Bump the backend-prod group across 3 directories with 3 updates by dependabot[bot] · Pull Request #816 · OpenConext/OpenConext-access

dependabot · 2026-06-25T11:27:27Z

Bumps the backend-prod group with 3 updates in the / directory: org.springframework.boot:spring-boot-starter-parent, software.amazon.awssdk:s3 and org.apache.httpcomponents.core5:httpcore5.
Bumps the backend-prod group with 1 update in the /client directory: org.springframework.boot:spring-boot-starter-parent.
Bumps the backend-prod group with 3 updates in the /server directory: org.springframework.boot:spring-boot-starter-parent, software.amazon.awssdk:s3 and org.apache.httpcomponents.core5:httpcore5.

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.15 to 3.5.16

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.16

🔨 Dependency Upgrades

Upgrade to Spring AMQP 3.2.12 #50818

Upgrade to Spring Data Bom 2025.0.13 #50819

Upgrade to Spring Integration 6.5.10 #50820

Commits

0566f69 Release v3.5.16
93edd16 Next development version (v3.5.16-SNAPSHOT)
5bafd0a Upgrade to Spring Integration 6.5.10
baf3290 Upgrade to Spring AMQP 3.2.12
2c5964a Upgrade to Spring Data Bom 2025.0.13
dbb08aa Upgrade Antora dependencies
9b281d5 Upgrade to actions/checkout 7.0.0
a854058 Upgrade to jfrog/setup-jfrog-cli 5.1.0
fc236ae Start building against Spring Integration 6.5.10 snapshots
5271da7 Start building against Spring Data Bom 2025.0.13 snapshots
Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.46.14 to 2.46.17

Updates org.apache.httpcomponents.core5:httpcore5 from 5.4.2 to 5.4.3

Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5's changelog.

Release 5.4.3

This maintenance release fixes several defects and regression reported sicne the previous release includin a regression in backpressure handling of async TLS sessions introduced in version 5.3.3.

Change Log

HTTPCORE-796: abort redirected requests during the expect-continue handshake the same way as errors. Contributed by Oleg Kalnichevski

Fixed regression in backpressure handling of async TLS sessions. Reverts HTTPCORE-775. Contributed by Ryan Schmitt

Use max line length of 8192 and max header count of 100 for incoming HTTP/1 messages by default. Contributed by Oleg Kalnichevski

Enforce configured HPACK header list size limit upon initialization of HTTP/2 connections. Contributed by Arturo Bernal

HTTPCORE-774: fixed a race condition caused by concurrent update of the connection input window to the max value (ported from 5.3.x; omitted by mistake). Contributed by Oleg Kalnichevski

Ensure async data consumers can avoid NPE if they have been canceled or released from another thread at the same with concurrent data processing. Contributed by Oleg Kalnichevski

Fixed connection pool lease timeout race potentially causing pool entry leak (#649). Contributed by Arturo Bernal

Commits

d5d0c20 HttpCore 5.4.3 release
172871d Updated release notes for HttpCore 5.4.3 release
496c2f5 HTTPCORE-796: abort redirected requests during the expect-continue handshake ...
1391b7a SSLIOSession: Fix regression in backpressure handling
d96a00f Use max line length of 8192 and max header count of 100 for incoming HTTP/1 m...
1ea1239 Enforce configured HPACK header list size limit on initialization
af61c1e HTTPCORE-774: fixed a race condition caused by concurrent update of the conne...
0363ff3 Ensure async data consumers can avoid NPE if they have been canceled / releas...
024b199 Fix lease timeout race to prevent pool entry leak (#649)
25c7352 Upgraded HttpCore version to 5.4.3-SNAPSHOT
See full diff in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.15 to 3.5.16

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.16

🔨 Dependency Upgrades

Upgrade to Spring AMQP 3.2.12 #50818

Upgrade to Spring Data Bom 2025.0.13 #50819

Upgrade to Spring Integration 6.5.10 #50820

Commits

0566f69 Release v3.5.16
93edd16 Next development version (v3.5.16-SNAPSHOT)
5bafd0a Upgrade to Spring Integration 6.5.10
baf3290 Upgrade to Spring AMQP 3.2.12
2c5964a Upgrade to Spring Data Bom 2025.0.13
dbb08aa Upgrade Antora dependencies
9b281d5 Upgrade to actions/checkout 7.0.0
a854058 Upgrade to jfrog/setup-jfrog-cli 5.1.0
fc236ae Start building against Spring Integration 6.5.10 snapshots
5271da7 Start building against Spring Data Bom 2025.0.13 snapshots
Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-starter-parent from 3.5.15 to 3.5.16

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.5.16

🔨 Dependency Upgrades

Upgrade to Spring AMQP 3.2.12 #50818

Upgrade to Spring Data Bom 2025.0.13 #50819

Upgrade to Spring Integration 6.5.10 #50820

Commits

0566f69 Release v3.5.16
93edd16 Next development version (v3.5.16-SNAPSHOT)
5bafd0a Upgrade to Spring Integration 6.5.10
baf3290 Upgrade to Spring AMQP 3.2.12
2c5964a Upgrade to Spring Data Bom 2025.0.13
dbb08aa Upgrade Antora dependencies
9b281d5 Upgrade to actions/checkout 7.0.0
a854058 Upgrade to jfrog/setup-jfrog-cli 5.1.0
fc236ae Start building against Spring Integration 6.5.10 snapshots
5271da7 Start building against Spring Data Bom 2025.0.13 snapshots
Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.46.14 to 2.46.17

Updates org.apache.httpcomponents.core5:httpcore5 from 5.4.2 to 5.4.3

Changelog

Sourced from org.apache.httpcomponents.core5:httpcore5's changelog.

Release 5.4.3

This maintenance release fixes several defects and regression reported sicne the previous release includin a regression in backpressure handling of async TLS sessions introduced in version 5.3.3.

Change Log

HTTPCORE-796: abort redirected requests during the expect-continue handshake the same way as errors. Contributed by Oleg Kalnichevski

Fixed regression in backpressure handling of async TLS sessions. Reverts HTTPCORE-775. Contributed by Ryan Schmitt

Use max line length of 8192 and max header count of 100 for incoming HTTP/1 messages by default. Contributed by Oleg Kalnichevski

Enforce configured HPACK header list size limit upon initialization of HTTP/2 connections. Contributed by Arturo Bernal

HTTPCORE-774: fixed a race condition caused by concurrent update of the connection input window to the max value (ported from 5.3.x; omitted by mistake). Contributed by Oleg Kalnichevski

Ensure async data consumers can avoid NPE if they have been canceled or released from another thread at the same with concurrent data processing. Contributed by Oleg Kalnichevski

Fixed connection pool lease timeout race potentially causing pool entry leak (#649). Contributed by Arturo Bernal

Commits

d5d0c20 HttpCore 5.4.3 release
172871d Updated release notes for HttpCore 5.4.3 release
496c2f5 HTTPCORE-796: abort redirected requests during the expect-continue handshake ...
1391b7a SSLIOSession: Fix regression in backpressure handling
d96a00f Use max line length of 8192 and max header count of 100 for incoming HTTP/1 m...
1ea1239 Enforce configured HPACK header list size limit on initialization
af61c1e HTTPCORE-774: fixed a race condition caused by concurrent update of the conne...
0363ff3 Ensure async data consumers can avoid NPE if they have been canceled / releas...
024b199 Fix lease timeout race to prevent pool entry leak (#649)
25c7352 Upgraded HttpCore version to 5.4.3-SNAPSHOT
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the backend-prod group with 3 updates in the / directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot), software.amazon.awssdk:s3 and [org.apache.httpcomponents.core5:httpcore5](https://github.com/apache/httpcomponents-core). Bumps the backend-prod group with 1 update in the /client directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot). Bumps the backend-prod group with 3 updates in the /server directory: [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot), software.amazon.awssdk:s3 and [org.apache.httpcomponents.core5:httpcore5](https://github.com/apache/httpcomponents-core). Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.15 to 3.5.16 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.15...v3.5.16) Updates `software.amazon.awssdk:s3` from 2.46.14 to 2.46.17 Updates `org.apache.httpcomponents.core5:httpcore5` from 5.4.2 to 5.4.3 - [Changelog](https://github.com/apache/httpcomponents-core/blob/rel/v5.4.3/RELEASE_NOTES.txt) - [Commits](apache/httpcomponents-core@rel/v5.4.2...rel/v5.4.3) Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.15 to 3.5.16 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.15...v3.5.16) Updates `org.springframework.boot:spring-boot-starter-parent` from 3.5.15 to 3.5.16 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.5.15...v3.5.16) Updates `software.amazon.awssdk:s3` from 2.46.14 to 2.46.17 Updates `org.apache.httpcomponents.core5:httpcore5` from 5.4.2 to 5.4.3 - [Changelog](https://github.com/apache/httpcomponents-core/blob/rel/v5.4.3/RELEASE_NOTES.txt) - [Commits](apache/httpcomponents-core@rel/v5.4.2...rel/v5.4.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: software.amazon.awssdk:s3 dependency-version: 2.46.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.apache.httpcomponents.core5:httpcore5 dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-version: 3.5.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: software.amazon.awssdk:s3 dependency-version: 2.46.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod - dependency-name: org.apache.httpcomponents.core5:httpcore5 dependency-version: 5.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: backend-prod ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jun 25, 2026

dependabot Bot mentioned this pull request Jun 25, 2026

Bump the backend-prod group across 2 directories with 3 updates #815

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the backend-prod group across 3 directories with 3 updates#816

Bump the backend-prod group across 3 directories with 3 updates#816
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/backend-prod-dd7342c0de

dependabot Bot commented on behalf of github Jun 25, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.5.16

🔨 Dependency Upgrades

Release 5.4.3

Change Log

v3.5.16

🔨 Dependency Upgrades

v3.5.16

🔨 Dependency Upgrades

Release 5.4.3

Change Log

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 25, 2026 •

edited

Loading