build: Dependabot - [Gradle] - bump the minor-and-patch group across 8 directories with 10 updates

[dependabot]

Bumps the minor-and-patch group with 9 updates in the / directory:

Package	From	To
software.amazon.awssdk:bom	2.28.24	2.44.4
com.google.cloud:libraries-bom	26.67.0	26.82.0
com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated	3.67.0	3.86.2
org.apache.pdfbox:pdfbox	3.0.6	3.0.7
org.apache.httpcomponents.client5:httpclient5	5.4.4	5.6.1
org.slf4j:slf4j-simple	2.0.17	2.0.18
com.docusign:docusign-esign-java	6.4.0	6.6.0
com.auth0:java-jwt	4.4.0	4.5.2
org.bouncycastle:bcprov-jdk15to18	1.80	1.84

Bumps the minor-and-patch group with 1 update in the /examples/aws directory: software.amazon.awssdk:bom.
Bumps the minor-and-patch group with 3 updates in the /examples/docusign directory: com.docusign:docusign-esign-java, com.auth0:java-jwt and org.bouncycastle:bcprov-jdk15to18.
Bumps the minor-and-patch group with 1 update in the /examples/gcp directory: com.google.cloud:libraries-bom.
Bumps the minor-and-patch group with 2 updates in the /examples/geocoding directory: org.apache.httpcomponents.client5:httpclient5 and org.slf4j:slf4j-simple.
Bumps the minor-and-patch group with 1 update in the /examples/net directory: org.apache.httpcomponents.client5:httpclient5.
Bumps the minor-and-patch group with 1 update in the /examples/oracle directory: com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated.
Bumps the minor-and-patch group with 1 update in the /examples/pdf directory: org.apache.pdfbox:pdfbox.

Updates software.amazon.awssdk:bom from 2.28.24 to 2.44.4

Updates com.google.cloud:libraries-bom from 26.67.0 to 26.82.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.82.0

26.82.0 (2026-05-12)

Datastore V3 Major Version Changes

Datastore V3 is now available in Maven Central and brings the following changes:

• gRPC transport is enabled by default (swapped from HttpJson transport)
• gRPC default ChannelPool configurations updated to dynamically resize and better support initial load and request spikes

The major version bump did not remove any major functionality. This major version bump primarily serves as a signal regarding the default transport swap and the possible behavioral breaking change. As part of the major version bump, we have removed the existing methods marked as @Deprecated from the client library and bumped the classes and methods marked as @ObsoleteApi to be @Deprecated.

Impact

Transport Swap

If you are an existing gRPC Datastore user, you should not experience any behavioral changes from this upgrade. Please monitor your applications after the upgrade.

If you are an existing HttpJson Datastore user, the default transport has been changed. If you cannot swap to use gRPC, then you will need to make the following changes to explicitly set the HttpTransportOptions if you wish to continue to use HttpJson.

   DatastoreOptions httpJsonTransportOptions =
        DatastoreOptions.newBuilder()
            .setTransportOptions(HttpTransportOptions.newBuilder().build())
            .build();
    Datastore datastore = httpJsonTransportOptions.getService();

New Feature: Client-Side Metrics

Datastore V3 introduces built-in client-side observability to help you monitor API performance and troubleshoot latency. The client library can now automatically record and export metrics (such as operation latencies and attempt counts) to Google Cloud Monitoring using a private OpenTelemetry pipeline. Additionally, you can configure the client to route these metrics to your own custom OpenTelemetry backend.

Note: Built-in export to Google Cloud Monitoring is currently disabled by default. To use this feature, you must explicitly enable it via DatastoreOpenTelemetryOptions.

@Deprecated annotation

Since we have added new methods with the @Deprecated annotation, you can experience new CI failures if you fail compilation from deprecated usages. The client library has marked the alternatives that you can migrate to properly move off these newly deprecated cases.

Dependencies

• update dependency com.google.cloud:gapic-libraries-bom to v1.86.1 (#7483) (14ae7a5)

v26.81.0

GCP Libraries BOM 26.81.0

Here are the differences from the previous version (26.80.0)

New Addition

• com.google.cloud:google-cloud-health:0.1.0

... (truncated)

Commits

• 2a7a6e0 chore: release main (#7484)
• 14ae7a5 deps: update dependency com.google.cloud:gapic-libraries-bom to v1.86.1 (#7483)
• 2b929a7 chore: release main (#7481)
• 083ab17 chore: release main (#7479)
• 33c49cf deps: update dependency com.google.guava:guava-bom to v33.6.0-jre (#7451)
• d60e8eb deps: update dependency com.google.guava:guava-bom to v33.6.0-jre (#7452)
• 87df62b chore: release main (#7459)
• c0a013b deps: update dependency com.google.cloud:gapic-libraries-bom to v1.86.0 (#7462)
• 4bdba3c deps: update dependency com.google.cloud:google-cloud-firestore-bom to v3.42....
• a1abc40 deps: update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.16...
• Additional commits viewable in compare view

Updates com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated from 3.67.0 to 3.86.2

Updates com.oracle.oci.sdk:oci-java-sdk-common-httpclient-jersey from 3.67.0 to 3.86.2

Updates org.apache.pdfbox:pdfbox from 3.0.6 to 3.0.7

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

• Fix SCRAM final response handling. Contributed by Arturo Bernal

• Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

• Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

• Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

• HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

• HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

• Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

• DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

• HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

• Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits

• 4f86ca6 HttpClient 5.6.1 release
• 1b2bafe Updated release notes for HttpClient 5.6.1 release
• 1acf00b Fix SCRAM final response handling
• 49549ab Auth challenge parsing code improvement
• fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
• 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
• c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
• 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
• 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
• 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates com.docusign:docusign-esign-java from 6.4.0 to 6.6.0

Release notes

Sourced from com.docusign:docusign-esign-java's releases.

Version 6.6.0

Changed

• Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
• Updated the SDK release version.

Version 6.5.0

Changed

• Added support for version v2.1-25.3.01.00 of the Docusign ESignature API.
• Updated the SDK release version.

Changelog

Sourced from com.docusign:docusign-esign-java's changelog.

[v6.6.0] - eSignature API v2.1-25.4.01.00 - 2026-01-27

Changed

• Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
• Updated the SDK release version.

[v6.5.0] - eSignature API v2.1-25.3.01.00 - 2025-12-11

Changed

• Added support for version v2.1-25.3.01.00 of the Docusign ESignature API.
• Updated the SDK release version.

Commits

• 1639a5b Version 6.6.0-v2.1-25.4.01.00 release (#313)
• 64c95b2 6.5.0 v2.1 25.3.01.00 (#311)
• ca464f3 6.5.0 v2.1 25.3.01.00 (#310)
• ec78f85 6.5.0 v2.1 25.3.01.00 (#309)
• a2e1d66 Dcm 15815 (#305) (#306)
• 8c28636 Disable OSS Index analyzer temporarily due to authentication issues (#304)
• bb26f98 Disable OSS Index analyzer temporarily due to authentication issues (#303)
• 2956a58 Version 6.5.0-v2.1-25.3.01.00 release (#301)
• See full diff in compare view

Updates com.auth0:java-jwt from 4.4.0 to 4.5.2

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.2

Added

• Chore: Bump update commons-beanutils dependency #761 (tanya732)
• Chore: Update Readme with Java 21 #760 (tanya732)

4.5.1

Added

• Update jackson dependency #732 (tanya732)

4.5.0

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.2 (2026-04-29)

Full Changelog

Added

• Chore: Bump update commons-beanutils dependency #761 (tanya732)
• Chore: Update Readme with Java 21 #760 (tanya732)

4.5.1 (2026-02-10)

Full Changelog

Added

• Update jackson dependency #732 (tanya732)

4.5.0 (2025-01-29)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-28)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-22)

Full Changelog

Added

• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)

... (truncated)

Commits

• 695fd2b Release 4.5.2 (#765)
• 4ac3178 Release 4.5.2
• d056a79 Bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3 in /li...
• 37f195a Bump com.fasterxml.jackson.core:jackson-databind in /lib
• dba4c93 Chore: Bump update commons-beanutils dependency (#761)
• 84d4c8f Merge branch 'master' into chore/bump-commons-beanutils
• 5c923d4 Chore: Add SCA scan workflow (#762)
• 09a4da5 Merge branch 'master' into chore/add-sca-scan
• ef47e64 Chore: Add SCA scan workflow
• 3fcfbcb Chore: Bump update commons-beanutils dependency
• Additional commits viewable in compare view

Updates org.bouncycastle:bcprov-jdk15to18 from 1.80 to 1.84

Changelog

Sourced from org.bouncycastle:bcprov-jdk15to18's changelog.

... (truncated)

Commits

• See full diff in compare view

Updates software.amazon.awssdk:bom from 2.28.24 to 2.44.4

Updates com.docusign:docusign-esign-java from 6.4.0 to 6.6.0

Release notes

Sourced from com.docusign:docusign-esign-java's releases.

Version 6.6.0

Changed

• Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
• Updated the SDK release version.

Version 6.5.0

Changed

• Added support for version v2.1-25.3.01.00 of the Docusign ESignature API.
• Updated the SDK release version.

Changelog

Sourced from com.docusign:docusign-esign-java's changelog.

[v6.6.0] - eSignature API v2.1-25.4.01.00 - 2026-01-27

Changed

• Added support for version v2.1-25.4.01.00 of the DocuSign ESignature API.
• Updated the SDK release version.

[v6.5.0] - eSignature API v2.1-25.3.01.00 - 2025-12-11

Changed

• Added support for version v2.1-25.3.01.00 of the Docusign ESignature API.
• Updated the SDK release version.

Commits

• 1639a5b Version 6.6.0-v2.1-25.4.01.00 release (#313)
• 64c95b2 6.5.0 v2.1 25.3.01.00 (#311)
• ca464f3 6.5.0 v2.1 25.3.01.00 (#310)
• ec78f85 6.5.0 v2.1 25.3.01.00 (#309)
• a2e1d66 Dcm 15815 (#305) (#306)
• 8c28636 Disable OSS Index analyzer temporarily due to authentication issues (#304)
• bb26f98 Disable OSS Index analyzer temporarily due to authentication issues (#303)
• 2956a58 Version 6.5.0-v2.1-25.3.01.00 release (#301)
• See full diff in compare view

Updates com.auth0:java-jwt from 4.4.0 to 4.5.2

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.2

Added

• Chore: Bump update commons-beanutils dependency #761 (tanya732)
• Chore: Update Readme with Java 21 #760 (tanya732)

4.5.1

Added

• Update jackson dependency #732 (tanya732)

4.5.0

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.2 (2026-04-29)

Full Changelog

Added

• Chore: Bump update commons-beanutils dependency #761 (tanya732)
• Chore: Update Readme with Java 21 #760 (tanya732)

4.5.1 (2026-02-10)

Full Changelog

Added

• Update jackson dependency #732 (tanya732)

4.5.0 (2025-01-29)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-28)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-22)

Full Changelog

Added

• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)

... (truncated)

Commits

• 695fd2b Release 4.5.2 (#765)
• 4ac3178 Release 4.5.2
• d056a79 Bump com.fasterxml.jackson.core:jackson-databind from 2.21.2 to 2.21.3 in /li...
• 37f195a Bump com.fasterxml.jackson.core:jackson-databind in /lib
• dba4c93 Chore: Bump update commons-beanutils dependency (#761)
• 84d4c8f Merge branch 'master' into chore/bump-commons-beanutils
• 5c923d4 Chore: Add SCA scan workflow (#762)
• 09a4da5 Merge branch 'master' into chore/add-sca-scan
• ef47e64 Chore: Add SCA scan workflow
• 3fcfbcb Chore: Bump update commons-beanutils dependency
• Additional commits viewable in compare view

Updates org.bouncycastle:bcprov-jdk15to18 from 1.80 to 1.84

Changelog

Sourced from org.bouncycastle:bcprov-jdk15to18's changelog.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.cloud:libraries-bom from 26.67.0 to 26.82.0

Release notes

Sourced from com.google.cloud:libraries-bom's releases.

v26.82.0

26.82.0 (2026-05-12)

Datastore V3 Major Version Changes

Datastore V3 is now available in Maven Central and brings the following changes:

• gRPC transport is enabled by default (swapped from HttpJson transport)
• gRPC default ChannelPool configurations updated to dynamically resize and better support initial load and request spikes

The major version bump did not remove any major functionality. This major version bump primarily serves as a signal regarding the default transport swap and the possible behavioral breaking change. As part of the major version bump, we have removed the existing methods marked as @Deprecated from the client library and bumped the classes and methods marked as @ObsoleteApi to be @Deprecated.

Impact

Transport Swap

If you are an existing gRPC Datastore user, you should not experience any behavioral changes from this upgrade. Please monitor your applications after the upgrade.

If you are an existing HttpJson Datastore user, the default transport has been changed. If you cannot swap to use gRPC, then you will need to make the following changes to explicitly set the HttpTransportOptions if you wish to continue to use HttpJson.

   DatastoreOptions httpJsonTransportOptions =
        DatastoreOptions.newBuilder()
            .setTransportOptions(HttpTransportOptions.newBuilder().build())
            .build();
    Datastore datastore = httpJsonTransportOptions.getService();

New Feature: Client-Side Metrics

Datastore V3 introduces built-in client-side observability to help you monitor API performance and troubleshoot latency. The client library can now automatically record and export metrics (such as operation latencies and attempt counts) to Google Cloud Monitoring using a private OpenTelemetry pipeline. Additionally, you can configure the client to route these metrics to your own custom OpenTelemetry backend.

Note: Built-in export to Google Cloud Monitoring is currently disabled by default. To use this feature, you must explicitly enable it via DatastoreOpenTelemetryOptions.

@Deprecated annotation

Since we have added new methods with the @Deprecated annotation, you can experience new CI failures if you fail compilation from deprecated usages. The client library has marked the alternatives that you can migrate to properly move off these newly deprecated cases.

Dependencies

• update dependency com.google.cloud:gapic-libraries-bom to v1.86.1 (#7483) (14ae7a5)

v26.81.0

GCP Libraries BOM 26.81.0

Here are the differences from the previous version (26.80.0)

New Addition

• com.google.cloud:google-cloud-health:0.1.0

... (truncated)

Commits

• 2a7a6e0 chore: release main (#7484)
• 14ae7a5 deps: update dependency com.google.cloud:gapic-libraries-bom to v1.86.1 (#7483)
• 2b929a7 chore: release main (#7481)
• 083ab17 chore: release main (#7479)
• 33c49cf deps: update dependency com.google.guava:guava-bom to v33.6.0-jre (#7451)
• d60e8eb deps: update dependency com.google.guava:guava-bom to v33.6.0-jre (#7452)
• 87df62b chore: release main (#7459)
• c0a013b deps: update dependency com.google.cloud:gapic-libraries-bom to v1.86.0 (#7462)
• 4bdba3c deps: update dependency com.google.cloud:google-cloud-firestore-bom to v3.42....
• a1abc40 deps: update dependency com.google.cloud:google-cloud-pubsublite-bom to v1.16...
• Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

• Fix SCRAM final response handling. Contributed by Arturo Bernal

• Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

• Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

• Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

• HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

• HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

• Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

• DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

• HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

• Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits

• 4f86ca6 HttpClient 5.6.1 release
• 1b2bafe Updated release notes for HttpClient 5.6.1 release
• 1acf00b Fix SCRAM final response handling
• 49549ab Auth challenge parsing code improvement
• fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
• 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
• c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
• 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
• 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
• 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

• Fix SCRAM final response handling. Contributed by Arturo Bernal

• Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

• Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

• Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

• HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

• HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

• Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

• DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

• HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

• Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits

• 4f86ca6 HttpClient 5.6.1 release
• 1b2bafe Updated release notes for HttpClient 5.6.1 release
• 1acf00b Fix SCRAM final response handling
• 49549ab Auth challenge parsing code improvement
• fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
• 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
• c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
• 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
• 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
• 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
• Additional commits viewable in compare view

Updates com.oracle.oci.sdk:oci-java-sdk-objectstorage-generated from 3.67.0 to 3.86.2

Updates com.oracle.oci.sdk:oci-java-sdk-common-httpclient-jersey from 3.67.0 to 3.86.2

Updates org.apache.pdfbox:pdfbox from 3.0.6 to 3.0.7

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None