Bump the minor-and-patch group across 1 directory with 12 updates

[dependabot]

Bumps the minor-and-patch group with 12 updates in the /java/app-encryption directory:

Package	From	To
commons-codec:commons-codec	1.19.0	1.20.0
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor	2.20.0	2.20.1
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.20.1
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.20.0	2.20.1
org.checkerframework:checker-qual	3.51.1	3.52.0
org.bouncycastle:bcprov-jdk18on	1.82	1.83
software.amazon.awssdk:kms	2.37.0	2.39.4
software.amazon.awssdk:dynamodb	2.37.0	2.39.4
io.micrometer:micrometer-core	1.15.5	1.16.0
com.amazonaws:aws-java-sdk-dynamodb	1.12.793	1.12.794
ch.qos.logback:logback-classic	1.5.20	1.5.21
org.apache.commons:commons-lang3	3.19.0	3.20.0

Updates commons-codec:commons-codec from 1.19.0 to 1.20.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.20.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.20.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

•         Add org.apache.commons.codec.digest.Crc16. Thanks to Fredrik Kjellberg, Gary Gregory.
  

•         Add builders to org.apache.commons.codec.digest streams and deprecate some old constructors. Thanks to Gary Gregory.
  

•         Add builder to Base16 streams and deprecate some old constructors. Thanks to Gary Gregory.
  

•         Add support for SHAKE128-256 and SHAKE256-512 to `DigestUtils` and `MessageDigestAlgorithms` on Java 25 and up. Thanks to Gary Gregory.
  

•         Add BaseNCodec.AbstractBuilder.setDecodeTable(byte[]) and refactor subclasses. Thanks to Gary Gregory.
  

Changes

•         Deprecate all but one Base32 constructor in favor of the builder added in version 1.17.0. Thanks to Gary Gregory.
  

•         Deprecate all but one Base64 constructor in favor of the builder added in version 1.17.0. Thanks to Gary Gregory.
  

•         BaseNCodecInputStream subclasses are now type-safe to match its matching BaseNCodec. Thanks to Gary Gregory.
  

•         BaseNCodecOutputStream subclasses are now type-safe to match its matching BaseNCodec. Thanks to Gary Gregory.
  

•         Bump org.apache.commons:commons-parent from 85 to 91. Thanks to Gary Gregory, Dependabot.
  

•         [test] Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Commits

• b20db1f Merge branch 'master' into release
• cb344d6 Use leaf in overview
• 004966b Better package description
• 1320800 Use HTTPS in URL
• fcb8bf6 Use component logo
• af58c1a Use final
• 4368bfe Add dependabot email [skip ci]
• cb2b7b6 Clarify comment
• 48bb283 Bump github/codeql-action from 4.30.9 to 4.31.2 (#414)
• f61c2e6 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#413)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 2.20.0 to 2.20.1

Commits

• 7cf8a3c [maven-release-plugin] prepare release jackson-dataformats-binary-2.20.1
• 106b380 Prep for 2.20.1 release
• b93171e Merge branch '2.19' into 2.20
• 4704691 Post-release dep version bump
• 29d3ed1 [maven-release-plugin] prepare for next development iteration
• 297a10c [maven-release-plugin] prepare release jackson-dataformats-binary-2.19.4
• becef87 Prep for 2.19.4 release
• 6f89feb Merge branch '2.19' into 2.20
• f8b4f74 Post-release dep version bump
• e6cb7a6 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.20.0 to 2.20.1

Commits

• ad7cda7 [maven-release-plugin] prepare release jackson-dataformats-text-2.20.1
• d3dc677 Prep for 2.20.1 release
• e667707 Merge branch '2.19' into 2.20
• 138f6a8 Post-release dep version bump
• d3e39cc [maven-release-plugin] prepare for next development iteration
• 15296a8 [maven-release-plugin] prepare release jackson-dataformats-text-2.19.4
• 97bab50 Prep for 2.19.4 release
• 82aa0bf Merge branch '2.19' into 2.20
• 0265bc8 Post-release dep version bump
• b42e80a [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.checkerframework:checker-qual from 3.51.1 to 3.52.0

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.52.0

Version 3.52.0 (2025-11-04)

Implementation details:

In CFAbstractAnalysis, renamed defaultCreateAbstractValue to getCfValue

In GenericAnnotatedTypeFactory:

• renamed performFlowAnalysis to performFlowAnalysisForClass
• renamed checkAndPerformFlowAnalysis to performFlowAnalysisForClassOnce

Closed issues:

#6629, #7341, #7346.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.52.0 (2025-11-04)

Implementation details:

In CFAbstractAnalysis, renamed defaultCreateAbstractValue to getCfValue

In GenericAnnotatedTypeFactory:

• renamed performFlowAnalysis to performFlowAnalysisForClass
• renamed checkAndPerformFlowAnalysis to performFlowAnalysisForClassOnce

Closed issues: #6629, #7341, #7346.

Commits

• f9d86ac new release 3.52.0
• 1ebc96f Fix links.
• 6063220 Use double quotes.
• a1fe8ec Update for release.
• 3d7a9fa Fix building AFU manual (#7349)
• a42d169 Change heap size to 4g
• 2518090 Use isEmpty() in preference to size()
• 8a3b47b Increase max heap size for tests
• 2de6d5c Update cimg/base Docker tag to v2025.11 (#7352)
• da473f3 Update dependency com.amazonaws:aws-java-sdk-bom to v1.12.793 (#7351)
• Additional commits viewable in compare view

Updates org.bouncycastle:bcprov-jdk18on from 1.82 to 1.83

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates software.amazon.awssdk:kms from 2.37.0 to 2.39.4

Updates software.amazon.awssdk:dynamodb from 2.37.0 to 2.39.4

Updates software.amazon.awssdk:dynamodb from 2.37.0 to 2.39.4

Updates io.micrometer:micrometer-core from 1.15.5 to 1.16.0

Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.16.0

We upgraded the Prometheus Java Client to 1.4.x (#6830) which brings support for Unicode which includes some behavioral change in naming conventions, see the 1.16 Migration-Guide.

⚠️ Noteworthy

• Deprecate the Wavefront module #6328
• Remove deprecated io.micrometer.core.lang annotations #6407
• Register JCache cache.removals as a FunctionCounter by default #2754
• Improve no-op behavior of the Observation API #6700

⭐ New Features

• Support KeyValues with annotations when using ObservedAspect/@Observed #4030
• Validate low cardinality keys #6713
• Add counter for total loaded classes #3561
• Add eventexecutor.workers metrics for Netty #6375
• Avoid DistributionStatisticsConfig creation when retrieving timers #6661
• Avoid capturing lambda allocation when retrieving existing meters #6670
• Introduce MeterConvention #6710
• OpenTelemetry Semantic Conventions for JVM metrics #5286
• Add MeterFilter.forMeters utility method #6594
• Apache HC 5 OTel semantic convention #6591
• Improve nullability for gauges #6546
• Metrics for Generational Shenandoah GC #4259
• Support custom tags in NettyEventExecutorMetrics #6592
• Support newsgroups KeyValue for Jakarta Mail instrumentation #6558
• Add KeyName.withNoneValue() #6125
• Add getAll to Getter for repeated metadata #6312
• Enhance logging of negative amount in AbstractTimer.record() by printing stack trace #6530
• Flag to register JCache cache.removals as FunctionCounter #6471
• Improved Meter.Id#getTags() performance #6182
• Jakarta Mail instrumentation #5985
• Log requests as trace level for OtlpMeterRegistry #6514
• Make KafkaMetrics refresh interval configurable #6319
• Migrate to JSpecify annotations for nullability constraints #5547
• Provide meter count in HighCardinalityTagsDetector #6510
• StackdriverConfig option to not create metric descriptors #6281
• Use String.replace() where possible #6449

🐞 Bug Fixes

• Exclude java.* from OSGI Import-Package #6810
• Distribution without percentiles always has value 0 in Stackdriver #6401
• Incompatible with slf4j 2 in OSGi #6406
• LongTaskTimer#measure does not return max duration #6421
• Return NaN for null KafkaMetrics values #6324
• Scrape failure when conflicting meter types are registered #6434
• ValueResolver and ValueExpressionResolver nullability is inconsistent #6280

... (truncated)

Commits

• 3360d05 Upgrade Micrometer Context Propagation to 1.2.0
• 8ae2387 Merge branch '1.15.x'
• 521f151 Merge branch '1.14.x' into 1.15.x
• 1628762 Setup continuous builds for Antora (#6858)
• 65031ea Bump software.amazon.awssdk:cloudwatch from 2.37.4 to 2.37.5 (#6859)
• df18b91 Bump software.amazon.awssdk:cloudwatch from 2.37.3 to 2.37.4 (#6856)
• 4cb7563 Bump com.uber.nullaway:nullaway from 0.12.11 to 0.12.12 (#6854)
• 064d159 Bump activemq-artemis from 2.42.0 to 2.44.0 (#6850)
• 4d9ec6e Bump software.amazon.awssdk:cloudwatch from 2.37.2 to 2.37.3 (#6849)
• 698d394 Bump spring-io/spring-github-workflows (#6848)
• Additional commits viewable in compare view

Updates com.amazonaws:aws-java-sdk-dynamodb from 1.12.793 to 1.12.794

Changelog

Sourced from com.amazonaws:aws-java-sdk-dynamodb's changelog.

1.12.794 2025-11-20

AWS SDK for Java

• Features

  • Update region metadata.

Commits

• 12c4273 AWS SDK for Java 1.12.794
• fdb0fd2 Update GitHub version number to 1.12.794-SNAPSHOT
• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.20 to 1.5.21

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• fed6f37 prepare release 1.5.21
• b111e89 Initialization procedure has been simplified by removing the step
• 1cd2df4 fix issues/871
• dea5b95 minor - remove superflous call to Objects.requireNonNull
• 3cecf29 add comment for the TurboFilter list ACCEPT case
• 1497142 improve performance for 2 or more turbo filters
• 04a7ba5 most subclasses of UnsynchronizedAppenderBase do not need a reentry guard
• ab6a006 add maven cache to github CI, update .github/FUNDING.yml
• 2bf5557 fix failed LegacyPatternLayoutTest#subPattern test due to TZ discrepancies, u...
• 2ca8c52 update funding info
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.20.0 to 2.20.1

Commits

• ad7cda7 [maven-release-plugin] prepare release jackson-dataformats-text-2.20.1
• d3dc677 Prep for 2.20.1 release
• e667707 Merge branch '2.19' into 2.20
• 138f6a8 Post-release dep version bump
• d3e39cc [maven-release-plugin] prepare for next development iteration
• 15296a8 [maven-release-plugin] prepare release jackson-dataformats-text-2.19.4
• 97bab50 Prep for 2.19.4 release
• 82aa0bf Merge branch '2.19' into 2.20
• 0265bc8 Post-release dep version bump
• b42e80a [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions