build(deps): bump the dependencies group with 21 updates

[dependabot]

Bumps the dependencies group with 21 updates:

Package	From	To
org.ow2.asm:asm	9.9.1	9.10
org.ow2.asm:asm-util	9.9.1	9.10
org.slf4j:slf4j-api	2.0.17	2.0.18
org.slf4j:log4j-over-slf4j	2.0.17	2.0.18
org.slf4j:jcl-over-slf4j	2.0.17	2.0.18
org.slf4j:jul-to-slf4j	2.0.17	2.0.18
org.slf4j:slf4j-simple	2.0.17	2.0.18
io.swagger.core.v3:swagger-annotations	2.2.49	2.2.50
io.swagger.core.v3:swagger-models	2.2.49	2.2.50
io.swagger.parser.v3:swagger-parser	2.1.41	2.1.42
io.lettuce:lettuce-core	7.5.1.RELEASE	7.5.2.RELEASE
org.apache.maven:maven-plugin-api	3.9.15	3.9.16
org.apache.maven:maven-core	3.9.15	3.9.16
com.diffplug.spotless:spotless-maven-plugin	3.4.0	3.5.1
dev.langchain4j:langchain4j-bom	1.14.1	1.15.0
cz.habarta.typescript-generator:typescript-generator-core	4.0.0	4.1.1
org.hibernate.orm:hibernate-core	7.3.4.Final	7.3.5.Final
org.hibernate.orm:hibernate-scan-jandex	7.3.4.Final	7.3.5.Final
com.github.kagkarlsson:db-scheduler	16.8.1	16.9.0
software.amazon.awssdk:bom	2.44.4	2.44.7
org.asynchttpclient:async-http-client	3.0.9	3.0.10

Updates org.ow2.asm:asm from 9.9.1 to 9.10

Updates org.ow2.asm:asm-util from 9.9.1 to 9.10

Updates org.ow2.asm:asm-util from 9.9.1 to 9.10

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.slf4j:log4j-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jcl-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jul-to-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates org.slf4j:log4j-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jcl-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:jul-to-slf4j from 2.0.17 to 2.0.18

Updates io.swagger.core.v3:swagger-annotations from 2.2.49 to 2.2.50

Updates io.swagger.core.v3:swagger-models from 2.2.49 to 2.2.50

Updates io.swagger.core.v3:swagger-models from 2.2.49 to 2.2.50

Updates io.swagger.parser.v3:swagger-parser from 2.1.41 to 2.1.42

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.42 released!

• Update swagger-core to 2.2.50 (#2334)
• fix: use explicit prefix for array items with dotted property names (#2330)
• chore: migrate from tibdex/github-app-token to actions/create-github-app-token (#2324)
• build(deps): bump commons-io:commons-io from 2.20.0 to 2.22.0 (#2319)
• build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 (#2318)
• build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.5.5 (#2316)

Commits

• e8933f0 prepare release 2.1.42 (#2335)
• 4024d94 Update swagger-core to 2.2.50 (#2334)
• 9c19b19 fix: use explicit prefix for array items with dotted property names (#2330)
• 4dfb6fa chore: migrate from tibdex/github-app-token to actions/create-github-app-toke...
• ea252bd build(deps): bump org.apache.maven.plugins:maven-surefire-plugin (#2316)
• b8f920e build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 (#2318)
• 45942a2 build(deps): bump commons-io:commons-io from 2.20.0 to 2.22.0 (#2319)
• e5abf83 bump snapshot 2.1.42-SNAPSHOT (#2323)
• See full diff in compare view

Updates io.lettuce:lettuce-core from 7.5.1.RELEASE to 7.5.2.RELEASE

Release notes

Sourced from io.lettuce:lettuce-core's releases.

7.5.2.RELEASE

The Lettuce team is pleased to announce the Lettuce 7.5.2 patch release!

Lettuce 7.5.2 supports Redis 2.6+ up to Redis 8.x. In terms of Java runtime, Lettuce requires at least Java 8 and works with Java 24. The driver is tested against Redis 8.6, Redis 8.4, Redis 8.2, Redis 8.0, Redis 7.4 and Redis 7.2.

Thanks to all contributors who made Lettuce 7.5.2.RELEASE possible.

📗 Links Reference documentation: https://lettuce.io/core/7.5.2.RELEASE

💡 Other

• Bump Netty 4.2.13.Final in redis/lettuce#3757

Full Changelog: redis/lettuce@7.5.1.RELEASE...7.5.2.RELEASE

Changelog

Sourced from io.lettuce:lettuce-core's changelog.

Lettuce 7.5.2 RELEASE NOTES

The Lettuce team is pleased to announce the Lettuce 7.5.2 patch release!

Lettuce 7.5.2 supports Redis 2.6+ up to Redis 8.x. In terms of Java runtime, Lettuce requires at least Java 8 and works with Java 24. The driver is tested against Redis 8.6, Redis 8.4, Redis 8.2, Redis 8.0, Redis 7.4 and Redis 7.2.

Thanks to all contributors who made Lettuce 7.5.2.RELEASE possible.

📗 Links Reference documentation: https://lettuce.io/core/7.5.2.RELEASE

💡 Other

• Bump Netty 4.2.13.Final in redis/lettuce#3757

Full Changelog: redis/lettuce@7.5.1.RELEASE...7.5.2.RELEASE

Commits

• 5728917 Release 7.5.2
• 4f6149c bump -> netty 4.2.13 (#3757)
• See full diff in compare view

Updates org.apache.maven:maven-plugin-api from 3.9.15 to 3.9.16

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.16

🐛 Bug Fixes

• Trim threadConfiguration to accept input surrounded with spaces (#12042) @​slawekjaranowski
• Backport: Maven 3.10.x fixed plugin resolution (#12022) @​cstamas

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]
• [3.9.x] Bump to parent POM 48 (#12024) @​cstamas
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]
• Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]
• Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]

Commits

• 2bdd9fd [maven-release-plugin] prepare release maven-3.9.16
• 229e9d7 Trim threadConfiguration to accept input surrounded with spaces
• 7d5fd94 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039)
• 0d100e5 [3.9.x] Bump to parent POM 48 (#12024)
• 7ae7935 Backport: Maven 3.10.x fixes plugin resolution, by putting user in charge (#1...
• 86fc95b Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980)
• 029557a Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951)
• b5250f2 Bump actions/cache from 5.0.4 to 5.0.5 (#11943)
• 7ef2c23 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven:maven-core from 3.9.15 to 3.9.16

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.1

Fixed

• <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
• Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Commits

• 0c48edf Published maven/3.5.1
• c1595c8 Published gradle/8.5.1
• b26b570 Published lib/4.6.1
• ac3f6f1 Bump plexus-utils to 4.0.3 to address CVE-2025-67030 (#2932)
• f5039f6 Bump plexus-utils to 4.0.3 to address CVE-2025-67030
• 0e77837 Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode (#2931)
• 84f6423 Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode
• b87eb75 Published maven/3.5.0
• 97c3baf Published gradle/8.5.0
• 3dd1a96 Published lib/4.6.0
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates dev.langchain4j:langchain4j-bom from 1.14.1 to 1.15.0

Commits

• d0e54aa Release versions 1.15.0 and 1.15.0-beta25
• bb6efd1 Added a new integration module langchain4j-google-genai (#4658)
• 17bbe98 Added a new integration module langchain4j-google-genai (#4658)
• 7c1a1a3 fixing flaky ITs
• d913eab fix(deps): update dependency com.github.jsqlparser:jsqlparser to v4.9 (#5236)
• 165cd1d fix(deps): update dependency com.couchbase.client:java-client to v3.11.2 (#5233)
• 8e05058 fix(deps): update awaitility.version to v4.3.0 (#5231)
• 006aeef fix(deps): update commonmark.version to v0.28.0 (#5232)
• 81d0a68 fix: skip empty tool_calls sentinel chunk in OpenAI streaming accumulator (#5...
• 3c0d21e fix(deps): update ai.djl.version to v0.36.0 (#5229)
• Additional commits viewable in compare view

Updates cz.habarta.typescript-generator:typescript-generator-core from 4.0.0 to 4.1.1

Release notes

Sourced from cz.habarta.typescript-generator:typescript-generator-core's releases.

v4.1.1

• Gradle: Handle all empty ListProperty-s as nullable (#1122)
• Update production dependencies (#1131)
• Update development dependencies (#1130)
• (Internal) Mark code with JSpecify nullness annotations (#1132)

Thanks for contribution: @​kkuegler

Download from Maven Central Repository.

Commits

• 18b18ff Fix Gradle plugin build (#1133)
• c050bb3 Bump the development group across 1 directory with 5 updates (#1130)
• a7b4eed Bump the production group across 1 directory with 12 updates (#1131)
• 2205b0f Mark code with JSpecify nullness annotations (#1132)
• a28b4e8 Update AGENTS.md, README.md and sample projects (#1126)
• 811a882 Group dependabot updates (#1123)
• 079588c Gradle: Handle all empty ListProperty-s as nullable (#1122)
• e30a9b0 Update sample projects (#1113)
• 792871c Enable release autoPublish (#1112)
• See full diff in compare view

Updates org.hibernate.orm:hibernate-core from 7.3.4.Final to 7.3.5.Final

Release notes

Sourced from org.hibernate.orm:hibernate-core's releases.

Release 7.3.5

Hibernate ORM 7.3.5.Final released

Today, we published a new release of Hibernate ORM 7.3: 7.3.5.Final.

You can find the full list of 7.3.5.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide
• the API docs

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-core's changelog.

Changes in 7.3.5.Final (May 17, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/39039

** Bug * HHH-20394 Cascade profile causes LAZY associations to be eagerly fetched even if they won't be affected * HHH-20357 Component.sortProperties() reorders Envers originalId key, breaking joined audit-table FK/joins for JOINED inheritance

Commits

• 53f714a [Jenkins release job] Preparing release 7.3.5.Final
• 49a6cb7 [Jenkins release job] changelog.txt updated by release build 7.3.5.Final
• da86a84 HHH-20357 Stop reordering primary key columns based on component property ord...
• 837967d TiDBDialect: Make CriteriaUpdateAndDeleteWithJoinTest pass
• 2e7ae26 HHH-20394 Limit CascadingFetchProfile.MERGE to cascade-reachable associations
• 44f0a8d [Jenkins release job] Preparing next development iteration
• See full diff in compare view

Updates org.hibernate.orm:hibernate-scan-jandex from 7.3.4.Final to 7.3.5.Final

Release notes

Sourced from org.hibernate.orm:hibernate-scan-jandex's releases.

Release 7.3.5

Hibernate ORM 7.3.5.Final released

Today, we published a new release of Hibernate ORM 7.3: 7.3.5.Final.

You can find the full list of 7.3.5.Final changes here.

What's new

• See the website for requirements and compatibilities.
• See the What's New guide for details about new features and capabilities.
• See the Migration Guide for details about migration.

Conclusion

For additional details, see:

• the release page
• the Migration Guide
• the Introduction Guide
• the User Guide
• the API docs

See also the following resources related to supported APIs:

• the compatibility policy
• the incubating API report (@Incubating)
• the deprecated API report (@Deprecated + @Remove)
• the internal API report (internal packages, @Internal)

Visit the website for details on getting in touch with us.

Changelog

Sourced from org.hibernate.orm:hibernate-scan-jandex's changelog.

Changes in 7.3.5.Final (May 17, 2026)

https://hibernate.atlassian.net/projects/HHH/versions/39039

** Bug * HHH-20394 Cascade profile causes LAZY associations to be eagerly fetched even if they won't be affected * HHH-20357 Component.sortProperties() reorders Envers originalId key, breaking joined audit-table FK/joins for JOINED inheritance

Commits

• 53f714a [Jenkins release job] Preparing release 7.3.5.Final
• 49a6cb7 [Jenkins release job] changelog.txt updated by release build 7.3.5.Final
• da86a84 HHH-20357 Stop reordering primary key columns based on component property ord...
• 837967d TiDBDialect: Make CriteriaUpdateAndDeleteWithJoinTest pass
• 2e7ae26 HHH-20394 Limit CascadingFetchProfile.MERGE to cascade-reachable associations
• 44f0a8d [Jenkins release job] Preparing next development iteration
• See full diff in compare view

Updates com.github.kagkarlsson:db-scheduler from 16.8.1 to 16.9.0

Release notes

Sourced from com.github.kagkarlsson:db-scheduler's releases.

v16.9.0

Special mentions

• For Oracle, the recommendation is to use timestamp with time zone type for timestamps, for which .alwaysPersistTimestampInUTC() must not be enabled.

Changelog

🚀 Features

• 49a51c0 bind TIMESTAMP WITH TIME ZONE via setObject(OffsetDateTime) (#812)

🐛 Fixes

• 41ec746 Update schema and jdbc-customizaztion to fix MS SQL task_data corruption for odd-length byte arrays (#798), closes #798
• 7d90ab2 custom deadExecution applying is fixed in builder executeStateful (#802), closes #790 #802

🧰 Tasks

• c3285da deps: bump Spring Boot BOMs to pull in patched Jackson (fixes #805)

🛠 Build

• 761963d deps: bump testcontainers-bom from 1.21.3 to 2.0.5 (#844)
• f5578f4 deps: bump org.junit:junit-bom from 5.14.0 to 6.0.3 (#839)
• b2009f6 deps: bump io.micrometer:micrometer-bom from 1.15.3 to 1.16.5 (#841)
• a2dcff3 deps: bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#843)
• d1bac26 deps: bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (#833)
• cf0d389 deps: bump the maven-plugins group with 5 updates (#837)
• 576d92b deps: bump serialization.version from 1.9.0 to 1.11.0 (#830)
• 0dbe60f deps: bump jackson.version from 2.21.2 to 2.21.3 (#831), closes #831
• 148741c deps-dev: bump org.assertj:assertj-core from 3.27.6 to 3.27.7 in /db-scheduler (#834),
• 2118be2 deps: bump org.postgresql:postgresql from 42.5.5 to 42.7.11 in /test/benchmark (#835)
• 9293090 deps-dev: bump the test-dependencies group across 1 directory with 13 updates (#829)
• 650cd47 rename spring-boot.version to spring-boot-3.version, closes #832
• fcf8537 deps: bump the github-actions group with 4 updates (#828)
• 214638b configure dependabot grouping and pin embedded-postgres binaries (#827)

📝 Documentation

• 921c05a Adding 'AI Contribution Policy' to contributor guidelines

Contributors

We'd like to thank the following people for their contributions:

• Gustav Karlsson (@​kagkarlsson)
• Michael Str
• dependabot[bot] (@​dependabot[bot])
• tstavinoha

Commits

• 761963d build(deps): bump testcontainers-bom from 1.21.3 to 2.0.5 (#844)
• f5578f4 build(deps): bump org.junit:junit-bom from 5.14.0 to 6.0.3 (#839)
• b2009f6 build(deps): bump io.micrometer:micrometer-bom from 1.15.3 to 1.16.5 (#841)
• a2dcff3 build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#843)
• 49a51c0 feat: bind TIMESTAMP WITH TIME ZONE via setObject(OffsetDateTime) (#812)
• 921c05a docs: Adding 'AI Contribution Policy' to contributor guidelines
• 41ec746 fix: Update schema and jdbc-customizaztion to fix MS SQL task_data corruption...
• d1bac26 build(deps): bump net.java.dev.jna:jna from 5.17.0 to 5.18.1 (#833)
• cf0d389 build(deps): bump the maven-plugins group with 5 updates (#837)
• 576d92b build(deps): bump serialization.version from 1.9.0 to 1.11.0 (#830)
• Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.44.4 to 2.44.7

Updates org.asynchttpclient:async-http-client from 3.0.9 to 3.0.10

Release notes

Sourced from org.asynchttpclient:async-http-client's releases.

AHC v3.0.10 Release

What's Changed

• Guard against null TimeoutsHolder in NettyConnectListener.onSuccess by @​hyperxpro in AsyncHttpClient/async-http-client#2176

Security Advisory

GHSA-fmxf-pm6p-7xgm

Full Changelog: AsyncHttpClient/async-http-client@async-http-client-project-3.0.9...async-http-client-project-3.0.10

Commits

• c910fe0 chore: Dependency upgrade
• 3b0e3e9 Patch Security Advisory: GHSA-fmxf-pm6p-7xgm
• a279d48 Guard against null TimeoutsHolder in NettyConnectListener.onSuccess (#2176)
• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.hibernate.orm:hibernate-core	[>= 7.a0, < 8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions