From c7087ca2fd476cfa0d22fdd73a51f8eda8b9cbd8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:20:26 +0100 Subject: [PATCH 1/6] build(deps): bump github/codeql-action from 3.30.6 to 4.30.9 (#4718) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.6 to 4.30.9.
Release notes

Sourced from github/codeql-action's releases.

v4.30.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025

See the full CHANGELOG.md for more information.

v4.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.7 - 06 Oct 2025

See the full CHANGELOG.md for more information.

v3.30.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.9 - 17 Oct 2025

See the full CHANGELOG.md for more information.

v3.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.30.9 - 17 Oct 2025

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

3.30.6 - 02 Oct 2025

3.30.5 - 26 Sep 2025

3.30.4 - 25 Sep 2025

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

3.30.1 - 05 Sep 2025

3.30.0 - 01 Sep 2025

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.6&new-version=4.30.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index ca037b7c0de..e5baeb2784d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.29.5 + uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3.29.5 with: sarif_file: results.sarif From 534f5d5b534fdbdaf913a90e11046d5193e96000 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:39:31 +0100 Subject: [PATCH 2/6] build(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4717) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.10.0 to 4.0.0.
Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.10.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/multiOSReleases.yml | 2 +- .github/workflows/push-docker.yml | 2 +- .github/workflows/releaseArtifacts.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index 6cd128de271..ff61d58dbac 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -252,7 +252,7 @@ jobs: - name: Install Cosign if: matrix.os == 'windows-latest' - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Generate key pair if: matrix.os == 'windows-latest' diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 48e3514333d..6f66b051f85 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -54,7 +54,7 @@ jobs: - name: Install cosign if: github.ref == 'refs/heads/master' - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 with: cosign-release: "v2.4.1" diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index faedf892df8..e77016a2d6a 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -95,7 +95,7 @@ jobs: run: ls -R - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - name: Generate key pair run: cosign generate-key-pair From 8e1ca67c10869ec0e3800487714014074bbee07b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:39:53 +0100 Subject: [PATCH 3/6] build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#4716) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5.0.0 to 6.0.0.
Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: https://github.com/actions/setup-node/compare/v5...v6.0.0

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=5.0.0&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/testdriver.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testdriver.yml b/.github/workflows/testdriver.yml index 2bd47bee34e..cd2cedb2501 100644 --- a/.github/workflows/testdriver.yml +++ b/.github/workflows/testdriver.yml @@ -146,7 +146,7 @@ jobs: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Set up Node - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 + uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: cache: 'npm' cache-dependency-path: frontend/package-lock.json From 30bc7207a2fea2b98c311b796667f99a59ecbd74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:41:00 +0100 Subject: [PATCH 4/6] build(deps): bump com.github.junrar:junrar from 7.5.5 to 7.5.7 (#4715) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.github.junrar:junrar](https://github.com/junrar/junrar) from 7.5.5 to 7.5.7.
Release notes

Sourced from com.github.junrar:junrar's releases.

Release v7.5.7

Changelog

🛠 Build

  • fix failing version (beccd50)
  • fix failing version (4ccf1d2)
  • use bump when computing snapshot version (20e9105)
  • use java 21 (ae8bff6)
  • remove java toolchains and use release flag instead (0d99993), closes #218

📝 Documentation

  • update maven snapshot badge (04481cf)

Contributors

We'd like to thank the following people for their contributions: Gauthier Roebroeck

Release v7.5.6

Changelog

🐛 Fixes

  • CorruptHeaderException when EndArcHeader is missing and parsing as stream (964801c), closes #216

🧪 Tests

🛠 Build

deps

  • bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.0 to 2.20.0 (a1143e2)
  • bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 (06ba358)
  • bump org.mockito:mockito-core from 5.17.0 to 5.20.0 (9880cc4)
  • bump com.fasterxml.jackson.core:jackson-databind (9912de1)
  • bump commons-io:commons-io from 2.19.0 to 2.20.0 (716b0fc)
  • bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (23ba3d7)
  • bump peter-evans/create-or-update-comment from 4 to 5 (932af2e)
  • bump gradle/actions from 4 to 5 (d3b4237)
  • bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (a7b88da)
  • bump com.github.gotson.bestbefore:bestbefore-processor-java (acf11b2)
  • bump org.jreleaser from 1.18.0 to 1.20.0 (694c46c)
  • bump actions/setup-java from 4 to 5 (c6c2cb9)
  • bump actions/checkout from 4 to 5 (f55f514)
  • bump archunit to 1.4.1 (4942838)
  • bump junit-pioneer to 2.3.0 (75bd572)
  • bump slf4j-api from 2.0.9 to 2.0.17 (cd598e6)
  • bump ch.qos.logback:logback-classic from 1.4.11 to 1.5.18 (666e572)

... (truncated)

Changelog

Sourced from com.github.junrar:junrar's changelog.

7.5.7 (2025-10-17)

🛠 Build

  • fix failing version (beccd50)
  • fix failing version (4ccf1d2)
  • use bump when computing snapshot version (20e9105)
  • use java 21 (ae8bff6)
  • remove java toolchains and use release flag instead (0d99993), closes #218

📝 Documentation

  • update maven snapshot badge (04481cf)

7.5.6 (2025-10-16)

🐛 Fixes

  • CorruptHeaderException when EndArcHeader is missing and parsing as stream (964801c), closes #216

🧪 Tests

🛠 Build

deps

  • bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.0 to 2.20.0 (a1143e2)
  • bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19 (06ba358)
  • bump org.mockito:mockito-core from 5.17.0 to 5.20.0 (9880cc4)
  • bump com.fasterxml.jackson.core:jackson-databind (9912de1)
  • bump commons-io:commons-io from 2.19.0 to 2.20.0 (716b0fc)
  • bump org.assertj:assertj-core from 3.27.4 to 3.27.6 (23ba3d7)
  • bump peter-evans/create-or-update-comment from 4 to 5 (932af2e)
  • bump gradle/actions from 4 to 5 (d3b4237)
  • bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (a7b88da)
  • bump com.github.gotson.bestbefore:bestbefore-processor-java (acf11b2)
  • bump org.jreleaser from 1.18.0 to 1.20.0 (694c46c)
  • bump actions/setup-java from 4 to 5 (c6c2cb9)
  • bump actions/checkout from 4 to 5 (f55f514)
  • bump archunit to 1.4.1 (4942838)
  • bump junit-pioneer to 2.3.0 (75bd572)
  • bump slf4j-api from 2.0.9 to 2.0.17 (cd598e6)
  • bump ch.qos.logback:logback-classic from 1.4.11 to 1.5.18 (666e572)
  • bump com.fasterxml.jackson.core:jackson-databind (9258830)
  • bump org.mockito:mockito-core from 5.6.0 to 5.17.0 (c2eeadc)
  • bump io.github.gradle-nexus.publish-plugin (777d966)
  • bump org.assertj:assertj-core from 3.24.2 to 3.27.3 (76c8474)
  • bump com.github.ben-manes.versions from 0.50.0 to 0.52.0 (b6fa2a8)
  • bump codecov/codecov-action from 3 to 5 (9c37e01)
  • bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (ea99789)
  • bump commons-io:commons-io from 2.15.0 to 2.19.0 (2c02c73)
  • bump org.jreleaser from 1.9.0 to 1.18.0 (d588832)

... (truncated)

Commits
  • 04481cf docs: update maven snapshot badge
  • beccd50 ci: fix failing version
  • 4ccf1d2 ci: fix failing version
  • 20e9105 ci: use bump when computing snapshot version
  • ae8bff6 ci: use java 21
  • 0d99993 build: remove java toolchains and use release flag instead
  • 9550e75 chore(release): 7.5.6 [skip ci]
  • a1143e2 build(deps): bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from...
  • 06ba358 build(deps): bump ch.qos.logback:logback-classic from 1.5.18 to 1.5.19
  • 9880cc4 build(deps): bump org.mockito:mockito-core from 5.17.0 to 5.20.0
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.github.junrar:junrar&package-manager=gradle&previous-version=7.5.5&new-version=7.5.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- app/common/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/common/build.gradle b/app/common/build.gradle index 33a710e9649..4dcf57cc8cb 100644 --- a/app/common/build.gradle +++ b/app/common/build.gradle @@ -37,7 +37,7 @@ dependencies { api 'com.drewnoakes:metadata-extractor:2.19.0' // Image metadata extractor api 'com.vladsch.flexmark:flexmark-html2md-converter:0.64.8' api "org.apache.pdfbox:pdfbox:$pdfboxVersion" - api 'com.github.junrar:junrar:7.5.5' // RAR archive support for CBR files + api 'com.github.junrar:junrar:7.5.7' // RAR archive support for CBR files api 'jakarta.servlet:jakarta.servlet-api:6.1.0' api 'org.snakeyaml:snakeyaml-engine:2.10' api "org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.13" From aa7fba98bfe6743ee36f060852783d55a2e58ed7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:41:44 +0100 Subject: [PATCH 5/6] build(deps): bump org.sonarqube from 6.3.1.5724 to 7.0.0.6105 (#4714) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps org.sonarqube from 6.3.1.5724 to 7.0.0.6105. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.sonarqube&package-manager=gradle&previous-version=6.3.1.5724&new-version=7.0.0.6105)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 729979f0781..44b1b7cc3f4 100644 --- a/build.gradle +++ b/build.gradle @@ -10,7 +10,7 @@ plugins { id "com.github.jk1.dependency-license-report" version "2.9" //id "nebula.lint" version "19.0.3" id "org.panteleyev.jpackageplugin" version "1.7.5" - id "org.sonarqube" version "6.3.1.5724" + id "org.sonarqube" version "7.0.0.6105" } import com.github.jk1.license.render.* From 620ed930d9810a093ea52c5620f19537b7e7f6c9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:42:34 +0100 Subject: [PATCH 6/6] build(deps): bump pdfboxVersion from 3.0.5 to 3.0.6 (#4713) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps `pdfboxVersion` from 3.0.5 to 3.0.6. Updates `org.apache.pdfbox:preflight` from 3.0.5 to 3.0.6 Updates `org.apache.pdfbox:xmpbox` from 3.0.5 to 3.0.6 Updates `org.apache.pdfbox:pdfbox` from 3.0.5 to 3.0.6 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 44b1b7cc3f4..2780271a042 100644 --- a/build.gradle +++ b/build.gradle @@ -22,7 +22,7 @@ import java.time.Year ext { springBootVersion = "3.5.6" - pdfboxVersion = "3.0.5" + pdfboxVersion = "3.0.6" imageioVersion = "3.12.0" lombokVersion = "1.18.42" bouncycastleVersion = "1.82"