Skip to content

Bump the java-sdk-deps group in /sdks/java with 4 updates#2

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/sdks/java/java-sdk-deps-97dd897c78
Open

Bump the java-sdk-deps group in /sdks/java with 4 updates#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/sdks/java/java-sdk-deps-97dd897c78

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Copy link
Copy Markdown

Bumps the java-sdk-deps group in /sdks/java with 4 updates: com.google.code.gson:gson, dev.openfeature:sdk, org.junit.jupiter:junit-jupiter and org.apache.maven.plugins:maven-surefire-plugin.

Updates com.google.code.gson:gson from 2.11.0 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

  • Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

    When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

    With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

  • Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

    This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

  • Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

    Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

  • Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

    This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

  • Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

    The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

  • Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

    This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

  • Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

New Contributors

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Gson 2.13.2

The main changes in this release are just newer dependencies.

... (truncated)

Commits
  • 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
  • a3024fd Bump the maven group with 13 updates (#3002)
  • 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
  • 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
  • 53d703e Update outdated comment regarding serializable types (#3012)
  • 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
  • f4d371d Fix duplicate key detection when first value is null (#3006)
  • 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
  • 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
  • b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
  • Additional commits viewable in compare view

Updates dev.openfeature:sdk from 1.12.0 to 1.20.2

Release notes

Sourced from dev.openfeature:sdk's releases.

v1.20.2

1.20.2 (2026-03-19)

🐛 Bug Fixes

  • allow for providers to safely shutdown (#1744) (efbf279)
  • deps: update dependency com.fasterxml.jackson:jackson-bom to v2.21.1 (#1863) (92a8bdb)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.1 (#1834) (f549956)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.2 (#1837) (b8c4b9a)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.3 (#1880) (8d354c6)
  • deps: update dependency org.junit:junit-bom to v6.0.3 (#1855) (5af58fd)
  • deps: update dependency org.projectlombok:lombok to v1.18.44 (#1890) (597501a)

🧹 Chore

  • deps: update actions/cache digest to 5656298 (#1866) (722180f)
  • deps: update actions/cache digest to 6682284 (#1899) (55ab429)
  • deps: update actions/cache digest to b456236 (#1835) (ffeccdf)
  • deps: update actions/cache digest to b7e8d49 (#1838) (99f2e0f)
  • deps: update actions/setup-java digest to 1d018f9 (#1876) (036fb50)
  • deps: update actions/setup-java digest to fe779bf (#1859) (9831c2e)
  • deps: update amannn/action-semantic-pull-request digest to ac7e3fc (#1852) (53d3fe3)
  • deps: update codecov/codecov-action action to v5.5.3 (#1902) (b4a5645)
  • deps: update com.vmlens.version to v1.2.25 (#1845) (e495576)
  • deps: update com.vmlens.version to v1.2.26 (#1846) (102951b)
  • deps: update com.vmlens.version to v1.2.27 (#1886) (12acf60)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.2.0 (#1822) (2942daf)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.2.1 (#1831) (cfd1864)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.3.0 (#1877) (0a2878e)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.4.0 (#1903) (76466a3)
  • deps: update dependency maven to v3.9.13 (#1885) (d43ff42)
  • deps: update dependency maven to v3.9.14 (#1894) (844dc42)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.5 (#1853) (de2b737)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.6-jdk6-jdk5 (#1870) (aefc2fe)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.7-jdk5 (#1873) (a4c5c59)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.5 (#1854) (2fd471a)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.6-jdk6-jdk5 (#1871) (1b82e5f)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.7-jdk5 (#1874) (5770614)
  • deps: update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 (#1839) (857fed8)
  • deps: update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 (#1847) (3857856)
  • deps: update dependency org.apache.maven.plugins:maven-failsafe-plugin to v3.5.5 (#1861) (f1fb67c)
  • deps: update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 (#1862) (83daace)
  • deps: update dependency org.assertj:assertj-core to v3.27.7 (#1824) (40ac67a)
  • deps: update dependency org.mockito:mockito-core to v5.22.0 (#1869) (1df34b0)
  • deps: update dependency org.mockito:mockito-core to v5.23.0 (#1893) (4092074)
  • deps: update github/codeql-action digest to 015d8c7 (#1857) (a48fb39)
  • deps: update github/codeql-action digest to 0ec47d0 (#1868) (f44643f)
  • deps: update github/codeql-action digest to 147d149 (#1856) (74325fb)

... (truncated)

Changelog

Sourced from dev.openfeature:sdk's changelog.

1.20.2 (2026-03-19)

🐛 Bug Fixes

  • allow for providers to safely shutdown (#1744) (efbf279)
  • deps: update dependency com.fasterxml.jackson:jackson-bom to v2.21.1 (#1863) (92a8bdb)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.1 (#1834) (f549956)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.2 (#1837) (b8c4b9a)
  • deps: update dependency io.cucumber:cucumber-bom to v7.34.3 (#1880) (8d354c6)
  • deps: update dependency org.junit:junit-bom to v6.0.3 (#1855) (5af58fd)
  • deps: update dependency org.projectlombok:lombok to v1.18.44 (#1890) (597501a)

🧹 Chore

  • deps: update actions/cache digest to 5656298 (#1866) (722180f)
  • deps: update actions/cache digest to 6682284 (#1899) (55ab429)
  • deps: update actions/cache digest to b456236 (#1835) (ffeccdf)
  • deps: update actions/cache digest to b7e8d49 (#1838) (99f2e0f)
  • deps: update actions/setup-java digest to 1d018f9 (#1876) (036fb50)
  • deps: update actions/setup-java digest to fe779bf (#1859) (9831c2e)
  • deps: update amannn/action-semantic-pull-request digest to ac7e3fc (#1852) (53d3fe3)
  • deps: update codecov/codecov-action action to v5.5.3 (#1902) (b4a5645)
  • deps: update com.vmlens.version to v1.2.25 (#1845) (e495576)
  • deps: update com.vmlens.version to v1.2.26 (#1846) (102951b)
  • deps: update com.vmlens.version to v1.2.27 (#1886) (12acf60)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.2.0 (#1822) (2942daf)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.2.1 (#1831) (cfd1864)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.3.0 (#1877) (0a2878e)
  • deps: update dependency com.diffplug.spotless:spotless-maven-plugin to v3.4.0 (#1903) (76466a3)
  • deps: update dependency maven to v3.9.13 (#1885) (d43ff42)
  • deps: update dependency maven to v3.9.14 (#1894) (844dc42)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.5 (#1853) (de2b737)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.6-jdk6-jdk5 (#1870) (aefc2fe)
  • deps: update dependency net.bytebuddy:byte-buddy to v1.18.7-jdk5 (#1873) (a4c5c59)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.5 (#1854) (2fd471a)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.6-jdk6-jdk5 (#1871) (1b82e5f)
  • deps: update dependency net.bytebuddy:byte-buddy-agent to v1.18.7-jdk5 (#1874) (5770614)
  • deps: update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.15.0 (#1839) (857fed8)
  • deps: update dependency org.apache.maven.plugins:maven-dependency-plugin to v3.10.0 (#1847) (3857856)
  • deps: update dependency org.apache.maven.plugins:maven-failsafe-plugin to v3.5.5 (#1861) (f1fb67c)
  • deps: update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.5 (#1862) (83daace)
  • deps: update dependency org.assertj:assertj-core to v3.27.7 (#1824) (40ac67a)
  • deps: update dependency org.mockito:mockito-core to v5.22.0 (#1869) (1df34b0)
  • deps: update dependency org.mockito:mockito-core to v5.23.0 (#1893) (4092074)
  • deps: update github/codeql-action digest to 015d8c7 (#1857) (a48fb39)
  • deps: update github/codeql-action digest to 0ec47d0 (#1868) (f44643f)
  • deps: update github/codeql-action digest to 147d149 (#1856) (74325fb)
  • deps: update github/codeql-action digest to 16adc4e (#1867) (29a29d6)

... (truncated)

Commits
  • 544bc56 chore(main): release 1.20.2 (#1821)
  • b4a5645 chore(deps): update codecov/codecov-action action to v5.5.3 (#1902)
  • 76466a3 chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to...
  • 55ab429 chore(deps): update actions/cache digest to 6682284 (#1899)
  • 5070bb2 chore(deps): update github/codeql-action digest to 7da6361 (#1898)
  • ff5f519 chore(deps): update github/codeql-action digest to fd1ca02 (#1896)
  • afb6bef chore(deps): update github/codeql-action digest to 7dd76e6 (#1895)
  • 844dc42 chore(deps): update dependency maven to v3.9.14 (#1894)
  • 4092074 chore(deps): update dependency org.mockito:mockito-core to v5.23.0 (#1893)
  • 3b48a87 chore(deps): update github/codeql-action digest to 1dbebad (#1891)
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.11.0 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits
  • 36e3253 Release 6.0.3
  • 295561f Finalize 6.0.3 release notes
  • ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
  • 869e232 Add 5.14.3 release notes
  • d4b34c4 Fix links to User Guide
  • 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
  • febb13f Check out entire repo so switching to main branch works in last step
  • 71fba90 Install poppler-utils for pdfinfo
  • 740e9e0 Update API baseline
  • 2ba535f Use release branch of examples repo
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the java-sdk-deps group in /sdks/java with 4 updates: [com.google.code.gson:gson](https://github.com/google/gson), [dev.openfeature:sdk](https://github.com/open-feature/java-sdk), [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework) and [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire).


Updates `com.google.code.gson:gson` from 2.11.0 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.11.0...gson-parent-2.14.0)

Updates `dev.openfeature:sdk` from 1.12.0 to 1.20.2
- [Release notes](https://github.com/open-feature/java-sdk/releases)
- [Changelog](https://github.com/open-feature/java-sdk/blob/main/CHANGELOG.md)
- [Commits](open-feature/java-sdk@v1.12.0...v1.20.2)

Updates `org.junit.jupiter:junit-jupiter` from 5.11.0 to 6.0.3
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.11.0...r6.0.3)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.2.5 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.2.5...surefire-3.5.5)

---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java-sdk-deps
- dependency-name: dev.openfeature:sdk
  dependency-version: 1.20.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java-sdk-deps
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: java-sdk-deps
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: java-sdk-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 6, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: area: sdks, type: task. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from dinesh-g1 as a code owner May 6, 2026 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants