chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03] by dependabot[bot] · Pull Request #1212 · ACANX/MetaOpen

dependabot · 2026-04-05T19:03:21Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03.

Release notes

Sourced from com.alibaba.nacos:nacos-client's releases.

3.2.1-2026.04.03

Nacos 3.2.1-2026.04.03 is a snapshot release focused on critical bug fixes and feature enhancements for issues discovered in 3.2.0, particularly around AI module stability, database compatibility, and console UI improvements.

Key highlights include:

AI Registry Enhancements: Complete Prompt lifecycle management UI, AI resource trace logging, and enhanced list APIs with filters

Database Compatibility: PostgreSQL and Oracle schema fixes, deterministic pagination with ORDER BY clauses

Dependency Resolution: Upgraded MCP SDK to 0.17.0 to resolve json-schema-validator conflicts

Concurrency Fixes: Eliminated race conditions in AI publish pipeline, naming module, and client failover

Console UI: Fixed configuration editing errors, namespace ID validation, and batch import issues

Feature

#14807 Add Prompt lifecycle management UI for both legacy and next consoles

#14809 Enhance AI resource list APIs with filters and ordering support

#14794 Support force-publish skills for admin user

Enhancement/Refactor

#14743 Close CallableStatement in DerbySnapshotOperation to prevent JDBC resource leak

#14750 Fix check-then-act race condition in FailoverReactor.isFailoverSwitch

#14751 Fix check-then-act race conditions on ConcurrentHashMap in naming module

#14784 Validate input parameters in ops controller forms for better security

#14806 Improve cluster metrics aggregation completeness signal in v3 API

#14818 Improve cluster metrics aggregation completeness signal in v3 API

#14822 Extract duplicated logic from SkillOperationServiceImpl and AgentSpecOperationServiceImpl into AiResourceManager and VersionUtils

#14834 Upgrade UI dependencies for both legacy and next consoles

BugFix

#14046 Fix ConfigInfoMapperByMySql.findConfigInfoLike4PageFetchRows result accuracy on MySQL

#14741 Add ORDER BY to findConfigInfoLike4PageFetchRows for deterministic pagination

#14742 Add ORDER BY to findConfigInfoLike4PageFetchRows for deterministic pagination

#14746 Add ORDER BY to remaining MySQL pagination queries for deterministic results

#14747 Add ORDER BY to Oracle pagination queries for deterministic results

#14748 Add ORDER BY to Derby pagination queries for deterministic results

#14764 Fix namespace ID validation issue in new UI when adding custom namespace

#14765 Fix configuration file editing error in 3.2 console

#14768 Fix /v3/console/ai/mcp/importToolsFromMcp failure due to json-schema-validator dependency conflict

#14771 Fix batch import failure in legacy console UI

#14775 Add missing OIDC-related configurations to application.properties template

#14783 Remove downloadSkillZip from AiClientProxy interface and route skill download directly to HTTP client

#14786 Eliminate race condition in AI publish pipeline by pre-generating executionId

#14810 Fix PostgreSQL schema default timestamp issues causing startup failures

#14812 Set default timestamps to current time in Oracle and PostgreSQL schemas

#14828 Fix cross-type version contamination when querying ai_resource_version by name

#14832 Fix PostgreSQL compatibility issues for AI resource persistence and capacity modules

... (truncated)

Commits

a6ef263 chore(build): update project revision to 3.2.1-2026.04.03.
3f9d890 chore(config): remove default property files and enable servlet encoding. (#1...
3ad21fa fix(console-ui-next): fix login page loop and header when auth disabled (#14853)
e52214f [ISSUE #14833] Add AI resource trace logging and fix prompt bizTags handling ...
53427d1 docs: update CONTRIBUTING.md with detailed contribution guidelines (#14850)
94dcef9 feat(auth,ai) support auth ai resource subtype parse (#14847)
9591f52 fix(naming): change ActionTypes.WRITE to ActionTypes.READ for getting (#14849)
5e0ab60 fix: PostgreSQL compatibility fixes for AI resource and capacity modules (#14...
3268700 [Feature] Add Prompt lifecycle management UI for both legacy and next console...
cb7c775 feat(ai,plugin): add pipeline support for Prompt resource type (#14840)
Additional commits viewable in compare view

…5.6 => 5.6.1] (#1352) Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.6 to 5.6.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt">org.apache.httpcomponents.client5:httpclient5's changelog</a>.</em></p> <blockquote> <h2>Release 5.6.1</h2> <p>This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.</p> <h2>Change Log</h2> <ul> <li> <p>Fix SCRAM final response handling. Contributed by Arturo Bernal </p> </li> <li> <p>Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski </p> </li> <li> <p>Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>). Contributed by Gary Gregory </p> </li> <li> <p>Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski </p> </li> <li> <p>HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>). Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski </p> </li> <li> <p>DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt </p> </li> <li> <p>HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/775">#775</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Fix NPE in connection evictor setup (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/774">#774</a>). Contributed by Arturo Bernal </p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/httpcomponents-client/commit/4f86ca6a5eb528613edb892a4f7161e23dce15d7"><code>4f86ca6</code></a> HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1b2bafe817552369466a925e0cb3592deb303a26"><code>1b2bafe</code></a> Updated release notes for HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1acf00b879d908a869508ceee2edb0fe65b69d73"><code>1acf00b</code></a> Fix SCRAM final response handling</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/49549abca82842586cdce82e5f8a1bbd461a1ac7"><code>49549ab</code></a> Auth challenge parsing code improvement</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/fa6b6d70af06195c0ffdaadd107e1673c7200114"><code>fa6b6d7</code></a> Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/3de8ad5e99a52b2a9c2f595a4ce8c9b00649d515"><code>3de8ad5</code></a> Fixed DefaultClientTlsStrategy test failures on MacOS</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/c69f38f764814b3d9a24c4f0d6c9576385e0083c"><code>c69f38f</code></a> Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/30386d309614309b18e7b23953ee42bded18d57b"><code>30386d3</code></a> HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/9cc45f6c67864ec53f2284d16e77872851e25e87"><code>9cc45f6</code></a> HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1e01a487e283c04cbcd60515951c2d8b6e1f2670"><code>1e01a48</code></a> HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/httpcomponents-client/compare/rel/v5.6...rel/v5.6.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.httpcomponents.client5:httpclient5&package-manager=maven&previous-version=5.6&new-version=5.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps `httpclient5.version` from 5.6 to 5.6.1. Updates `org.apache.httpcomponents.client5:httpclient5` from 5.6 to 5.6.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt">org.apache.httpcomponents.client5:httpclient5's changelog</a>.</em></p> <blockquote> <h2>Release 5.6.1</h2> <p>This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.</p> <h2>Change Log</h2> <ul> <li> <p>Fix SCRAM final response handling. Contributed by Arturo Bernal </p> </li> <li> <p>Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski </p> </li> <li> <p>Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>). Contributed by Gary Gregory </p> </li> <li> <p>Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski </p> </li> <li> <p>HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>). Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski </p> </li> <li> <p>DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt </p> </li> <li> <p>HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/775">#775</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Fix NPE in connection evictor setup (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/774">#774</a>). Contributed by Arturo Bernal </p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/httpcomponents-client/commit/4f86ca6a5eb528613edb892a4f7161e23dce15d7"><code>4f86ca6</code></a> HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1b2bafe817552369466a925e0cb3592deb303a26"><code>1b2bafe</code></a> Updated release notes for HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1acf00b879d908a869508ceee2edb0fe65b69d73"><code>1acf00b</code></a> Fix SCRAM final response handling</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/49549abca82842586cdce82e5f8a1bbd461a1ac7"><code>49549ab</code></a> Auth challenge parsing code improvement</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/fa6b6d70af06195c0ffdaadd107e1673c7200114"><code>fa6b6d7</code></a> Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/3de8ad5e99a52b2a9c2f595a4ce8c9b00649d515"><code>3de8ad5</code></a> Fixed DefaultClientTlsStrategy test failures on MacOS</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/c69f38f764814b3d9a24c4f0d6c9576385e0083c"><code>c69f38f</code></a> Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/30386d309614309b18e7b23953ee42bded18d57b"><code>30386d3</code></a> HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/9cc45f6c67864ec53f2284d16e77872851e25e87"><code>9cc45f6</code></a> HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1e01a487e283c04cbcd60515951c2d8b6e1f2670"><code>1e01a48</code></a> HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/httpcomponents-client/compare/rel/v5.6...rel/v5.6.1">compare view</a></li> </ul> </details> <br /> Updates `org.apache.httpcomponents.client5:httpclient5-cache` from 5.6 to 5.6.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt">org.apache.httpcomponents.client5:httpclient5-cache's changelog</a>.</em></p> <blockquote> <h2>Release 5.6.1</h2> <p>This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.</p> <h2>Change Log</h2> <ul> <li> <p>Fix SCRAM final response handling. Contributed by Arturo Bernal </p> </li> <li> <p>Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski </p> </li> <li> <p>Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>). Contributed by Gary Gregory </p> </li> <li> <p>Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski </p> </li> <li> <p>HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>). Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski </p> </li> <li> <p>DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt </p> </li> <li> <p>HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/775">#775</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Fix NPE in connection evictor setup (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/774">#774</a>). Contributed by Arturo Bernal </p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/httpcomponents-client/commit/4f86ca6a5eb528613edb892a4f7161e23dce15d7"><code>4f86ca6</code></a> HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1b2bafe817552369466a925e0cb3592deb303a26"><code>1b2bafe</code></a> Updated release notes for HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1acf00b879d908a869508ceee2edb0fe65b69d73"><code>1acf00b</code></a> Fix SCRAM final response handling</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/49549abca82842586cdce82e5f8a1bbd461a1ac7"><code>49549ab</code></a> Auth challenge parsing code improvement</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/fa6b6d70af06195c0ffdaadd107e1673c7200114"><code>fa6b6d7</code></a> Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/3de8ad5e99a52b2a9c2f595a4ce8c9b00649d515"><code>3de8ad5</code></a> Fixed DefaultClientTlsStrategy test failures on MacOS</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/c69f38f764814b3d9a24c4f0d6c9576385e0083c"><code>c69f38f</code></a> Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/30386d309614309b18e7b23953ee42bded18d57b"><code>30386d3</code></a> HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/9cc45f6c67864ec53f2284d16e77872851e25e87"><code>9cc45f6</code></a> HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1e01a487e283c04cbcd60515951c2d8b6e1f2670"><code>1e01a48</code></a> HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/httpcomponents-client/compare/rel/v5.6...rel/v5.6.1">compare view</a></li> </ul> </details> <br /> Updates `org.apache.httpcomponents.client5:httpclient5-fluent` from 5.6 to 5.6.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt">org.apache.httpcomponents.client5:httpclient5-fluent's changelog</a>.</em></p> <blockquote> <h2>Release 5.6.1</h2> <p>This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.</p> <h2>Change Log</h2> <ul> <li> <p>Fix SCRAM final response handling. Contributed by Arturo Bernal </p> </li> <li> <p>Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski </p> </li> <li> <p>Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>). Contributed by Gary Gregory </p> </li> <li> <p>Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski </p> </li> <li> <p>HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>). Contributed by Arturo Bernal </p> </li> <li> <p>HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski </p> </li> <li> <p>DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt </p> </li> <li> <p>HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/775">#775</a>). Contributed by Arturo Bernal </p> </li> <li> <p>Fix NPE in connection evictor setup (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/774">#774</a>). Contributed by Arturo Bernal </p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/httpcomponents-client/commit/4f86ca6a5eb528613edb892a4f7161e23dce15d7"><code>4f86ca6</code></a> HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1b2bafe817552369466a925e0cb3592deb303a26"><code>1b2bafe</code></a> Updated release notes for HttpClient 5.6.1 release</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1acf00b879d908a869508ceee2edb0fe65b69d73"><code>1acf00b</code></a> Fix SCRAM final response handling</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/49549abca82842586cdce82e5f8a1bbd461a1ac7"><code>49549ab</code></a> Auth challenge parsing code improvement</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/fa6b6d70af06195c0ffdaadd107e1673c7200114"><code>fa6b6d7</code></a> Add missing Javadoc for ConnectionConfig (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/820">#820</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/3de8ad5e99a52b2a9c2f595a4ce8c9b00649d515"><code>3de8ad5</code></a> Fixed DefaultClientTlsStrategy test failures on MacOS</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/c69f38f764814b3d9a24c4f0d6c9576385e0083c"><code>c69f38f</code></a> Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/30386d309614309b18e7b23953ee42bded18d57b"><code>30386d3</code></a> HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/9cc45f6c67864ec53f2284d16e77872851e25e87"><code>9cc45f6</code></a> HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/802">#802</a>)</li> <li><a href="https://github.com/apache/httpcomponents-client/commit/1e01a487e283c04cbcd60515951c2d8b6e1f2670"><code>1e01a48</code></a> HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (<a href="https://redirect.github.com/apache/httpcomponents-client/issues/803">#803</a>)</li> <li>Additional commits viewable in <a href="https://github.com/apache/httpcomponents-client/compare/rel/v5.6...rel/v5.6.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps `meta-open.version` from 0.8.1.4 to 0.8.2. Updates `com.acanx.meta.model:model-deepseek` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-dingtalk` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-gemini` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-quote` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-rss` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-sonatype` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Updates `com.acanx.meta.model:model-wechat-work` from 0.8.1.4 to 0.8.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/ACANX/MetaOpen/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [org.jsoup:jsoup](https://github.com/jhy/jsoup) from 1.22.1 to 1.22.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/releases">org.jsoup:jsoup's releases</a>.</em></p> <blockquote> <h2>jsoup Java HTML Parser release 1.22.2</h2> <p><strong>jsoup 1.22.2</strong> is out now, with fixes and refinements across the library. It makes editing the DOM during traversal more predictable, refreshes the default HTML tag definitions with newer elements and better text boundaries, and improves reliability in parsing and HTTP transport. The release also fixes a number of edge cases in cleaning, stream parsing, XML doctype handling, and Android packaging.</p> <p><strong>jsoup</strong> is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.</p> <p><a href="https://github.com/jhy/jsoup/blob/HEAD/download"><strong>Download</strong></a> jsoup now.</p> <h2>Improvements</h2> <ul> <li>Expanded and clarified <code>NodeTraversor</code> support for in-place DOM rewrites during <code>NodeVisitor.head()</code>. Current-node edits such as <code>remove</code>, <code>replace</code>, and <code>unwrap</code> now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. <a href="https://redirect.github.com/jhy/jsoup/issues/2472">#2472</a></li> <li>Documentation: clarified that a configured <code>Cleaner</code> may be reused across concurrent threads, and that shared <code>Safelist</code> instances should not be mutated while in use. <a href="https://redirect.github.com/jhy/jsoup/issues/2473">#2473</a></li> <li>Updated the default HTML <code>TagSet</code> for current HTML elements: added <code>dialog</code>, <code>search</code>, <code>picture</code>, and <code>slot</code>; made <code>ins</code>, <code>del</code>, <code>button</code>, <code>audio</code>, <code>video</code>, and <code>canvas</code> inline by default (<code>Tag#isInline()</code>, aligned to phrasing content in the spec); and added readable <code>Element.text()</code> boundaries for controls and embedded objects via the new <code>Tag.TextBoundary</code> option. This improves pretty-printing and keeps normalized text from running adjacent words together. <a href="https://redirect.github.com/jhy/jsoup/pull/2493">#2493</a></li> </ul> <h2>Bug Fixes</h2> <ul> <li>Android (R8/ProGuard): added a rule to ignore the optional <code>re2j</code> dependency when not present. <a href="https://redirect.github.com/jhy/jsoup/issues/2459">#2459</a></li> <li>Fixed a <code>NodeTraversor</code> regression in 1.21.2 where removing or replacing the current node during <code>head()</code> could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. <a href="https://redirect.github.com/jhy/jsoup/issues/2472">#2472</a></li> <li>Parsing during charset sniffing no longer fails if an advisory <code>available()</code> call throws <code>IOException</code>, as seen on JDK 8 <code>HttpURLConnection</code>. <a href="https://redirect.github.com/jhy/jsoup/issues/2474">#2474</a></li> <li><code>Cleaner</code> no longer makes relative URL attributes in the input document absolute when cleaning or validating a <code>Document</code>. URL normalization now applies only to the cleaned output, and <code>Safelist.isSafeAttribute()</code> is side effect free. <a href="https://redirect.github.com/jhy/jsoup/issues/2475">#2475</a></li> <li><code>Cleaner</code> no longer duplicates enforced attributes when the input <code>Document</code> preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. <a href="https://redirect.github.com/jhy/jsoup/issues/2476">#2476</a></li> <li>If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK <code>HttpClient</code>, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy <code>HttpURLConnection</code> transport instead, which does support SOCKS. <a href="https://redirect.github.com/jhy/jsoup/issues/2468">#2468</a></li> <li><code>Connection.Response.streamParser()</code> and <code>DataUtil.streamParser(Path, ...)</code> could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. <a href="https://redirect.github.com/jhy/jsoup/issues/2483">#2483</a></li> <li>In XML mode, doctypes with an internal subset, such as <code><!DOCTYPE root [<!ENTITY name "value">]></code>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. <a href="https://redirect.github.com/jhy/jsoup/issues/2486">#2486</a></li> </ul> <h2>Build Changes</h2> <ul> <li>Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). <a href="https://redirect.github.com/jhy/jsoup/pull/2491">#2491</a></li> </ul> <hr /> <p>My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via <a href="https://github.com/jhy/jsoup/discussions">jsoup discussions</a>, or with me <a href="https://jhedley.com/">directly</a>.</p> <p>You can also follow me (@<a href="mailto:[email protected]">[email protected]</a>) on Mastodon / Fediverse to receive occasional notes about jsoup releases.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/jhy/jsoup/blob/master/CHANGES.md">org.jsoup:jsoup's changelog</a>.</em></p> <blockquote> <h2>1.22.2 (2026-Apr-20)</h2> <h3>Improvements</h3> <ul> <li>Expanded and clarified <code>NodeTraversor</code> support for in-place DOM rewrites during <code>NodeVisitor.head()</code>. Current-node edits such as <code>remove</code>, <code>replace</code>, and <code>unwrap</code> now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. <a href="https://redirect.github.com/jhy/jsoup/issues/2472">#2472</a></li> <li>Documentation: clarified that a configured <code>Cleaner</code> may be reused across concurrent threads, and that shared <code>Safelist</code> instances should not be mutated while in use. <a href="https://redirect.github.com/jhy/jsoup/issues/2473">#2473</a></li> <li>Updated the default HTML <code>TagSet</code> for current HTML elements: added <code>dialog</code>, <code>search</code>, <code>picture</code>, and <code>slot</code>; made <code>ins</code>, <code>del</code>, <code>button</code>, <code>audio</code>, <code>video</code>, and <code>canvas</code> inline by default (<code>Tag#isInline()</code>, aligned to phrasing content in the spec); and added readable <code>Element.text()</code> boundaries for controls and embedded objects via the new <code>Tag.TextBoundary</code> option. This improves pretty-printing and keeps normalized text from running adjacent words together. <a href="https://redirect.github.com/jhy/jsoup/pull/2493">#2493</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Android (R8/ProGuard): added a rule to ignore the optional <code>re2j</code> dependency when not present. <a href="https://redirect.github.com/jhy/jsoup/issues/2459">#2459</a></li> <li>Fixed a <code>NodeTraversor</code> regression in 1.21.2 where removing or replacing the current node during <code>head()</code> could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. <a href="https://redirect.github.com/jhy/jsoup/issues/2472">#2472</a></li> <li>Parsing during charset sniffing no longer fails if an advisory <code>available()</code> call throws <code>IOException</code>, as seen on JDK 8 <code>HttpURLConnection</code>. <a href="https://redirect.github.com/jhy/jsoup/issues/2474">#2474</a></li> <li><code>Cleaner</code> no longer makes relative URL attributes in the input document absolute when cleaning or validating a <code>Document</code>. URL normalization now applies only to the cleaned output, and <code>Safelist.isSafeAttribute()</code> is side effect free. <a href="https://redirect.github.com/jhy/jsoup/issues/2475">#2475</a></li> <li><code>Cleaner</code> no longer duplicates enforced attributes when the input <code>Document</code> preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. <a href="https://redirect.github.com/jhy/jsoup/issues/2476">#2476</a></li> <li>If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK <code>HttpClient</code>, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy <code>HttpURLConnection</code> transport instead, which does support SOCKS. <a href="https://redirect.github.com/jhy/jsoup/issues/2468">#2468</a></li> <li><code>Connection.Response.streamParser()</code> and <code>DataUtil.streamParser(Path, ...)</code> could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. <a href="https://redirect.github.com/jhy/jsoup/issues/2483">#2483</a></li> <li>In XML mode, doctypes with an internal subset, such as <code><!DOCTYPE root [<!ENTITY name "value">]></code>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. <a href="https://redirect.github.com/jhy/jsoup/issues/2486">#2486</a></li> </ul> <h3>Build Changes</h3> <ul> <li>Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). <a href="https://redirect.github.com/jhy/jsoup/pull/2491">#2491</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jhy/jsoup/commit/ac28afe6e5bf96d39fd17c3e0a797a7585e1958c"><code>ac28afe</code></a> [maven-release-plugin] prepare release jsoup-1.22.2</li> <li><a href="https://github.com/jhy/jsoup/commit/52f2cd3ea2004b9be0e0a09021bac7ce2daf8ae4"><code>52f2cd3</code></a> Improve entity example in changelog</li> <li><a href="https://github.com/jhy/jsoup/commit/cf6ffe08616f8633ee6113b91f9d6a07acef38c6"><code>cf6ffe0</code></a> Add Tag#TextBoundary option; bring TagSet to spec (<a href="https://redirect.github.com/jhy/jsoup/issues/2493">#2493</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/2be739c1c659a1592c402a5441f8be6f7881280c"><code>2be739c</code></a> Bump github/codeql-action from 4 to 4.35.1 (<a href="https://redirect.github.com/jhy/jsoup/issues/2492">#2492</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/45de7cbc215eb3f1189d23eaf57acf6f7b1a5edf"><code>45de7cb</code></a> Migrate integration test server from Jetty to Netty (<a href="https://redirect.github.com/jhy/jsoup/issues/2491">#2491</a>)</li> <li><a href="https://github.com/jhy/jsoup/commit/1df14edbfc327a1ef309142ef5e8ed68324de320"><code>1df14ed</code></a> Preserve XML doctype internal subset</li> <li><a href="https://github.com/jhy/jsoup/commit/06fa52d15a22003b67dfdb3f8220cc025d493a43"><code>06fa52d</code></a> Adding Contribution Guide</li> <li><a href="https://github.com/jhy/jsoup/commit/d4a8941820c037327538c30a8723ec715b67b6f6"><code>d4a8941</code></a> Simplify the test; doesn't need the buffer</li> <li><a href="https://github.com/jhy/jsoup/commit/823709f519995492d9a092fe315af389616e58f8"><code>823709f</code></a> Don't reuse a fully read sniffed doc for StreamParser</li> <li><a href="https://github.com/jhy/jsoup/commit/e1b0df5fec53710214cd700de38d82e1ca92bd79"><code>e1b0df5</code></a> NodeFilter javadoc tweak</li> <li>Additional commits viewable in <a href="https://github.com/jhy/jsoup/compare/jsoup-1.22.1...jsoup-1.22.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jsoup:jsoup&package-manager=maven&previous-version=1.22.1&new-version=1.22.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

….0 => 2.14.0] (#1363) Bumps org.apache.commons:commons-configuration2 from 2.12.0 to 2.14.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-configuration2&package-manager=maven&previous-version=2.12.0&new-version=2.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…re][7.0.4 => 7.0.5] (#1364) Bumps [org.springframework.security:spring-security-core](https://github.com/spring-projects/spring-security) from 7.0.4 to 7.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/spring-projects/spring-security/releases">org.springframework.security:spring-security-core's releases</a>.</em></p> <blockquote> <h2>7.0.5</h2> <h2>:star: New Features</h2> <ul> <li>Add XML Based shouldWriteHeadersEagerly tests <a href="https://redirect.github.com/spring-projects/spring-security/pull/19018">#19018</a></li> <li>Merge Add CredentialRecordOwnerAuthorizationManager <a href="https://redirect.github.com/spring-projects/spring-security/pull/19005">#19005</a></li> </ul> <h2>:beetle: Bug Fixes</h2> <ul> <li>Add equals and hashcode to HttpMethodRequestMatcher <a href="https://redirect.github.com/spring-projects/spring-security/issues/18963">#18963</a></li> <li>auth_time claim doesn't show the time of the original authentication <a href="https://redirect.github.com/spring-projects/spring-security/issues/18282">#18282</a></li> <li>auth_time validation fails when SSO session is renewed <a href="https://redirect.github.com/spring-projects/spring-security/issues/18978">#18978</a></li> <li>Fallback defaultTargetUrl if refererHeader is empty <a href="https://redirect.github.com/spring-projects/spring-security/issues/18981">#18981</a></li> <li>Fix HttpSessionRequestCache#getMatchingRequest query string parsing <a href="https://redirect.github.com/spring-projects/spring-security/issues/18972">#18972</a></li> <li>Merge Handle null value in OnCommittedResponseWrapper header methods <a href="https://redirect.github.com/spring-projects/spring-security/pull/18990">#18990</a></li> <li>OAuth2 client sessionManagement ineffective with DefaultOidcUser <a href="https://redirect.github.com/spring-projects/spring-security/issues/19022">#19022</a></li> </ul> <h2>:hammer: Dependency Upgrades</h2> <ul> <li>Bump <code>@springio</code>/antora-extensions from 1.14.10 to 1.14.11 in /docs <a href="https://redirect.github.com/spring-projects/spring-security/pull/19054">#19054</a></li> <li>Bump <code>@springio</code>/antora-extensions from 1.14.7 to 1.14.9 in /docs <a href="https://redirect.github.com/spring-projects/spring-security/pull/18953">#18953</a></li> <li>Bump <code>@springio</code>/antora-extensions from 1.14.9 to 1.14.10 in /docs <a href="https://redirect.github.com/spring-projects/spring-security/pull/19029">#19029</a></li> <li>Bump <code>@springio</code>/asciidoctor-extensions from 1.0.0-alpha.17 to 1.0.0-alpha.18 in /docs <a href="https://redirect.github.com/spring-projects/spring-security/pull/18957">#18957</a></li> <li>Bump actions/upload-artifact from 7.0.0 to 7.0.1 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19096">#19096</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.31.1.RELEASE to 0.31.2.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/19021">#19021</a></li> <li>Bump com.webauthn4j:webauthn4j-core from 0.31.2.RELEASE to 0.31.3.RELEASE <a href="https://redirect.github.com/spring-projects/spring-security/pull/19114">#19114</a></li> <li>Bump io.projectreactor:reactor-bom from 2025.0.4 to 2025.0.5 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19080">#19080</a></li> <li>Bump org.apache.maven:maven-resolver-provider from 3.9.14 to 3.9.15 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19111">#19111</a></li> <li>Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19113">#19113</a></li> <li>Bump org.springframework.ldap:spring-ldap-core from 4.0.2 to 4.0.3 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19098">#19098</a></li> <li>Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19112">#19112</a></li> <li>Bump spring-io/spring-gradle-build-action from 2.0.5 to 2.0.6 <a href="https://redirect.github.com/spring-projects/spring-security/pull/18996">#18996</a></li> <li>Bump spring-io/spring-release-actions from 0.0.3 to 0.0.4 <a href="https://redirect.github.com/spring-projects/spring-security/pull/19095">#19095</a></li> <li>Bump spring-io/spring-security-release-tools/.github/workflows/update-scheduled-release-version.yml from 1.0.14 to 1.0.15 <a href="https://redirect.github.com/spring-projects/spring-security/pull/18948">#18948</a></li> </ul> <h2>:heart: Contributors</h2> <p>Thank you to all the contributors who worked on this release:</p> <p><a href="https://github.com/rwinch"><code>@rwinch</code></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/spring-projects/spring-security/commit/53bc6a77963209bb2a5f3efdd855b1f4a8051cc3"><code>53bc6a7</code></a> Fix Formatting</li> <li><a href="https://github.com/spring-projects/spring-security/commit/aed95aa2b1e7d35d2a7d672ee9d2d8333a38f5e8"><code>aed95aa</code></a> Fix Formatting</li> <li><a href="https://github.com/spring-projects/spring-security/commit/7b57a4a3bbf0649b5416707f940fd740c94dc377"><code>7b57a4a</code></a> Release 7.0.5</li> <li><a href="https://github.com/spring-projects/spring-security/commit/11047960ad917773d64e60fa6ffbea02409eb655"><code>1104796</code></a> Merge branch '6.5.x' into 7.0.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/3d4e20597a8cb00eab70fcca67575a789a6786a2"><code>3d4e205</code></a> Merge remote-tracking branch 'oss/6.5.x' into 6.5.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/4c40eeb89e54f93cc0ba67d2a9e5c3425a2da8bf"><code>4c40eeb</code></a> Merge remote-tracking branch 'oss/6.5.x' into 7.0.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/ff1e925c080555731ef0b36b8fb779cfa88f5481"><code>ff1e925</code></a> Merge remote-tracking branch 'oss/7.0.x' into 7.0.x</li> <li><a href="https://github.com/spring-projects/spring-security/commit/7b309cf2715cf7c42b8c06e24a659680d0940cc5"><code>7b309cf</code></a> Bump org.springframework.data:spring-data-bom from 2025.1.4 to 2025.1.5</li> <li><a href="https://github.com/spring-projects/spring-security/commit/51a1f88ddf17850da0d23f5a4db85ebe511947ce"><code>51a1f88</code></a> Bump com.webauthn4j:webauthn4j-core</li> <li><a href="https://github.com/spring-projects/spring-security/commit/762d8f19e5bc4b81afe7f423242d1f526b5499a8"><code>762d8f1</code></a> Bump org.springframework:spring-framework-bom from 7.0.6 to 7.0.7</li> <li>Additional commits viewable in <a href="https://github.com/spring-projects/spring-security/compare/7.0.4...7.0.5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.security:spring-security-core&package-manager=maven&previous-version=7.0.4&new-version=7.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [com.alibaba.nacos:nacos-client](https://github.com/alibaba/nacos) from 3.2.0 to 3.2.1-2026.04.03. - [Release notes](https://github.com/alibaba/nacos/releases) - [Changelog](https://github.com/alibaba/nacos/blob/develop/CHANGELOG.md) - [Commits](alibaba/nacos@3.2.0...3.2.1-2026.04.03) --- updated-dependencies: - dependency-name: com.alibaba.nacos:nacos-client dependency-version: 3.2.1-2026.04.03 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot Bot assigned ACANX Apr 5, 2026

dependabot Bot added Dependabot Dependabot RR ReviewRequired 依赖:升级依赖升级自动化:提交自动化提交 labels Apr 5, 2026

dependabot Bot mentioned this pull request Apr 5, 2026

chore(deps): 依赖项升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.03.30] #1097

Closed

dependabot Bot added Dependabot Dependabot RR ReviewRequired labels Apr 5, 2026

github-actions Bot changed the title ~~chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies~~ chore(deps): 依赖项升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03] Apr 5, 2026

Base automatically changed from dependa to dev April 7, 2026 15:44

dependabot Bot changed the base branch from dev to dependa April 9, 2026 02:06

dependabot Bot changed the title ~~chore(deps): 依赖项升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03]~~ chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies Apr 9, 2026

dependabot Bot force-pushed the dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03 branch from 04deaea to 98f7ca1 Compare April 9, 2026 02:06

github-actions Bot changed the title ~~chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies~~ chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03] Apr 9, 2026

Base automatically changed from dependa to dev April 9, 2026 02:11

dependabot Bot changed the base branch from dev to dependa April 14, 2026 14:16

dependabot Bot force-pushed the dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03 branch from 98f7ca1 to c6b7c81 Compare April 14, 2026 14:16

dependabot Bot changed the title ~~chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03]~~ chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies Apr 14, 2026

Base automatically changed from dependa to dev April 14, 2026 14:22

dependabot Bot changed the base branch from dev to dependa April 15, 2026 19:11

dependabot Bot force-pushed the dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03 branch from c6b7c81 to a17693a Compare April 15, 2026 19:11

github-actions Bot changed the title ~~chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies~~ chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03] Apr 15, 2026

Base automatically changed from dependa to dev April 20, 2026 03:14

dependabot Bot changed the base branch from dev to dependa April 20, 2026 05:52

dependabot Bot force-pushed the dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03 branch from a17693a to 1f3ac37 Compare April 20, 2026 05:52

dependabot Bot changed the title ~~chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03]~~ chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies Apr 20, 2026

Base automatically changed from dependa to dev April 20, 2026 06:07

dependabot Bot added 7 commits April 21, 2026 10:00

dependabot Bot changed the base branch from dev to dependa April 21, 2026 02:04

dependabot Bot force-pushed the dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03 branch from 1f3ac37 to edf69df Compare April 21, 2026 02:04

github-actions Bot changed the title ~~chore(deps): bump com.alibaba.nacos:nacos-client from 3.2.0 to 3.2.1-2026.04.03 in /os-dependencies~~ chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03] Apr 21, 2026

Base automatically changed from dependa to dev April 22, 2026 02:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03]#1212

chore(deps): 依赖构件版本升级[com.alibaba.nacos:nacos-client][3.2.0 => 3.2.1-2026.04.03]#1212
dependabot[bot] wants to merge 8 commits intodevfrom
dependabot-maven-os-dependencies-dependa-com.alibaba.nacos-nacos-client-3.2.1-2026.04.03

dependabot Bot commented on behalf of github Apr 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.2.1-2026.04.03

Feature

Enhancement/Refactor

BugFix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Apr 5, 2026 •

edited

Loading