From 3d020640c271bc0b9b02579b73ff8ddb211944d9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 Apr 2026 01:01:31 +0000
Subject: [PATCH] chore: [DevOps] bump the production-minor-patch group with 18
 updates

Bumps the production-minor-patch group with 18 updates:

| Package | From | To |
| --- | --- | --- |
| [org.springframework:spring-framework-bom](https://github.com/spring-projects/spring-framework) | `6.2.17` | `6.2.18` |
| org.apache.maven:maven-core | `3.9.14` | `3.9.15` |
| [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.14` | `3.9.15` |
| [org.apache.maven:maven-compat](https://github.com/apache/maven) | `3.9.14` | `3.9.15` |
| io.swagger.core.v3:swagger-models | `2.2.45` | `2.2.48` |
| [io.swagger.parser.v3:swagger-parser](https://github.com/swagger-api/swagger-parser) | `2.1.39` | `2.1.40` |
| io.swagger.parser.v3:swagger-parser-core | `2.1.39` | `2.1.40` |
| [org.codehaus.woodstox:stax2-api](https://github.com/FasterXML/stax2-api) | `4.2.2` | `4.3.0` |
| [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.21.0` | `1.22.0` |
| [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.44` | `1.18.46` |
| [com.sap.cloud.security:java-bom](https://github.com/SAP/cloud-security-xsuaa-integration) | `4.0.3` | `4.0.4` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.2` | `2.14.0` |
| commons-io:commons-io | `2.21.0` | `2.22.0` |
| [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) | `5.6` | `5.6.1` |
| [com.google.errorprone:error_prone_annotations](https://github.com/google/error-prone) | `2.48.0` | `2.49.0` |
| [io.netty:netty-bom](https://github.com/netty/netty) | `4.1.132.Final` | `4.2.12.Final` |
| [io.spiffe:java-spiffe-core](https://github.com/spiffe/java-spiffe) | `0.8.16` | `0.8.17` |
| [io.spiffe:grpc-netty-linux](https://github.com/spiffe/java-spiffe) | `0.8.16` | `0.8.17` |


Updates `org.springframework:spring-framework-bom` from 6.2.17 to 6.2.18
- [Release notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](https://github.com/spring-projects/spring-framework/compare/v6.2.17...v6.2.18)

Updates `org.apache.maven:maven-core` from 3.9.14 to 3.9.15

Updates `org.apache.maven:maven-plugin-api` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.14...maven-3.9.15)

Updates `org.apache.maven:maven-compat` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.14...maven-3.9.15)

Updates `org.apache.maven:maven-plugin-api` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.14...maven-3.9.15)

Updates `io.swagger.core.v3:swagger-models` from 2.2.45 to 2.2.48

Updates `io.swagger.parser.v3:swagger-parser` from 2.1.39 to 2.1.40
- [Release notes](https://github.com/swagger-api/swagger-parser/releases)
- [Commits](https://github.com/swagger-api/swagger-parser/compare/v2.1.39...v2.1.40)

Updates `io.swagger.parser.v3:swagger-parser-core` from 2.1.39 to 2.1.40

Updates `io.swagger.parser.v3:swagger-parser-core` from 2.1.39 to 2.1.40

Updates `org.apache.maven:maven-compat` from 3.9.14 to 3.9.15
- [Release notes](https://github.com/apache/maven/releases)
- [Commits](https://github.com/apache/maven/compare/maven-3.9.14...maven-3.9.15)

Updates `org.codehaus.woodstox:stax2-api` from 4.2.2 to 4.3.0
- [Commits](https://github.com/FasterXML/stax2-api/compare/stax2-api-4.2.2...stax2-api-4.3.0)

Updates `commons-codec:commons-codec` from 1.21.0 to 1.22.0
- [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt)
- [Commits](https://github.com/apache/commons-codec/compare/rel/commons-codec-1.21.0...rel/commons-codec-1.22.0)

Updates `org.projectlombok:lombok` from 1.18.44 to 1.18.46
- [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown)
- [Commits](https://github.com/projectlombok/lombok/compare/v1.18.44...v1.18.46)

Updates `com.sap.cloud.security:java-bom` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/SAP/cloud-security-xsuaa-integration/releases)
- [Changelog](https://github.com/SAP/cloud-security-services-integration-library/blob/main/CHANGELOG.md)
- [Commits](https://github.com/SAP/cloud-security-xsuaa-integration/compare/4.0.3...4.0.4)

Updates `com.google.code.gson:gson` from 2.13.2 to 2.14.0
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.2...gson-parent-2.14.0)

Updates `commons-io:commons-io` from 2.21.0 to 2.22.0

Updates `org.apache.httpcomponents.client5:httpclient5` from 5.6 to 5.6.1
- [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.6.1/RELEASE_NOTES.txt)
- [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.6...rel/v5.6.1)

Updates `com.google.errorprone:error_prone_annotations` from 2.48.0 to 2.49.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](https://github.com/google/error-prone/compare/v2.48.0...v2.49.0)

Updates `io.netty:netty-bom` from 4.1.132.Final to 4.2.12.Final
- [Release notes](https://github.com/netty/netty/releases)
- [Commits](https://github.com/netty/netty/compare/netty-4.1.132.Final...netty-4.2.12.Final)

Updates `io.spiffe:java-spiffe-core` from 0.8.16 to 0.8.17
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/java-spiffe/compare/v0.8.16...v0.8.17)

Updates `io.spiffe:grpc-netty-linux` from 0.8.16 to 0.8.17
- [Release notes](https://github.com/spiffe/java-spiffe/releases)
- [Changelog](https://github.com/spiffe/java-spiffe/blob/main/CHANGELOG.md)
- [Commits](https://github.com/spiffe/java-spiffe/compare/v0.8.16...v0.8.17)

---
updated-dependencies:
- dependency-name: org.springframework:spring-framework-bom
  dependency-version: 6.2.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-core
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-plugin-api
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.core.v3:swagger-models
  dependency-version: 2.2.48
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser-core
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.swagger.parser.v3:swagger-parser-core
  dependency-version: 2.1.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.apache.maven:maven-compat
  dependency-version: 3.9.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: org.codehaus.woodstox:stax2-api
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: commons-codec:commons-codec
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.projectlombok:lombok
  dependency-version: 1.18.46
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.sap.cloud.security:java-bom
  dependency-version: 4.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: commons-io:commons-io
  dependency-version: 2.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: org.apache.httpcomponents.client5:httpclient5
  dependency-version: 5.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: com.google.errorprone:error_prone_annotations
  dependency-version: 2.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.netty:netty-bom
  dependency-version: 4.2.12.Final
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:java-spiffe-core
  dependency-version: 0.8.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: io.spiffe:grpc-netty-linux
  dependency-version: 0.8.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 cloudplatform/connectivity-ztis/pom.xml |  6 +++---
 dependency-bundles/bom/pom.xml          | 14 +++++++-------
 dependency-bundles/modules-bom/pom.xml  |  2 +-
 pom.xml                                 | 14 +++++++-------
 4 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/cloudplatform/connectivity-ztis/pom.xml b/cloudplatform/connectivity-ztis/pom.xml
index 1c2006f38..f8bd91e02 100644
--- a/cloudplatform/connectivity-ztis/pom.xml
+++ b/cloudplatform/connectivity-ztis/pom.xml
@@ -29,7 +29,7 @@
 		</developer>
 	</developers>
 	<properties>
-		<netty.version>4.1.132.Final</netty.version>
+		<netty.version>4.2.12.Final</netty.version>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
@@ -72,7 +72,7 @@
 		<dependency>
 			<groupId>io.spiffe</groupId>
 			<artifactId>java-spiffe-core</artifactId>
-			<version>0.8.16</version>
+			<version>0.8.17</version>
 			<exclusions>
 				<exclusion>
 					<artifactId>commons-logging</artifactId>
@@ -87,7 +87,7 @@
 		<dependency>
 			<groupId>io.spiffe</groupId>
 			<artifactId>grpc-netty-linux</artifactId>
-			<version>0.8.16</version>
+			<version>0.8.17</version>
 			<scope>runtime</scope>
 		</dependency>
 		<!-- Override grpc versions from spiffe -->
diff --git a/dependency-bundles/bom/pom.xml b/dependency-bundles/bom/pom.xml
index db93b982a..bbc7f4655 100644
--- a/dependency-bundles/bom/pom.xml
+++ b/dependency-bundles/bom/pom.xml
@@ -49,23 +49,23 @@
 		<!-- HTTP stuff -->
 		<httpcore.version>4.4.16</httpcore.version>
 		<httpcore5.version>5.4.2</httpcore5.version>
-		<httpclient5.version>5.6</httpclient5.version>
+		<httpclient5.version>5.6.1</httpclient5.version>
 		<httpcomponents-client.version>4.5.14</httpcomponents-client.version>
 		<jakarta-servlet.version>6.1.0</jakarta-servlet.version>
 		<!-- XSUAA -->
 		<!-- Keep this version consistent with the one from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<scp-cf.xsuaa-client.version>4.0.3</scp-cf.xsuaa-client.version>
+		<scp-cf.xsuaa-client.version>4.0.4</scp-cf.xsuaa-client.version>
 		<java-jwt.version>4.5.1</java-jwt.version>
 		<!-- Utility stuff -->
 		<slf4j.version>2.0.17</slf4j.version>
-		<lombok.version>1.18.44</lombok.version>
+		<lombok.version>1.18.46</lombok.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
 		<!-- @Nonnull/@Nullable annotations -->
 		<vavr.version>1.0.1</vavr.version>
 		<guava.version>33.6.0-jre</guava.version>
 		<!-- collection utilities, @Beta annotation -->
-		<commons-io.version>2.21.0</commons-io.version>
+		<commons-io.version>2.22.0</commons-io.version>
 		<!-- Apache file utils for SOAP (deprecated, we do not maintain!) -->
 		<axis2.version>1.7.9</axis2.version>
 		<!--Used in essential modules: cloudplatform-connectivity, connectivity-destination-service, odata-client, odata-core, securitys-->
@@ -76,7 +76,7 @@
 		<jcache.version>1.1.1</jcache.version>
 		<resilience4j.version>2.4.0</resilience4j.version>
 		<!-- JSON & XML stuff -->
-		<gson.version>2.13.2</gson.version>
+		<gson.version>2.14.0</gson.version>
 		<jackson.version>2.21.2</jackson.version>
 		<jackson.annotations.version>2.21</jackson.annotations.version>
 		<owasp-json-sanitizer.version>1.2.3</owasp-json-sanitizer.version>
@@ -285,7 +285,7 @@
 			<dependency>
 				<groupId>com.google.errorprone</groupId>
 				<artifactId>error_prone_annotations</artifactId>
-				<version>2.48.0</version>
+				<version>2.49.0</version>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
@@ -335,7 +335,7 @@
 								<dependency>
 									<groupId>org.projectlombok</groupId>
 									<artifactId>lombok</artifactId>
-									<version>1.18.44</version>
+									<version>1.18.46</version>
 								</dependency>
 							</dependencies>
 							<configuration>
diff --git a/dependency-bundles/modules-bom/pom.xml b/dependency-bundles/modules-bom/pom.xml
index 403f9aa0f..25a568f4f 100644
--- a/dependency-bundles/modules-bom/pom.xml
+++ b/dependency-bundles/modules-bom/pom.xml
@@ -267,7 +267,7 @@
 								<dependency>
 									<groupId>org.projectlombok</groupId>
 									<artifactId>lombok</artifactId>
-									<version>1.18.44</version>
+									<version>1.18.46</version>
 								</dependency>
 							</dependencies>
 							<configuration>
diff --git a/pom.xml b/pom.xml
index 2008dcd62..ba7de1bdc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@
 		<!-- Spring dependencies -->
 		<!-- Keep these versions consistent with the ones from the SAP Java Buildpack (after their 2.0 release) -->
 		<!-- see https://github.wdf.sap.corp/xs2-java/xs-java-buildpack/blob/master/resources/pom.xml -->
-		<spring.version>6.2.17</spring.version>
+		<spring.version>6.2.18</spring.version>
 		<spring-security.version>6.1.5</spring-security.version>
 		<slf4j.version>2.0.17</slf4j.version>
 		<assertj-core.version>3.27.7</assertj-core.version>
@@ -109,16 +109,16 @@
 		<codemodel.version>2.6</codemodel.version>
 		<olingo-v4.version>5.0.0</olingo-v4.version>
 		<olingo-v2.version>2.0.13</olingo-v2.version>
-		<maven-plugin.version>3.9.14</maven-plugin.version>
+		<maven-plugin.version>3.9.15</maven-plugin.version>
 		<maven-plugin-annotations.version>3.15.2</maven-plugin-annotations.version>
 		<maven-plugin-testing.version>3.5.1</maven-plugin-testing.version>
 		<caffeine.version>3.2.3</caffeine.version>
 		<openapi-generator.version>7.21.0</openapi-generator.version>
-		<io-swagger-core-v3.version>2.2.45</io-swagger-core-v3.version>
-		<io-swagger-parser-v3.version>2.1.39</io-swagger-parser-v3.version>
+		<io-swagger-core-v3.version>2.2.48</io-swagger-core-v3.version>
+		<io-swagger-parser-v3.version>2.1.40</io-swagger-parser-v3.version>
 		<io-swagger-core.version>1.6.11</io-swagger-core.version>
 		<!--  sync plexus version with transitive dependency coming from "org.twadata.maven:mojo-executor"  -->
-		<stax2-api.version>4.2.2</stax2-api.version>
+		<stax2-api.version>4.3.0</stax2-api.version>
 		<bouncycastle.version>1.84</bouncycastle.version>
 		<jakarta-activation.version>2.1.0</jakarta-activation.version>
 		<qdox.version>2.2.0</qdox.version>
@@ -126,7 +126,7 @@
 		<checkstyle.version>12.3.1</checkstyle.version>
 		<byte-buddy.version>1.18.8</byte-buddy.version>
 		<snakeyaml.version>2.6</snakeyaml.version>
-		<commons-codec.version>1.21.0</commons-codec.version>
+		<commons-codec.version>1.22.0</commons-codec.version>
 		<commons-beanutils.version>1.11.0</commons-beanutils.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
 		<jsr305.optional>true</jsr305.optional>
@@ -976,7 +976,7 @@
 								<dependency>
 									<groupId>org.projectlombok</groupId>
 									<artifactId>lombok</artifactId>
-									<version>1.18.44</version>
+									<version>1.18.46</version>
 								</dependency>
 							</dependencies>
 							<executions>