build(deps): bump the dependencies group with 14 updates

[dependabot]

Bumps the dependencies group with 14 updates:

Package	From	To
com.amazonaws:aws-java-sdk-bom	1.12.795	1.12.796
org.ow2.asm:asm	9.9	9.9.1
org.ow2.asm:asm-util	9.9	9.9.1
io.avaje:avaje-inject	12.1	12.2
io.avaje:avaje-inject-generator	12.1	12.2
ch.qos.logback:logback-classic	1.5.22	1.5.23
io.swagger.parser.v3:swagger-parser	2.1.36	2.1.37
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3
org.apache.maven:maven-plugin-api	3.9.11	3.9.12
org.apache.maven:maven-core	3.9.11	3.9.12
com.github.eirslett:frontend-maven-plugin	1.15.4	2.0.0
net.bytebuddy:byte-buddy	1.18.2	1.18.3
software.amazon.awssdk:bom	2.40.8	2.40.13
org.asynchttpclient:async-http-client	3.0.4	3.0.5

Updates com.amazonaws:aws-java-sdk-bom from 1.12.795 to 1.12.796

Changelog

Sourced from com.amazonaws:aws-java-sdk-bom's changelog.

1.12.796 2025-12-18

AWS Kinesis Video

• Features

  • Upgrade Netty to 4.1.130-Final

Commits

• 9990f1b AWS SDK for Java 1.12.796
• f438f8b Update GitHub version number to 1.12.796-SNAPSHOT
• See full diff in compare view

Updates org.ow2.asm:asm from 9.9 to 9.9.1

Updates org.ow2.asm:asm-util from 9.9 to 9.9.1

Updates org.ow2.asm:asm-util from 9.9 to 9.9.1

Updates io.avaje:avaje-inject from 12.1 to 12.2

Release notes

Sourced from io.avaje:avaje-inject's releases.

12.2

What's Changed

• Make isBeanAbsent not count secondary beans by @​SentryMan in avaje/avaje-inject#953
• Add avaje-inject-bom bill of materials by @​rbygrave in avaje/avaje-inject#955
• Fix Generic Wildcard Field Injection by @​SentryMan in avaje/avaje-inject#956
• [workflow]: Bump actions/cache from 4 to 5 by @​dependabot[bot] in avaje/avaje-inject#958
• Bump the dependencies group with 7 updates by @​dependabot[bot] in avaje/avaje-inject#957

Full Changelog: avaje/avaje-inject@12.1...12.2

Commits

• 8406f14 Version 12.2
• 418883e Merge pull request #957 from avaje/dependabot/maven/master/dependencies-acaed...
• 20779de Update assertion for bean size in CustomScopeTest
• ddfcc6b Bump the dependencies group with 7 updates
• 96658fa Merge pull request #958 from avaje/dependabot/github_actions/master/actions/c...
• 4e5dc7f [workflow]: Bump actions/cache from 4 to 5
• 2b5fc5b fix generic wildcard field injection (#956)
• 9bf19e7 Add avaje-inject-bom bill of materials (#955)
• bacb492 Version 12.2-RC1
• ac02ee3 Make isBeanAbsent not count secondary beans (#953)
• Additional commits viewable in compare view

Updates io.avaje:avaje-inject-generator from 12.1 to 12.2

Updates io.avaje:avaje-inject-generator from 12.1 to 12.2

Updates ch.qos.logback:logback-classic from 1.5.22 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• See full diff in compare view

Updates io.swagger.parser.v3:swagger-parser from 2.1.36 to 2.1.37

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.37 released!

• fix: parse large file with resolve option set to true (#2258)

Commits

• 4e95fe6 prepare release 2.1.37
• 399ab83 fix: parse large file with resolve option set to true (#2258)
• 5625506 bump snapshot 2.1.37-SNAPSHOT (#2252)
• See full diff in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.3

📝 Documentation updates

• Document thread group isolation limitation in java goal (#503) @copilot-swe-agent[bot]

👻 Maintenance

• JUnit 5 best practices (#505) @​slachiewicz
• Move ExecJavaMojoTest, ExecMojoTest to JUnit 5 (#502) @​slawekjaranowski
• Add support for JEP 512 for for package-private static main method (#499) @​anuragagarwal561994
• Move to JUnit 5 (#501) @​slawekjaranowski

📦 Dependency updates

• Bump asm.version from 9.9 to 9.9.1 (#509) @dependabot[bot]
• Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0 (#508) @dependabot[bot]

Commits

• fe1fa8c [maven-release-plugin] prepare release 3.6.3
• 5b3feca Bump asm.version from 9.9 to 9.9.1
• efc7faa Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0
• cdaf267 JUnit 5 best practices (#505)
• f3f5997 Move ExecJavaMojoTest, ExecMojoTest to JUnit 5
• 03b87b5 Document thread group isolation limitation in java goal (#503)
• 7a66c3e Add support for JEP 512 for for package-private static main methods with and ...
• a6d01ef Move to JUnit 5
• 88d5961 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven:maven-plugin-api from 3.9.11 to 3.9.12

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.12

🚀 New features and improvements

• [3.9.x] Apply resolver changes and improvements (#11536) @​cstamas
• Update formatting of prerequisites-requirements error to improve readability (#11523) @​slawekjaranowski
• Allow a Maven plugin to require a Java version (#11479) @​slawekjaranowski
• Use MavenRepositorySystem in ProjectBuildingHelper instead of deprecated RepositorySystem (#11358) @​slawekjaranowski
• Make maven.config use UTF8 (#11264) @​cstamas
• Simplify prefix resolution (#11197) @​slawekjaranowski

🐛 Bug Fixes

• Add default implementation for new method in MavenPluginManager (#11522) @​slawekjaranowski
• Repository layout should be used in MavenRepositorySystem (#11495) @​slawekjaranowski
• Fix plugin prefix resolution when metadata is not available from repository (#11290) @​slawekjaranowski
• Improve source root modification warning message (#11105) @​gnodet
• Bug: bad cache isolation between two sessions (#11082) @​cstamas
• Set Guice class loading to CHILD - avoid using terminally deprecated methods (#11003) @​slawekjaranowski
• Avoid parsing MAVEN_OPTS (3.9.x) (#10969) @​BobVul

📝 Documentation updates

• clarify repository vs deployment repository (#11492) @​hboutemy
• add maintained branches (#11448) @​hboutemy

👻 Maintenance

• Add IntelliJ icon (#11408) @​Bukama
• Build by JDK 25 (#11187) @​slawekjaranowski
• Deprecate org.apache.maven.repository.RepositorySystem in 3.9.x (#11096) @​slawekjaranowski

🔧 Build

• Bump actions/download-artifact from 5.0.0 to 6.0.0 (#11335) @dependabot[bot]
• Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#11336) @dependabot[bot]

📦 Dependency updates

• Bump actions/cache from 4.3.0 to 5.0.0 (#11542) @dependabot[bot]
• Bump resolverVersion from 1.9.24 to 1.9.25 (#11533) @dependabot[bot]
• Bump actions/checkout from 6.0.0 to 6.0.1 (#11512) @dependabot[bot]
• Bump actions/setup-java from 5.0.0 to 5.1.0 (#11519) @dependabot[bot]
• Bump actions/checkout from 5.0.1 to 6.0.0 (#11476) @dependabot[bot]
• Bump actions/checkout from 5.0.0 to 5.0.1 (#11458) @dependabot[bot]
• Bump commons-cli:commons-cli from 1.10.0 to 1.11.0 (#11438) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#11416) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#11417) @dependabot[bot]
• Bump xmlunitVersion from 2.10.4 to 2.11.0 (#11331) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.24 to 1.26 (#11231) @dependabot[bot]

... (truncated)

Commits

• 848fbb4 [maven-release-plugin] prepare release maven-3.9.12
• c1b65f6 Bump actions/cache from 4.3.0 to 5.0.0 (#11542)
• 88681b8 [3.9.x] Apply resolver changes and improvements (#11536)
• 148fcc8 Bump resolverVersion from 1.9.24 to 1.9.25 (#11533)
• c433909 Simplify formatting of prerequisites-requirements error
• ec21f4b Update formatting of prerequisites-requirements error to improve readability
• f839cc1 Add default implementation for new method in MavenPluginManager
• 0a7e149 Bump actions/checkout from 6.0.0 to 6.0.1 (#11512)
• ed09c2a Bump actions/setup-java from 5.0.0 to 5.1.0 (#11519)
• 00ca9b0 Fix javadoc in MavenRepositorySystem
• Additional commits viewable in compare view

Updates org.apache.maven:maven-core from 3.9.11 to 3.9.12

Updates com.github.eirslett:frontend-maven-plugin from 1.15.4 to 2.0.0

Changelog

Sourced from com.github.eirslett:frontend-maven-plugin's changelog.

2.0.0

This is a major version release, but there are no new features. Lots of dependencies and minimum version requirements have been upgraded, potentially breaking backwards compatibility.

• Updates org.apache.commons:commons-compress to version 1.28.0 because of security issus found in version 1.21 Version 1.21 (GHSA-4g9r-vxhx-9pgx, GHSA-4265-ccf5-phj5).

Commits

• 2569405 [maven-release-plugin] prepare release frontend-plugins-2.0.0
• 72d555a Upgrade frontend library versions and node/npm/pnpm versions
• b085a45 Merge branch with dependency updates'
• 1a7009f Apparently this should fix extraction on Windows with Java 25
• 1b899e7 Update maven-invoker-plugin
• a15add3 Further dependency updates
• de0bea4 Update java versions in GitHub action
• 1c72fbd chore: uses the configuration release for the maven-compiler-plugin
• 0ce69c7 chore: switched to Java 17
• e962688 chore: updates Maven dependencies
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.18.2 to 1.18.3

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Commits

• 6f358c8 [maven-release-plugin] prepare release byte-buddy-1.18.3
• 57df2c7 [release] Release new version.
• 1111a18 [release] Release new version.
• 6698c45 [release] Release new version
• 04a89c6 Avoid using class file API when loaded on the boot path as multi release jar ...
• ba05f0d Remove unused import.
• ec50316 Adds safety for illegally compiled parameters.
• e720b5e Update README.md
• a966b04 Update README.md
• dfa50ad Update release notes and internal Byte Buddy.
• Additional commits viewable in compare view

Updates software.amazon.awssdk:bom from 2.40.8 to 2.40.13

Updates org.asynchttpclient:async-http-client from 3.0.4 to 3.0.5

Release notes

Sourced from org.asynchttpclient:async-http-client's releases.

AHC v3.0.5 Release

What's Changed

• Fix NPE in NettyConnectListener by @​hyperxpro in AsyncHttpClient/async-http-client#2127
• Maintain Content-Type set explicitly by client by @​hyperxpro in AsyncHttpClient/async-http-client#2130
• Bump io.netty:netty-codec-http from 4.2.5.Final to 4.2.8.Final by @​dependabot[bot] in AsyncHttpClient/async-http-client#2131
• Release AHC v3.0.5 by @​hyperxpro in AsyncHttpClient/async-http-client#2133

Full Changelog: AsyncHttpClient/async-http-client@async-http-client-project-3.0.4...async-http-client-project-3.0.5

Commits

• 34648ef Release AHC v3.0.5 (#2133)
• 6393323 Bump io.netty:netty-codec-http from 4.2.5.Final to 4.2.8.Final (#2131)
• 4932e86 Maintain Content-Type set explicitly by client (#2130)
• a177bd3 Fix NPE in NettyConnectListener (#2127)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[jknack]

@dependabot recreate