Bump the all group across 2 directories with 26 updates

[dependabot]

Bumps the all group with 19 updates in the / directory:

Package	From	To
com.google.errorprone:error_prone_annotations	2.44.0	2.50.0
com.google.guava:guava	33.5.0-jre	33.6.0-jre
joda-time:joda-time	2.14.0	2.14.2
org.yaml:snakeyaml	2.5	2.6
com.github.spotbugs:spotbugs-annotations	4.9.8	4.10.2
org.jetbrains.kotlin:kotlin-bom	2.2.21	2.4.0
com.fasterxml.jackson:jackson-bom	2.20.1	2.22.0
org.apache.logging.log4j:log4j-bom	2.25.2	2.26.0
org.apache.logging.log4j:log4j-core	2.25.2	2.26.0
org.slf4j:slf4j-bom	2.0.17	2.0.18
org.springframework.boot:spring-boot-dependencies	3.5.7	4.1.0
org.springframework.boot:spring-boot-maven-plugin	3.5.7	4.1.0
org.springframework.cloud:spring-cloud-dependencies	2025.0.0	2025.1.2
org.aspectj:aspectjweaver	1.9.25	1.9.25.1
org.aspectj:aspectjrt	1.9.25	1.9.25.1
org.aspectj:aspectjtools	1.9.25	1.9.25.1
org.codehaus.mojo:aspectj-maven-plugin	1.15.0	1.16.0
org.apache.maven.plugins:maven-jlink-plugin	3.2.0	3.3.0
io.fabric8:kubernetes-client-bom	7.4.0	7.7.0

Bumps the all group with 9 updates in the /log4j-samples-graalvm directory:

Package	From	To
org.apache.logging.log4j:log4j-bom	2.25.2	2.26.0
org.slf4j:slf4j-bom	2.0.17	2.0.18
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3
org.assertj:assertj-bom	3.27.6	3.27.7
org.junit:junit-bom	6.0.1	6.1.0
ch.qos.logback:logback-classic	1.5.20	1.5.34
org.json:json	20250517	20260522
net.javacrumbs.json-unit:json-unit-assertj	5.0.0	5.1.2
org.graalvm.buildtools:native-maven-plugin	0.11.2	1.1.2

Updates com.google.errorprone:error_prone_annotations from 2.44.0 to 2.50.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.50.0

New checks:

• BoxingComparator: Detect implicitly-boxing Comparator.comparing key extractors
• ExposedPrivateType: Discourage references to private member classes from non-private APIs
• JUnitMethodInvoked: Discourage directly invoking JUnit test methods
• ListRemoveAmbiguous: Detect ambiguous calls to List.remove(int|Integer)
• PreferTestParameter: suggests using @TestParameter instead of @TestParameters for exhaustive boolean and enum parameters on single-element parameterized tests
• RecordComponentAccessorAnnotationConflict: Detect conflicts between record components and explicit accessor methods
• RecordComponentOverride: Discourage @Override on record component declarations that don't override anything
• ThrowableEqualsHashCode: Discourage overriding Throwable.equals() and hashCode()

Closed issues: #5553, #5649, #5778

Full changelog: google/error-prone@v2.49.0...v2.50.0

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

• Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
• Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
• Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
• New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

• AssertThrowsBlockToExpression: Discourage unnecessary block lambdas in assertThrows.
• AssertThrowsMinimizer: Suggest minimizing the amount of logic in assertThrows.
• MemorySegmentReferenceEquality: Discourage using reference equality for MemorySegments.
• PreferThrowsTag: Recommends using @throws instead of the legacy @exception javadoc tag.
• RecordAccessorInCompactConstructor: detect record accessors inside the compact canonical ctors, which read uninitialized fields.

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (google/error-prone@8e84edf)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

... (truncated)

Commits

• d802cff Release Error Prone 2.50.0
• b12b5f2 In StringCharset, move the description from explanation to summary.
• a7ca02a Update AssertThrowsUtils to emit var thrown = assertThrows(...) instead o...
• 6b56517 Fix handling of nested tags in UnrecognisedJavadocTag
• d36e74f Remove translation of the fail() message into assertThrows(). We already ...
• c3581e9 Fix JavacFileManager compiler crash during speculative recompiles in modular ...
• da1f32b Remove assignments from assertThrows() lambdas. A large percentage of remai...
• dee62f7 Update AssertThrowsBlockToExpression to re-write single VariableTrees int...
• 4939448 Only hoist the last statement into the assertThrows() lambda.
• 30fd05a refactor: Rename JavaLangClash bug pattern to AvoidCommonTypeNames
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.5.0-jre to 33.6.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

• 33.6.0-jre.jar
• 33.6.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.6.0-jre
• 33.6.0-android

JDiff

• 33.6.0-jre vs. 33.5.0-jre
• 33.6.0-android vs. 33.5.0-android
• 33.6.0-android vs. 33.6.0-jre

Changelog

• Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
• cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
• collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
• collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
• graph: Removed @Beta from all APIs in the package. (dae9566b73)
• graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
• graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
• hash: Added BloomFilter.serializedSize(). (df9bcc251a)
• net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)

Commits

• See full diff in compare view

Updates joda-time:joda-time from 2.14.0 to 2.14.2

Release notes

Sourced from joda-time:joda-time's releases.

Release v2.14.2

See the change notes for more information.

What's Changed

• Update time zone data to 2026bgtz by @​jodastephen in JodaOrg/joda-time#831

Full Changelog: JodaOrg/joda-time@v2.14.1...v2.14.2

Release v2.14.1

See the change notes for more information.

What's Changed

• Fix build by @​jodastephen in JodaOrg/joda-time#811
• fix: correct typo in README (appropriate) by @​nabilshafi in JodaOrg/joda-time#818
• Auto-merge tzdb updates by @​jodastephen in JodaOrg/joda-time#819
• Update deployment from OSSRH by @​jodastephen in JodaOrg/joda-time#820
• Update time zone data to 2025cgtz by @​jodastephen in JodaOrg/joda-time#826
• Fix time zone name key by @​jodastephen in JodaOrg/joda-time#827
• Update time zone data to 2026agtz by @​jodastephen in JodaOrg/joda-time#829

New Contributors

• @​nabilshafi made their first contribution in JodaOrg/joda-time#818

Full Changelog: JodaOrg/joda-time@v2.14.0...v2.14.1

Commits

• d6ba4f0 Release v2.14.2
• 43ea40b Update time zone data to 2026bgtz (#831)
• c377753 Release v2.14.1
• 3fd08d4 Update time zone data to 2026agtz (#829)
• c4bf877 Fix name key (#827)
• 8b11cfa Update time zone data to 2025cgtz (#826)
• 7088d77 Update deployment from OSSRH (#820)
• 3418119 Auto-merge tzdb updates (#819)
• 6c95155 Fix website commit message
• c1d7f97 Fix typo in README (#818)
• Additional commits viewable in compare view

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.9.8 to 4.10.2

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.10.2

SpotBugs 4.10.2

CHANGELOG

Build

• Add release protection to ensure version released matches the tag and that snapshot has been removed. (#4156)
• Drop binary incompatible Saxon-HE back to 12.9 to keep java 11 compatibility. (#4159)
• Add binary check to the gradle build to ensure compatibility remains. (#4159)

CHECKSUM

file	checksum (sha256)
spotbugs-4.10.2-javadoc.jar	97bf36f386f75cecacbb7663700266d65176f8544c6f62bc7f21e0ecfb868444
spotbugs-4.10.2-sources.jar	76476f61ce6dc0eb0c38801e21da44e77043ba21226aef6c1b9d21df06d2395a
spotbugs-4.10.2.tgz	63d7687c35fba12cbc8e55ec2a889a2bbf1b9be299dea91f2b0d351dc285308a
spotbugs-4.10.2.zip	d5c9ad825cd015fc943802f5c96d89c515fd9a6f7fbbd9ddc7d0aa24b13664df
spotbugs-annotations-4.10.2-javadoc.jar	a948f311281429a3060e4870d5a60e8508372113ce678c7e1e04b58ba07a2ec2
spotbugs-annotations-4.10.2-sources.jar	87974d23caffbc8c6e66c567747627267b5ed06573cee966d7af6d236b8d65bd
spotbugs-annotations.jar	5335e5107c74cdd62ef96a7908066c51abb3de63b1ebf99dc953c2c7d0747678
spotbugs-ant-4.10.2-javadoc.jar	6e016db4c2929c0319c9f973ec1c76724d9ba17d26cd7b87136a8dbf0731cecb
spotbugs-ant-4.10.2-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	46f5c9524c08d027cf96cda2704e5d8ded633626b94a19dc9ced3ae67595d80b
test-harness-4.10.2-javadoc.jar	ec93ddaa099a27c8fdb0522d8c0b24a3d696e10aaf7d71a5d8426a643c00f1b2
test-harness-4.10.2-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.10.2.jar	bd10d1f11a1b93e4ca4db4d27772f611bd3407f9452dbbd2d1ba62584ddc171f
test-harness-core-4.10.2-javadoc.jar	a9782f2a1ecb26d561b4601c46f2dbcfbe4045d587c6ce545ae830cd61399118
test-harness-core-4.10.2-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.10.2.jar	1f9a0ee8f150dd71f960ca4f59dcf7912a45d0e9e6aefc4585fd44b975454bc0
test-harness-jupiter-4.10.2-javadoc.jar	eb18358668b3f2099ddcfe21e817210d34ee969eb7fecc6f697c6eecca803846
test-harness-jupiter-4.10.2-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.10.2.jar	a91146da3e993479cfefd2690781cbd102c6360ecc63a96d88995be3bd60fcbb

4.10.1

SpotBugs 4.10.1

Note

SpotBugs 4.10.0 was superseded by 4.10.1 due to a release issue. Users should use 4.10.1. See the discussion below for additional details:

spotbugs/spotbugs#4155

CHANGELOG

Build

• 4.10.0 was not released due to a release process error (artifacts were built from a -SNAPSHOT version). 4.10.1 is the corrected release and contains the intended 4.10.0 contents.

CHECKSUM

file	checksum (sha256)
spotbugs-4.10.1-javadoc.jar	582dc49e95b080333b1025dc23e76630e5f6f1648b2f9fa71ee34918f6d9dd2c

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.10.2 - 2026-06-09

Build

• Add release protection to ensure version released matches the tag and that snapshot has been removed. (#4156)
• Drop binary incompatible Saxon-HE back to 12.9 to keep java 11 compatibility. (#4159)
• Add binary check to the gradle build to ensure compatibility remains. (#4159)

4.10.1 - 2026-06-08

Build

• 4.10.0 was not released due to a release process error (artifacts were built from a -SNAPSHOT version). 4.10.1 is the corrected release and contains the intended 4.10.0 contents.

4.10.0 - 2026-06-07

Refactor

• Move internal usage of 'javax.annotation.Nonnull' to 'jakarta.annotation.NonNull'. (#3858)
• Move internal usage of 'javax.annotation.Nullable' to 'jakarta.annotation.Nullable'. (#3861)
• Renamed methods from edu.umd.cs.findbugs.SwitchHandler to reflect that they return a PC, not an offset (#3869)
• Make the progress bar more visually appealing by adding some borders (#3896)
• Reuse DismantleBytecode.isIf introduced in (#3869)

Added

• Add partial support for org.jspecify.annotations.Nullable, org.jspecify.annotations.NonNull, org.jspecify.annotations.NullUnmarked and org.jspecify.annotations.NullMarked annotations. These are aliased to the closest existing SpotBugs nullness annotations. This is not a complete implementation of the JSpecify spec; scope-level semantics of @NullMarked and @NullUnmarked are not yet supported. (#3996)
• Recognize jakarta.annotation.Nonnull and jakarta.annotation.Nullable (#3780)
• Detect use of sun.misc.Unsafe and jdk.internal.misc.Unsafe (#3804)
• New bug type is introduced: NCR_NOT_PROPERLY_CHECKED_READ. Improper validation of the return value from the read() method in InputStream and Reader classes may result in an array not being fully filled. (#3766)
• New detector FindImproperSynchronization and introduced new bug types:
  • USO_UNSAFE_METHOD_SYNCHRONIZATION is reported when using synchronized methods with the class' accessible intrinsic lock,
  • USO_UNSAFE_STATIC_METHOD_SYNCHRONIZATION is reported when using static synchronized methods with the class' exposed intrinsic lock,
  • USO_UNSAFE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is visible from the outside,
  • USO_UNSAFE_ACCESSIBLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is made accessible, with methods that update or return the lock, to the outside,
  • USO_UNSAFE_INHERITABLE_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is can be altered by subclasses,
  • USO_UNSAFE_EXPOSED_OBJECT_SYNCHRONIZATION is reported when the lock used for synchronization is later exposed in the subclasses.
  • USBC_UNSAFE_SYNCHRONIZATION_WITH_BACKING_COLLECTION is reported when the backing collection of a lock is visible from the outside,
  • USBC_UNSAFE_SYNCHRONIZATION_WITH_ACCESSIBLE_BACKING_COLLECTION is reported when the backing collection of a lock is made accessible, with methods that update or return the lock, to the outside,
  • USBC_UNSAFE_SYNCHRONIZATION_WITH_INHERITABLE_BACKING_COLLECTION is reported when the backing collection of a lock can be altered by subclasses. (See SEI CERT rule LCK00-J and SEI CERT rule LCK04-J)
• New detector FindIncreasedAccessibilityOfMethods for new bug type IAOM_DO_NOT_INCREASE_METHOD_ACCESSIBILITY. This detector reports a bug if a class increases the accessibility of overridden or hidden methods. (See SEI CERT rule MET04-J)

Fixed

• Fix DM_STRING_TOSTRING false negative when toString() is chained before a method call (e.g., s.toString().toLowerCase()); multiple occurrences in the same method are now all reported (#3966)
• Stop exposing JUnit BOM as a transitive dependency to consumers (#3908)
• Fix incorrect bug counts and sizes when unioning reports (#3721)
• Classes containing only methods throwing UnsupportedOperationException with setter-like names are no longer considered as mutable (#1601)
• Enhanced SARIF output with full description sections - adding markdown is still an open issue (#2339)
• Added missing null check to MultipleInstantiationsOfSingletons detector (#3823)
• Fix invalid syntax in findbugsfilter.xsd (#3832)
• Fix CT_CONSTRUCTOR_THROW FP with public and private constructors (#3822)
• Fix tool name in usage info, (#3847)
• Fix the building of relative chains of ./././ in filenames in fbp files (#3852)
• Fix IllegalArgumentException initializing spotbugs when inside a fat jar on Java 25 (#3875)
• Do not report DM_DEFAULT_ENCODING for classes compiled with target >= 18 (#3866)
• Fix FS_BAD_DATE_FORMAT_FLAG_COMBO not suppressed by field-level annotation (#3838)

... (truncated)

Commits

• 9efccc9 release v4.10.2
• 205d91b Check binary compatibility (#4159)
• a177422 Update spring core to v7.0.8 (#4158)
• 2d6857f update sonatype link in RELEASE_PROCEDURE.md (#4157)
• 32d4fb9 chore(build): Add verification on tag release that version matches the tag (#...
• 6657922 prepare for next release
• 7460889 release v4.10.1
• f6c4597 prepare for next release
• 6e64d99 release v4.10.0
• 73a6f59 feat: add partial JSpecify annotations support (from PR #3142) (#3996)
• Additional commits viewable in compare view

Updates org.jetbrains.kotlin:kotlin-bom from 2.2.21 to 2.4.0

Release notes

Sourced from org.jetbrains.kotlin:kotlin-bom's releases.

Kotlin 2.4.0

Changelog

Analysis API

• KT-83867 OVERLOAD_RESOLUTION_AMBIGUITY false positive with assertEquals in IJ repo
• KT-83723 [Analysis API] Enable experimental KDoc resolver by default
• KT-83388 Analysis API: properly support KMP in KotlinPackageProvider
• KT-65683 Analysis API: Dangling file session creation causes a computeIfAbsent contract violation

Analysis API. Code Compilation

• KT-78946 Evaluation of variable with local class in type parameter leads to InventNamesForLocalClasses exception

Analysis API. FIR

• KT-68260 K2 AA: InvalidFirElementTypeException “For CALLABLE_REFERENCE_EXPRESSION with text ::lam1, unexpected element of type: no element found” with illegal callable reference call
• KT-70896 AA: False positive deprecation warning with override of built-in method in JDK mapped class
• KT-84711 K2 IDE sometimes loses FIR plugin-generated declarations after file changes
• KT-84625 Analysis API: collectDesignationPath fails for nested classes inside plugin-generated top-level classes
• KT-84596 Improve K2 Jooq completion performance
• KT-84525 KaValueParameterSymbol#getHasSynthesizedName returns false for FirDeclarationOrigin.SubstitutionOverride.DeclarationSite
• KT-83546 Kotlin analysis reach ClsCustomNavigationPolicy
• KT-84259 Move CommonDefaultImportsProvider to the frontend independent module
• KT-82945 Analysis API: KotlinIllegalArgumentExceptionWithAttachments: Expected FirResolvedTypeRef with ConeKotlinType but was FirUserTypeRefImpl
• KT-71135 AA: exception from sealed inheritors checker when analyzeCopy

Analysis API. Infrastructure

Fixes

• KT-83905 Analysis API: Improve UX with test data
• KT-84913 Extract compiler classes used by the PSI & Analysis API to a separate module
• KT-64986 Analysis API: Implement Analysis API tests for different KMP Platforms
• KT-84776 The test data manager misses the redundancy check in the update mode
• KT-84962 The test data manager misses -ea flag
• KT-84388 Preserve the EOF status in the test data manager to avoid extra changes
• KT-84362 Analysis API tests produce many warnings due to "not yet loaded registry"
• KT-84279 Test Data Manager fails on a clean build
• KT-83913 Exclude compiler-based Analysis API tests from Git tracking
• KT-80379 Extract per-module test generators for AA tests
• KT-84120 Move CLI modules out of kotlin-compiler-fe10-for-ide
• KT-83200 Track external dependencies of the Analysis API modules

Analysis API. Light Classes

• KT-82434 Light classes should prefer enum entries to properties
• KT-84200 SLC: return type is not boxed for delegated methods with generic original method
• KT-72451 "CCE: class PsiPrimitiveType cannot be cast to class PsiClassType" with same-named enum class and typealias

... (truncated)

Changelog

Sourced from org.jetbrains.kotlin:kotlin-bom's changelog.

2.4.0

Analysis API

• KT-83867 OVERLOAD_RESOLUTION_AMBIGUITY false positive with assertEquals in IJ repo
• KT-83723 [Analysis API] Enable experimental KDoc resolver by default
• KT-83388 Analysis API: properly support KMP in KotlinPackageProvider
• KT-65683 Analysis API: Dangling file session creation causes a computeIfAbsent contract violation

Analysis API. Code Compilation

• KT-78946 Evaluation of variable with local class in type parameter leads to InventNamesForLocalClasses exception

Analysis API. FIR

• KT-68260 K2 AA: InvalidFirElementTypeException “For CALLABLE_REFERENCE_EXPRESSION with text ::lam1, unexpected element of type: no element found” with illegal callable reference call
• KT-70896 AA: False positive deprecation warning with override of built-in method in JDK mapped class
• KT-84711 K2 IDE sometimes loses FIR plugin-generated declarations after file changes
• KT-84625 Analysis API: collectDesignationPath fails for nested classes inside plugin-generated top-level classes
• KT-84596 Improve K2 Jooq completion performance
• KT-84525 KaValueParameterSymbol#getHasSynthesizedName returns false for FirDeclarationOrigin.SubstitutionOverride.DeclarationSite
• KT-83546 Kotlin analysis reach ClsCustomNavigationPolicy
• KT-84259 Move CommonDefaultImportsProvider to the frontend independent module
• KT-82945 Analysis API: KotlinIllegalArgumentExceptionWithAttachments: Expected FirResolvedTypeRef with ConeKotlinType but was FirUserTypeRefImpl
• KT-71135 AA: exception from sealed inheritors checker when analyzeCopy

Analysis API. Infrastructure

Fixes

• KT-83905 Analysis API: Improve UX with test data
• KT-84913 Extract compiler classes used by the PSI & Analysis API to a separate module
• KT-64986 Analysis API: Implement Analysis API tests for different KMP Platforms
• KT-84776 The test data manager misses the redundancy check in the update mode
• KT-84962 The test data manager misses -ea flag
• KT-84388 Preserve the EOF status in the test data manager to avoid extra changes
• KT-84362 Analysis API tests produce many warnings due to "not yet loaded registry"
• KT-84279 Test Data Manager fails on a clean build
• KT-83913 Exclude compiler-based Analysis API tests from Git tracking
• KT-80379 Extract per-module test generators for AA tests
• KT-84120 Move CLI modules out of kotlin-compiler-fe10-for-ide
• KT-83200 Track external dependencies of the Analysis API modules

Analysis API. Light Classes

• KT-82434 Light classes should prefer enum entries to properties
• KT-84200 SLC: return type is not boxed for delegated methods with generic original method
• KT-72451 "CCE: class PsiPrimitiveType cannot be cast to class PsiClassType" with same-named enum class and typealias

Analysis API. PSI

... (truncated)

Commits

• add726c Add ChangeLog for 2.4.0-RC2
• 69a4a81 [Wasm] Add binaryen per-file arguments
• 8907c63 [KGP] Suppress duplicate compiler warning output when --warning-mode=all is a...
• f9bef12 [KGP] Add failing test for duplicate compiler warning output via Problems API
• 7fe49c2 KT-86268: Use 2.4.0 toolchain for abiValidation with older CVs
• 13d25e2 KT-86268: Regression test added
• f7d1a76 [JKlib] Fix JAR deserializer configuration.
• 5cec663 [JKlib] Wire up JvmBuiltInClassDescriptorFactory
• ef14611 Make the default stability of non-final classes Unknown instead of Stable
• d76473a [Gradle] Fix GeneralNativeIT.shouldAllowToOverrideDownloadUrl test failures
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.22.0

Commits

• 112e859 [maven-release-plugin] prepare release jackson-bom-2.22.0
• 2cae2ce Prep for 2.22.0 release
• 7955d21 Merge branch '2.21' into 2.x
• 8922a05 Post-release dep version bump
• 1fa9943 [maven-release-plugin] prepare for next development iteration
• d1abd31 [maven-release-plugin] prepare release jackson-bom-2.21.4
• 2aaea43 Prep for 2.21.4 release
• 902ec69 Update Woodstox/stax2-api (to 7.2.0/4.3.0)
• 2570647 Merge branch '2.21' into 2.x
• 9d3a9d5 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-bom from 2.25.2 to 2.26.0

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.26.0

This minor release delivers all the fixes in the [2.25.0, 2.25.4] version range, plus some new fixes, and several other improvements and features.

Added

• Add a new ConfigurationFactory::getConfiguration method accepting multiple URIs (#3775, #3921)
• Add and export org.apache.logging.log4j.core.pattern.NamedInstantPattern enabling users to programmatically access named date & time patterns supported by Pattern Layout (#3789)
• Add log4j.plugin.processor.minAllowedMessageKind annotation processor option to PluginProcessor to filter diagnostic messages by severity. This allows builds that treat compiler notes as errors (e.g. Maven with -Werror) to suppress informational notes emitted during normal plugin processing. (apache/logging-log4j2#3380, #4063)
• Add missing setters to Rfc5424LayoutBuilder

Changed

• Ensure scripts in the global Scripts element have explicit names by throwing a ConfigurationException for unnamed ones. (#3176)
• Simplify file manager registry factory methods (#3968)

Deprecated

• Deprecated withers in builder classes in favor of setters. This change improves API consistency with Log4j Core 3 and helps users adapt to the upcoming changes. (#3750)

Fixed

• Fix script resolution failure when the Scripts element is placed after a ScriptRef in the configuration. (#3336)
• Fix ArrayIndexOutOfBoundsException thrown by ThrowableStackTraceRenderer when the stack trace is modified concurrently (#3940, #3955)
• Fix SLF4JLogger.atFatal() returning atLevel(Level.TRACE) instead of atLevel(Level.FATAL). This was causing FATAL-level log events to be silently discarded when using the fluent API through the log4j-to-slf4j bridge. (#4068, #4089)
• Fix Javadoc references across module boundaries (i.e., cross-references) (#4099, #4100)
• Fix header write in RollingRandomAccessFileManager that was being incorrectly skipped if append=true and the file didn't exist before
• Fix a properties file configuration regression caused by not referenced loggers, appenders, and filters (#4036, #4069)

Removed

• Remove the jvmrunargs lookup. (#3874)

Updated

• Update org.junit:junit-bom to version 5.13.4 (#3850)
• Update org.mongodb:bson to version 5.6.1 (#3961)
• Update org.xerial.snappy:snappy-java to version 1.1.10.8 (#3841)

2.25.4

This patch release delivers fixes for configuration inconsistencies and formatting issues across several layouts.

• Restores alignment between documented and actual configuration attributes.
• Fixes formatting and sanitization issues in XML and RFC5424 layouts.
• Improves handling of invalid characters and non-standard values.

The authoritative list of recognized configuration attributes is available in the PluginReference.

Fixed

• Don't issue warnings if extra argument in parameterized logging is null. (#3975, #4014)

... (truncated)

Commits

• c1ad2a6 Update the project.build.outputTimestamp property
• 8b3a799 Set version to 2.26.0
• 96486eb Merge remote-tracking branch 'origin/2.x' into release/2.26.0
• 8243257 Add documentation for MessageRewritePolicy (#4042)
• 2a15414 Add documentation pointer to the Async HTTP Appender of more-log4j2 (#4062)
• b178cb1 Switch CI to gha/v0 and remove Develocity (#4108)
• 23321de Remove changelog entries for already released changes
• def55fc Add .release.xml and .release-notes.adoc.ftl
• 0e019f2 Move changelog entries
• a487a5d Tidy up changelog
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.2 to 2.26.0

Updates org.slf4j:slf4j-bom from 2.0.17 to 2.0.18

Release notes

Sourced from org.slf4j:slf4j-bom's releases.

SLF4J 2.0.18

2026-05-12 - Release of SLF4J 2.0.18

• In the logViaLocationAwareLoggerAPI() method of slf4j-api/DefaultLoggingEventBuilder the first marker from the markerList is now passed to locationAwareLogger.log() instead of null.

• The renderLevel() method in slf4j-simple/SimpleLogger now uses CONFIG_PARAMS.warnLevelString for WARN instead of hardcoded "WARN". This issue was reported in issues/471.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 58b66c2c7e840f525c07db4509534ea53ef95b82 associated with the tag v_2.0.18. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 58b66c2 update central-publishing-maven-plugin
• be4841c prepare release 2.0.18
• d2073be minor refactoring, javadoc changes
• 32a9854 add a trivial test for CONFIG_PARAMS.warnLevelString
• 77936c6 CONFIG_PARAMS.warnLevelString should be taken into account
• 34c9d30 extract first marker when caller locationAwareLogger
• 902b463 remove cruft
• b3c2f16 security manager is no longer supported in later JDKs
• 9468c7a remove unneccessary and unused files
• 183aaa5 start work on 2.0.18-SNAPSHOT
• See full diff in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.7 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

• Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
• Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

• MailSender auto-configuration does not enable hostname verification #50747
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
• Embedded LDAP SSL should not be enabled when its bundle is empty