Skip to content

chore(deps): bump the maven group across 5 directories with 2 updates#214

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/netty-socketio-core/maven-f0d0795c0a
Open

chore(deps): bump the maven group across 5 directories with 2 updates#214
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/netty-socketio-core/maven-f0d0795c0a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven group with 1 update in the /netty-socketio-core directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /netty-socketio-examples/netty-socketio-examples-quarkus-base directory: ch.qos.logback:logback-core.
Bumps the maven group with 1 update in the /netty-socketio-micronaut directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /netty-socketio-spring directory: com.fasterxml.jackson.core:jackson-databind.
Bumps the maven group with 1 update in the /netty-socketio-spring-boot-starter directory: com.fasterxml.jackson.core:jackson-databind.

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates ch.qos.logback:logback-core from 1.5.25 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

... (truncated)

Commits
  • e62272a prepare release 1.5.34
  • 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
  • 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
  • 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
  • f7a0654 prevent resolveProxyClass bypass
  • 249b81f docs are no longer distributed
  • 1c3b26a start work on 1.5.34-SNAPSHOT
  • 124e8b4 prepare release 1.5.33
  • d8fd6f2 escapeTags in message field when printing status messages
  • 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

Updates com.fasterxml.jackson.core:jackson-databind from 2.22.0 to 2.22.1

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 10, 2026
Bumps the maven group with 1 update in the /netty-socketio-core directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).
Bumps the maven group with 1 update in the /netty-socketio-examples/netty-socketio-examples-quarkus-base directory: [ch.qos.logback:logback-core](https://github.com/qos-ch/logback).
Bumps the maven group with 1 update in the /netty-socketio-micronaut directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).
Bumps the maven group with 1 update in the /netty-socketio-spring directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).
Bumps the maven group with 1 update in the /netty-socketio-spring-boot-starter directory: [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson).


Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `ch.qos.logback:logback-core` from 1.5.25 to 1.5.34
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.25...v_1.5.34)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.22.0 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: ch.qos.logback:logback-core
  dependency-version: 1.5.35
  dependency-type: direct:production
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.21.5
  dependency-type: direct:production
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the maven group across 6 directories with 2 updates chore(deps): bump the maven group across 5 directories with 2 updates Jul 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/netty-socketio-core/maven-f0d0795c0a branch from a39e9bd to b6fb3ba Compare July 16, 2026 01:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants