Bump the dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the dependencies group with 11 updates in the / directory:

Package	From	To
io.jooby:jooby-bom	4.0.11	4.4.0
software.amazon.awssdk:bom	2.40.13	2.43.0
org.apache.logging.log4j:log4j-core	2.25.3	2.25.4
org.apache.logging.log4j:log4j-slf4j2-impl	2.25.3	2.25.4
org.apache.logging.log4j:log4j-iostreams	2.25.3	2.25.4
com.google.guava:guava	33.5.0-jre	33.6.0-jre
com.google.code.gson:gson	2.13.2	2.14.0
org.xerial:sqlite-jdbc	3.51.1.0	3.53.0.0
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
io.jooby:jooby-maven-plugin	4.0.11	4.4.0
org.apache.maven.plugins:maven-shade-plugin	3.6.1	3.6.2

Updates io.jooby:jooby-bom from 4.0.11 to 4.4.0

Release notes

Sourced from io.jooby:jooby-bom's releases.

jooby 4.4.0

🚀 What's New

• feature: open telemetry module #3900

🔗 Links & Resources

• v4.4.0
• Closed Issues
• Changelog
• Dependency Updates

💖 Support my work

• Sponsor Jooby

🏆 Sponsors

• @​premium-minds
• @​agentgt
• @​tipsy

jooby 4.3.0

⚠️ Breaking Changes

• tRPC/json-rpc: normalize usage
• json-rpc: remove from core
• tRPC: remove from 'core'

🛠️ Changes

• jackson2: deprecate JacksonModule in favor of Jackson2Module
• jackson2/jackson3: load modules from ServiceLoader API
• grpc: rename io.jooby.rpc.grpc to io.jooby.grpc
• Confusing methods in WebSocket

🔗 Links & Resources

• v4.3.0
• Closed Issues
• Changelog
• Dependency Updates

💖 Support my work

• Sponsor Jooby

🏆 Sponsors

• @​premium-minds
• @​agentgt
• @​tipsy

jooby 4.2.0

⚠️ Breaking Changes

... (truncated)

Commits

• ca79dae v4.4.0
• 7a396ac build: release: close milestone when finish
• 5eff2dd Merge pull request #3903 from jooby-project/3900
• 7f47d10 Merge pull request #3901 from jooby-project/dependabot/npm_and_yarn/modules/j...
• e479498 Merge pull request #3902 from jooby-project/dependabot/maven/dependencies-f58...
• 301962e doc: add opentelemetry to main features
• 6546b78 hikari: better display name for otel: connections
• 8eaaef3 opentelemetry: add javadoc ref #3900
• a1cede7 feat(opentelemetry): introduce comprehensive OpenTelemetry module and instrum...
• 0170fae build(deps): bump the dependencies group with 20 updates
• Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.40.13 to 2.43.0

Updates org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.25.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-iostreams from 2.25.3 to 2.25.4

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates com.google.code.gson:gson from 2.13.2 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

• Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

  When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

  With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

• Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

  This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

• Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

  Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

• Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

  This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

• Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

  The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

• Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

  This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

• Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

• Add default capacity to EnumTypeAdapter maps by @​MukjepScarlet in google/gson#2959
• refactor: move derived adapters from Gson to TypeAdapters by @​MukjepScarlet in google/gson#2951
• Optimize new Gson() by @​MukjepScarlet in google/gson#2864

New Contributors

• @​ThirdGoddess made their first contribution in google/gson#2944
• @​lmj798 made their first contribution in google/gson#2988
• @​Eng-YasminKotb made their first contribution in google/gson#3005
• @​andrewstellman made their first contribution in google/gson#3006

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Commits

• 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
• a3024fd Bump the maven group with 13 updates (#3002)
• 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
• 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
• 53d703e Update outdated comment regarding serializable types (#3012)
• 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
• f4d371d Fix duplicate key detection when first value is null (#3006)
• 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
• 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
• b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.51.1.0 to 3.53.0.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.53.0.0

Changelog

🚀 Features

jdbc

• expose wal_autocheckpoint pragma in SQLiteConfig (dd2adcc), closes #1397

sqlite

• upgrade to sqlite 3.53.0 (baaf087)

unscoped

• publish multiple classifer jars (bdd2b64), closes #1273
• better Android support (7eb6f3f), closes #1378

🛠 Build

deps

• bump org.sonatype.central:central-publishing-maven-plugin (19259e5)
• bump EndBug/add-and-commit from 9 to 10 (f572217)

deps-dev

• bump surefire.version from 3.5.4 to 3.5.5 (b649d25)
• bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (857a754)
• bump org.mockito:mockito-core from 5.21.0 to 5.23.0 (a597952)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Karl-Michael Edlinger, kju2

Release 3.51.3.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.51.3 (09e9741)
• upgrade to sqlite 3.52.0 (64cf690)

🛠 Build

deps

• bump org.graalvm.buildtools:native-maven-plugin (5ad5155)
• bump actions/upload-artifact from 6 to 7 (90c726f)
• bump actions/download-artifact from 7 to 8 (17d4998)

deps-dev

• bump org.jreleaser:jreleaser-maven-plugin (d4d5c04)

unscoped

• set-version trigger CI after build native (89dfbc8)
• set-version commit and trigger workflow (eed41ae)
• set-version fix VERSION (22e5106)

... (truncated)

Commits

• f88e9c7 chore(release): 3.53.0.0 [skip ci]
• bdd2b64 feat: publish multiple classifer jars
• 7eb6f3f feat: better Android support
• 23ead2e chore: update native libraries
• baaf087 feat(sqlite): upgrade to sqlite 3.53.0
• dd2adcc feat(jdbc): expose wal_autocheckpoint pragma in SQLiteConfig
• b649d25 build(deps-dev): bump surefire.version from 3.5.4 to 3.5.5
• 857a754 build(deps-dev): bump org.assertj:assertj-core from 3.27.6 to 3.27.7
• 19259e5 build(deps): bump org.sonatype.central:central-publishing-maven-plugin
• a597952 build(deps-dev): bump org.mockito:mockito-core from 5.21.0 to 5.23.0
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates io.jooby:jooby-maven-plugin from 4.0.11 to 4.4.0

Updates org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.2

🐛 Bug Fixes

• Bug: Extra JARs and Artifacts were not subjected to filtering (#785) @​cstamas

👻 Maintenance

• Drop excessive dependencies (#786) @​cstamas
• chore: remove junit3 reference (#762) @​sparsick
• Exclude Java 25 (#773) @​slachiewicz
• Update site descriptor, use site configuration from parent (#755) @​slawekjaranowski

📦 Dependency updates

• Drop unneeded dependencies (#788) @​cstamas
• Update to parent POM v 47 (#781) @​Bukama
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#782) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#778) @dependabot[bot]
• Bump asmVersion from 9.9 to 9.9.1 (#774) @dependabot[bot]
• Update invoker plugin to 3.9.1 to Support Java 25 (#769) @​Bukama
• Bump asmVersion from 9.8 to 9.9 (#761) @dependabot[bot]
• Bump org.xmlunit:xmlunit-legacy from 2.10.3 to 2.11.0 (#763) @dependabot[bot]
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#764) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#768) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#758) @dependabot[bot]

Commits

• ad8de59 [maven-release-plugin] prepare release maven-shade-plugin-3.6.2
• 8eb19dc Drop unneeded dependencies (#788)
• 397b2cd Drop excessive dependencies (#786)
• eca6398 Bug: Extra JARs and Artifacts were not subjected to filtering (#785)
• 7edce17 Update to parent POM v 47 (#781)
• 3171a34 Mockito improvements (#783)
• 678844b Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#782)
• 73ec909 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780)
• 5f7a877 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#778)
• 73c5247 chore: remove junit3 reference (#762)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions