Skip to content

Bump the build-dependencies group across 1 directory with 11 updates #11078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the build-dependencies group across 1 directory with 11 updates #11078

wants to merge 1 commit into from
+12 −12

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 8, 2025
edited
Loading

Bumps the build-dependencies group with 9 updates in the / directory:

Package From To
com.diffplug.spotless 7.0.4 8.0.0
org.checkerframework 0.6.56 0.6.60
org.jetbrains.gradle.plugin.idea-ext 1.1.10 1.3
com.gradle.develocity 4.0.2 4.2.1
com.gradle.common-custom-user-data-gradle-plugin 2.3 2.4.0
org.jsoup:jsoup 1.21.1 1.21.2
de.thetaphi:forbiddenapis 3.9 3.10
org.apache.maven:maven-embedder 3.9.10 3.9.11
org.apache.maven.resolver:maven-resolver-connector-basic 1.9.23 1.9.24

Updates com.diffplug.spotless from 7.0.4 to 8.0.0

Updates org.checkerframework from 0.6.56 to 0.6.60

Updates org.jetbrains.gradle.plugin.idea-ext from 1.1.10 to 1.3

Updates com.gradle.develocity from 4.0.2 to 4.2.1

Updates com.gradle.common-custom-user-data-gradle-plugin from 2.3 to 2.4.0

Updates org.jsoup:jsoup from 1.21.1 to 1.21.2

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.21.2

jsoup 1.21.2 is out now, adding support for custom SSLContext in HTTP/2 connections, and improving consistency in how user data is handled in attributes. It also brings performance gains in DOM manipulation and fragment parsing, and fixes several edge cases in stream parsing, traversal, cloning, and concurrent reads.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Changes

  • Deprecated internal (yet visible) methods Normalizer#normalize(String, bool) and Attribute#shouldCollapseAttribute(Document.OutputSettings). These will be removed in a future version.
  • Deprecated Connection#sslSocketFactory(SSLSocketFactory) in favor of the new Connection#sslContext(SSLContext). Using sslSocketFactory will force the use of the legacy HttpUrlConnection implementation, which does not support HTTP/2. #2370

Improvements

  • When pretty-printing, if there are consecutive text nodes (via DOM manipulation), the non-significant whitespace between them will be collapsed. #2349.
  • Updated Connection.Response#statusMessage() to return a simple loggable string message (e.g. "OK") when using the HttpClient implementation, which doesn't otherwise return any server-set status message. #2356
  • Attributes#size() and Attributes#isEmpty() now exclude any internal attributes (such as user data) from their count. This aligns with the attributes' serialized output and iterator. #2369
  • Added Connection#sslContext(SSLContext) to provide a custom SSL (TLS) context to requests, supporting both the HttpClient and the legacy HttUrlConnection implementations. #2370
  • Performance optimizations for DOM manipulation methods including when repeatedly removing an element's first child (element.child(0).remove(), and when using Parser#parseBodyFragement() to parse a large number of direct children. #2373.

Bug Fixes

  • When parsing from an InputStream and a multibyte character happened to straddle a buffer boundary, the stream would not be completely read. #2353.
  • In NodeTraversor, if a last child element was removed during the head() call, the parent would be visited twice. #2355.
  • Cloning an Element that has an Attributes object would add an empty internal user-data attribute to that clone, which would cause unexpected results for Attributes#size() and Attributes#isEmpty(). #2356
  • In a multithreaded application where multiple threads are calling Element#children() on the same element concurrently, a race condition could happen when the method was generating the internal child element cache (a filtered view of its child nodes). Since concurrent reads of DOM objects should be threadsafe without external synchronization, this method has been updated to execute atomically. #2366
  • When parsing HTML with svg:script elements in SVG elements, don't enter the Text insertion mode, but continue to parse as foreign content. Otherwise, misnested HTML could then cause an IndexOutOfBoundsException. #2374
  • Malformed HTML could throw an IndexOutOfBoundsException during the adoption agency. #2377.
Changelog

Sourced from org.jsoup:jsoup's changelog.

1.21.2 (2025-Aug-25)

Changes

  • Deprecated internal (yet visible) methods Normalizer#normalize(String, bool) and Attribute#shouldCollapseAttribute(Document.OutputSettings). These will be removed in a future version.
  • Deprecated Connection#sslSocketFactory(SSLSocketFactory) in favor of the new Connection#sslContext(SSLContext). Using sslSocketFactory will force the use of the legacy HttpUrlConnection implementation, which does not support HTTP/2. #2370

Improvements

  • When pretty-printing, if there are consecutive text nodes (via DOM manipulation), the non-significant whitespace between them will be collapsed. #2349.
  • Updated Connection.Response#statusMessage() to return a simple loggable string message (e.g. "OK") when using the HttpClient implementation, which doesn't otherwise return any server-set status message. #2356
  • Attributes#size() and Attributes#isEmpty() now exclude any internal attributes (such as user data) from their count. This aligns with the attributes' serialized output and iterator. #2369
  • Added Connection#sslContext(SSLContext) to provide a custom SSL (TLS) context to requests, supporting both the HttpClient and the legacy HttUrlConnection implementations. #2370
  • Performance optimizations for DOM manipulation methods including when repeatedly removing an element's first child (element.child(0).remove(), and when using Parser#parseBodyFragement() to parse a large number of direct children. #2373.

Bug Fixes

  • When parsing from an InputStream and a multibyte character happened to straddle a buffer boundary, the stream would not be completely read. #2353.
  • In NodeTraversor, if a last child element was removed during the head() call, the parent would be visited twice. #2355.
  • Cloning an Element that has an Attributes object would add an empty internal user-data attribute to that clone, which would cause unexpected results for Attributes#size() and Attributes#isEmpty(). #2356
  • In a multithreaded application where multiple threads are calling Element#children() on the same element concurrently, a race condition could happen when the method was generating the internal child element cache (a filtered view of its child nodes). Since concurrent reads of DOM objects should be threadsafe without external synchronization, this method has been updated to execute atomically. #2366
  • When parsing HTML with svg:script elements in SVG elements, don't enter the Text insertion mode, but continue to parse as foreign content. Otherwise, misnested HTML could then cause an IndexOutOfBoundsException. #2374
  • Malformed HTML could throw an IndexOutOfBoundsException during the adoption agency. #2377.
Commits
  • b02837b [maven-release-plugin] prepare release jsoup-1.21.2
  • 1f0c207 v1.21.2 release date
  • b093463 Use central-publishing-maven-plugin
  • 615b959 Updating sonatype deploy URLs
  • 6961720 Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 (#2386)
  • 82864b2 Bump jetty.version from 9.4.57.v20241219 to 9.4.58.v20250814 (#2385)
  • 71f963e Fix for HTML that breaks the select scope
  • 6b20f6e Removed effective recursion closing \</select>
  • eb2957a Bump actions/checkout from 4 to 5 (#2382)
  • 3a9a6c7 Fix ProxyTest in CI
  • Additional commits viewable in compare view

Updates de.thetaphi:forbiddenapis from 3.9 to 3.10

Updates org.apache.maven:maven-embedder from 3.9.10 to 3.9.11

Updates org.apache.maven:maven-compat from 3.9.10 to 3.9.11

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.11

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

🔧 Build

📦 Dependency updates

Commits
  • 3e54c93 [maven-release-plugin] prepare release maven-3.9.11
  • 299f1f3 Pin GitHub action versions by hash
  • a8a44dc Build the project by JDK 21 as default
  • a0360b3 Augment version range resolution used repositories (#2574)
  • ef54677 Bump resolverVersion from 1.9.23 to 1.9.24 (#2540)
  • 96bf155 Bump xmlunitVersion from 2.10.2 to 2.10.3
  • 7b27ab5 Bump org.apache.maven:maven-parent from 44 to 45
  • 5107f47 Deduplicate filtered dependency graph (#2489)
  • 69267a1 Move ensure in boundaries of project lock (#2470)
  • 9ac9bc2 Use Maven 3.9.10 for build on GitHub
  • Additional commits viewable in compare view

Updates org.apache.maven.resolver:maven-resolver-connector-basic from 1.9.23 to 1.9.24

Release notes

Sourced from org.apache.maven.resolver:maven-resolver-connector-basic's releases.

1.9.24

🚀 New features and improvements

👻 Maintenance

📦 Dependency updates

Commits
  • 7176b8c [maven-release-plugin] prepare release maven-resolver-1.9.24
  • 267d7d5 Fix Javadocs
  • ce051b4 Rollback #747 with comments (#1510)
  • 3b0c7eb Align plexus-util version with Maven
  • 7094bf8 Align guice version with Maven
  • b758518 backport: Metadata type out of coordinates (#1491) (#1503)
  • 615eab3 RFC9457 Implementation
  • e46a3db Bump org.redisson:redisson from 3.46.0 to 3.50.0
  • 02f3b8b Rename release-drafter config for 1.9.x branch
  • 31254e7 Bump sisuVersion from 0.9.0.M3 to 0.9.0.M4
  • Additional commits viewable in compare view

Updates org.apache.maven.resolver:maven-resolver-transport-http from 1.9.23 to 1.9.24

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 8, 2025
@dependabot dependabot bot force-pushed the dependabot/gradle/build-dependencies-ee9a018241 branch from 28d0730 to cd91767 Compare October 15, 2025 05:02
mbellade
mbellade reviewed Oct 15, 2025
View reviewed changes
Copy link
Member

@mbellade mbellade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only major upgrade here is spotless 8.0.0, I've checked the release notes and it doesn't look like we're affected by any of the breaking changes.

@dependabot
Bump the build-dependencies group across 1 directory with 11 updates
608c24f 
Bumps the build-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| com.diffplug.spotless | `7.0.4` | `8.0.0` |
| org.checkerframework | `0.6.56` | `0.6.60` |
| org.jetbrains.gradle.plugin.idea-ext | `1.1.10` | `1.3` |
| com.gradle.develocity | `4.0.2` | `4.2.1` |
| com.gradle.common-custom-user-data-gradle-plugin | `2.3` | `2.4.0` |
| [org.jsoup:jsoup](https://github.com/jhy/jsoup) | `1.21.1` | `1.21.2` |
| de.thetaphi:forbiddenapis | `3.9` | `3.10` |
| org.apache.maven:maven-embedder | `3.9.10` | `3.9.11` |
| [org.apache.maven.resolver:maven-resolver-connector-basic](https://github.com/apache/maven-resolver) | `1.9.23` | `1.9.24` |



Updates `com.diffplug.spotless` from 7.0.4 to 8.0.0

Updates `org.checkerframework` from 0.6.56 to 0.6.60

Updates `org.jetbrains.gradle.plugin.idea-ext` from 1.1.10 to 1.3

Updates `com.gradle.develocity` from 4.0.2 to 4.2.1

Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.3 to 2.4.0

Updates `org.jsoup:jsoup` from 1.21.1 to 1.21.2
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](jhy/jsoup@jsoup-1.21.1...jsoup-1.21.2)

Updates `de.thetaphi:forbiddenapis` from 3.9 to 3.10

Updates `org.apache.maven:maven-embedder` from 3.9.10 to 3.9.11

Updates `org.apache.maven:maven-compat` from 3.9.10 to 3.9.11
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](apache/maven@maven-3.9.10...maven-3.9.11)

Updates `org.apache.maven.resolver:maven-resolver-connector-basic` from 1.9.23 to 1.9.24
- [Release notes](https://github.com/apache/maven-resolver/releases)
- [Commits](apache/maven-resolver@maven-resolver-1.9.23...maven-resolver-1.9.24)

Updates `org.apache.maven.resolver:maven-resolver-transport-http` from 1.9.23 to 1.9.24

---
updated-dependencies:
- dependency-name: com.diffplug.spotless
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: build-dependencies
- dependency-name: org.checkerframework
  dependency-version: 0.6.60
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
- dependency-name: org.jetbrains.gradle.plugin.idea-ext
  dependency-version: '1.3'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-dependencies
- dependency-name: com.gradle.develocity
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-dependencies
- dependency-name: com.gradle.common-custom-user-data-gradle-plugin
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-dependencies
- dependency-name: org.jsoup:jsoup
  dependency-version: 1.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
- dependency-name: de.thetaphi:forbiddenapis
  dependency-version: '3.10'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-dependencies
- dependency-name: org.apache.maven:maven-embedder
  dependency-version: 3.9.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
- dependency-name: org.apache.maven.resolver:maven-resolver-connector-basic
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
- dependency-name: org.apache.maven.resolver:maven-resolver-transport-http
  dependency-version: 1.9.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/gradle/build-dependencies-ee9a018241 branch from cd91767 to 608c24f Compare October 22, 2025 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mbellade mbellade mbellade left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mbellade