fix(deps): update backend non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.openapitools:openapi-generator-cli	7.20.0 → 7.22.0
com.bucket4j:bucket4j_jdk17-core (source)	8.17.0 → 8.18.0
org.springdoc:springdoc-openapi-starter-webmvc-api (source)	2.8.16 → 2.8.17
io.sentry:sentry-opentelemetry-core	8.36.0 → 8.40.0
io.sentry:sentry-logback	8.36.0 → 8.40.0
io.sentry:sentry-spring-boot-starter-jakarta	8.36.0 → 8.40.0
org.jdbi:jdbi3-bom (source)	3.52.0 → 3.53.0
org.springframework.boot:spring-boot-starter-parent (source)	3.5.12 → 3.5.14

---

Release Notes

openapitools/openapi-generator (org.openapitools:openapi-generator-cli)

v7.22.0: released

v7.22.0 stable release comes with 150+ enhancements and bug fixes.

Below are the highlights of the changes. For a full list of changes, please refer to the "Pull Request" tab.

General

• refactor: centralize common schema checks in ModelUtils #​23608
• [CORE] : BUGFIX - prevent Stream closed on concurrent JAR access in TemplateManager #​23596
• Improve OneOf handling with new normalizer REPLACE_ONE_OF_BY_DISCRIMINATOR_MAPPING #​23543
• ci: upload openapi-generator-cli.jar as GitHub Release asset #​23524
• fix: preserve parent description when simplifying nullable anyOf/oneOf #​23361
• [GRADLE-PLUGIN] - Modernize plugin to use Lazy Configuration API #​23042

C#

• [csharp][generichost] Fix TokenBase race condition #​23356
• [csharp][generichost] Fix possible concatentation bug #​23355
• [csharp][generichost] Fix invalid implicit cast #​23344
• [csharp][generichost] Treat warnings as errors #​23343
• [csharp][generichost] Fix dateTimeOffset bug #​23342
• Marking a class abstract should not mark the methods abstract as well #​23291
• [csharp][generichost] Multiple oauth tokens #​23264
• [csharp] Support null types #​23260

Crystal

• [crystal] Fix empty auth_settings Hash literal #​23625

Dart

• [dart-dio] Fix json_serializable serialize template to support hasFormParams #​23579
• Fix wrong import statements in dart-dio when using import-mappings #​23571
• fix: Change Dart Serializer for MapBuilder to be nullable #​23460
• feat(dart-dio): add methods to remove auth tokens in api client #​23386

Go

• feat(go): add enumUnknownDefaultCase config option #​23417

Java

• Correct imports for RxJava2 and RxJava3. Add support for Vert.x 5. #​23563
• add support for sealed response interfaces for spring-declarative-http-interface #​23549
• [Java][jersey3] Add error entity deserialization to ApiException #​23542
• [Java] [apache-httpclient] Add support for Jackson3 for apache httpclient generator #​23446
• [Java][WebClient][RestClient] Standardize useAbstractionForFiles behavior to use Resource interface #​23382
• feat(spring): enable openApiNullable with useJackson3 #​23331
• [java] [Spring] useJspecify for java clients and spring generator #​23256

Kotlin

• [KOTLIN-SPRING;JAVA-SPRING] chore: upgrade spring boot 3 to 3.3.13 version #​23591
• [KOTLIN-SPRING] Add oneOf sealed interface support with discriminator #​23574
• fix [Kotlin]: handle nullable response.body in jvm-okhttp ApiClient #​23515
• [kotlin-server] Fix class names for useTags #​23441
• fix(kotlin-spring): use Jackson 3 annotation package in model imports #​23406

PHP

• [PHP] Support map/object format for x-enum-varnames and x-enum-descriptions #​23540
• fix(php-symfony): enum $ref query params — short types and imports (#​23521) #​23525
• [php-nextgen] Fix validity checks for nullable properties that are required #​23419
• [php-nextgen] Remove invalid @​implements ArrayAccess tag in models with parents #​23418
• [Php] Fix form data field names to use spec-defined baseName #​23347
• [php-nextgen]: Fix imports for models with parent schema #​23317
• [php-nextgen]: Fix ArrayAccess parameter types #​23315

PowerShell

• [POWERSHELL] fix: single-quote DTO property names to prevent $-variable interpolation #​23624
• [PowerShell] Correct comment syntax in array query parameters #​23491

Python

• [PYTHON][bugfix] Fix python model dict array generation #​23538
• [PYTHON][bugfix] Fix missing post-params when content type is json #​23526
• [python] Add buildSystem option to support hatchling #​23483
• fix(python): Fix sanitize_for_serialization code generation for python client #​23415
• Drop python 3.9 and support python 3.14 in python generator #​22926

Rust

• fix(rust): use serde_repr for integer property enums #​23580
• [rust-axum] Fix uint32/uint64 type mapping #​23547
• feat(rust-server): refactor server module templates to avoid a monolithic run function. #​23432
• Feat: (Rust) Added chrono (date/date-time) support for Rust Generator #​23451

Scala

• [Fix][scala-sttp][circe] Add Base64OrArrayByteDecoder for format:byte and format:binary JSON properties #​23619
• [Fix][scala-sttp][circe] Add NaN-tolerant Decoder[Double] for non-finite values #​23611
• [feat][scala-sttp] Add oneOf and allOf discriminator support with sealed traits for circe generator #​23510
• Mark scala-finch generator as deprecated #​23484
• [Fix][scala-sttp][circe] Circe codecs do not preserve original JSON field names for non-camelCase properties #​23465

Swift

• [swift6] fix map nullable values #​23629

TypeScript

• Update axios to 1.15.2 #​23637
• fix(typescript-angular): handle Set in query parameter serialization #​23442
• fix(typescript-fetch): prevent HTML-escaping of pattern in validationAttributes #​23420
• [typescript-*]: Improve literal regexp for JSON MIME-type #​23319
• fix(typescript-fetch): remove barrel imports #​22706

v7.21.0: released

Compare Source

v7.21.0 stable release (breaking changes with fallbacks) comes with 190+ enhancements and bug fixes.

This release comes with 3 breaking changes (with fallback):

• Use Spring Boot 3.x by default (useSpringBoot3=true) #​23318
• Add option to fallback to non-pointer number, boolean types #​23197
• fix c-libcurl generator for int and boolean values by moving to int* #​23052

Below are the highlights of the changes. For a full list of changes, please refer to the "Pull Request" tab.

General

• Update jackson dependencies to newer versions #​23152
• fix: core: preserve OAS 3.1 numeric exclusive validation constraints in composed schemas #​23053
• fix: OAS3.1 deprecated property for array properties #​23019
• openapi-generator-gradle-plugin: upgrade Gradle to v8 #​22864
• (OpenAPINormalizer): Removed reset of OAS content #​22573

C

• Add option to fallback to non-pointer number, boolean types #​23197 (Breaking change (with fallback))
• fix c-libcurl generator for int and boolean values by moving to int* (Breaking change (with fallback)) #​23052

C#

• [C#] Fix invalid implicit casts #​23192
• [csharp] Fix/override central package versions for csharp test projects #​23092
• [csharp][generichost] Better file support #​22806

C++

• [cpp-qt-client] Remove deprecated SignalE/SignalEFull signals in API classes #​23113
• [cpp-qt-client] Optimize generated code #​23089
• [cpp-qt-client]Fix variable redeclarations in the api-body.mustache #​22982
• Move C++ virtual destructor definition to .cpp files #​21530

Dart

• [dart] Fix enum defaults, Object arrays, and nullable required assertions in native serialization #​23027
• [dart] Preserve inner generic type for Map<String, List> deserialization #​22717
• Add support for Optional in Dart generator (both dart and dart-dio) to distinguish absent, null, and present states #​22257

Go

• Update go client README to match modern module support #​23292

Java

• Use Spring Boot 3.x by default (useSpringBoot3=true) (Breaking change (with fallback)) #​23318
• Decommission springfox from spring generator #​23280
• fix(jaxrs): correct add/remove methods for JsonNullable<List> fields #​23258
• [Java] Optimize All Enum fromValue Mustache Templates #​23165
• Update jackson core in Java restclient to newer version #​23151
• [java][resttemplate] Add support for Jackson 3 and Spring Boot 4 in Java resttemplate #​23144
• [spring] Add an option "additionalNotNullAnnotations" to include additional NotNull annotations #​23096
• feature/jackson3 native #​23071
• feat(jackson3): add jackson3 support for Java Client generator - WebClient #​23031
• feature(jackson3) add jackson3 support for Java Client generator - Restclient #​23023
• fixes(spring) add JsonProperty on setter #​22978
• [java-spring] - add 'includeHttpRequestContext' additional property (option) defaulting to "true" for reactive and "false" for blocking to include ServerWebExchange/HttpServletRequest #​22910
• spring-http-interface: introduce springHttpClientAdapter, fix paramDoc.mustache #​19710

JavaScript

• [JS] Fix handling of oneOf when you have explicitly used a discriminator #​23026

Kotlin

• Decommission springfox from kotlin-spring generator #​23283
• [kotlin-client] Support for integer enums for multiplatform with custom serializer #​23211
• Bring Kotlin client code up-to-speed with changes #​23188
• [kotlin][kotlin-spring] Add companionObject option to generate companion objects in data classes #​23176
• Upgrade ktor to 3.4.0, kotlin to 2.3.0 #​23164
• fix(kotlin): support non-discriminator oneOf/anyOf model and array types with kotlinx_serialization #​23007
• Type safe error handling in kotlin spring server with useSealedResponseInterfaces flag #​23003

OCaml

• [OCaml][Fix] Unreferenced enum + Direct recursive types #​23005

PHP

• [php-nextgen]: Inherit model method docs and fix interface types #​23307
• [php-nextgen]: Fix array defaults #​23290
• [php-nextgen] Discriminator class detection uses wrong namespace #​23287
• PHP NextGen: address PSR-12 formatting violations #​23271
• PHP Generator: address PSR-12 formatting violations #​23250
• [php-symfony] use baseName for query param lookup in generated controllers #​23222

Postman

• Postman Generator: Format json edge case #​23265
• Postman Generator: Add folder description #​23249

Python

• [python] Fix deserialization of UUID JSON type in template #​23295
• Use Pydantic for json serialization in .to_json method #​23210
• [Python] Some fixes for pydantic v1 templates for nested dicts #​23162
• [Python] Fix python template for list and dicts of dicts #​23112
• feat(python): expose all config properties in constructor #​23021
• [PYTHON] switch from mutable bytearray to immutable bytes to avoid pydantic error #​22988
• fix(python): missing field_validator import for UUID properties with pattern #​22947
• python(pydantic): Use validate_by_name config; populate_by_name will be deprecated #​22931

Ruby

• [Ruby] Minor code improvement #​23196

Rust

• [rust] Fix array enums for generated object types #​23279
• [rust-server] Update mockall to 0.14 #​23048
• Rust-server: implement ValidateComposited traits for complex types and add integer enum support #​23045

Scala

• Add scalafmt (plugin) to scala-http4s client generator #​23300
• feat: support date-time-local in scala generators #​22990
• feat: Add oneOf for scala-http4s client #​22969

Swift

• [Swift6] Fix TSan race condition in Swift6 SynchronizedDictionary #​23091
• fix(swift): disable use of group separator #​23062

TypeScript

• [typescript-fetch] Add option to exclude RequestOpts from API interfaces #​23181
• fix(typescript-fetch): generate validationAttributes when withoutRuntimeChecks=true #​23107
• [typescript-angular] Include OIDC credential headers #​23065
• fix(typescript-fetch): ResponseError prototype chain #​23010
• [typescript-nestjs-server] improve request parameter handling #​22960

bucket4j/bucket4j (com.bucket4j:bucket4j_jdk17-core)

v8.18.0

Compare Source

What's Changed

• Fix typo in hazelcast doc by @​dwwoelfel in #​577
• Add Couchbase backend by @​sudheej in #​578

New Contributors

• @​dwwoelfel made their first contribution in #​577
• @​sudheej made their first contribution in #​578

Full Changelog: bucket4j/bucket4j@8.17.0...8.18.0

springdoc/springdoc-openapi (org.springdoc:springdoc-openapi-starter-webmvc-api)

v2.8.17

Added

• Add support for the @Range constraint validation annotation
• Auto-set nullable: true for Kotlin nullable types in schema properties

Changed

• Upgrade Spring Boot to version 3.5.13
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2

Fixed

• #​3259 – Fix an issue with annotated types with generics on parameters
• #​3255 – Handle $ref nullable wrapping and OAS 3.1 support
• #​3245 – Upgrade swagger-core from 2.2.43 to 2.2.45 (fixes schema resolution issues)
• #​3241 – Generic error responses from multiple @ControllerAdvice are still nondeterministic across OS
• #​3236 – Preserve YAML group URLs in Swagger UI
• Fix PropertyResolverUtils to retain a JsonNode when reading an ExtensionProperty annotation
• Fix handling of default values for LocalDate

getsentry/sentry-java (io.sentry:sentry-opentelemetry-core)

v8.40.0

Compare Source

Fixes

• Fix NoSuchMethodError for LayoutCoordinates.localBoundingBoxOf$default on Compose touch dispatch with AGP 8.13 and minSdk < 24 (#​5302)
• Fix reporting OkHttp's synthetic 504 "Unsatisfiable Request" responses as errors for CacheControl.FORCE_CACHE cache misses (#​5299)
• Make SentryGestureDetector thread-safe and recycle VelocityTracker per gesture (#​5301)
• Fix duplicate ui.click breadcrumbs when another Window.Callback wraps SentryWindowCallback (#​5300)

Dependencies

• Bump Native SDK from v0.13.6 to v0.13.7 (#​5296)
  • changelog
  • diff

v8.39.1

Compare Source

Fixes

• Fix JsonObjectReader and MapObjectReader hanging indefinitely when deserialization errors leave the reader in an inconsistent state (#​5293)
  • Failed collection values are now skipped so parsing can continue
  • Skipped collection values emit WARNING logs
  • Unknown-key failures and unrecoverable recovery failures emit ERROR logs

v8.39.0

Compare Source

Fixes

• Fix ANR caused by GestureDetectorCompat Handler/MessageQueue lock contention in SentryWindowCallback (#​5138)

Internal

• Bump AGP version from v8.6.0 to v8.13.1 (#​5063)

Dependencies

• Bump Native SDK from v0.13.3 to v0.13.6 (#​5277)
  • changelog
  • diff
• Bump Gradle from v8.14.3 to v9.4.1 (#​5063)
  • changelog
  • diff

v8.38.0

Compare Source

Features

• Prevent cross-organization trace continuation (#​5136)
  • By default, the SDK now extracts the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compares it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK starts a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
  • New option enableStrictTraceContinuation (default false): when enabled, both the SDK's org ID and the incoming baggage org ID must be present and match for a trace to be continued. Traces with a missing org ID on either side are rejected. Configurable via code (setStrictTraceContinuation(true)), sentry.properties (enable-strict-trace-continuation=true), Android manifest (io.sentry.strict-trace-continuation.enabled), or Spring Boot (sentry.strict-trace-continuation=true).
  • New option orgId: allows explicitly setting the organization ID for self-hosted and Relay setups where it cannot be extracted from the DSN. Configurable via code (setOrgId("123")), sentry.properties (org-id=123), Android manifest (io.sentry.org-id), or Spring Boot (sentry.org-id=123).
• Android: Attachments on the scope will now be synced to native (#​5211)
• Add THIRD_PARTY_NOTICES.md for vendored third-party code, bundled as SENTRY_THIRD_PARTY_NOTICES.md in the sentry JAR under META-INF (#​5186)

Improvements

• Do not retrieve ActivityManager if API < 35 on SDK init (#​5275)

v8.37.1

Compare Source

Fixes

• Fix deadlock in SentryContextStorage.root() with virtual threads and OpenTelemetry agent (#​5234)

v8.37.0

Compare Source

Fixes

• Session Replay: Fix Compose text masking mismatch with weighted text (#​5218)

Features

• Add cache tracing instrumentation for Spring Boot 2, 3, and 4 (#​5165)
  • Wraps Spring CacheManager and Cache beans to produce cache spans
  • Set sentry.enable-cache-tracing to true to enable this feature
• Add JCache (JSR-107) cache tracing via new sentry-jcache module (#​5165)
  • Wraps JCache Cache with SentryJCacheWrapper to produce cache spans
  • Set the enableCacheTracing option to true to enable this feature
• Add configurable IScopesStorageFactory to SentryOptions for providing a custom IScopesStorage, e.g. when the default ThreadLocal-backed storage is incompatible with non-pinning thread models (#​5199)
• Android: Add beforeErrorSampling callback to Session Replay (#​5214)
  • Allows filtering which errors trigger replay capture before the onErrorSampleRate is checked
  • Returning false skips replay capture entirely for that error; returning true proceeds with the normal sample rate check
  • Example usage:

    SentryAndroid.init(context) { options ->
        options.sessionReplay.beforeErrorSampling =
            SentryReplayOptions.BeforeErrorSamplingCallback { event, hint ->
                // Only capture replay for crashes (excluding e.g. handled exceptions)
                event.isCrashed
            }
    }

Dependencies

• Bump Native SDK from v0.13.2 to v0.13.3 (#​5215)
  • changelog
  • diff
• Bump OpenTelemetry (#​5225)
  • opentelemetry to 1.60.1 (was 1.57.0)
  • opentelemetry-instrumentation to 2.26.0 (was 2.23.0)
  • opentelemetry-instrumentation-alpha to 2.26.0-alpha (was 2.23.0-alpha)
  • opentelemetry-semconv to 1.40.0 (was 1.37.0)
  • opentelemetry-semconv-alpha to 1.40.0-alpha (was 1.37.0-alpha)

jdbi/jdbi (org.jdbi:jdbi3-bom)

v3.53.0

Compare Source

Fixes: Jdbi-Freemarker Security Advisory GHSA-mggx-p7jf-jgw4

The Freemarker configuration allows templates to construct arbitrary
Java types, including freemarker.template.utility.Execute.

While exploiting this requires other unsafe practices (letting a user
dictate template input), it seems prudent to disable template class resolution.

Please see GHSA-mggx-p7jf-jgw4 for more details.

Upgrade to testcontainers 2.x

While this required no code changes, the testcontainers project has
renamed a number of their jar files. Jdbi still supports
testcontainers 1.x and now also testcontainers 2.x:

If you are using testcontainers with Jdbi today and can not update to
2.x, make sure that you reference the org.testcontainers:jdbc and
org.testcontainers:junit-jupiter dependencies. Those used to be
available as transitive dependency from jdbi3-testcontainers.

If you upgrade to testcontainers 2.x, the
org.testcontainers:testcontainers-jdbc and
org.testcontainers:testcontainers-junit-jupiter dependencies must be
available.

• Update testcontainers dependency to 2.0.5 (from 1.21.4)
• Add StatementContext parameter to SqlExceptionHandler and remove return value

v3.52.1

Compare Source

• fix regression for java.time.Instant mapping from 3.52.0 (#​2955, reported by @​Eng-Fouad and @​toadzky)
• Add missing mappers for java.sql.Date and java.sql.Time
• Add support for java.time.OffsetTime
• Add support for java.time.ZoneOffset

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.5.14

Compare Source

v3.5.13

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 3am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.