chore(deps): bump the java-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the java-dependencies group with 6 updates in the / directory:

Package	From	To
org.owasp.dependencycheck	12.2.0	12.2.1
org.cyclonedx.bom	3.2.0	3.2.4
com.zaxxer:HikariCP	5.1.0	7.0.2
org.xerial:sqlite-jdbc	3.50.3.0	3.51.3.0
com.nimbusds:nimbus-jose-jwt	10.8	10.9
io.micrometer:micrometer-core	1.16.4	1.16.5

Updates org.owasp.dependencycheck from 12.2.0 to 12.2.1

Updates org.cyclonedx.bom from 3.2.0 to 3.2.4

Updates com.zaxxer:HikariCP from 5.1.0 to 7.0.2

Changelog

Sourced from com.zaxxer:HikariCP's changelog.

HikariCP Changes

Changes in 7.0.2

• decrease thread yield frequency in ConcurrentBag.unreserve()

Changes in 7.0.1

• merged #2346 fix regression with setSchema behavior

• decrease thread yield frequency in ConcurrentBag.requite()

Changes in 7.0.0

• merged #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

• fixed #1294 add support for HikariCredentialsProvider class

• fixed #2265 bail out of the pool filling loop if the thread is interrupted

Changes in 6.3.3

• backport #2340 NoSuchMethodException error that is thrown when setting a metric registry, fixes to UtilityElf reflection code to use the correct method signature.

Changes in 6.3.2

• fixed #2342 restore module-info.class to jar file, which was lost in 6.3.1

• fixed #2256 add support for legacy override of getUsername()/getPassword() of HikariDataSource. See project page for documentation of system property com.zaxxer.hikari.legacy.supportUserPassDataSourceOverride.

• fixed #2323 right or wrong (wrt driver behavior) return to previous Connection.get/setSchema behavior

• fixed #2288 upgrade dependencies and fix build warnings

Changes in 6.3.1

• fixed #2315 source jar contains also binary .class files and missing some .java files

• fixed #2307 remove improper hardcoded timout, use validationTimeout

• fixed #2305 keep properties key and values as is rather than forcing stringification. Also fixes #2286 and #2304

• upgraded various maven plugin dependencies to latest versions

Changes in 6.3.0

• increase keepaliveTime variance from 10% to 20%

... (truncated)

Commits

• 80c46ae [maven-release-plugin] prepare release HikariCP-7.0.2
• cba7ebe decrease thread yield frequency in ConcurrentBag.unreserve()
• 22cc9bd Update README.md
• 86915ee [maven-release-plugin] prepare for next development iteration
• 217bcc8 [maven-release-plugin] prepare release HikariCP-7.0.1
• 29ad2f4 update changes log
• b81bbc9 fixes #2323 always reset schema upon connection retrieval (#2346)
• ee5328d decrease yield() frequency during direct hand-off attempts
• 1da3a33 Update README.md
• 17c4b33 Update README.md
• Additional commits viewable in compare view

Updates org.xerial:sqlite-jdbc from 3.50.3.0 to 3.51.3.0

Release notes

Sourced from org.xerial:sqlite-jdbc's releases.

Release 3.51.3.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.51.3 (09e9741)
• upgrade to sqlite 3.52.0 (64cf690)

🛠 Build

deps

• bump org.graalvm.buildtools:native-maven-plugin (5ad5155)
• bump actions/upload-artifact from 6 to 7 (90c726f)
• bump actions/download-artifact from 7 to 8 (17d4998)

deps-dev

• bump org.jreleaser:jreleaser-maven-plugin (d4d5c04)

unscoped

• set-version trigger CI after build native (89dfbc8)
• set-version commit and trigger workflow (eed41ae)
• set-version fix VERSION (22e5106)
• set-version checks before enabling (4c34072)
• add set-version workflow (97985f8)
• fix ppc64le (49232ef)
• use jdk 25 where possible (8460f63)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Gauthier Roebroeck

Release 3.51.2.0

Changelog

🚀 Features

sqlite

• upgrade to sqlite 3.51.2 (63a45e7)

🛠 Build

• update location for 2026 (1a7c2a0)

Contributors

We'd like to thank the following people for their contributions: Gauthier Roebroeck

Release 3.51.1.1

Changelog

... (truncated)

Commits

• bf18ce1 chore(release): 3.51.3.0 [skip ci]
• fe41e3e chore: update native libraries
• 09e9741 feat(sqlite): upgrade to sqlite 3.51.3
• 89dfbc8 ci: set-version trigger CI after build native
• 64a3199 chore: update native libraries
• 64cf690 feat(sqlite): upgrade to sqlite 3.52.0
• eed41ae ci: set-version commit and trigger workflow
• 22e5106 ci: set-version fix VERSION
• 4c34072 ci: set-version checks before enabling
• 97985f8 ci: add set-version workflow
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 10.8 to 10.9

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

version 1.0 (2012-03-01)

• First version based on the OpenInfoCard JWT, JWS and JWE code base.

version 1.1 (2012-03-06)

• Introduces type-safe enumeration of the JSON Web Algorithms (JWA).
• Refactors the JWT class.

version 1.2 (2012-03-08)

• Moves JWS and JWE code into separate classes.

version 1.3 (2012-03-09)

• Switches to Apache Commons Codec for Base64URL encoding and decoding
• Consolidates the crypto utilities within the package.
• Introduces a JWT content serialiser class.

version 1.4 (2012-03-09)

• Refactoring of JWT class and JUnit tests.

version 1.5 (2012-03-18)

• Switches to JSON Smart for JSON serialisation and parsing.
• Introduces claims set class with JSON objects, string, Base64URL and byte array views.

version 1.6 (2012-03-20)

• Creates class for representing, serialising and parsing JSON Web Keys (JWK).
• Introduces separate class for representing JWT headers.

version 1.7 (2012-04-01)

• Introduces separate classes for plain, JWS and JWE headers.
• Introduces separate classes for plain, signed and encrypted JWTs.
• Removes the JWTContent class.
• Removes password-based (PE820) encryption support.

version 1.8 (2012-04-03)

• Adds support for the ZIP JWE header parameter.
• Removes unsupported algorithms from the JWA enumeration.

version 1.9 (2012-04-03)

• Renames JWEHeader.{get|set}EncryptionAlgorithm() to JWEHeader.{get|set}EncryptionMethod().

version 1.9.1 (2012-04-03)

• Upgrades JSON Smart JAR to 1.1.1.

version 1.10 (2012-04-14)

• Introduces serialize() method to base abstract JWT class.

version 1.11 (2012-05-13)

• JWT.serialize() throws checked JWTException instead of

... (truncated)

Commits

• e48aa07 [maven-release-plugin] prepare for next development iteration
• 4b02531 Adds X509CertUtils.computeSHA1Thumbprint(X509Certificate) method
• 6b52455 [maven-release-plugin] prepare release 10.9
• See full diff in compare view

Updates io.micrometer:micrometer-core from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-core's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Updates io.micrometer:micrometer-registry-prometheus from 1.16.4 to 1.16.5

Release notes

Sourced from io.micrometer:micrometer-registry-prometheus's releases.

1.16.5

🐞 Bug Fixes

• Invalid reflection hint in micrometer-core for native GraalVM 25 build #7316
• ObservationGrpcClientInterceptor throws NPE when NameResolver returns empty authority #7380
• Wrong Nullability Information in OkHttpMetricsEventListener #7373

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.9.4 to 1.9.6 #7393
• Bump spring6 from 6.2.16 to 6.2.17 #7294

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, and @​ribafish

Commits

• cf727d0 Bump com.netflix.spectator:spectator-reg-atlas from 1.9.5 to 1.9.6 (#7393)
• 55b8f06 Fix OkHttp tests
• 140b83b Harmonize @​Nullable annotations in okhttp instrumentation (#7375)
• 8c1758b Handle null peerName in GrpcClientObservationConvention (#7381)
• 5ee71b4 Merge branch '1.15.x' into 1.16.x
• 84faaa6 Fix build cache misses from overlapping outputs in statsd module (#7349)
• 9a0441d Merge branch '1.15.x' into 1.16.x
• 1010433 NullMeterTagSupportTests does not match its filename
• c2770fc Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 (#7362)
• 26f6da0 Bump io.netty:netty-bom from 4.1.131.Final to 4.1.132.Final (#7335)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions