From 19a0a01455171a07a44d56079d14c6a2abf069c2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:12:27 +0800 Subject: [PATCH 01/30] chore(deps): bump jackson.version from 2.21.1 to 2.21.2 (#1023) Bumps `jackson.version` from 2.21.1 to 2.21.2. Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-xml` from 2.21.1 to 2.21.2
Commits

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.1 to 2.21.2
Commits

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-yaml` from 2.21.1 to 2.21.2
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index ad6871cc..4dfe4f8a 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -85,7 +85,7 @@ 1.6.3 2.0.61 - 2.21.1 + 2.21.2 3.1.0 2.6 diff --git a/pom.xml b/pom.xml index 5c7e6453..981c7a55 100644 --- a/pom.xml +++ b/pom.xml @@ -57,7 +57,7 @@ 0.10.0 acanx - 2.21.1 + 2.21.2 2.0.61 1.18.44 6.0.3 From d8f02737727226e2fd0ac35ce2feb559de5e6eb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:12:46 +0800 Subject: [PATCH 02/30] chore(deps): bump com.google.protobuf:protobuf-java from 4.34.0 to 4.34.1 (#1025) Bumps [com.google.protobuf:protobuf-java](https://github.com/protocolbuffers/protobuf) from 4.34.0 to 4.34.1.
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.protobuf:protobuf-java&package-manager=maven&previous-version=4.34.0&new-version=4.34.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 4dfe4f8a..c2464c6e 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -66,7 +66,7 @@ 4.2.10.Final 3.8.4 - 4.34.0 + 4.34.1 11.0.20 From d4784d5afb62587336732a357c1c05d07b21c3ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:13:02 +0800 Subject: [PATCH 03/30] chore(deps): bump io.undertow:undertow-core from 2.3.23.Final to 2.3.24.Final (#1026) Bumps [io.undertow:undertow-core](https://github.com/undertow-io/undertow) from 2.3.23.Final to 2.3.24.Final.
Commits
  • f3da6fc Prepare 2.3.24.Final
  • 016557e Merge pull request #1940 from fl4via/UNDERTOW-2611_2.3.x
  • 9ccf07b [UNDERTOW-2611] Ensure max-request-size of a Multipart servlet can override a...
  • 3ac0e23 Merge pull request #1935 from baranowb/UNDERTOW-2603_2.3.x
  • d83f128 [UNDERTOW-2603] Fix double cookie on quoted value
  • 7fec1a6 Merge pull request #1927 from fl4via/backport-fixes_2.3.x
  • 92bdd67 [UNDERTOW-2536] Fix include parameters on error and add rudimentary test
  • 0fde4fd [UNDERTOW-2575] Add flush before socket close on write timeout
  • a5d0172 [UNDERTOW-2521] Rename AjpClientConnection#connection to avoid confusion
  • 5cfe721 [UNDERTOW-2705] Fix Http2ServerConnection.pushResource, where the default MAX...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=io.undertow:undertow-core&package-manager=maven&previous-version=2.3.23.Final&new-version=2.3.24.Final)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index c2464c6e..ffd07612 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -907,7 +907,7 @@ io.undertow undertow-core - 2.3.23.Final + 2.3.24.Final provided true From 2cdb9db617e3d9277a13dd677fc4f0f8a8c1e5db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 22 Mar 2026 15:13:19 +0800 Subject: [PATCH 04/30] chore(deps): bump awssdk.version from 2.42.17 to 2.42.18 (#1024) Bumps `awssdk.version` from 2.42.17 to 2.42.18. Updates `software.amazon.awssdk:s3` from 2.42.17 to 2.42.18 Updates `software.amazon.awssdk:lambda` from 2.42.17 to 2.42.18 Updates `software.amazon.awssdk:ses` from 2.42.17 to 2.42.18 Updates `software.amazon.awssdk:cloudwatch` from 2.42.17 to 2.42.18 Updates `software.amazon.awssdk:costexplorer` from 2.42.17 to 2.42.18 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-mod/pom.xml | 2 +- meta-bom/bom-sdk/pom.xml | 2 +- meta-bom/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-bom/bom-mod/pom.xml b/meta-bom/bom-mod/pom.xml index 1807d294..d654b00c 100644 --- a/meta-bom/bom-mod/pom.xml +++ b/meta-bom/bom-mod/pom.xml @@ -75,7 +75,7 @@ 5.4.1 5.2.1 - 2.42.17 + 2.42.18 6.0.3 6.0.3 diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index 49644f84..e6740829 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.17 + 2.42.18 diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index a1fc67aa..8ffbec73 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,7 +40,7 @@ - 2.42.17 + 2.42.18 From 1924ceefea1651860fd67997045a131c411d0a68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Mar 2026 12:31:22 +0800 Subject: [PATCH 05/30] chore(deps): bump awssdk.version from 2.42.18 to 2.42.19 (#1027) Bumps `awssdk.version` from 2.42.18 to 2.42.19. Updates `software.amazon.awssdk:s3` from 2.42.18 to 2.42.19 Updates `software.amazon.awssdk:lambda` from 2.42.18 to 2.42.19 Updates `software.amazon.awssdk:ses` from 2.42.18 to 2.42.19 Updates `software.amazon.awssdk:cloudwatch` from 2.42.18 to 2.42.19 Updates `software.amazon.awssdk:costexplorer` from 2.42.18 to 2.42.19 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-mod/pom.xml | 2 +- meta-bom/bom-sdk/pom.xml | 2 +- meta-bom/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-bom/bom-mod/pom.xml b/meta-bom/bom-mod/pom.xml index d654b00c..a541d694 100644 --- a/meta-bom/bom-mod/pom.xml +++ b/meta-bom/bom-mod/pom.xml @@ -75,7 +75,7 @@ 5.4.1 5.2.1 - 2.42.18 + 2.42.19 6.0.3 6.0.3 diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index e6740829..0a3489f7 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.18 + 2.42.19 diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index 8ffbec73..2d9f1683 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,7 +40,7 @@ - 2.42.18 + 2.42.19 From 5c69da62e43a10a6e17112f02828083c46d603ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:07:44 +0800 Subject: [PATCH 06/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[netty.version][4.2.10.Final=20=3D>?= =?UTF-8?q?=204.2.11.Final]=20(#1031)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.2.10.Final to 4.2.11.Final. Updates `io.netty:netty-bom` from 4.2.10.Final to 4.2.11.Final
Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • 8f744ec Replace ClosedChannelException with StacklessClosedChannelException (#16506)
  • 4d7b70d Fix docker image for cross-compiling (#16522)
  • cfd0d9a Epoll / IoUring: setTcpMg5Sig(...) might overflow (#16511)
  • Additional commits viewable in compare view

Updates `io.netty:netty-all` from 4.2.10.Final to 4.2.11.Final
Release notes

Sourced from io.netty:netty-all's releases.

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • 8f744ec Replace ClosedChannelException with StacklessClosedChannelException (#16506)
  • 4d7b70d Fix docker image for cross-compiling (#16522)
  • cfd0d9a Epoll / IoUring: setTcpMg5Sig(...) might overflow (#16511)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index b2392d28..215b07af 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -229,7 +229,7 @@ 8.0.1.Final 1.18.44 - 4.2.10.Final + 4.2.11.Final 2.1.0 1.3.4 1.21 From ed976658198acc6d02c230249d075fed93e676b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:07:59 +0800 Subject: [PATCH 07/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[netty.version][4.2.10.Final=20=3D>?= =?UTF-8?q?=204.2.12.Final]=20(#1035)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.2.10.Final to 4.2.12.Final. Updates `io.netty:netty-all` from 4.2.10.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-all's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http` from 4.2.10.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-codec-http's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http2` from 4.2.10.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-codec-http2's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Updates `io.netty:netty-codec-http3` from 4.2.10.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-codec-http3's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

netty-4.2.11.Final

Security

What's Changed

... (truncated)

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • c94a818 [maven-release-plugin] prepare release netty-4.2.11.Final
  • 3b76df1 Merge commit from fork
  • aae944a Auto-port 4.2: Limit the number of Continuation frames per HTTP2 Headers (#16...
  • 6001499 Eliminate redundant bounds checks in CompositeByteBuf accessors (#16525)
  • a7fbb6f JdkZlibDecoder: accumulate decompressed output before firing channelRead (#16...
  • 7937553 Enforce io.netty.maxDirectMemory accounting on all Java versions (#16489)
  • 893ea2e Allocate less in QueryStringDecoder.addParam for typical use case (#16527)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index ffd07612..1817d676 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -64,7 +64,7 @@ 1.9.25.1 1.18.7 - 4.2.10.Final + 4.2.12.Final 3.8.4 4.34.1 From 5d45afddab549b9f2b9a3a9a3f2dc054cef402ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:08:33 +0800 Subject: [PATCH 08/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[awssdk.version][2.42.19=20=3D>=202.?= =?UTF-8?q?42.20]=20(#1032)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `awssdk.version` from 2.42.19 to 2.42.20. Updates `software.amazon.awssdk:s3` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:lambda` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:ses` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:cloudwatch` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:costexplorer` from 2.42.19 to 2.42.20 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index 2d9f1683..a1eacc75 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,7 +40,7 @@ - 2.42.19 + 2.42.20 From 8bacb426f05902933f81f78864b5a67275bcafde Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:08:46 +0800 Subject: [PATCH 09/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[awssdk.version][2.42.19=20=3D>=202.?= =?UTF-8?q?42.20]=20(#1030)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `awssdk.version` from 2.42.19 to 2.42.20. Updates `software.amazon.awssdk:s3` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:lambda` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:ses` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:cloudwatch` from 2.42.19 to 2.42.20 Updates `software.amazon.awssdk:costexplorer` from 2.42.19 to 2.42.20 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index 0a3489f7..a9b55a71 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.19 + 2.42.20 From 570ac2217c9d23ca77703fc6c89f4898908419b5 Mon Sep 17 00:00:00 2001 From: ACANX Date: Thu, 26 Mar 2026 10:12:08 +0800 Subject: [PATCH 10/30] Update dependabot.yml --- .github/dependabot.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1fa41498..232a8b19 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -177,8 +177,9 @@ updates: - package-ecosystem: "maven" directory: "/" schedule: - interval: "daily" - time: "23:15" # 每周 UTC 时间 23:15 检查 + interval: "weekly" + day: "sunday" + time: "23:15" # 每周日 UTC 时间 23:15 检查 timezone: "Asia/Shanghai" # 时区设置 target-branch: "dependa" open-pull-requests-limit: 50 # 最大 PR 数量 From 1269ed3b1cdd64a7d37e86046592f9971fceafbd Mon Sep 17 00:00:00 2001 From: ACANX Date: Thu, 26 Mar 2026 10:14:32 +0800 Subject: [PATCH 11/30] Update dependabot.yml --- .github/dependabot.yml | 46 +++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 232a8b19..5cdee56b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,28 @@ version: 2 updates: + - package-ecosystem: "maven" + directory: "/" + schedule: + interval: "weekly" + day: "sunday" + time: "23:15" # 每周日 UTC 时间 23:15 检查 + timezone: "Asia/Shanghai" # 时区设置 + target-branch: "dependa" + open-pull-requests-limit: 50 # 最大 PR 数量 + assignees: # 自动分配负责人 + - "dependabot[bot]" + ignore: # 忽略特定依赖 + - dependency-name: "com.acanx.util:autil-core" + versions: [">= 1.4.0"] # 忽略 autil 0.5.x及以上版本的更新 + - dependency-name: "log4j:*" + versions: [">= 3.0.0"] # 忽略 log4j 2.x 的更新 + commit-message: # 自定义提交信息 + prefix: "chore" + include: "scope" + labels: # 自动添加标签 + - "依赖:升级" + - "自动化:提交" + - "Dependa" - package-ecosystem: "maven" directory: "/os-dependencies" schedule: @@ -174,29 +197,6 @@ updates: - "依赖:升级" - "自动化:提交" - "Dependa" - - package-ecosystem: "maven" - directory: "/" - schedule: - interval: "weekly" - day: "sunday" - time: "23:15" # 每周日 UTC 时间 23:15 检查 - timezone: "Asia/Shanghai" # 时区设置 - target-branch: "dependa" - open-pull-requests-limit: 50 # 最大 PR 数量 - assignees: # 自动分配负责人 - - "dependabot[bot]" - ignore: # 忽略特定依赖 - - dependency-name: "com.acanx.util:autil-core" - versions: [">= 1.4.0"] # 忽略 autil 0.5.x及以上版本的更新 - - dependency-name: "log4j:*" - versions: [">= 3.0.0"] # 忽略 log4j 2.x 的更新 - commit-message: # 自定义提交信息 - prefix: "chore" - include: "scope" - labels: # 自动添加标签 - - "依赖:升级" - - "自动化:提交" - - "Dependa" - package-ecosystem: "maven" directory: "/meta-bom/bom-mod" schedule: From f3fb518c807977b4809a93da7e3d7caefa6af29b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:16:54 +0800 Subject: [PATCH 12/30] chore(deps): bump netty.version from 4.2.11.Final to 4.2.12.Final (#1036) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps `netty.version` from 4.2.11.Final to 4.2.12.Final. Updates `io.netty:netty-bom` from 4.2.11.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-bom's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates `io.netty:netty-all` from 4.2.11.Final to 4.2.12.Final
Release notes

Sourced from io.netty:netty-all's releases.

netty-4.2.12.Final

What's Changed

Full Changelog: https://github.com/netty/netty/compare/netty-4.2.11.Final...netty-4.2.12.Final

Commits
  • 67ce541 [maven-release-plugin] prepare release netty-4.2.12.Final
  • 7074624 Revert "Eliminate redundant bounds checks in CompositeByteBuf accessors" (#16...
  • c3b0a43 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index 215b07af..9a620af6 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -229,7 +229,7 @@ 8.0.1.Final 1.18.44 - 4.2.11.Final + 4.2.12.Final 2.1.0 1.3.4 1.21 From f2e3a78fc0148623ec8b52bd4e75c5303e3f310e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 10:17:54 +0800 Subject: [PATCH 13/30] chore(deps): bump awssdk.version from 2.42.20 to 2.42.21 (#1037) Bumps `awssdk.version` from 2.42.20 to 2.42.21. Updates `software.amazon.awssdk:s3` from 2.42.20 to 2.42.21 Updates `software.amazon.awssdk:lambda` from 2.42.20 to 2.42.21 Updates `software.amazon.awssdk:ses` from 2.42.19 to 2.42.21 Updates `software.amazon.awssdk:cloudwatch` from 2.42.20 to 2.42.21 Updates `software.amazon.awssdk:costexplorer` from 2.42.20 to 2.42.21 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-mod/pom.xml | 2 +- meta-bom/bom-sdk/pom.xml | 2 +- meta-bom/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta-bom/bom-mod/pom.xml b/meta-bom/bom-mod/pom.xml index a541d694..113ea7b5 100644 --- a/meta-bom/bom-mod/pom.xml +++ b/meta-bom/bom-mod/pom.xml @@ -75,7 +75,7 @@ 5.4.1 5.2.1 - 2.42.19 + 2.42.21 6.0.3 6.0.3 diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index a9b55a71..17145342 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.20 + 2.42.21 diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index a1eacc75..dbe689bc 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,7 +40,7 @@ - 2.42.20 + 2.42.21 From 3a380c0150e692cfcc661875e35fb4da04f35c7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:11:39 +0800 Subject: [PATCH 14/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.springframework.boot:spring-boo?= =?UTF-8?q?t][4.0.4=20=3D>=204.0.5]=20(#1045)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) from 4.0.4 to 4.0.5.
Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v4.0.5

:lady_beetle: Bug Fixes

  • Test starter for Spring Integration does not include Spring Integration test module #49784
  • Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49782
  • WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49753
  • WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #49749
  • Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49738
  • Override of property in external 'application.properties' or 'application.yaml' is ignored #49731
  • NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49706
  • Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #49695
  • @GraphQlTest does not include @ControllerAdvice #49672

:notebook_with_decorative_cover: Documentation

  • Fix incorrect indefinite articles in Javadoc #49727
  • Add some more Kotlin examples and trivial style fixes #49714
  • Overhaul Spring Session documentation following modularization #49704

:hammer: Dependency Upgrades

  • Upgrade to Brave 6.3.1 #49763
  • Upgrade to Jackson 2 Bom 2.21.2 #49764
  • Upgrade to jOOQ 3.19.31 #49765
  • Upgrade to Netty 4.2.12.Final #49794
  • Upgrade to Tomcat 11.0.20 #49767
  • Upgrade to Zipkin Reporter 3.5.3 #49762

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

Commits
  • fe74b31 Release v4.0.5
  • e1d6e5a Merge branch '3.5.x' into 4.0.x
  • 6c9e52a Next development version (v3.5.14-SNAPSHOT)
  • a413e95 Upgrade to Netty 4.2.12.Final
  • c1694b5 Add missing Spring Integration test module to the relevant starter
  • 51ffdc6 Merge branch '3.5.x' into 4.0.x
  • 696a60e Full auto-configure transaction management in slice tests
  • ba70d41 Upgrade to Tomcat 11.0.20
  • fd94ca0 Upgrade to Netty 4.2.11.Final
  • 7e6833b Upgrade to jOOQ 3.19.31
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot&package-manager=maven&previous-version=4.0.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index 1817d676..b54ca089 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -100,7 +100,7 @@ 7.0.6 7.0.4 - 4.0.4 + 4.0.5 3.3.6 3.1.1 From acdbba28ac64627fa16337f37e70da7caa4f3a65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:11:54 +0800 Subject: [PATCH 15/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[com.alibaba.nacos:nacos-client][3.1?= =?UTF-8?q?.1=20=3D>=203.1.2]=20(#1046)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.alibaba.nacos:nacos-client](https://github.com/alibaba/nacos) from 3.1.1 to 3.1.2.
Release notes

Sourced from com.alibaba.nacos:nacos-client's releases.

3.1.2

Nacos 3.1.2 is a patch release focused on stability improvements, security fixes, and AI module enhancements. Key highlights include:

  • Security: Upgraded Spring Boot to 3.4.10 to address CVE-2025-55752, plus log4j and gRPC dependency updates
  • AI/MCP: Fixed MCP cache inconsistency issues and added version parameter support for Agent Card queries
  • Console: Improved distributed deployment experience with automatic server member sync and fixed multiple context path issues
  • Client: Eliminated class unloading memory leak during config reload and fixed UUID passing issue in fuzzy listening
  • Config: Enhanced config metadata publishing with audit logging and notifications

Feature

  • #13996 Add event publishing for agent and MCP endpoint operations
  • #13999 Add audit logging and notifications for config metadata publishing
  • #14120 Add version parameter support to Maintainer SDK Get Agent Card method

Enhancement/Refactor

  • #14000 Eliminate class unloading memory leak during configuration reload using Configuration.initialize()
  • #14062 Prevent potential data modification risk in client ServiceInfoHolder
  • #14099 Add validation for serviceName and groupName in SubscribeServiceRequestHandler
  • #14449 Remove ineffective ThreadLocal in MD5Utils
  • #14454 Throw proper exception when form parameters exceed size limit

BugFix

  • #13770 Fix missing context path in importToolsFromMcp and other AI-related APIs
  • #14009 Fix UUID passing issue in configuration fuzzy listening causing initialization events to be filtered
  • #14016 Fix Console automatic server member synchronization in distributed deployment
  • #14020 Fix missing '?' placeholder in database query
  • #14024 Fix MCP cache index inconsistency when recreating MCP server with same name
  • #14028 Fix remote server selection to use healthy nodes during import/export operations
  • #14063 Fix control plugin bug
  • #14104 Fix AI API context path errors in console
  • #14114 Fix incorrect grayRule detection in ConfigMigrateService
  • #14121 Fix console-ui pagination reset to 0 instead of 1 on API error
  • #14210 Fix MainLayout to handle language changes and fetch notices on update
  • #14401 Fix incorrect created field returned by ConfigRowMapperInjector
  • #14402 Fix MySQL LIKE query escaping to prevent underscore and hyphen confusion
  • #14442 Fix Derby and MySQL LIKE query with proper escape handling
  • #14450 Fix console remote server context-path for maintainer-client
  • #14635 Fix health status update method to correctly handle persistent instances

Dependencies

  • #14006 Upgrade Spring Boot to 3.4.10 to address CVE-2025-55752
  • #14055 Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3
  • #14714 Upgrade gRPC version to 1.78.0

Deployment Required

... (truncated)

Commits
  • 87aab1a fix(web): set default max form size to 2MB for form size filter.
  • df1b41d update grpc version to 1.78.0 (#14714)
  • d5e7750 fix(health): update health status method to handle persistent instances corre...
  • 9f2ec0a fix: No exception is thrown when form parameters are too large. (#14454)
  • 05d646e [ISSUE #14090] Fix console remote server context-path for maintainer-client (...
  • f742638 chore: update project revision to 3.1.2 in pom.xml.
  • f77edba refactor(common): remove ineffective ThreadLocal in MD5Utils (#14449)
  • 64ee64a fix: The ConfigRowMapperInjector returned an incorrect created field (#14401)
  • 38c7290 fix(#14402) fix derby and mysql like with escape (#14442)
  • 929470a fix: update main.css and main.js version query parameters in index.html. (#14...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.alibaba.nacos:nacos-client&package-manager=maven&previous-version=3.1.1&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- os-dependencies/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/os-dependencies/pom.xml b/os-dependencies/pom.xml index b54ca089..1bc0ddc3 100644 --- a/os-dependencies/pom.xml +++ b/os-dependencies/pom.xml @@ -103,7 +103,7 @@ 4.0.5 3.3.6 - 3.1.1 + 3.1.2 10.4.0 9.3.2 From 1a910380c29a08a70c8ee00cfaf8621ab007d0aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:12:15 +0800 Subject: [PATCH 16/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[org.springframework.boot:spring-boo?= =?UTF-8?q?t-dependencies][4.0.4=20=3D>=204.0.5]=20(#1039)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 4.0.4 to 4.0.5.
Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.5

:lady_beetle: Bug Fixes

  • Test starter for Spring Integration does not include Spring Integration test module #49784
  • Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49782
  • WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49753
  • WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #49749
  • Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49738
  • Override of property in external 'application.properties' or 'application.yaml' is ignored #49731
  • NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49706
  • Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #49695
  • @GraphQlTest does not include @ControllerAdvice #49672

:notebook_with_decorative_cover: Documentation

  • Fix incorrect indefinite articles in Javadoc #49727
  • Add some more Kotlin examples and trivial style fixes #49714
  • Overhaul Spring Session documentation following modularization #49704

:hammer: Dependency Upgrades

  • Upgrade to Brave 6.3.1 #49763
  • Upgrade to Jackson 2 Bom 2.21.2 #49764
  • Upgrade to jOOQ 3.19.31 #49765
  • Upgrade to Netty 4.2.12.Final #49794
  • Upgrade to Tomcat 11.0.20 #49767
  • Upgrade to Zipkin Reporter 3.5.3 #49762

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

Commits
  • fe74b31 Release v4.0.5
  • e1d6e5a Merge branch '3.5.x' into 4.0.x
  • 6c9e52a Next development version (v3.5.14-SNAPSHOT)
  • a413e95 Upgrade to Netty 4.2.12.Final
  • c1694b5 Add missing Spring Integration test module to the relevant starter
  • 51ffdc6 Merge branch '3.5.x' into 4.0.x
  • 696a60e Full auto-configure transaction management in slice tests
  • ba70d41 Upgrade to Tomcat 11.0.20
  • fd94ca0 Upgrade to Netty 4.2.11.Final
  • 7e6833b Upgrade to jOOQ 3.19.31
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot-dependencies&package-manager=maven&previous-version=4.0.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index 9a620af6..329ca2ed 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -76,7 +76,7 @@ 7.0.6 - 4.0.4 + 4.0.5 4.0.2 2025.0.0 4.2.0 From 5de2e53974f7a0f1adf53680c6b3054bda88dec4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:12:34 +0800 Subject: [PATCH 17/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[com.huaweicloud.sdk:huaweicloud-sdk?= =?UTF-8?q?-functiongraph][3.1.189=20=3D>=203.1.190]=20(#1038)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps com.huaweicloud.sdk:huaweicloud-sdk-functiongraph from 3.1.189 to 3.1.190. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.huaweicloud.sdk:huaweicloud-sdk-functiongraph&package-manager=maven&previous-version=3.1.189&new-version=3.1.190)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index 17145342..25a1b5fe 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -136,7 +136,7 @@ com.huaweicloud.sdk huaweicloud-sdk-functiongraph - 3.1.189 + 3.1.190 From 244d1d195fe5cd22e35ccfa89ee81ce6b9213280 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:12:49 +0800 Subject: [PATCH 18/30] chore(deps): bump org.springframework.boot:spring-boot-dependencies from 4.0.4 to 4.0.5 (#1043) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 4.0.4 to 4.0.5.
Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v4.0.5

:lady_beetle: Bug Fixes

  • Test starter for Spring Integration does not include Spring Integration test module #49784
  • Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49782
  • WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49753
  • WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #49749
  • Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49738
  • Override of property in external 'application.properties' or 'application.yaml' is ignored #49731
  • NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49706
  • Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #49695
  • @GraphQlTest does not include @ControllerAdvice #49672

:notebook_with_decorative_cover: Documentation

  • Fix incorrect indefinite articles in Javadoc #49727
  • Add some more Kotlin examples and trivial style fixes #49714
  • Overhaul Spring Session documentation following modularization #49704

:hammer: Dependency Upgrades

  • Upgrade to Brave 6.3.1 #49763
  • Upgrade to Jackson 2 Bom 2.21.2 #49764
  • Upgrade to jOOQ 3.19.31 #49765
  • Upgrade to Netty 4.2.12.Final #49794
  • Upgrade to Tomcat 11.0.20 #49767
  • Upgrade to Zipkin Reporter 3.5.3 #49762

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

Commits
  • fe74b31 Release v4.0.5
  • e1d6e5a Merge branch '3.5.x' into 4.0.x
  • 6c9e52a Next development version (v3.5.14-SNAPSHOT)
  • a413e95 Upgrade to Netty 4.2.12.Final
  • c1694b5 Add missing Spring Integration test module to the relevant starter
  • 51ffdc6 Merge branch '3.5.x' into 4.0.x
  • 696a60e Full auto-configure transaction management in slice tests
  • ba70d41 Upgrade to Tomcat 11.0.20
  • fd94ca0 Upgrade to Netty 4.2.11.Final
  • 7e6833b Upgrade to jOOQ 3.19.31
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot-dependencies&package-manager=maven&previous-version=4.0.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 8fe28ef6322490168852e1a3c04125faa6204517 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:13:06 +0800 Subject: [PATCH 19/30] chore(deps): bump org.springframework.boot:spring-boot from 4.0.4 to 4.0.5 (#1041) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.springframework.boot:spring-boot](https://github.com/spring-projects/spring-boot) from 4.0.4 to 4.0.5.
Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v4.0.5

:lady_beetle: Bug Fixes

  • Test starter for Spring Integration does not include Spring Integration test module #49784
  • Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49782
  • WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49753
  • WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #49749
  • Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49738
  • Override of property in external 'application.properties' or 'application.yaml' is ignored #49731
  • NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49706
  • Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #49695
  • @GraphQlTest does not include @ControllerAdvice #49672

:notebook_with_decorative_cover: Documentation

  • Fix incorrect indefinite articles in Javadoc #49727
  • Add some more Kotlin examples and trivial style fixes #49714
  • Overhaul Spring Session documentation following modularization #49704

:hammer: Dependency Upgrades

  • Upgrade to Brave 6.3.1 #49763
  • Upgrade to Jackson 2 Bom 2.21.2 #49764
  • Upgrade to jOOQ 3.19.31 #49765
  • Upgrade to Netty 4.2.12.Final #49794
  • Upgrade to Tomcat 11.0.20 #49767
  • Upgrade to Zipkin Reporter 3.5.3 #49762

:heart: Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

Commits
  • fe74b31 Release v4.0.5
  • e1d6e5a Merge branch '3.5.x' into 4.0.x
  • 6c9e52a Next development version (v3.5.14-SNAPSHOT)
  • a413e95 Upgrade to Netty 4.2.12.Final
  • c1694b5 Add missing Spring Integration test module to the relevant starter
  • 51ffdc6 Merge branch '3.5.x' into 4.0.x
  • 696a60e Full auto-configure transaction management in slice tests
  • ba70d41 Upgrade to Tomcat 11.0.20
  • fd94ca0 Upgrade to Netty 4.2.11.Final
  • 7e6833b Upgrade to jOOQ 3.19.31
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot&package-manager=maven&previous-version=4.0.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From bd13d17a838684e2fd351f6177ab01db3f33d830 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:13:21 +0800 Subject: [PATCH 20/30] chore(deps): bump com.alibaba.nacos:nacos-client from 3.1.1 to 3.1.2 (#1044) Bumps [com.alibaba.nacos:nacos-client](https://github.com/alibaba/nacos) from 3.1.1 to 3.1.2.
Release notes

Sourced from com.alibaba.nacos:nacos-client's releases.

3.1.2

Nacos 3.1.2 is a patch release focused on stability improvements, security fixes, and AI module enhancements. Key highlights include:

  • Security: Upgraded Spring Boot to 3.4.10 to address CVE-2025-55752, plus log4j and gRPC dependency updates
  • AI/MCP: Fixed MCP cache inconsistency issues and added version parameter support for Agent Card queries
  • Console: Improved distributed deployment experience with automatic server member sync and fixed multiple context path issues
  • Client: Eliminated class unloading memory leak during config reload and fixed UUID passing issue in fuzzy listening
  • Config: Enhanced config metadata publishing with audit logging and notifications

Feature

  • #13996 Add event publishing for agent and MCP endpoint operations
  • #13999 Add audit logging and notifications for config metadata publishing
  • #14120 Add version parameter support to Maintainer SDK Get Agent Card method

Enhancement/Refactor

  • #14000 Eliminate class unloading memory leak during configuration reload using Configuration.initialize()
  • #14062 Prevent potential data modification risk in client ServiceInfoHolder
  • #14099 Add validation for serviceName and groupName in SubscribeServiceRequestHandler
  • #14449 Remove ineffective ThreadLocal in MD5Utils
  • #14454 Throw proper exception when form parameters exceed size limit

BugFix

  • #13770 Fix missing context path in importToolsFromMcp and other AI-related APIs
  • #14009 Fix UUID passing issue in configuration fuzzy listening causing initialization events to be filtered
  • #14016 Fix Console automatic server member synchronization in distributed deployment
  • #14020 Fix missing '?' placeholder in database query
  • #14024 Fix MCP cache index inconsistency when recreating MCP server with same name
  • #14028 Fix remote server selection to use healthy nodes during import/export operations
  • #14063 Fix control plugin bug
  • #14104 Fix AI API context path errors in console
  • #14114 Fix incorrect grayRule detection in ConfigMigrateService
  • #14121 Fix console-ui pagination reset to 0 instead of 1 on API error
  • #14210 Fix MainLayout to handle language changes and fetch notices on update
  • #14401 Fix incorrect created field returned by ConfigRowMapperInjector
  • #14402 Fix MySQL LIKE query escaping to prevent underscore and hyphen confusion
  • #14442 Fix Derby and MySQL LIKE query with proper escape handling
  • #14450 Fix console remote server context-path for maintainer-client
  • #14635 Fix health status update method to correctly handle persistent instances

Dependencies

  • #14006 Upgrade Spring Boot to 3.4.10 to address CVE-2025-55752
  • #14055 Bump org.apache.logging.log4j:log4j-core from 2.24.3 to 2.25.3
  • #14714 Upgrade gRPC version to 1.78.0

Deployment Required

... (truncated)

Commits
  • 87aab1a fix(web): set default max form size to 2MB for form size filter.
  • df1b41d update grpc version to 1.78.0 (#14714)
  • d5e7750 fix(health): update health status method to handle persistent instances corre...
  • 9f2ec0a fix: No exception is thrown when form parameters are too large. (#14454)
  • 05d646e [ISSUE #14090] Fix console remote server context-path for maintainer-client (...
  • f742638 chore: update project revision to 3.1.2 in pom.xml.
  • f77edba refactor(common): remove ineffective ThreadLocal in MD5Utils (#14449)
  • 64ee64a fix: The ConfigRowMapperInjector returned an incorrect created field (#14401)
  • 38c7290 fix(#14402) fix derby and mysql like with escape (#14442)
  • 929470a fix: update main.css and main.js version query parameters in index.html. (#14...
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.alibaba.nacos:nacos-client&package-manager=maven&previous-version=3.1.1&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 13e6e2550ea60d72accdf9e9975963558a7a6ca0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:13:37 +0800 Subject: [PATCH 21/30] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96?= =?UTF-8?q?=E9=A1=B9=E5=8D=87=E7=BA=A7[com.huaweicloud.sdk:huaweicloud-sdk?= =?UTF-8?q?-functiongraph][3.1.189=20=3D>=203.1.190]=20(#1040)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps com.huaweicloud.sdk:huaweicloud-sdk-functiongraph from 3.1.189 to 3.1.190. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.huaweicloud.sdk:huaweicloud-sdk-functiongraph&package-manager=maven&previous-version=3.1.189&new-version=3.1.190)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-cf/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-cf/pom.xml b/meta-bom/bom-cf/pom.xml index 522d5560..5ae7c119 100644 --- a/meta-bom/bom-cf/pom.xml +++ b/meta-bom/bom-cf/pom.xml @@ -135,7 +135,7 @@ com.huaweicloud.sdk huaweicloud-sdk-functiongraph - 3.1.189 + 3.1.190 From 452e693c2ff046bf996de95da257c01336e2cab8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:13:49 +0800 Subject: [PATCH 22/30] chore(deps): bump com.huaweicloud.sdk:huaweicloud-sdk-functiongraph from 3.1.189 to 3.1.190 (#1042) Bumps com.huaweicloud.sdk:huaweicloud-sdk-functiongraph from 3.1.189 to 3.1.190. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.huaweicloud.sdk:huaweicloud-sdk-functiongraph&package-manager=maven&previous-version=3.1.189&new-version=3.1.190)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> From 5f0b7bc1ddc204af9e3e187f6a4937d131d481f7 Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:17:50 +0800 Subject: [PATCH 23/30] Update pom.xml --- meta-bom/bom-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-sdk/pom.xml b/meta-bom/bom-sdk/pom.xml index 25a1b5fe..4422da94 100644 --- a/meta-bom/bom-sdk/pom.xml +++ b/meta-bom/bom-sdk/pom.xml @@ -39,7 +39,7 @@ - 2.42.21 + From 99287dee3e736b59b388e0819d7e0b56f7fe1a19 Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:18:37 +0800 Subject: [PATCH 24/30] Update pom.xml --- meta-bom/bom-mod/pom.xml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/meta-bom/bom-mod/pom.xml b/meta-bom/bom-mod/pom.xml index 113ea7b5..1d726c23 100644 --- a/meta-bom/bom-mod/pom.xml +++ b/meta-bom/bom-mod/pom.xml @@ -75,11 +75,7 @@ 5.4.1 5.2.1 - 2.42.21 - - 6.0.3 - 6.0.3 - 4.13.2 + From db9661e09bf98b3862d0a7921b8156871e2293e2 Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:19:25 +0800 Subject: [PATCH 25/30] Update pom.xml --- meta-bom/pom.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index dbe689bc..e7179fbb 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -41,6 +41,9 @@ 2.42.21 + 6.0.3 + 6.0.3 + 4.13.2 From 1833e44e11121b14558732efea26716ec79b0b3a Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:20:49 +0800 Subject: [PATCH 26/30] Update pom.xml --- meta-bom/bom-deamon/pom.xml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index 329ca2ed..1cae5597 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -74,18 +74,7 @@ 2.17.1 1.1.0 - - 7.0.6 - 4.0.5 - 4.0.2 - 2025.0.0 - 4.2.0 - 4.2.0 - 4.2.0 - 4.2.0 - 2.2.1.RELEASE - 4.2.0 - 4.2.0 + 7.0.4 2.5.2.RELEASE From 192f8b97c660e5d2311497ff4918259170da704c Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:21:24 +0800 Subject: [PATCH 27/30] Update pom.xml --- meta-bom/pom.xml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index e7179fbb..660a0765 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,6 +40,20 @@ + + + 7.0.6 + 4.0.5 + 4.0.2 + 2025.0.0 + 4.2.0 + 4.2.0 + 4.2.0 + 4.2.0 + 2.2.1.RELEASE + 4.2.0 + 4.2.0 + 2.42.21 6.0.3 6.0.3 From d8d67ccca89aec3a05e11f98a8ffe4fbccb68d5c Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:24:16 +0800 Subject: [PATCH 28/30] Update pom.xml --- meta-bom/bom-deamon/pom.xml | 51 +------------------------------------ 1 file changed, 1 insertion(+), 50 deletions(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index 1cae5597..4cbffc3c 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -53,26 +53,7 @@ UTF-8 UTF-8 - 3.1.0 - 3.7.1 - 3.4.0 - 3.15.0 - 3.8.1 - 3.1.3 - 3.5.0 - 3.5.2 - 3.5.1 - 3.1.3 - 3.8.1 - 3.4.2 - 3.10.1 - 3.3.1 - 3.6.0 - 3.3.1 - 3.5.2 - 3.4.0 - 2.17.1 - 1.1.0 + @@ -85,36 +66,6 @@ - - 3.3.6 - 3.3.6 - 3.3.3 - 3.3.1 - - - - 2024.0.0 - 2.4.3 - 2.4.0 - - - - 3.51.3.0 - 9.5.0 - 9.1.0 - 9.5.0 - 42.7.4 - 5.1.0 - 1.2.22 - 3.5.19 - 3.0.4 - 4.0.1 - 1.4.2 - 1.4.2 - 3.5.6 - 6.1.0 - 2.1.1 - 5.3 1.0.0.RELEASE 1.2.2 From d45bf9d4ecf336cf9d0af3c6318afbc5124289b9 Mon Sep 17 00:00:00 2001 From: ACANX Date: Fri, 27 Mar 2026 12:28:43 +0800 Subject: [PATCH 29/30] Update pom.xml --- meta-bom/pom.xml | 58 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index 660a0765..66065f56 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -40,11 +40,48 @@ + 3.1.0 + 3.7.1 + 3.4.0 + 3.15.0 + 3.8.1 + 3.1.3 + 3.5.0 + 3.5.2 + 3.5.1 + 3.1.3 + 3.8.1 + 3.4.2 + 3.10.1 + 3.3.1 + 3.6.0 + 3.3.1 + 3.5.2 + 3.4.0 + 2.17.1 + 1.1.0 + + 3.51.3.0 + 9.5.0 + 9.1.0 + 9.5.0 + 42.7.4 + 5.1.0 + 1.2.22 + 3.5.19 + + 3.3.6 + 3.3.6 + 3.3.3 + 3.3.1 + 2.4.3 + 2.4.0 + + 7.0.6 4.0.5 - 4.0.2 2025.0.0 4.2.0 4.2.0 @@ -53,6 +90,25 @@ 2.2.1.RELEASE 4.2.0 4.2.0 + 4.0.2 + + + 3.0.4 + 4.0.1 + 1.4.2 + 1.4.2 + 3.5.6 + 6.1.0 + 2.1.1 + 5.3 + + + + + + 2025.0.0 + + 2.42.21 6.0.3 From 0d7b4f03af3c7f10d7225cbc7470ceb6f7320fc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Mar 2026 13:13:13 +0800 Subject: [PATCH 30/30] chore(deps): bump awssdk.version from 2.42.21 to 2.42.22 (#1047) Bumps `awssdk.version` from 2.42.21 to 2.42.22. Updates `software.amazon.awssdk:s3` from 2.42.21 to 2.42.22 Updates `software.amazon.awssdk:lambda` from 2.42.21 to 2.42.22 Updates `software.amazon.awssdk:ses` from 2.42.21 to 2.42.22 Updates `software.amazon.awssdk:cloudwatch` from 2.42.21 to 2.42.22 Updates `software.amazon.awssdk:costexplorer` from 2.42.21 to 2.42.22 Updates `software.amazon.awssdk:auth` from 2.42.21 to 2.42.22 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index 66065f56..ebbc6f39 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -110,7 +110,7 @@ - 2.42.21 + 2.42.22 6.0.3 6.0.3 4.13.2