [maven-release-plugin] prepare for next development iteration
• d1abd31 [maven-release-plugin] prepare release jackson-bom-2.21.4
• 2aaea43 Prep for 2.21.4 release
• 902ec69 Update Woodstox/stax2-api (to 7.2.0/4.3.0)
• 2570647 Merge branch '2.21' into 2.x
• 9d3a9d5 Post-release dep version bump
• Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.2.14.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.15.Final

Security fixes

• CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
• CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
• CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.
• CVE-2026-50011: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-50009: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
• CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
• CVE-2026-50020: request smuggling in io.netty:netty-codec-http.
• CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
• CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
• CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
• CVE-2026-50010: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
• CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
• CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
• CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
• CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
• CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
• CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
• CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
• CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

• Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @​dreamlike-ocean in netty/netty#16836
• HTTP/2: Parse request-target path like Vert.x by @​yawkat in netty/netty#16810
• Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @​netty-project-bot in netty/netty#16853
• FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @​schiemon in netty/netty#16837
• Pass maxAllocation to Brotli and Zstd decoders by @​fedinskiy in netty/netty#16844
• Fix revapi warnings by @​chrisvest in netty/netty#16885
• Fix SCTP and Redis tests by @​chrisvest in netty/netty#16893
• Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @​skyguard1 in netty/netty#16850
• Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @​netty-project-bot in netty/netty#16890

New Contributors

• @​schiemon made their first contribution in netty/netty#16837
• @​fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

Commits

• a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
• 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
• 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
• 76291f5 Fix SCTP and Redis tests (#16893)
• e067b6e Fix revapi warnings (#16885)
• 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
• 541add0 Merge commit from fork
• 270800e Merge commit from fork
• 3d45a1e Merge commit from fork
• 75127ca Merge commit from fork
• Additional commits viewable in compare view

Updates org.ow2.asm:asm-bom from 9.10 to 9.10.1

Updates org.ow2.asm:asm from 9.10 to 9.10.1

Updates org.ow2.asm:asm-commons from 9.10 to 9.10.1

Updates ch.qos.logback:logback-core from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna from 5.18.1 to 5.19.0

Changelog

Sourced from net.java.dev.jna:jna's changelog.

Release 5.19.0

Features

• #1696: Add LARGE_INTEGER.ByValue to LARGE_INTEGER in WinNT.java - @​baier233.
• #1697: Add WlanApi module - @​eranl.
• #1718: Add Cups to c.s.j.p.unix providing CUPS printing system bindings for destinations, jobs, options, and server configuration - @​dbwiddis.
• #1720: Add groupCount and groupMasks fields to CACHE_RELATIONSHIP in c.s.j.p.win32.WinNT, matching the updated Windows struct layout - @​dbwiddis.
• #1719: Add CoreGraphics to c.s.j.p.mac with Quartz Window Services and Display Services bindings; implement getAllWindows() in MacWindowUtils - @​dbwiddis.
• #1723: Add ProcFdInfo, InSockInfo, TcpSockInfo, proc_pidfdinfo, statfs64, and vm_deallocate to c.s.j.p.mac.SystemB - @​dbwiddis.
• #1725: Add BluetoothApis to c.s.j.p.win32 providing Bluetooth device and radio enumeration via BluetoothFindFirstRadio, BluetoothFindFirstDevice, and related functions - @​dbwiddis.

Bug Fixes

• #1644: Fix bug in VARDESC and TYPEDESC causing an illegal memory access - @​lwahonen
• #1715: Fix UdevDevice.getSysname() calling udev_device_get_syspath instead of udev_device_get_sysname - @​dbwiddis.
• #1721: Fix switched serverName/domainName arguments in Netapi32Util#getDCName - @​dbwiddis.
• #1722: Fix Advapi32#RegisterServiceCtrlHandler using wrong Handler type - @​dbwiddis.
• #1636: Drop hard dependency on java.lang.SecurityManager/java.security.AccessController - @​matthiasblaesing.
• #1724: Fix host_page_size in c.s.j.p.mac.SystemB and getxattr/setxattr/listxattr in c.s.j.p.mac.XAttr using long instead of pointer-sized types for size_t/ssize_t parameters - @​dbwiddis.
• #1727: Include DragonFlyBSD in NativeLibrary versioned library resolution, libc special-case loading, and 64-bit search paths - @​dbwiddis.
• #1709: Rebuild native library for OpenBSD 7.9 x86-64, drop OpenBSD x86 - @​matthiasblaesing.

Commits

• 9ff1381 Release 5.19.0
• 2d038ef Merge pull request #1726 from matthiasblaesing/openbsd
• eecab35 Update native built for OpenBSD 7.9 (x86-64 only)
• f670868 Merge pull request #1727 from dbwiddis/fix/dragonflybsd-library-loading
• 08628c0 Include DragonFlyBSD in library loading fallback paths
• 0e29d6f Add BluetoothApis to c.s.j.p.win32
• 2771c1a Address review: use HANDLEByReference and UNICODE_OPTIONS
• da652b6 Add BluetoothApis to c.s.j.p.win32
• 5c421d7 Merge pull request #1723 from dbwiddis/add-resource-usage-and-proc-info
• abfd400 Add proc_info structs and methods to mac SystemB
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna-jpms from 5.18.1 to 5.19.0

Changelog

Sourced from net.java.dev.jna:jna-jpms's changelog.

Release 5.19.0

Features

• #1696: Add LARGE_INTEGER.ByValue to LARGE_INTEGER in WinNT.java - @​baier233.
• #1697: Add WlanApi module - @​eranl.
• #1718: Add Cups to c.s.j.p.unix providing CUPS printing system bindings for destinations, jobs, options, and server configuration - @​dbwiddis.
• #1720: Add groupCount and groupMasks fields to CACHE_RELATIONSHIP in c.s.j.p.win32.WinNT, matching the updated Windows struct layout - @​dbwiddis.
• #1719: Add CoreGraphics to c.s.j.p.mac with Quartz Window Services and Display Services bindings; implement getAllWindows() in MacWindowUtils - @​dbwiddis.
• #1723: Add ProcFdInfo, InSockInfo, TcpSockInfo, proc_pidfdinfo, statfs64, and vm_deallocate to c.s.j.p.mac.SystemB - @​dbwiddis.
• #1725: Add BluetoothApis to c.s.j.p.win32 providing Bluetooth device and radio enumeration via BluetoothFindFirstRadio, BluetoothFindFirstDevice, and related functions - @​dbwiddis.

Bug Fixes

• #1644: Fix bug in VARDESC and TYPEDESC causing an illegal memory access - @​lwahonen
• #1715: Fix UdevDevice.getSysname() calling udev_device_get_syspath instead of udev_device_get_sysname - @​dbwiddis.
• #1721: Fix switched serverName/domainName arguments in Netapi32Util#getDCName - @​dbwiddis.
• #1722: Fix Advapi32#RegisterServiceCtrlHandler using wrong Handler type - @​dbwiddis.
• #1636: Drop hard dependency on java.lang.SecurityManager/java.security.AccessController - @​matthiasblaesing.
• #1724: Fix host_page_size in c.s.j.p.mac.SystemB and getxattr/setxattr/listxattr in c.s.j.p.mac.XAttr using long instead of pointer-sized types for size_t/ssize_t parameters - @​dbwiddis.
• #1727: Include DragonFlyBSD in NativeLibrary versioned library resolution, libc special-case loading, and 64-bit search paths - @​dbwiddis.
• #1709: Rebuild native library for OpenBSD 7.9 x86-64, drop OpenBSD x86 - @​matthiasblaesing.

Commits

• 9ff1381 Release 5.19.0
• 2d038ef Merge pull request #1726 from matthiasblaesing/openbsd
• eecab35 Update native built for OpenBSD 7.9 (x86-64 only)
• f670868 Merge pull request #1727 from dbwiddis/fix/dragonflybsd-library-loading
• 08628c0 Include DragonFlyBSD in library loading fallback paths
• 0e29d6f Add BluetoothApis to c.s.j.p.win32
• 2771c1a Address review: use HANDLEByReference and UNICODE_OPTIONS
• da652b6 Add BluetoothApis to c.s.j.p.win32
• 5c421d7 Merge pull request #1723 from dbwiddis/add-resource-usage-and-proc-info
• abfd400 Add proc_info structs and methods to mac SystemB
• Additional commits viewable in compare view

Updates net.java.dev.jna:jna-jpms from 5.18.1 to 5.19.0

Changelog

Sourced from net.java.dev.jna:jna-jpms's changelog.

Release 5.19.0

Features

• #1696: Add LARGE_INTEGER.ByValue to LARGE_INTEGER in WinNT.java - @​baier233.
• #1697: Add WlanApi module - @​eranl.
• #1718: Add Cups to c.s.j.p.unix providing CUPS printing system bindings for destinations, jobs, options, and server configuration - @​dbwiddis.
• #1720: Add groupCount and groupMasks fields to CACHE_RELATIONSHIP in c.s.j.p.win32.WinNT, matching the updated Windows struct layout - @​dbwiddis.
• #1719: Add CoreGraphics to c.s.j.p.mac with Quartz Window Services and Display Services bindings; implement getAllWindows() in MacWindowUtils - @​dbwiddis.
• #1723: Add ProcFdInfo, InSockInfo, TcpSockInfo, proc_pidfdinfo, statfs64, and vm_deallocate to c.s.j.p.mac.SystemB - @​dbwiddis.
• #1725: Add BluetoothApis to c.s.j.p.win32 providing Bluetooth device and radio enumeration via BluetoothFindFirstRadio, BluetoothFindFirstDevice, and related functions - @​dbwiddis.

Bug Fixes

• #1644: Fix bug in VARDESC and TYPEDESC causing an illegal memory access - @​lwahonen
• #1715: Fix UdevDevice.getSysname() calling udev_device_get_syspath instead of udev_device_get_sysname - @​dbwiddis.
• #1721: Fix switched serverName/domainName arguments in Netapi32Util#getDCName - @​dbwiddis.
• #1722: Fix Advapi32#RegisterServiceCtrlHandler using wrong Handler type - @​dbwiddis.
• #1636: Drop hard dependency on java.lang.SecurityManager/java.security.AccessController - @​matthiasblaesing.
• #1724: Fix host_page_size in c.s.j.p.mac.SystemB and getxattr/setxattr/listxattr in c.s.j.p.mac.XAttr using long instead of pointer-sized types for size_t/ssize_t parameters - @​dbwiddis.
• #1727: Include DragonFlyBSD in NativeLibrary versioned library resolution, libc special-case loading, and 64-bit search paths - @​dbwiddis.
• #1709: Rebuild native library for OpenBSD 7.9 x86-64, drop OpenBSD x86 - @​matthiasblaesing.

Commits

• 9ff1381 Release 5.19.0
• 2d038ef Merge pull request #1726 from matthiasblaesing/openbsd
• eecab35 Update native built for OpenBSD 7.9 (x86-64 only)
• f670868 Merge pull request #1727 from dbwiddis/fix/dragonflybsd-library-loading
• 08628c0 Include DragonFlyBSD in library loading fallback paths
• 0e29d6f Add BluetoothApis to c.s.j.p.win32
• 2771c1a Address review: use HANDLEByReference and UNICODE_OPTIONS
• da652b6 Add BluetoothApis to c.s.j.p.win32
• 5c421d7 Merge pull request #1723 from dbwiddis/add-resource-usage-and-proc-info
• abfd400 Add proc_info structs and methods to mac SystemB
• Additional commits viewable in compare view

Updates org.ow2.asm:asm from 9.10 to 9.10.1

Updates org.ow2.asm:asm-commons from 9.10 to 9.10.1

Updates eu.maveniverse.maven.njord:extension3 from 0.9.6 to 0.9.7

Release notes

Sourced from eu.maveniverse.maven.njord:extension3's releases.

0.9.7

Maintenance and updates.

What's Changed

• Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 by @​dependabot[bot] in maveniverse/njord#301
• Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 by @​dependabot[bot] in maveniverse/njord#300
• Bump version.mima from 2.4.43 to 2.4.44 by @​dependabot[bot] in maveniverse/njord#298
• Bump version.maven from 3.9.15 to 3.9.16 by @​dependabot[bot] in maveniverse/njord#297
• Bump org.ow2.asm:asm from 9.10 to 9.10.1 by @​dependabot[bot] in maveniverse/njord#305
• Bump org.json:json from 20251224 to 20260522 by @​dependabot[bot] in maveniverse/njord#304
• Bump version.maveniverseShared from 0.2.3 to 0.2.4 by @​dependabot[bot] in maveniverse/njord#303
• Deps: parent POM 55 and others by @​cstamas in maveniverse/njord#306

Full Changelog: maveniverse/njord@release-0.9.6...release-0.9.7

Commits

• b1d8216 [maven-release-plugin] prepare release release-0.9.7 [skip ci]
• 2ea8dd7 Deps: parent POM 55 and others (#306)
• 1d82126 Bump version.maveniverseShared from 0.2.3 to 0.2.4 (#303)
• 3f90e7e Bump org.json:json from 20251224 to 20260522 (#304)
• 4084d47 Bump org.ow2.asm:asm from 9.10 to 9.10.1 (#305)
• e363ff5 Bump version.maven from 3.9.15 to 3.9.16 (#297)
• f861a12 Bump version.mima from 2.4.43 to 2.4.44 (#298)
• e337af4 Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 (#300)
• 5dfc3a1 Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 (#301)
• 495a36d [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates eu.maveniverse.maven.plugins:njord from 0.9.6 to 0.9.7

Release notes

Sourced from eu.maveniverse.maven.plugins:njord's releases.

0.9.7

Maintenance and updates.

What's Changed

• Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 by @​dependabot[bot] in maveniverse/njord#301
• Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 by @​dependabot[bot] in maveniverse/njord#300
• Bump version.mima from 2.4.43 to 2.4.44 by @​dependabot[bot] in maveniverse/njord#298
• Bump version.maven from 3.9.15 to 3.9.16 by @​dependabot[bot] in maveniverse/njord#297
• Bump org.ow2.asm:asm from 9.10 to 9.10.1 by @​dependabot[bot] in maveniverse/njord#305
• Bump org.json:json from 20251224 to 20260522 by @​dependabot[bot] in maveniverse/njord#304
• Bump version.maveniverseShared from 0.2.3 to 0.2.4 by @​dependabot[bot] in maveniverse/njord#303
• Deps: parent POM 55 and others by @​cstamas in maveniverse/njord#306

Full Changelog: maveniverse/njord@release-0.9.6...release-0.9.7

Commits

• b1d8216 [maven-release-plugin] prepare release release-0.9.7 [skip ci]
• 2ea8dd7 Deps: parent POM 55 and others (#306)
• 1d82126 Bump version.maveniverseShared from 0.2.3 to 0.2.4 (#303)
• 3f90e7e Bump org.json:json from 20251224 to 20260522 (#304)
• 4084d47 Bump org.ow2.asm:asm from 9.10 to 9.10.1 (#305)
• e363ff5 Bump version.maven from 3.9.15 to 3.9.16 (#297)
• f861a12 Bump version.mima from 2.4.43 to 2.4.44 (#298)
• e337af4 Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 (#300)
• 5dfc3a1 Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 (#301)
• 495a36d [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates eu.maveniverse.maven.plugins:njord from 0.9.6 to 0.9.7

Release notes

Sourced from eu.maveniverse.maven.plugins:njord's releases.

0.9.7

Maintenance and updates.

What's Changed

• Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 by @​dependabot[bot] in maveniverse/njord#301
• Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 by @​dependabot[bot] in maveniverse/njord#300
• Bump version.mima from 2.4.43 to 2.4.44 by @​dependabot[bot] in maveniverse/njord#298
• Bump version.maven from 3.9.15 to 3.9.16 by @​dependabot[bot] in maveniverse/njord#297
• Bump org.ow2.asm:asm from 9.10 to 9.10.1 by @​dependabot[bot] in maveniverse/njord#305
• Bump org.json:json from 20251224 to 20260522 by @​dependabot[bot] in maveniverse/njord#304
• Bump version.maveniverseShared from 0.2.3 to 0.2.4 by @​dependabot[bot] in maveniverse/njord#303
• Deps: parent POM 55 and others by @​cstamas in maveniverse/njord#306

Full Changelog: maveniverse/njord@release-0.9.6...release-0.9.7

Commits

• b1d8216 [maven-release-plugin] prepare release release-0.9.7 [skip ci]
• 2ea8dd7 Deps: parent POM 55 and others (#306)
• 1d82126 Bump version.maveniverseShared from 0.2.3 to 0.2.4 (#303)
• 3f90e7e Bump org.json:json from 20251224 to 20260522 (#304)
• 4084d47 Bump org.ow2.asm:asm from 9.10 to 9.10.1 (#305)
• e363ff5 Bump version.maven from 3.9.15 to 3.9.16 (#297)
• f861a12 Bump version.mima from 2.4.43 to 2.4.44 (#298)
• e337af4 Bump org.junit.jupiter:junit-jupiter-api from 6.0.3 to 6.1.0 (#300)
• 5dfc3a1 Bump org.codehaus.plexus:plexus-classworlds from 2.11.0 to 2.12.0 (#301)
• 495a36d [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.directory.api:api-asn1-api from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-ldap-model from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-ldap-schema-data from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-util from 2.1.7 to 2.1.8

Commits

• e73a778 [maven-release-plugin] prepare release 2.1.8
• dbf5eeb Fixed some javadoc errors
• 62a82d3 [maven-release-plugin] rollback the release of 2.1.8
• 4042005 [maven-release-plugin] prepare for next development iteration
• 5cc7ab8 [maven-release-plugin] prepare release 2.1.8
• ae354ec Added the AL 2.0 header
• 61b0206 [maven-release-plugin] rollback the release of 2.1.8
• 319efd4 [maven-release-plugin] prepare for next development iteration
• 1ff2a2c [maven-release-plugin] prepare release 2.1.8
• 75aa7dc Bumped up parent pom to 51
• Additional commits viewable in compare view

Updates org.apache.directory.api:api-ldap-model from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-ldap-schema-data from 2.1.7 to 2.1.8

Updates org.apache.directory.api:api-util from 2.1.7 to 2.1.8

Commits

• e73a778 [maven-release-plugin] prepare release 2.1.8
• dbf5eeb Fixed some javadoc errors
• 62a82d3 [maven-release-plugin] rollback the release of 2.1.8
• 4042005 [maven-release-plugin] prepare for next development iteration
• 5cc7ab8 [maven-release-plugin] prepare release 2.1.8
• ae354ec Added the AL 2.0 header
• 61b0206 [maven-release-plugin] rollback the release of 2.1.8
• 319efd4 [maven-release-plugin] prepare for next development iteration
• 1ff2a2c [maven-release-plugin] prepare release 2.1.8
• 75aa7dc Bumped up parent pom to 51
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This ...

Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.