deps: bump the patch-updates group with 12 updates

[dependabot]

Bumps the patch-updates group with 12 updates:

Package	From	To
io.quarkus:quarkus-bom	3.30.3	3.30.4
io.quarkus:quarkus-maven-plugin	3.30.3	3.30.4
io.quarkus:quarkus-extension-maven-plugin	3.30.3	3.30.4
io.quarkus:quarkus-extension-processor	3.30.3	3.30.4
ch.qos.logback:logback-core	1.5.22	1.5.23
ch.qos.logback:logback-classic	1.5.22	1.5.23
org.apache.logging.log4j:log4j-to-slf4j	2.25.2	2.25.3
org.ow2.asm:asm	9.9	9.9.1
org.ow2.asm:asm-util	9.9	9.9.1
org.ow2.asm:asm-tree	9.9	9.9.1
org.codehaus.mojo:exec-maven-plugin	3.6.2	3.6.3
org.springframework.boot:spring-boot-dependencies	3.5.8	3.5.9

Updates io.quarkus:quarkus-bom from 3.30.3 to 3.30.4

Release notes

Sourced from io.quarkus:quarkus-bom's releases.

3.30.4

Complete changelog

• #50814 - Changing compose-devservices.yml does not invalidate Gradle cache
• #51045 - Port 8080 already used using quarkus-amazon-lambda and quarkus-observability-devservices-*
• #51107 - JBoss Threads update to version 3.9.2, allows minor cleanup
• #51139 - Upgrade LGTM to 0.11.17
• #51326 - Running mvn dependency:tree quarkus:dev gives [WARNING] Failed to locate plugin for dependency:tree
• #51363 - Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• #51481 - Make sure collected managed dependencies do not include duplicates
• #51485 - Unable to build: Quarkus ChainBuildException due to JFR dependency
• #51488 - Remove warning failing to determine the build plugin prefix
• #51494 - Qute message bundles: fix msg:message with single param
• #51497 - Include compose files for Dev Services as test task's inputs
• #51504 - OIDC issuer based resolution does not work for local tenants
• #51524 - Break build cycle between gRPC and JFR extensions
• #51528 - Update RESTEasy to 6.2.15.Final
• #51539 - Remove unneeded vertx-http, upgrade LGTM image
• #51547 - Fix issuer-based tenant resolution for a tenant issuer configured in OIDC tenant configuration rather than well-known configuration
• #51567 - Bump to Vert.x 4.5.23 and Netty 4.1.130.Final

Commits

• 27d19ef [RELEASE] - Bump version to 3.30.4
• e3f096f Merge pull request #51588 from gsmet/3.30.4-backports-1
• a229f48 Bump to Vert.x 4.5.23 and Netty 4.1.130.Final
• ea8b668 Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• 993f47f No longer need to disable JBoss Threads logging of version
• 51b52eb Upgrade to JBoss Threads 3.9.2
• eba293f feat(oidc): fix issuer-based tenant resulition for local issuers
• 80a9a9b Remove unneeded vertx-http.
• 878e383 Upgrade LGTM to 0.11.17
• 61766a7 Update RESTEasy to 6.2.15.Final
• Additional commits viewable in compare view

Updates io.quarkus:quarkus-maven-plugin from 3.30.3 to 3.30.4

Updates io.quarkus:quarkus-extension-maven-plugin from 3.30.3 to 3.30.4

Release notes

Sourced from io.quarkus:quarkus-extension-maven-plugin's releases.

3.30.4

Complete changelog

• #50814 - Changing compose-devservices.yml does not invalidate Gradle cache
• #51045 - Port 8080 already used using quarkus-amazon-lambda and quarkus-observability-devservices-*
• #51107 - JBoss Threads update to version 3.9.2, allows minor cleanup
• #51139 - Upgrade LGTM to 0.11.17
• #51326 - Running mvn dependency:tree quarkus:dev gives [WARNING] Failed to locate plugin for dependency:tree
• #51363 - Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• #51481 - Make sure collected managed dependencies do not include duplicates
• #51485 - Unable to build: Quarkus ChainBuildException due to JFR dependency
• #51488 - Remove warning failing to determine the build plugin prefix
• #51494 - Qute message bundles: fix msg:message with single param
• #51497 - Include compose files for Dev Services as test task's inputs
• #51504 - OIDC issuer based resolution does not work for local tenants
• #51524 - Break build cycle between gRPC and JFR extensions
• #51528 - Update RESTEasy to 6.2.15.Final
• #51539 - Remove unneeded vertx-http, upgrade LGTM image
• #51547 - Fix issuer-based tenant resolution for a tenant issuer configured in OIDC tenant configuration rather than well-known configuration
• #51567 - Bump to Vert.x 4.5.23 and Netty 4.1.130.Final

Commits

• 27d19ef [RELEASE] - Bump version to 3.30.4
• e3f096f Merge pull request #51588 from gsmet/3.30.4-backports-1
• a229f48 Bump to Vert.x 4.5.23 and Netty 4.1.130.Final
• ea8b668 Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• 993f47f No longer need to disable JBoss Threads logging of version
• 51b52eb Upgrade to JBoss Threads 3.9.2
• eba293f feat(oidc): fix issuer-based tenant resulition for local issuers
• 80a9a9b Remove unneeded vertx-http.
• 878e383 Upgrade LGTM to 0.11.17
• 61766a7 Update RESTEasy to 6.2.15.Final
• Additional commits viewable in compare view

Updates io.quarkus:quarkus-extension-processor from 3.30.3 to 3.30.4

Updates ch.qos.logback:logback-core from 1.5.22 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.22 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.22 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• See full diff in compare view

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.25.2 to 2.25.3

Updates org.ow2.asm:asm from 9.9 to 9.9.1

Updates org.ow2.asm:asm-util from 9.9 to 9.9.1

Updates org.ow2.asm:asm-tree from 9.9 to 9.9.1

Updates org.ow2.asm:asm-util from 9.9 to 9.9.1

Updates org.ow2.asm:asm-tree from 9.9 to 9.9.1

Updates io.quarkus:quarkus-maven-plugin from 3.30.3 to 3.30.4

Updates org.codehaus.mojo:exec-maven-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.3

📝 Documentation updates

• Document thread group isolation limitation in java goal (#503) @copilot-swe-agent[bot]

👻 Maintenance

• JUnit 5 best practices (#505) @​slachiewicz
• Move ExecJavaMojoTest, ExecMojoTest to JUnit 5 (#502) @​slawekjaranowski
• Add support for JEP 512 for for package-private static main method (#499) @​anuragagarwal561994
• Move to JUnit 5 (#501) @​slawekjaranowski

📦 Dependency updates

• Bump asm.version from 9.9 to 9.9.1 (#509) @dependabot[bot]
• Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0 (#508) @dependabot[bot]

Commits

• fe1fa8c [maven-release-plugin] prepare release 3.6.3
• 5b3feca Bump asm.version from 9.9 to 9.9.1
• efc7faa Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0
• cdaf267 JUnit 5 best practices (#505)
• f3f5997 Move ExecJavaMojoTest, ExecMojoTest to JUnit 5
• 03b87b5 Document thread group isolation limitation in java goal (#503)
• 7a66c3e Add support for JEP 512 for for package-private static main methods with and ...
• a6d01ef Move to JUnit 5
• 88d5961 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.5.8 to 3.5.9

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.9

🐞 Bug Fixes

• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48486
• Profiles retained during AOT processing are not configured in a native image #48475
• NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #48450
• Redis health check reports an error when redis_version is missing from the INFO response #48326
• Parent's MeterRegistry beans are closed when child context closes #48324
• SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #48271

📔 Documentation

• Documentation has an outdated reference to the Jackson Kotlin Module #48533
• Caching documentation should clarify how to use a no-op implementation to run a test suite #48531
• Document that the default rolling policy for Log4j2 requires logging.file.path to be set #48526
• License header in build samples is displayed in the reference documentation #48477
• Configuring Two DataSources How-To code sample is inconsistent #48448
• Improve javadoc for when to use class names rather than class references #48395
• Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #48359
• Polish TestRestTemplate examples in the reference guide #48335
• Fix links to javadoc in the reference documentation #48299
• Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #48265
• Kotlin auto-configuration examples are not annotated with @AutoConfiguration #48227
• Infinispan Cache Documentation is outdated #48217
• Revise "Use Liquibase for test-only migrations" section in reference manual #48169

🔨 Dependency Upgrades

• Prevent upgrade to Netty 4.1.129.Final #48508
• Upgrade to AspectJ 1.9.25.1 #48557
• Upgrade to Hibernate 6.6.39.Final #48540
• Upgrade to Jetty 12.0.31 #48455
• Upgrade to jOOQ 3.19.29 #48456
• Upgrade to Logback 1.5.22 #48507
• Upgrade to MariaDB 3.5.7 #48558
• Upgrade to Micrometer 1.15.7 #48423
• Upgrade to Micrometer Tracing 1.5.7 #48424
• Upgrade to Netty 4.1.130.Final #48541
• Upgrade to Pooled JMS 3.1.8 #48559
• Upgrade to Pulsar 4.0.8 #48457
• Upgrade to Quartz 2.5.2 #48458
• Upgrade to Reactor Bom 2024.0.13 #48425
• Upgrade to Spring Authorization Server 1.5.5 #48426
• Upgrade to Spring Data Bom 2025.0.7 #48427
• Upgrade to Spring Framework 6.2.15 #48428
• Upgrade to Spring GraphQL 1.4.4 #48429
• Upgrade to Spring Integration 6.5.5 #48560
• Upgrade to Spring LDAP 3.3.5 #48430
• Upgrade to Spring Pulsar 1.2.13 #48431
• Upgrade to Spring Session 3.5.4 #48432

... (truncated)

Commits

• 9d307e0 Release v3.5.9
• 08e2cab Polish javadoc for when to use class names rather than class references
• 15ede46 Improve javadoc for when to use class names rather than class references
• 10477ba Merge branch '3.4.x' into 3.5.x
• 34e51dc Polish
• 9252526 Merge branch '3.4.x' into 3.5.x
• 7831a36 Upgrade to Spring Session 3.5.4
• 0d3ec7c Upgrade to Spring Integration 6.5.5
• 388815b Upgrade to Spring GraphQL 1.4.4
• d9d44ff Upgrade to Pooled JMS 3.1.8
• Additional commits viewable in compare view

Updates io.quarkus:quarkus-extension-maven-plugin from 3.30.3 to 3.30.4

Release notes

Sourced from io.quarkus:quarkus-extension-maven-plugin's releases.

3.30.4

Complete changelog

• #50814 - Changing compose-devservices.yml does not invalidate Gradle cache
• #51045 - Port 8080 already used using quarkus-amazon-lambda and quarkus-observability-devservices-*
• #51107 - JBoss Threads update to version 3.9.2, allows minor cleanup
• #51139 - Upgrade LGTM to 0.11.17
• #51326 - Running mvn dependency:tree quarkus:dev gives [WARNING] Failed to locate plugin for dependency:tree
• #51363 - Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• #51481 - Make sure collected managed dependencies do not include duplicates
• #51485 - Unable to build: Quarkus ChainBuildException due to JFR dependency
• #51488 - Remove warning failing to determine the build plugin prefix
• #51494 - Qute message bundles: fix msg:message with single param
• #51497 - Include compose files for Dev Services as test task's inputs
• #51504 - OIDC issuer based resolution does not work for local tenants
• #51524 - Break build cycle between gRPC and JFR extensions
• #51528 - Update RESTEasy to 6.2.15.Final
• #51539 - Remove unneeded vertx-http, upgrade LGTM image
• #51547 - Fix issuer-based tenant resolution for a tenant issuer configured in OIDC tenant configuration rather than well-known configuration
• #51567 - Bump to Vert.x 4.5.23 and Netty 4.1.130.Final

Commits

• 27d19ef [RELEASE] - Bump version to 3.30.4
• e3f096f Merge pull request #51588 from gsmet/3.30.4-backports-1
• a229f48 Bump to Vert.x 4.5.23 and Netty 4.1.130.Final
• ea8b668 Bump to Mutiny 3.1.0 and Mutiny Vert.x bindings 3.21.1
• 993f47f No longer need to disable JBoss Threads logging of version
• 51b52eb Upgrade to JBoss Threads 3.9.2
• eba293f feat(oidc): fix issuer-based tenant resulition for local issuers
• 80a9a9b Remove unneeded vertx-http.
• 878e383 Upgrade LGTM to 0.11.17
• 61766a7 Update RESTEasy to 6.2.15.Final
• Additional commits viewable in compare view

Updates io.quarkus:quarkus-extension-processor from 3.30.3 to 3.30.4

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.springframework.boot:spring-boot-dependencies	[>= 4.a0, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud