chore: [DevOps] bump the production-minor-patch group across 1 directory with 13 updates

[dependabot]

Bumps the production-minor-patch group with 13 updates in the / directory:

Package	From	To
io.swagger.parser.v3:swagger-parser	2.1.42	2.1.43
io.swagger.parser.v3:swagger-parser-core	2.1.42	2.1.43
com.fasterxml.jackson.core:jackson-core	2.21.3	2.21.4
com.fasterxml.jackson.core:jackson-databind	2.21.3	2.21.4
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.21.3	2.21.4
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.21.3	2.21.4
com.fasterxml.jackson.datatype:jackson-datatype-guava	2.21.3	2.21.4
com.fasterxml.jackson.datatype:jackson-datatype-joda	2.21.3	2.21.4
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.21.3	2.21.4
org.assertj:assertj-vavr	0.5.0	0.5.1
com.sap.cloud.security:java-bom	4.0.5	4.0.6
org.checkerframework:checker-qual	4.1.0	4.2.0
io.netty:netty-bom	4.2.13.Final	4.2.15.Final

Updates io.swagger.parser.v3:swagger-parser from 2.1.42 to 2.1.43

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.43 released!

• fix: resolve refs within external schemas (#2338)

Commits

• 7babc5d prepare release 2.1.43 (#2340)
• 9292fcf fix: typo in README regarding Let's Encrypt
• 19dcc26 fix: resolve refs within external schemas (#2338)
• 702586f bump snapshot 2.1.43-SNAPSHOT (#2336)
• See full diff in compare view

Updates io.swagger.parser.v3:swagger-parser-core from 2.1.42 to 2.1.43

Updates io.swagger.parser.v3:swagger-parser-core from 2.1.42 to 2.1.43

Updates com.fasterxml.jackson.core:jackson-core from 2.21.3 to 2.21.4

Commits

• f17a4f7 [maven-release-plugin] prepare release jackson-core-2.21.4
• c6411e1 Prep for 2.21.4 release
• 52633da Merge branch '2.20' into 2.21
• 1fa7bb9 Merge branch '2.19' into 2.20
• 6dea8a8 Merge branch '2.18' into 2.19
• ada244d Post-release dep version bump
• 52f69d3 [maven-release-plugin] prepare for next development iteration
• 899d70a [maven-release-plugin] prepare release jackson-core-2.18.8
• a006b52 Prep for 2.18.8 release
• 4c05816 Merge branch '2.20' into 2.21
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.3 to 2.21.4

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.3 to 2.21.4

Commits

• e29dfd9 [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.4
• 5d81f46 Prep for 2.21.4 release
• 5db34fe Merge branch '2.20' into 2.21
• a12b8df Merge branch '2.19' into 2.20
• 7ae7fdb Merge branch '2.18' into 2.19
• 7353bd4 Post-release dep version bump
• 8da4390 [maven-release-plugin] prepare for next development iteration
• 7c0910c [maven-release-plugin] prepare release jackson-dataformat-xml-2.18.8
• 41e7308 Prep for 2.18.8 release
• a2916db ...
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.21.3 to 2.21.4

Commits

• 95debb7 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.4
• c426a04 Prep for 2.21.4 release
• 6350258 Merge branch '2.20' into 2.21
• bdcc3eb Merge branch '2.19' into 2.20
• 48242e9 Merge branch '2.18' into 2.19
• 6d9da0d Post-release dep version bump
• fd07764 [maven-release-plugin] prepare for next development iteration
• 906a1ba [maven-release-plugin] prepare release jackson-dataformats-text-2.18.8
• 673d805 Prep for 2.18.8 release
• 3f9b8be Merge branch '2.20' into 2.21
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-guava from 2.21.3 to 2.21.4

Commits

• 5e11f26 [maven-release-plugin] prepare release jackson-datatypes-collections-2.21.4
• 8eff43b Prep for 2.21.4 release
• 1c68da1 Merge branch '2.20' into 2.21
• 84f2d79 Merge branch '2.19' into 2.20
• c6f98fc Merge branch '2.18' into 2.19
• 43c85fa Post-release dep version bump
• 8e5c93c [maven-release-plugin] prepare for next development iteration
• 599b9f3 [maven-release-plugin] prepare release jackson-datatypes-collections-2.18.8
• e69e534 Prep for 2.18.8 release
• d3c44eb Post-release dep version bump
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-joda from 2.21.3 to 2.21.4

Commits

• 8264588 [maven-release-plugin] prepare release jackson-datatype-joda-2.21.4
• 8fd6c0d Prep for 2.21.4 release
• 122352d Merge branch '2.20' into 2.21
• 6667d01 Merge branch '2.19' into 2.20
• 15cd34a Merge branch '2.18' into 2.19
• 20c5ac9 Post-release dep version bump
• 523e985 [maven-release-plugin] prepare for next development iteration
• 64df9d9 [maven-release-plugin] prepare release jackson-datatype-joda-2.18.8
• 4fbc054 Prep for 2.18.8 release
• 7b476de Post-release dep version bump
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.21.3 to 2.21.4

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.3 to 2.21.4

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.3 to 2.21.4

Commits

• e29dfd9 [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.4
• 5d81f46 Prep for 2.21.4 release
• 5db34fe Merge branch '2.20' into 2.21
• a12b8df Merge branch '2.19' into 2.20
• 7ae7fdb Merge branch '2.18' into 2.19
• 7353bd4 Post-release dep version bump
• 8da4390 [maven-release-plugin] prepare for next development iteration
• 7c0910c [maven-release-plugin] prepare release jackson-dataformat-xml-2.18.8
• 41e7308 Prep for 2.18.8 release
• a2916db ...
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.21.3 to 2.21.4

Commits

• 95debb7 [maven-release-plugin] prepare release jackson-dataformats-text-2.21.4
• c426a04 Prep for 2.21.4 release
• 6350258 Merge branch '2.20' into 2.21
• bdcc3eb Merge branch '2.19' into 2.20
• 48242e9 Merge branch '2.18' into 2.19
• 6d9da0d Post-release dep version bump
• fd07764 [maven-release-plugin] prepare for next development iteration
• 906a1ba [maven-release-plugin] prepare release jackson-dataformats-text-2.18.8
• 673d805 Prep for 2.18.8 release
• 3f9b8be Merge branch '2.20' into 2.21
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-guava from 2.21.3 to 2.21.4

Commits

• 5e11f26 [maven-release-plugin] prepare release jackson-datatypes-collections-2.21.4
• 8eff43b Prep for 2.21.4 release
• 1c68da1 Merge branch '2.20' into 2.21
• 84f2d79 Merge branch '2.19' into 2.20
• c6f98fc Merge branch '2.18' into 2.19
• 43c85fa Post-release dep version bump
• 8e5c93c [maven-release-plugin] prepare for next development iteration
• 599b9f3 [maven-release-plugin] prepare release jackson-datatypes-collections-2.18.8
• e69e534 Prep for 2.18.8 release
• d3c44eb Post-release dep version bump
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-joda from 2.21.3 to 2.21.4

Commits

• 8264588 [maven-release-plugin] prepare release jackson-datatype-joda-2.21.4
• 8fd6c0d Prep for 2.21.4 release
• 122352d Merge branch '2.20' into 2.21
• 6667d01 Merge branch '2.19' into 2.20
• 15cd34a Merge branch '2.18' into 2.19
• 20c5ac9 Post-release dep version bump
• 523e985 [maven-release-plugin] prepare for next development iteration
• 64df9d9 [maven-release-plugin] prepare release jackson-datatype-joda-2.18.8
• 4fbc054 Prep for 2.18.8 release
• 7b476de Post-release dep version bump
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.21.3 to 2.21.4

Updates org.assertj:assertj-vavr from 0.5.0 to 0.5.1

Release notes

Sourced from org.assertj:assertj-vavr's releases.

v0.5.1

What's Changed

• fix wrong type parameter in AbstractValidationAssert.containsInvalidSame() by @​pivovarit in assertj/assertj-vavr#258
• fix Multimaps.assertContainsExactly order check with duplicate keys by @​pivovarit in assertj/assertj-vavr#261
• fix swapped LEFT/RIGHT in EitherShouldContain error messages by @​pivovarit in assertj/assertj-vavr#262
• add missing Multimap/SetAssert to VavrAssumptions.asAssumption dispatch by @​pivovarit in assertj/assertj-vavr#263

Full Changelog: assertj/assertj-vavr@v0.5.0...v0.5.1

Commits

• 0ed2a29 [maven-release-plugin] prepare release v0.5.1
• 476cecf add missing Multimap/SetAssert to VavrAssumptions.asAssumption dispatch (#263)
• 2562dd7 Fix swapped LEFT/RIGHT in EitherShouldContain error messages (#262)
• dfb35c8 Fix Multimaps.assertContainsExactly order check with duplicate keys (#261)
• 39f4e09 default tag name to v@{project.version} (#259)
• 66f4ba7 fix wrong type parameter in AbstractValidationAssert.containsInvalidSame() (#...
• 4a602b3 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates com.sap.cloud.security:java-bom from 4.0.5 to 4.0.6

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

4.0.6

Update dependencies Spring Boot (legacy 3.x modules): 3.5.9 → 3.5.14 Spring Framework (legacy 3.x modules): 6.2.15 → 6.2.18 Spring Security (legacy 3.x modules): 6.5.7 → 6.5.10 Caffeine: 3.2.0 → 3.2.4 SpotBugs Maven Plugin: 4.9.8.2 → 4.9.8.3

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

4.0.6

• Update dependencies to address known vulnerabilities:
  • Spring Boot (legacy 3.x modules): 3.5.9 → 3.5.14
  • Spring Framework (legacy 3.x modules): 6.2.15 → 6.2.18
  • Spring Security (legacy 3.x modules): 6.5.7 → 6.5.10
  • Caffeine: 3.2.0 → 3.2.4
  • SpotBugs Maven Plugin: 4.9.8.2 → 4.9.8.3

Commits

• 6e79587 Chore/update dependencies (#1958)
• 80dd972 Build(deps): Bump the prod-deps-ver group across 1 directory with 31 updates ...
• 3b27d81 Set explicit workflow permissions (#1952)
• See full diff in compare view

Updates org.checkerframework:checker-qual from 4.1.0 to 4.2.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 4.2.0

Version 4.2.0 (2026-06-01)

User-visible changes

Renamed error message key "createsmustcallfor.target.unparseable" to "createsmustcallfor.target.unparsable".

Implementation details

In AnnotatedTypeFactory:

• new overload canonicalAnnotation(AnnotationMirror, TypeMirror).

In TypeHierarchy:

• new methods equalsShallowEffective().

Closed issues

#7676, #7679, #7680, #7695, #7697, #7699, #7700, #7727.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 4.2.0 (2026-06-01)

User-visible changes

Renamed error message key "createsmustcallfor.target.unparseable" to "createsmustcallfor.target.unparsable".

Implementation details

In AnnotatedTypeFactory:

• new overload canonicalAnnotation(AnnotationMirror, TypeMirror).

In TypeHierarchy:

• new methods equalsShallowEffective().

Closed issues

#7676, #7679, #7680, #7695, #7697, #7699, #7700, #7727.

Commits

• 231e855 new release 4.2.0
• e59f66f Prep for release.
• bcc021f Fix problem with type var in a method reference (#7729)
• 91392e5 Use gradle-git-properties version 4
• cdae258 Increase constraint limit (#7752)
• dbb553d Fix check of receiver override (#7746)
• 264c73d Fix "unneeded.suppression" warning (#7747)
• d118b89 New methods equalsShallowEffective() (#7745)
• a916913 Simplify logic (#7744)
• 227974f Update plugin com-gradleup-shadow to v9.4.2 (#7749)
• Additional commits viewable in compare view

Updates io.netty:netty-bom from 4.2.13.Final to 4.2.15.Final

Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.15.Final

Security fixes

• CVE-2026-48059: memory exhaustion in io.netty:netty-codec-haproxy (high).
• CVE-2026-47691: DNS cache poisoning in io.netty:netty-resolver-dns (high).
• CVE-2026-XXXXX: DDoS in io.netty:netty-codec-http2.
• CVE-2026-XXXXX: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-44250: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-44890: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-XXXXX: information disclosure and denial of service in io.netty:netty-codec-classes-quic.
• CVE-2026-44249: IPv6 subnet filter bypass in io.netty:netty-handler (high).
• CVE-2026-XXXXX: request smuggling in io.netty:netty-codec-http.
• CVE-2026-44892: memory exhaustion in io.netty:netty-codec-http3 (high).
• CVE-2026-44893: memory leak in io.netty:netty-codec-haproxy (high).
• CVE-2026-44894: traffic amplification in io.netty:netty-codec-classes-quic (high).
• CVE-2026-XXXXX: TLS hostname verification accidentally disabled in io.netty:netty-handler (high).
• CVE-2026-45673: DNS cache poisoning in io.netty:netty-resolver-dns.
• CVE-2026-45416: excessive memory usage from SNIHandler in io.netty:netty-handler (high).
• CVE-2026-45536: file descriptor leak in io.netty:netty-transport-native-epoll and io.netty:netty-transport-native-kqueue.
• CVE-2026-45674: DNS cache poisoning in io.netty:netty-resolver-dns (high).
• CVE-2026-46340: memory exhaustion in io.netty:netty-transport-sctp (high).
• CVE-2026-47244: denial of service in io.netty:netty-codec-http2.
• CVE-2026-48006: memory exhaustion in io.netty:netty-codec-redis (high).
• CVE-2026-48748: memory exhaustion in io.netty:netty-codec-http3 (high).
• CVE-2026-48043: memory exhaustion in io.netty:netty-codec-http2.

What's Changed

• Fix race in io.netty.channel.uring.IoUringIoHandler.wakeup by @​dreamlike-ocean in netty/netty#16836
• HTTP/2: Parse request-target path like Vert.x by @​yawkat in netty/netty#16810
• Auto-port 4.2: ChannelInitializer: correct misleading comment on exceptionCaught route by @​netty-project-bot in netty/netty#16853
• FlowControlHandler: Suppress duplicate channelReadComplete after draining queue (#15053) by @​schiemon in netty/netty#16837
• Pass maxAllocation to Brotli and Zstd decoders by @​fedinskiy in netty/netty#16844
• Fix revapi warnings by @​chrisvest in netty/netty#16885
• Fix SCTP and Redis tests by @​chrisvest in netty/netty#16893
• Add maxWindowLog parameter to ZstdDecoder to bound memory allocation by @​skyguard1 in netty/netty#16850
• Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remaining Length by @​netty-project-bot in netty/netty#16890

New Contributors

• @​schiemon made their first contribution in netty/netty#16837
• @​fedinskiy made their first contribution in netty/netty#16844

Full Changelog: netty/netty@netty-4.2.14.Final...netty-4.2.15.Final

netty-4.2.14.Final

What's Changed

• HTTP: Fix revapi failure introduced by 84530fa81e12dcd1d42310bb20c1385cb44128d8 by @​normanmaurer in netty/netty#16748
• HTTP: Re-add constructor to HttpProxyHandler that was removed by mistake by @​normanmaurer in netty/netty#16747
• Marshalling: Explicit document security requirements by @​normanmaurer in netty/netty#16752
• Fix io_uring op completion TRACE logging by @​chrisvest in netty/netty#16755
• Quic: Ensure writes are done before notify close promise of QuicheQui… by @​normanmaurer in netty/netty#16758
• Avoid re-parsing openssl key material with non-cached provider by @​chrisvest in netty/netty#16759

... (truncated)

Commits

• a41f7b2 [maven-release-plugin] prepare release netty-4.2.15.Final
• 2394530 Auto-port 4.2: MQTT: Reject malformed no-payload packets with non-zero Remain...
• 0bd1657 Add maxWindowLog parameter to ZstdDecoder to bound memory allocation (#16850)
• 76291f5 Fix SCTP and Redis tests (#16893)
• e067b6e Fix revapi warnings (#16885)
• 5a52600 Pass maxAllocation to Brotli and Zstd decoders (#16844)
• 541add0 Merge commit from fork
• 270800e Merge commit from fork
• 3d45a1e Merge commit from fork
• 75127ca Merge commit from fork
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions