From 541dbc70c18f79607618ffb1df4df539b0f77a59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 03:06:44 +0800 Subject: [PATCH 1/3] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96=E6=9E=84?= =?UTF-8?q?=E4=BB=B6=E7=89=88=E6=9C=AC=E5=8D=87=E7=BA=A7[org.xerial:sqlite?= =?UTF-8?q?-jdbc][3.51.3.0=20=3D>=203.53.0.0]=20(#1316)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [org.xerial:sqlite-jdbc](https://github.com/xerial/sqlite-jdbc) from 3.51.3.0 to 3.53.0.0.
Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.53.0.0

Changelog

🚀 Features

jdbc

sqlite

unscoped

🛠 Build

deps

deps-dev

Contributors

We'd like to thank the following people for their contributions: Gauthier, Karl-Michael Edlinger, kju2

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.xerial:sqlite-jdbc&package-manager=maven&previous-version=3.51.3.0&new-version=3.53.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/pom.xml b/meta-bom/pom.xml index 0452bc99..6318a019 100644 --- a/meta-bom/pom.xml +++ b/meta-bom/pom.xml @@ -94,7 +94,7 @@ 2.12 - 3.51.3.0 + 3.53.0.0 9.5.0 9.1.0 9.5.0 From 9f9de99af42477ee449dac0a9aca0dd84790221f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Apr 2026 03:07:03 +0800 Subject: [PATCH 2/3] =?UTF-8?q?chore(deps):=20=E4=BE=9D=E8=B5=96=E6=9E=84?= =?UTF-8?q?=E4=BB=B6=E7=89=88=E6=9C=AC=E5=8D=87=E7=BA=A7[com.google.guava:?= =?UTF-8?q?guava][33.5.0-jre=20=3D>=2033.6.0-jre]=20(#1312)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [com.google.guava:guava](https://github.com/google/guava) from 33.5.0-jre to 33.6.0-jre.
Release notes

Sourced from com.google.guava:guava's releases.

33.6.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.6.0-jre</version>
  <!-- or, for Android: -->
  <version>33.6.0-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Migrated some classes from finalize() to PhantomReference in preparation for the removal of finalization. (786b619dd6, 7c6b17c, aeef90988d)
  • cache: Deprecated CacheBuilder APIs that use TimeUnit in favor of those that use Duration. (73f8b0bb84)
  • collect: Added toImmutableSortedMap collectors that use the natural comparator. (64d70b9f94)
  • collect: Changed ConcurrentHashMultiset, ImmutableMap and TreeMultiset deserialization to avoid mutating final fields. In extremely unlikely scenarios in which an instance of that type contains an object that refers back to that instance, this could lead to a broken instance that throws NullPointerException when used. (8240c7e596, 046468055f)
  • graph: Removed @Beta from all APIs in the package. (dae9566b73)
  • graph: Added support to Graphs.transitiveClosure() for different strategies for adding self-loops. (2e13df25b2)
  • graph: Added an asNetwork() view to Graph and ValueGraph. (909c593c61)
  • hash: Added BloomFilter.serializedSize(). (df9bcc251a)
  • net: Added HttpHeaders.CDN_CACHE_CONTROL. (75331b5030)
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.guava:guava&package-manager=maven&previous-version=33.5.0-jre&new-version=33.6.0-jre)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- meta-bom/bom-mod/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-mod/pom.xml b/meta-bom/bom-mod/pom.xml index aa60255d..046fc0b9 100644 --- a/meta-bom/bom-mod/pom.xml +++ b/meta-bom/bom-mod/pom.xml @@ -138,7 +138,7 @@ 6.0.3 4.13.2 1.0.0 - 33.5.0-jre + 33.6.0-jre 4.34.1 6.1.0 From 3920d822b0465fcdffa6023440d256a4bf5ddd42 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 19:08:35 +0000 Subject: [PATCH 3/3] chore(deps): bump com.alibaba.nacos:nacos-client in /meta-bom/bom-deamon Bumps [com.alibaba.nacos:nacos-client](https://github.com/alibaba/nacos) from 3.2.0 to 3.2.1-2026.04.03. - [Release notes](https://github.com/alibaba/nacos/releases) - [Changelog](https://github.com/alibaba/nacos/blob/develop/CHANGELOG.md) - [Commits](https://github.com/alibaba/nacos/compare/3.2.0...3.2.1-2026.04.03) --- updated-dependencies: - dependency-name: com.alibaba.nacos:nacos-client dependency-version: 3.2.1-2026.04.03 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- meta-bom/bom-deamon/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-bom/bom-deamon/pom.xml b/meta-bom/bom-deamon/pom.xml index f4ccc2de..26019922 100644 --- a/meta-bom/bom-deamon/pom.xml +++ b/meta-bom/bom-deamon/pom.xml @@ -380,7 +380,7 @@ com.alibaba.nacos nacos-client - 3.2.0 + 3.2.1-2026.04.03 compile