Skip to content

build(deps): bump the dependencies group across 1 directory with 7 updates #3839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the dependencies group across 1 directory with 7 updates #3839

dependabot wants to merge 1 commit into from
+7 −7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 5, 2026
edited
Loading

Bumps the dependencies group with 7 updates in the / directory:

Package From To
com.amazonaws:aws-java-sdk-bom 1.12.796 1.12.797
com.bucket4j:bucket4j_jdk17-core 8.15.0 8.16.0
org.apache.commons:commons-pool2 2.13.0 2.13.1
com.puppycrawl.tools:checkstyle 12.3.0 13.0.0
software.amazon.awssdk:bom 2.40.13 2.41.1
org.jsoup:jsoup 1.21.2 1.22.1
org.asynchttpclient:async-http-client 3.0.5 3.0.6

Updates com.amazonaws:aws-java-sdk-bom from 1.12.796 to 1.12.797

Changelog

Sourced from com.amazonaws:aws-java-sdk-bom's changelog.

1.12.797 2025-12-29

AWS SDK for Java

  • Deprecations

    • Updated the warning message for v1 end-of-support
Commits

Updates com.bucket4j:bucket4j_jdk17-core from 8.15.0 to 8.16.0

Release notes

Sourced from com.bucket4j:bucket4j_jdk17-core's releases.

8.16.0

What's Changed

New Contributors

Full Changelog: bucket4j/bucket4j@8.15.0...8.16.0

Commits
  • 3fceaa2 8.16.0 release documentation
  • e653818 remove jdk 11 support
  • fab2b59 #559 prepare artifacts for release 8.16.0
  • 1584b3b #559 prepare artifacts for release 8.16.0
  • 756ac47 prepare release 8.16.0
  • 67e250f Merge pull request #561 from chrisrueger/add-osgi-metadata
  • 57de6dc Merge pull request #559 from v3rm0n/glide
  • 4590d60 Merge pull request #560 from wtrocki/feature/retry-strategy-callback
  • 7ff32df Add OSGi support with bnd-maven-plugin
  • de29019 feat: add RetryStrategy callback support for CAS operations
  • Additional commits viewable in compare view

Updates org.apache.commons:commons-pool2 from 2.13.0 to 2.13.1

Updates com.puppycrawl.tools:checkstyle from 12.3.0 to 13.0.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.0.0

Checkstyle 13.0.0 - https://checkstyle.org/releasenotes.html#Release_13.0.0

Breaking backward compatibility:

#17430 - Use jdk21 as minimial required

Bug fixes:

#18409 - Remove duplicate violations in WhitespaceAfter and WhitespaceAround in sun_checks.xml

checkstyle-12.3.1

Checkstyle 12.3.1 - https://checkstyle.org/releasenotes.html#Release_12.3.1

Bug fixes:

#17265 - Duplicate violations in WhitespaceAfter and WhitespaceAround in google config #17778 - Add support to properly follow Rule 7.1.1 General Form in Google Style Guide Implementation #18381 - NullPointerException in TextBlockGoogleStyleFormatting with text blocks in annotations #17727 - Need default config in google_checks.xml to forbid lowercase Javadoc beginnings

... (truncated)

Commits
  • d02376e [maven-release-plugin] prepare release checkstyle-13.0.0
  • e125229 doc: release notes for 13.0.0
  • 3e68230 Revert "doc: release notes for 13.0.0"
  • 610c605 Issue #17430: migration to jdk21 for release actions
  • ace8678 doc: release notes for 13.0.0
  • 042527c Issue #17428: Activated MissingNullCaseInSwitch
  • e16b3bc Issue #18034: Resolve PIT Mutation Suppression for NonVoidMethodCallMutation ...
  • 0cd8f7c infra: use 'React to comment' from Github
  • 9e3599a Issue #17674: remove supression
  • 80fbe6d infra: revert to 'true' to make it work, see #18507
  • Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.40.13 to 2.41.1

Updates org.jsoup:jsoup from 1.21.2 to 1.22.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.1

jsoup 1.22.1 is out now, adding support for the re2j regular expression engine for regex-based CSS selectors, a configurable maximum parser depth, and numerous bug fixes and improvements.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

  • Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:
  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling Regex.usingRe2j(). #2407

  • Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
  • Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via Parser.setMaxDepth(). #2421
  • Build: added CI coverage for JDK 25 #2403
  • Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

  • Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

  • Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
  • Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
  • When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
  • A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
  • Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
  • An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
  • When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
  • Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
  • Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
  • The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
  • Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
  • TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
  • Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

  • Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@[email protected]) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.1 (2026-Jan-01)

Improvements

  • Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:
  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling org.jsoup.helper.Regex.usingRe2j(). #2407

  • Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
  • Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via org.jsoup.parser.Parser#setMaxDepth. #2421
  • Build: added CI coverage for JDK 25 #2403
  • Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

  • Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

  • Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
  • Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
  • When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
  • A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
  • Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
  • An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
  • When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
  • Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
  • Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
  • The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
  • Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
  • TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
  • Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

  • Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412
Commits
  • 8dd66fe [maven-release-plugin] prepare release jsoup-1.22.1
  • d924385 Changelog prep for v1.22.1
  • 0f3100c Bump actions/upload-artifact from 5 to 6 (#2457)
  • cf6ac20 Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 (#2455)
  • 6bef938 Fix parsing of SVG foreignObject in paragraphs
  • 9b1c0fc Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0 (#2450)
  • 1415e64 Bump actions/checkout from 5 to 6 (#2451)
  • 0e99fd9 Isolate TagSet copies to prevent shared mutation (#2453)
  • 90019cb Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.0 (#2...
  • 9395269 Don't preemptively close
  • Additional commits viewable in compare view

Updates org.asynchttpclient:async-http-client from 3.0.5 to 3.0.6

Release notes

Sourced from org.asynchttpclient:async-http-client's releases.

AHC v3.0.6 Release

What's Changed

New Contributors

Full Changelog: AsyncHttpClient/async-http-client@async-http-client-project-3.0.5...async-http-client-project-3.0.6

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the dependencies group across 1 directory with 7 up…
310be77 
…dates

Bumps the dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.amazonaws:aws-java-sdk-bom](https://github.com/aws/aws-sdk-java) | `1.12.796` | `1.12.797` |
| [com.bucket4j:bucket4j_jdk17-core](https://github.com/bucket4j/bucket4j) | `8.15.0` | `8.16.0` |
| org.apache.commons:commons-pool2 | `2.13.0` | `2.13.1` |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `12.3.0` | `13.0.0` |
| software.amazon.awssdk:bom | `2.40.13` | `2.41.1` |
| [org.jsoup:jsoup](https://github.com/jhy/jsoup) | `1.21.2` | `1.22.1` |
| [org.asynchttpclient:async-http-client](https://github.com/AsyncHttpClient/async-http-client) | `3.0.5` | `3.0.6` |



Updates `com.amazonaws:aws-java-sdk-bom` from 1.12.796 to 1.12.797
- [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md)
- [Commits](aws/aws-sdk-java@1.12.796...1.12.797)

Updates `com.bucket4j:bucket4j_jdk17-core` from 8.15.0 to 8.16.0
- [Release notes](https://github.com/bucket4j/bucket4j/releases)
- [Commits](bucket4j/bucket4j@8.15.0...8.16.0)

Updates `org.apache.commons:commons-pool2` from 2.13.0 to 2.13.1

Updates `com.puppycrawl.tools:checkstyle` from 12.3.0 to 13.0.0
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](checkstyle/checkstyle@checkstyle-12.3.0...checkstyle-13.0.0)

Updates `software.amazon.awssdk:bom` from 2.40.13 to 2.41.1

Updates `org.jsoup:jsoup` from 1.21.2 to 1.22.1
- [Release notes](https://github.com/jhy/jsoup/releases)
- [Changelog](https://github.com/jhy/jsoup/blob/master/CHANGES.md)
- [Commits](jhy/jsoup@jsoup-1.21.2...jsoup-1.22.1)

Updates `org.asynchttpclient:async-http-client` from 3.0.5 to 3.0.6
- [Release notes](https://github.com/AsyncHttpClient/async-http-client/releases)
- [Changelog](https://github.com/AsyncHttpClient/async-http-client/blob/main/CHANGES.md)
- [Commits](AsyncHttpClient/async-http-client@async-http-client-project-3.0.5...async-http-client-project-3.0.6)

---
updated-dependencies:
- dependency-name: com.amazonaws:aws-java-sdk-bom
  dependency-version: 1.12.797
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.bucket4j:bucket4j_jdk17-core
  dependency-version: 8.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.apache.commons:commons-pool2
  dependency-version: 2.13.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: software.amazon.awssdk:bom
  dependency-version: 2.41.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.jsoup:jsoup
  dependency-version: 1.22.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.asynchttpclient:async-http-client
  dependency-version: 3.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant