Bump the minor group across 1 directory with 9 updates

[dependabot]

Bumps the minor group with 9 updates in the / directory:

Package	From	To
io.cloudflight.autoconfigure-settings	1.1.2	1.2.0
org.assertj:assertj-core	3.27.6	3.27.7
com.azure:azure-identity	1.18.1	1.18.2
com.google.guava:guava	33.4.8-jre	33.5.0-jre
io.mockk:mockk-jvm	1.13.11	1.14.7
io.opentelemetry:opentelemetry-bom	1.56.0	1.58.0
org.springframework.cloud:spring-cloud-dependencies	2025.0.0	2025.1.0
io.swagger.core.v3:swagger-annotations	2.2.40	2.2.42
io.quarkus:quarkus-junit4-mock	3.29.3	3.30.8

Updates io.cloudflight.autoconfigure-settings from 1.1.2 to 1.2.0

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates com.azure:azure-identity from 1.18.1 to 1.18.2

Release notes

Sourced from com.azure:azure-identity's releases.

com.azure+azure-identity_1.18.2

1.18.2 (2026-01-20)

Other Changes

• Removed unused jetty, redisson, and lettuce-core dependencies.

Dependency Updates

• Upgraded azure-core from 1.57.0 to version 1.57.1.
• Upgraded azure-core-http-netty from 1.16.2 to version 1.16.3.
• Upgraded azure-json from 1.5.0 to version 1.5.1.

Commits

• afe0cd5 broker changelog
• f6f7b47 Merge branch 'main' into release/identity_1.18.2
• 52f40ba bumped broker package version
• 7fcba28 Prepare release 1.18.2 from release branch
• 3ea0ba6 [SparkConnector]FixClassCastExceptionForPatch (#47748)
• 44dba7e Prepare Release from release branch- removed beta changes
• 540cc8c Bump cspell from 9.4.0 to 9.6.0 in /eng/common/spelling (#47753)
• cbd7021 Spark transactional batch support v2 refactor (#47697)
• 190f648 [SparkConnector]FixIncorrectInitialOffset (#47742)
• ac7b375 Add MCP sample with V2026_01_01_PREVIEW support (#47710)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates io.mockk:mockk-jvm from 1.13.11 to 1.14.7

Release notes

Sourced from io.mockk:mockk-jvm's releases.

v1.14.7

What's Changed

• fix: normalize value class arguments in EqMatcher for consistent comparison by @​edwardmp in mockk/mockk#1440
• Add configurable logging to withArg & withNullableArg by @​OsaSoft in mockk/mockk#1441
• docs(readme): document suppressing superclass calls by @​ch200203 in mockk/mockk#1444
• Fix for issue #1103. by @​sdetilly in mockk/mockk#1449
• Fix configuration option example for restricted classes by @​TWiStErRob in mockk/mockk#1465
• Fix InaccessibleObjectException when spying on JDK interfaces on JDK 16+ by @​Copilot in mockk/mockk#1457
• Fix Java 11 compatibility: replace Random.nextLong(long, long) with Java 8 compatible alternative by @​Copilot in mockk/mockk#1456
• Add optional restricted mock system property by @​nishatoma in mockk/mockk#1454
• Fix StackOverflowError when mocking methods returning ArrayList by @​Copilot in mockk/mockk#1464
• Change JUnit 4/5 dependencies from implementation to compileOnly by @​Copilot in mockk/mockk#1455

New Contributors

• @​edwardmp made their first contribution in mockk/mockk#1440
• @​OsaSoft made their first contribution in mockk/mockk#1441
• @​sdetilly made their first contribution in mockk/mockk#1449
• @​Copilot made their first contribution in mockk/mockk#1457
• @​nishatoma made their first contribution in mockk/mockk#1454

Full Changelog: mockk/mockk@1.14.6...1.14.7

1.14.6

What's Changed

• Fix and add clearMocks test cases by @​jmatsu in mockk/mockk#1419
• make captured value reference volatile by @​mmimica in mockk/mockk#1418
• add fail-fast guard for Kotlin inline function mocking (#1030) by @​ch200203 in mockk/mockk#1421
• add test reports to GitHub actions by @​aSemy in mockk/mockk#994
• fix duration denormalized error by @​tigermint in mockk/mockk#1424
• refactor: enhance confirmVerified function to include clear option by @​felix-dolderer-el in mockk/mockk#1427

New Contributors

• @​jmatsu made their first contribution in mockk/mockk#1419
• @​mmimica made their first contribution in mockk/mockk#1418
• @​ch200203 made their first contribution in mockk/mockk#1421
• @​tigermint made their first contribution in mockk/mockk#1424
• @​felix-dolderer-el made their first contribution in mockk/mockk#1427

Full Changelog: mockk/mockk@1.14.5...1.14.6

1.14.5

What's Changed

• [Feature] Implement BDD-style aliases as separate module (mockk-bdd) by @​Minseok-2001 in mockk/mockk#1399
• fix: downgrade byte-buddy to 1.5.11 by @​Komdosh in mockk/mockk#1413

New Contributors

• @​Minseok-2001 made their first contribution in mockk/mockk#1399

Full Changelog: mockk/mockk@1.14.4...1.14.5

... (truncated)

Commits

• 3b99349 Version bump
• d0e14bb Merge pull request #1455 from mockk/copilot/remove-transitive-junit-dependency
• 9372ca6 Merge pull request #1464 from mockk/copilot/fix-stackoverflow-error-mockk
• 73736a6 Address code review feedback for parseParamTypes
• 6866dd0 Merge pull request #1454 from nishatoma/add-strict-mocking-system-property
• ea99f88 Merge pull request #1456 from mockk/copilot/fix-mockk-compatibility-issue
• b7b72de Merge pull request #1457 from mockk/copilot/fix-inaccessibleobjectexception
• 08d1d1d Address comments
• 7681de2 Merge pull request #1465 from TWiStErRob/patch-2
• 54e6154 Fix configuration option example for restricted classes
• Additional commits viewable in compare view

Updates io.opentelemetry:opentelemetry-bom from 1.56.0 to 1.58.0

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.58.0

API

Incubator

• Delete GlobalConfigProvider in favor of access via ExtendedOpenTelemetry (#7914)
• Add DeclarativeConfigProperties#get method (#7923)
• Update ConfigProvider#getInstrumentationConfig response to be non-null (#7954)
• Add declarative config utility methods for common operations (#7927)

SDK

Traces

• Implement SDK metrics for trace (#7895, #7930)
• Emit warning when TraceIdRatioBasedSampler is used as child sampler (#7937)

Logs

• Implement SDK metrics for logs (#7931)

Exporters

• Prom exporter update (#7934)

Extensions

• Declarative config: update to opentelemetry-configuration 1.0.0-rc.3 (#7861)
• Declarative config: update jaeger remote sampler to require endpoint, initial_sampler (#7943)
• Declarative config: add support for view unit (#7942)
• Declarative config: add support for new logger config minimum_severity and trace_based properties (#7940)
• Declarative config: add support for composable parent threshold sampler (#7941)
• Declarative config: improve pattern for validating and loading SDK extension plugins (#7947)

Project tooling

• Use develocity build cache in PRs and local builds (#7906)
• Configure japicmp classpath to avoid false positives (#7945)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​anuraaga @​breedx-splk @​Gosling-dude @​jack-berg @​jkwatson @​JonasKunz @​SylvainJuge

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.58.0 (2026-01-09)

API

Incubator

• Delete GlobalConfigProvider in favor of access via ExtendedOpenTelemetry (#7914)
• Add DeclarativeConfigProperties#get method (#7923)
• Update ConfigProvider#getInstrumentationConfig response to be non-null (#7954)
• Add declarative config utility methods for common operations (#7927)

SDK

Traces

• Implement SDK metrics for trace (#7895, #7930)
• Emit warning when TraceIdRatioBasedSampler is used as child sampler (#7937)

Logs

• Implement SDK metrics for logs (#7931)

Exporters

• Prom exporter update (#7934)

Extensions

• Declarative config: update to opentelemetry-configuration 1.0.0-rc.3 (#7861)
• Declarative config: update jaeger remote sampler to require endpoint, initial_sampler (#7943)
• Declarative config: add support for view unit (#7942)
• Declarative config: add support for new logger config minimum_severity and trace_based properties (#7940)
• Declarative config: add support for composable parent threshold sampler (#7941)
• Declarative config: improve pattern for validating and loading SDK extension plugins (#7947)

... (truncated)

Commits

• 1e377b4 [release/v1.58.x] Prepare release 1.58.0 (#7968)
• b882815 Prepare 1.58.0 (#7965)
• 826c4e9 Improve pattern for validating and loading SDK extension plugins (#7947)
• da310cc Prom exporter update (#7934)
• a15659d add method to retrieve instrumentation configuration by name (#7927)
• 2d38562 fix(deps): update armeriaversion to v1.35.0 (#7959)
• ca536b2 fix(deps): update junit-framework monorepo to v5.14.2 (#7956)
• 5150e52 chore(deps): update otel/opentelemetry-collector-contrib docker tag to v0.143...
• 15b41f1 chore(deps): update plugin com.gradleup.shadow to v9.3.1 (#7955)
• a46b073 make getInstrumentationConfig non-null (#7954)
• Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.0

Commits

• fad431d Update SNAPSHOT to 2025.1.0
• 922da91 Merge pull request #444 from spring-cloud/dependabot/github_actions/main/acti...
• 56207f4 Bump actions/checkout from 5 to 6
• f9e1a3a Updates GenerateReleaseTrainDocs to use property from bom for boot version.
• 36f42b2 Removes spring-cloud-starter-parent
• 250329c Bumping versions
• ef9f533 Updates boot to 4.0.0
• 3c1ebc0 Bumping versions
• 35cf36e Going back to snapshots
• bd1fc81 Update SNAPSHOT to 2025.1.0-RC1
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-annotations from 2.2.40 to 2.2.42

Updates io.quarkus:quarkus-junit4-mock from 3.29.3 to 3.30.8

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions