Skip to content

fix(deps): update all non-major application-server dependencies#1169

Draft
renovate[bot] wants to merge 1 commit into
stagingfrom
renovate/all-minor-patch-application-server
Draft

fix(deps): update all non-major application-server dependencies#1169
renovate[bot] wants to merge 1 commit into
stagingfrom
renovate/all-minor-patch-application-server

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change Age Confidence
gradle stage minor 9.5.1-jdk21-alpine9.6.1-jdk21-alpine age confidence
de.tum.cit.aet:helios-status-spring-starter (source) dependencies minor 1.1.11.2.0 age confidence
io.sentry:sentry-spring-boot-4-starter dependencies minor 8.44.18.47.0 age confidence
org.flywaydb.flyway plugin minor 12.9.012.10.0 age confidence
org.flywaydb:flyway-database-postgresql dependencies minor 12.9.012.10.0 age confidence
org.postgresql:postgresql (source) dependencies patch 42.7.1142.7.12 age confidence

Release Notes

ls1intum/Helios (de.tum.cit.aet:helios-status-spring-starter)

v1.2.0

What's Changed

Full Changelog: v1.1.0...v1.2.0

getsentry/sentry-java (io.sentry:sentry-spring-boot-4-starter)

v8.47.0

Compare Source

Behavioral Changes
  • SentryOkHttpInterceptor::intercept now throws IOException. This is a source-only and Java-only breaking change (#​5654)
Fixes
  • Don't start a redundant UI interaction transaction when a transaction is already bound to the Scope (#​5491)
    • Previously, SentryGestureListener always started a UI transaction and only afterwards skipped binding it to the Scope when a manually-bound transaction already existed, leaving the new transaction to be dropped as an idle transaction without children.
  • Fix potential NPE within Scope.endSession() (#​5657)
  • Fix memory leak in ReplayIntegration due to persisting executor not being shut down (#​5627)
  • Fix AbstractMethodError when compose-ui 1.11+ is used in combination with Modifier.sentryTag() or the Sentry Kotlin compiler plugin (#​5672)
Performance
  • Speed up touch gesture target detection on deeply nested view hierarchies by hit-testing in local coordinates instead of calling getLocationOnScreen per view (#​5595)
  • Probe class availability without initializing the class during SDK init (#​5635)
  • Avoid constructing an exception per view when resolving view ids during view-hierarchy and gesture capture (#​5631)
  • Start the frame metrics thread lazily on first collection instead of during SDK init (#​5641)
  • Reduce SentryId and SpanId allocation overhead by replacing their per-instance LazyEvaluator (and its lock) with a lightweight lazily-generated String. (#​5645)
  • Lazily allocate the ReentrantLock backing AutoClosableReentrantLock to avoid eager lock allocations for SDK objects that never contend during SentryAndroid.init (#​5643)

v8.46.0

Compare Source

Fixes
  • Session Replay: Fix network detail response body size being unknown for gzip-compressed responses (#​5592)
Behavioral Changes
  • Collections returned by scope (e.g. getBreadcrumbs, getTags, getAttachments) are shared state and should not be mutated. (#​5541)
    • Previously, when going through CombinedScopeView, we were returning a copy where mutations didn't show up in the underlying scopes.
    • This has now changed in order to reduce SDK overhead.
  • Date objects returned by SDK data model getters are shared state and should not be mutated. (#​5603)
    • Previously, these getters returned defensive copies for some date fields.
    • This has now changed in order to reduce SDK overhead.
Performance
  • Reduce writer buffer size from 8192 to 512 (#​5544)
  • Remove redundant event map copies (#​5536)
  • Optimize combined scope by adding an early return if only one scope has data (#​5541)
  • Reduce model access overhead by avoiding defensive Date copies in SDK data model getters. (#​5603)
  • Reduce timestamp parsing and formatting overhead with Sentry-specific ISO-8601 handling. (#​5602)
  • Reduce JSON serialization overhead by creating the reflection serializer only when unknown-object fallback serialization is needed. (#​5601)
  • Reduce JSON serialization overhead by allocating reflection cycle-tracking state only when reflection serialization is used. (#​5600)
  • Reduce context serialization overhead by sorting key snapshots with arrays instead of temporary lists. (#​5599)
  • Reduce breadcrumb allocation overhead by creating the Breadcrumb data map only when data is added. (#​5598)
  • Reduce JSON serialization overhead by lowering the initial JsonWriter nesting stack size while preserving on-demand growth. (#​5591)
  • Reduce timestamp helper overhead by replacing unnecessary Calendar usage in DateUtils with direct Date creation. (#​5589)
  • Reduce Android startup overhead by using the default timezone directly on older devices or when no timezone info is available in the locale. (#​5587)

v8.45.0

Compare Source

Features
  • On Android 15+ (API 35), the standalone app.start transaction now reports why the OS started the process via app.vitals.start.reason trace data (e.g. launcher, broadcast, service, content_provider), derived from ApplicationStartInfo.getReason(). You can search and group by this attribute in the Trace Explorer. (#​5552)
Fixes
  • Use System.nanoTime() for cron check-in duration measurement to avoid incorrect durations from wall-clock adjustments (#​5611)
  • Fix crash when getHistoricalProcessStartReasons is called from an isolated or wrong-userId process (#​5597)
  • Release MediaMuxer when a replay segment has no encodable frames to avoid a resource leak (#​5583)
Dependencies
pgjdbc/pgjdbc (org.postgresql:postgresql)

v42.7.12

Security
Added
  • feat: reWriteBatchedInserts now merges up to 32768 rows into one multi-values INSERT (bounded by the 65535 bind-parameter limit on the extended protocol) instead of capping at 128, which speeds up batches of few-column rows. The new reWriteBatchedInsertsSize connection property lowers that cap when set; the default of 0 uses that maximum.
  • feat: invalidate the prepared-statement cache after CREATE/DROP/ALTER so callers no longer trip on "cached plan must not change result type" without opting into autosave=ALWAYS. Controlled by the new flushCacheOnDdl connection property (default true); set to false for the prior behaviour.
  • feat: add connectExecutor connection property to customize the Executor used to run the worker task that performs the connection attempt when loginTimeout is in effect. The value is the fully qualified name of a class implementing java.util.concurrent.Executor. With a null value, the default, the driver retains the prior behavior of running the connection attempt on a daemon thread named "PostgreSQL JDBC driver connection thread". The executor must run the task on a thread other than the caller's. Running the attempt on a named thread lets applications that monitor driver-created threads identify it.
  • feat: add connectThreadFactory connection property to customize the ThreadFactory used to spawn the worker thread that runs the connection attempt when loginTimeout is in effect. The value is the fully qualified name of a class implementing java.util.concurrent.ThreadFactory. With a null value, the default, the driver retains the prior behavior of using a daemon thread named "PostgreSQL JDBC driver connection thread". Useful for testing timeout behaviour or for applications that want detailed control of all driver-created threads.
  • feat: add classLoaderStrategy connection property to control which classloaders the driver searches when loading a class named by a connection property, for example socketFactory. The default driver-first now falls back to the thread context classloader when the driver's classloader cannot resolve the class, which fixes class loading in non-flat class paths such as Quarkus and OSGi. Set driver to keep the previous driver-classloader-only behaviour, or context-first to prefer the thread context classloader Issue #​2112
Changed
  • refactor: the worker that runs the connection attempt under loginTimeout is now a FutureTask (ConnectTask) instead of the hand-rolled ConnectThread. When the caller hits the timeout, the task is now cancelled with cancel(true), which interrupts the worker thread rather than letting it run to completion. This makes the connection attempt interruptible, so loginTimeout can stop a slow connection attempt instead of leaking a thread. As before, a connection that the worker still manages to establish after the caller gives up is closed by the worker so that it does not leak. There are no public API changes and this should only lead to faster background resource cleanup for connections that time out.
  • chore: PGXAConnection.ConnectionHandler now rejects setAutoCommit(false) and setSavepoint(...) during an active XA branch, in addition to the long-rejected setAutoCommit(true) / commit() / rollback(). The setSavepoint rejection was already meant to be in place but the guard misspelled the method name as setSavePoint, so savepoints silently went through. Both changes bring the proxy in line with JTA 1.2 §3.4.
  • chore: commitPrepared / rollback-of-prepared now return XAER_RMFAIL instead of XAER_RMERR when the underlying connection is left in a non-idle TransactionState. Transaction managers (Geronimo, Narayana, Atomikos) treat XAER_RMFAIL as retryable on a fresh XAResource; the prepared transaction is no longer abandoned.
Fixed
  • fix: the published GitHub release now ships the released postgresql-<version>.jar and its detached PGP signature, taken from the same signed build that is uploaded to Maven Central, instead of a leftover SNAPSHOT jar Issue #​3812 PR #​3814
  • fix: simplify the Statement#cancel state machine by dropping the redundant CANCELLED state. killTimerTask now waits for the state to return to IDLE directly, which removes a spin-forever case when more than one thread observes the cancel completing PR #​1827.
  • perf: defer simple-query flushes until the driver reads the response, allowing BEGIN and the following query to share a network flush Issue #​3894
  • fix: reWriteBatchedInserts no longer throws IllegalArgumentException when batching a parameterless INSERT (for example INSERT INTO t VALUES (1, 2)) of 256 rows or more.
  • fix: a comment before CALL in a CallableStatement no longer hides the native call, so OUT parameter registration works for /* comment */ call proc(?, ?) and similar. Parser.modifyJdbcCall now skips leading whitespace and SQL comments (both -- and /* */) before the call, tolerates a trailing comment after a { ... } escape, and no longer adds a spurious comma when moving an OUT parameter into a call whose arguments are only a comment Issue #​2538
  • fix: PreparedStatement.toString() no longer throws for a bytea value supplied as text via PGobject. Hex-format values (\x...) are validated and rendered as a bytea literal, and escape-format values are quoted and cast like any other literal Issue #​3757
  • fix: the driver no longer nulls the contextClassLoader of shared ForkJoinPool.commonPool() worker threads, which previously left unrelated tasks on those threads running with a null classloader Issue #​4155
  • fix: getCharacterStream wraps String in StringReader PR #​4063
  • fix: PGXAConnection no longer saves and restores the underlying connection's JDBC autoCommit flag. All XA-protocol SQL (BEGIN, PREPARE TRANSACTION, COMMIT, ROLLBACK, COMMIT PREPARED, ROLLBACK PREPARED, the recover() SELECT) is sent through QUERY_SUPPRESS_BEGIN, so the caller's autoCommit value is invariant across every XAResource call. Fixes the "2nd phase commit must be issued using an idle connection" failure during recovery on managed datasources that pool connections with autoCommit=false (TomEE, WildFly, WebSphere Liberty).
  • fix: PGXAConnection.prepare() now mutates XA state only after PREPARE TRANSACTION succeeds. A failed PREPARE previously left the driver thinking the branch was already prepared, so the follow-up rollback(xid) tried ROLLBACK PREPARED against a non-existent gid and returned XAER_RMERR. Transaction managers (Narayana) escalated this to HeuristicMixedException. With the fix, rollback(xid) takes the active-branch path and issues a plain ROLLBACK, which the server accepts cleanly. Fixes Issue #​3153, Issue #​3123.
  • fix: an updatable result set over an unqualified table name is now classified using only the table visible through search_path. When two schemas held a table with the same name and the same primary or unique index name but a different set of key columns, the driver took the union of both schemas' columns, so the result set could be wrongly rejected as not updatable PR #​4214. Supersedes PR #​3400.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@codacy-production

codacy-production Bot commented Jul 3, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Coverage ∅ diff coverage · +0.68% coverage variation

Metric Results
Coverage variation +0.68% coverage variation (-1.00%)
Diff coverage diff coverage

View coverage diff in Codacy

Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (0145882) 15414 7583 49.20%
Head commit (3ded4a5) 6621 (-8793) 3302 (-4281) 49.87% (+0.68%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#1169) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@github-actions github-actions Bot added the size:S label Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🚨 OpenAPI Validation Failed 🚨

The OpenAPI specs in openapi.yaml differ from the generated version.
Please update the OpenAPI specs by running:

cd ./server
./gradlew :application-server:generateOpenApiDocs

Commit and push the updated file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants