Bump the all group with 7 updates

[dependabot]

Bumps the all group with 7 updates:

Package	From	To
org.http4k:http4k-server-netty	6.47.2.0	6.50.0.0
com.networknt:json-schema-validator	3.0.2	3.0.3
com.google.devtools.ksp:symbol-processing-api	2.3.8	2.3.9
com.google.devtools.ksp	2.3.8	2.3.9
ch.qos.logback:logback-classic	1.5.32	1.5.33
io.mockk:mockk	1.14.9	1.14.11
org.mongodb:mongodb-driver-kotlin-coroutine	5.7.0	5.8.0

Updates org.http4k:http4k-server-netty from 6.47.2.0 to 6.50.0.0

Release notes

Sourced from org.http4k:http4k-server-netty's releases.

6.50.0.0

Changelog:

• http4k-template-pug4j: [Unlikely break] Pug4jTemplates.HotReload now canonicalizes the resolved template path against baseTemplateDir and rejects any ViewModel.template() that escapes the base.
• http4k-security-digest: [Unlikely break] DigestAuthProvider.verify now also rejects credentials whose uri parameter does not match the actual request URL.
• http4k-ai-mcp-*: [Unlikely Break] MCP session and message IDs now derive from SecureRandom by default.
• http4k-security-oauth: [Unlikely break] OAuth server now persists a nonce for any openid scope (previously only CodeIdToken) and validateNonceAfterToken fail-closes when the token-endpoint id_token is missing or its nonce mismatches.
• http4k-format-xml: [Unlikely break] defaultXmlParsingConfig now sets disallow-doctype-decl and FEATURE_SECURE_PROCESSING, so Body.xml()/asXmlDocument() reject any document with a <!DOCTYPE>.
• http4k-webhook: [Unlikely break] ServerFilters.VerifyWebhookSignature now also rejects messages whose webhook-timestamp is more than tolerance away from clock.instant() (default tolerance 5.minutes, clock Clock.systemUTC()), per the Standard Webhooks scheme. Captures of valid webhooks can no longer be replayed indefinitely. Pass a Clock.fixed(...) to control timing in tests.
• http4k-multipart: [Unlikely break] MultipartFormBody.from, multipartIterator() and Body.multipartForm(...) cap the body at 10MB and 1000 parts by default. Pass maxStreamLength/maxPartCount to override.
• http4k-serverless-lambda: [Unlikely break] Single-value headers from API Gateway/ALB events are no longer split on commas; values that legitimately contain commas (e.g. X-Forwarded-For: client, proxy1, proxy2) now reach the handler intact. True multi-values continue to flow via multiValueHeaders.
• http4k-connect-github: [Fix] Header.X_HUB_SIGNATURE_256 lens no longer crashes on an X-Hub-Signature-256 header missing the sha256= prefix; VerifyGitHubSignatureSha256 now returns 401 for malformed signatures instead of 500.
• http4k-ai-llm-azure: [Fix] AzureClient now attaches the API key as an outbound Authorization: Bearer header (was wired to the inbound ServerFilters.BearerAuth checker.
• http4k-config: [Fix] Secret.toString() and Secret.hashCode() no longer expose a stable hash of the plaintext (was Secret(hashcode = <Arrays.hashCode-of-plaintext>)); Secret.equals returns false for non-Secret inputs instead of throwing ClassCastException.
• http4k-multipart: [Fix] A multipart part whose first header line begins with whitespace (a folded-header continuation with nothing to continue) now raises a ParseError instead of crashing with NullPointerException.
• http4k-ops-opentelemetry: [Fix] OpenTelemetry tracing strips user:pass@ userInfo from request URIs before writing them to span attributes (url.full, legacy http.url) and the default span name, so basic-auth-in-URL credentials no longer reach the tracing backend.
• http4k-security-oauth: [Fix] Server-side PKCE is now enforced — code_challenge is stored at authorize and an S256 code_verifier is required at token. code_challenge_method=plain is rejected per RFC 7636 §7.2.
• http4k-security-oauth: [Fix] Post-callback redirect strips scheme/authority and collapses leading / and \ runs, neutralizing open-redirects of the form //evil.com and /\evil.com.
• http4k-security-oauth: [Fix] AuthRequest is re-validated at AuthenticationComplete; CSRF/nonce compare is null/blank-safe; several redirectUri!! NPEs replaced with typed InvalidAuthorizationRequest.
• http4k-security-oauth: Adds opt-in requirePkce: Boolean = false on OAuthServer. When true, every authorize/token exchange must use PKCE (recommended per RFC 9700).
• http4k-security-oauth: [Fix] AuthServerDiscovery rejects a scheme-less resource pointing at root.
• http4k-security-oauth: requirePkce is exposed on the underlying GenerateAccessToken / GenerateAccessTokenForGrantType / AuthorizationCodeAccessTokenGenerator, mitigating potential PKCE downgrade.
• http4k-security-digest: [Fix] DigestAuthProvider.verify now hashes with the configured algorithm instead of hardcoded MD5.
• http4k-*: Secret-bearing value types are now hidden() so their raw value no longer surfaces in toString().

6.49.0.0

Changelog:

6.48.0.0

Changelog:

• http4k-*: Upgrade versions
• http4k-security-digest: [Break] Remove default Nonce verifier option so avoid bad config
• http4k-core: [Break] Deprecate BasicCookieStorage (rename to InsecureCookieStorage) and replace with RFC 6265 compliant DefaultCookieStorage. This should be a drop-in replacement.
• http4k-core: [Deprecation] Rename Java8HttpClient -> URLConnectionHttpCilent
• http4k-core: [Fix] Handle brace quantifiers in UriTemplate regex patterns. H/T @​ukman48
• http4k-connect-amazon-iamidentitycenter: Update amazon sso grant type wire values. H/T @​oharaandrew314
• http4k-connect-amazon-s3: Allow content streaming for S3 via connect H/T @​asadmanji
• http4k-core: Rejects illegal characters in Status description field (could break HTTP message)
• http4k-client-okhttp: Fix request streaming

Changelog

Sourced from org.http4k:http4k-server-netty's changelog.

v6.50.0.0

• http4k-template-pug4j: [Unlikely break] Pug4jTemplates.HotReload now canonicalizes the resolved template path against baseTemplateDir and rejects any ViewModel.template() that escapes the base.
• http4k-security-digest: [Unlikely break] DigestAuthProvider.verify now also rejects credentials whose uri parameter does not match the actual request URL.
• http4k-ai-mcp-*: [Unlikely Break] MCP session and message IDs now derive from SecureRandom by default.
• http4k-security-oauth: [Unlikely break] OAuth server now persists a nonce for any openid scope (previously only CodeIdToken) and validateNonceAfterToken fail-closes when the token-endpoint id_token is missing or its nonce mismatches.
• http4k-format-xml: [Unlikely break] defaultXmlParsingConfig now sets disallow-doctype-decl and FEATURE_SECURE_PROCESSING, so Body.xml()/asXmlDocument() reject any document with a <!DOCTYPE>.
• http4k-webhook: [Unlikely break] ServerFilters.VerifyWebhookSignature now also rejects messages whose webhook-timestamp is more than tolerance away from clock.instant() (default tolerance 5.minutes, clock Clock.systemUTC()), per the Standard Webhooks scheme. Captures of valid webhooks can no longer be replayed indefinitely. Pass a Clock.fixed(...) to control timing in tests.
• http4k-multipart: [Unlikely break] MultipartFormBody.from, multipartIterator() and Body.multipartForm(...) cap the body at 10MB and 1000 parts by default. Pass maxStreamLength/maxPartCount to override.
• http4k-serverless-lambda: [Unlikely break] Single-value headers from API Gateway/ALB events are no longer split on commas; values that legitimately contain commas (e.g. X-Forwarded-For: client, proxy1, proxy2) now reach the handler intact. True multi-values continue to flow via multiValueHeaders.
• http4k-connect-github: [Fix] Header.X_HUB_SIGNATURE_256 lens no longer crashes on an X-Hub-Signature-256 header missing the sha256= prefix; VerifyGitHubSignatureSha256 now returns 401 for malformed signatures instead of 500.
• http4k-ai-llm-azure: [Fix] AzureClient now attaches the API key as an outbound Authorization: Bearer header (was wired to the inbound ServerFilters.BearerAuth checker.
• http4k-config: [Fix] Secret.toString() and Secret.hashCode() no longer expose a stable hash of the plaintext (was Secret(hashcode = <Arrays.hashCode-of-plaintext>)); Secret.equals returns false for non-Secret inputs instead of throwing ClassCastException.
• http4k-multipart: [Fix] A multipart part whose first header line begins with whitespace (a folded-header continuation with nothing to continue) now raises a ParseError instead of crashing with NullPointerException.
• http4k-ops-opentelemetry: [Fix] OpenTelemetry tracing strips user:pass@ userInfo from request URIs before writing them to span attributes (url.full, legacy http.url) and the default span name, so basic-auth-in-URL credentials no longer reach the tracing backend.
• http4k-security-oauth: [Fix] Server-side PKCE is now enforced — code_challenge is stored at authorize and an S256 code_verifier is required at token. code_challenge_method=plain is rejected per RFC 7636 §7.2.
• http4k-security-oauth: [Fix] Post-callback redirect strips scheme/authority and collapses leading / and \ runs, neutralizing open-redirects of the form //evil.com and /\evil.com.
• http4k-security-oauth: [Fix] AuthRequest is re-validated at AuthenticationComplete; CSRF/nonce compare is null/blank-safe; several redirectUri!! NPEs replaced with typed InvalidAuthorizationRequest.
• http4k-security-oauth: Adds opt-in requirePkce: Boolean = false on OAuthServer. When true, every authorize/token exchange must use PKCE (recommended per RFC 9700).
• http4k-security-oauth: [Fix] AuthServerDiscovery rejects a scheme-less resource pointing at root.
• http4k-security-oauth: requirePkce is exposed on the underlying GenerateAccessToken / GenerateAccessTokenForGrantType / AuthorizationCodeAccessTokenGenerator, mitigating potential PKCE downgrade.
• http4k-security-digest: [Fix] DigestAuthProvider.verify now hashes with the configured algorithm instead of hardcoded MD5.
• http4k-*: Secret-bearing value types are now hidden() so their raw value no longer surfaces in toString().

v6.49.0.0

• http4k-*: Upgrade versions
• http4k-core: [Break] reverseProxy()/reverseProxyRouting() now default to Exact host matching instead of Contains, so a request Host header that merely contains a configured virtual host (e.g. host1.evil.com for vhost host1) no longer routes to it. Pass matcher = Contains to opt back into substring matching.
• http4k-core: [Unlikely break] ExecutorService.withRequestTracing() applies a defaultTimeout (60s by default, configurable) to the untimed invokeAll/invokeAny so a slow or dead task can no longer pin pool threads indefinitely. No code change needed; only affects callers whose tasks legitimately ran longer than default.
• http4k-core: [Unlikely break] Header.AUTHORIZATION_BASIC / Request.basicAuthentication() now return null for any malformed Basic credentials (wrong scheme, invalid base64, or no colon in the decoded value) instead of manufacturing Credentials("", ""). Lets callers reliably distinguish absent/invalid credentials from genuinely empty ones.
• http4k-server-netty: [Unlikely break] Cap aggregated request body size at 10MB (was unbounded ~2GB) to prevent OOM; oversized requests now get a 413 Request Entity Too Large. Duplicate and modify the Netty class if you need a different limit.
• http4k-core: [Unlikely break] Cap GZip decompression at 10MB (was unbounded) to prevent possible OOM; oversized requests through ServerFilters.GZip/RequestFilters.GunZip now get a 413 Request Entity Too Large, and decompressing elsewhere throws SizeLimitExceededException. Duplicate and modify the Gzip functions if you need a different limit.
• http4k-core: [Unlikely break] ServerFilters.Cors no longer emits the spec-invalid Access-Control-Allow-Origin: * together with Access-Control-Allow-Credentials: true.
• http4k-core: [Fix] bearerToken() extracts the token for any casing of the Bearer scheme (e.g. BEARER), instead of returning the raw header value.
• http4k-core: [Fix] Improve safe path parsing in ResourceLoader.Classpath
• http4k-core: [Deprecation] Add Sha256 (with hash and hmac) and deprecate HmacSha256, whose hash was misleadingly unkeyed SHA-256. Replace HmacSha256.hash/hmacSHA256 with Sha256.hash/Sha256.hmac.
• http4k-connect-openfeature: [New module] Standard OpenFeature Remote Evaluation Protocol client
• http4k-connect-openfeature-fake: [New module] Fake to setup and evaluate OpenFeature flags
• http4k-ops-openfeature: [New module] Support for plugging OpenFeature into request chain, including typesafe lenses for extracting flags from prinicpal and context during request processing.
• http4k-bridge-vertx: Stream request and response bodies instead of buffering.
• http4k-bridge-ratpack: Stream request and response bodies instead of buffering.

v6.48.0.0

• http4k-*: Upgrade versions
• http4k-security-digest: [Break] Remove default Nonce verifier option so avoid bad config
• http4k-core: [Break] Deprecate BasicCookieStorage (rename to InsecureCookieStorage) and replace with RFC 6265 compliant DefaultCookieStorage. This should be a drop-in replacement.
• http4k-core: [Deprecation] Rename Java8HttpClient -> URLConnectionHttpCilent
• http4k-core: [Fix] Handle brace quantifiers in UriTemplate regex patterns. H/T @​ukman48
• http4k-connect-amazon-iamidentitycenter: Update amazon sso grant type wire values. H/T @​oharaandrew314
• http4k-connect-amazon-s3: Allow content streaming for S3 via connect H/T @​asadmanji
• http4k-core: Rejects illegal characters in Status description field (could break HTTP message)
• http4k-client-okhttp: Fix request streaming

Commits

• cf738c1 Release 6.50.0.0
• 725f1b9 Harden template path and digest credential validation.
• b22c1c3 Add default size limits to MultipartFormBody and multipartIterator
• c51ae36 Clarify FreeMarker template security: warn that configuration is caller-suppl...
• 85c827c Clarify token validation and principal population in ServerFilters.
• c0cfaf5 Harden XML parsing: reject \<!DOCTYPE> and billion-laughs using `defaultXmlP...
• be70c11 Switch from kotlin.random.Random to java.util.Random and default to `Secu...
• 2e9d84e Hash inputs before constant-time comparison in secureEquals,
• dae878f Use MessageDigest.isEqual for constant-time Secret comparison
• 65d23d9 Fix DigestAuthProvider to use configured algorithm instead of hardcoded MD5
• Additional commits viewable in compare view

Updates com.networknt:json-schema-validator from 3.0.2 to 3.0.3

Release notes

Sourced from com.networknt:json-schema-validator's releases.

3.0.3- 2026-05-27

Added

Changed

• fixes #1246 Coercion bug (#1247)
• Cleanup of IOException leftovers after update to jackson3 (#1244) Thanks @​afiluba

Changelog

Sourced from com.networknt:json-schema-validator's changelog.

Change Log

All notable changes to this project will be documented in this file.

This format is based on Keep a Changelog.

This project does not adhere to Semantic Versioning and minor version changes can have incompatible API changes. These incompatible API changes will largely affect those who have custom validator or walker implementations. Those who just use the library to validate using the standard JSON Schema Draft specifications may not need changes.

[Unreleased]

Added

Changed

Changed

3.0.3- 2026-05-27

Added

Changed

• fixes #1246 Coercion bug (#1247)
• Cleanup of IOException leftovers after update to jackson3 (#1244) Thanks @​afiluba

3.0.2- 2026-04-14

Added

Changed

• Upgrade Jackson from 3.1.0 to 3.1.1 to fix CWE-770 (#1236) Thanks @​cjun-coveo
• Support handling of non-finite numbers if present (#1241) Thanks @​justin-tay

3.0.1- 2026-03-10

Added

Changed

• Upgrade Jackson from 3.0.3 to 3.1.0 to fix CVE-2026-29062 (#1236) Thanks @​AhsanSheraz
• Fix minimum maximum validators with type array (#1227) Thanks @​justin-tay
• Add method to SpecificationVersion to determine from schema node (#1221) Thanks @​justin-tay
• update contributor list in README.md

3.0.0- 2025-12-13

Added

Changed

... (truncated)

Commits

• 7407ddd upgrade to 3.0.3 and update changelog
• 07b694b fixes #1246 Coercion bug (#1247)
• 9df7d32 Merge branch 'master' of github.com:networknt/json-schema-validator
• 2686725 add gitignore
• 331ced5 Cleanup of IOException leftovers after update to jackson3 (#1244)
• See full diff in compare view

Updates com.google.devtools.ksp:symbol-processing-api from 2.3.8 to 2.3.9

Release notes

Sourced from com.google.devtools.ksp:symbol-processing-api's releases.

2.3.9

What's Changed

• Cleaned up native cross-compilation support checks to prevent Gradle Configuration Cache invalidation (#2953)
• Fixed a compilation performance regression in in PsiResolutionStrategy introduced in 2.3.8 (#2948)

Contributors

• Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.8...2.3.9

Commits

• 799f6c1 Add unused test
• 0410308 return to using kgp api but gate with if statement
• 3b0ae6d Consolidate klib cross-compilation support check on KGP property
• 9746fb5 Add test for self referencing type variables
• b61da98 Fix release branch cherry-picking
• 555120d Add copyright header
• 1a80a30 Revert "Refactor CollectAnnotatedSymbolsPsiVisitor"
• b6684d4 Update auto-merge.yml to 2.3.9-release branch
• d350521 Add test for context parameters
• 811dbfe Merge test directories
• Additional commits viewable in compare view

Updates com.google.devtools.ksp from 2.3.8 to 2.3.9

Release notes

Sourced from com.google.devtools.ksp's releases.

2.3.9

What's Changed

• Cleaned up native cross-compilation support checks to prevent Gradle Configuration Cache invalidation (#2953)
• Fixed a compilation performance regression in in PsiResolutionStrategy introduced in 2.3.8 (#2948)

Contributors

• Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.8...2.3.9

Commits

• 799f6c1 Add unused test
• 0410308 return to using kgp api but gate with if statement
• 3b0ae6d Consolidate klib cross-compilation support check on KGP property
• 9746fb5 Add test for self referencing type variables
• b61da98 Fix release branch cherry-picking
• 555120d Add copyright header
• 1a80a30 Revert "Refactor CollectAnnotatedSymbolsPsiVisitor"
• b6684d4 Update auto-merge.yml to 2.3.9-release branch
• d350521 Add test for context parameters
• 811dbfe Merge test directories
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.33

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• b768a96 remove spurious java.swing.* import
• 12cf2c5 classes in java.lang and java.util are now whitelisted individually
• e9133ed fix typo
• 47089a2 added Filip Egeric icla
• 85735f7 Modified ConversionRuleAction.java: Updated validPreconditions() to
• 614f7a7 the official name for initial instructions file foe coding agents is AGENTS.md
• fe50bb5 fix: do not warn when both converterClass and class attributes are specified ...
• Additional commits viewable in compare view

Updates io.mockk:mockk from 1.14.9 to 1.14.11

Release notes

Sourced from io.mockk:mockk's releases.

v1.14.11

What's Changed

• fix: added SameInstanceMatcher to handle an issue with equals method when using EqMatcher along with a mock to an object by @​DOssaA in mockk/mockk#1508
• Add scoped confirmVerified overloads for callables (KFunction and KProperty) by @​DOssaA in mockk/mockk#1513
• feat: support MockKAnnotation.useDependencyOrder for JUnit 5 by @​ilia1243 in mockk/mockk#1515
• Allow updating settings from code by @​Yentis in mockk/mockk#1517
• Add currentThread filter and excluded mocks to clearAllStubsFromMemory by @​evgenru in mockk/mockk#1519
• Support new Kotlin annotation defaulting rule for @​InjectMockKs by @​ZzAve in mockk/mockk#1525
• feat(dsl): Add context parameters support module (#1431) by @​faraz152 in mockk/mockk#1521
• fix: resolve @​InjectMockKs dependency order for interface by @​neungs-2 in mockk/mockk#1526
• fix: resolve @​InjectMockKs dependency order for list injection by @​ilia1243 in mockk/mockk#1527
• fix: extract native lib from APK when not on filesystem (AGP 8.5+) by @​snowykte0426 in mockk/mockk#1529
• fix: support OpenJ9 in JvmAutoHinter by @​hspedro in mockk/mockk#1530

New Contributors

• @​DOssaA made their first contribution in mockk/mockk#1508
• @​ilia1243 made their first contribution in mockk/mockk#1515
• @​Yentis made their first contribution in mockk/mockk#1517
• @​evgenru made their first contribution in mockk/mockk#1519
• @​ZzAve made their first contribution in mockk/mockk#1525
• @​faraz152 made their first contribution in mockk/mockk#1521
• @​hspedro made their first contribution in mockk/mockk#1530

Full Changelog: mockk/mockk@1.14.9...v1.14.11

Commits

• d5617fc Version bump for v1.14.11
• d4e6a00 Merge pull request #1530 from hspedro/fix/726-openj9-classcast-message-format
• 98e91bc fix: handle OpenJ9 CCE message in JvmAutoHinter
• 945f746 Merge pull request #1529 from snowykte0426/fix/1273-jvmtiagent-agp85-native-l...
• 35cc073 [ 1273-jvmtiagent ] chore: stop tracking .claude/scheduled_tasks.lock
• d6aa82b [ 1273-jvmtiagent ] chore: drop useLegacyPackaging workaround
• 85a907c [ 1273-jvmtiagent ] chore: apply spotless formatting
• 7d9aec1 [ 1273-jvmtiagent ] fix: extract .so when findLibrary returns a path with '='
• 1d5d30e [ 1273-jvmtiagent ] test: verify findLibrary resolves mockkjvmtiagent to a va...
• 21a6a3a [ 1273-jvmtiagent]fix: pass findLibrary path directly to attach JvmtiAgent
• Additional commits viewable in compare view

Updates org.mongodb:mongodb-driver-kotlin-coroutine from 5.7.0 to 5.8.0

Release notes

Sourced from org.mongodb:mongodb-driver-kotlin-coroutine's releases.

Java Driver 5.8.0 (May 28, 2026)

What's Changed

🔥 Enhancements

• Added typed builder API for vector search index definitions #1960 by @​rozza
• Added $rerank aggregation stage support (MongoDB 8.3 / Atlas) #1963 by @​rozza
• Added vectorSearch operator support for the $search pipeline stage #1962 by @​rozza
• Added storedSource support for vector search indexes and returnStoredSource for $vectorSearch queries #1977 by @​rozza
• Added BinaryVector and VectorSearchQuery vectorSearch overloads to the Scala driver #1986 by @​rozza
• Optimized RawBsonDocument encode and decode by eliminating intermediate allocations #1988 by @​rozza
• Preliminary refactoring for backpressure support #1952 by @​stIncMale
• Small improvements related to value-based classes #1964 by @​stIncMale

🛠 Fixes

• Fixed OSGi bundle resolution failure when Micrometer is not present #1982 by @​rozza
• Added missing Javadoc to MongodbObservation and MongodbObservationContext by @​rozza

📦 Dependency Updates

• Upgraded libmongocrypt to 1.18.1 #1983 by @​strogiyotec

🧪 Testing & CI

• Added AGENTS.md for AI coding agent support across all modules by @​rozza
• Added test cases for new auto-embedding index fields #1936 by @​strogiyotec
• Added Scala 3 to publish.sh #1958 by @​rozza
• Fixed NamespaceExists test failure #1956 by @​nhachicha
• Simplified RetryState creation as preliminary backpressure work #1961 by @​stIncMale
• Made RetryState.isLastAttempt private and simplified code #1967 by @​stIncMale

New Contributors

• @​techbelle made their first contribution in mongodb/mongo-java-driver#1972

Verifying artifact signatures

Please refer to https://www.mongodb.com/docs/drivers/java/sync/current/security/validate-signatures/ for the full procedure.

To download and import the public key for verifying signatures, execute

gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 1a75005e142192223d6a7c3b76e0008d166740a8

Full Changelog: mongodb/mongo-java-driver@r5.7.0...r5.8.0

Commits

• 6024ca9 Version: bump 5.8.0
• f3bbdb2 Add BinaryVector and VectorSearchQuery vectorSearch overloads to Scala driver...
• 966abab Upgrade libmongocrypt version to 1.18.1 (#1983)
• 98e0761 Optimize RawBsonDocument encode and decode by eliminating intermediate alloca...
• 40ee8d5 Fix NamespaceExists test failure (#1956)
• 541af75 Mark micrometer OSGi imports as optional and add bundle resolution test (#1982)
• cd6c045 Add storedSource support for vector search indexes and returnStoredSource for...
• 717da9c Revert "Resolve TLS channel address before opening socket" (#1979)
• 58122f6 Add vectorSearch operator for $search pipeline stage (#1962)
• 13d4aef Resolve TLS channel address before opening socket
• Additional commits viewable in compare view

Updates com.google.devtools.ksp from 2.3.8 to 2.3.9

Release notes

Sourced from com.google.devtools.ksp's releases.

2.3.9

What's Changed

• Cleaned up native cross-compilation support checks to prevent Gradle Configuration Cache invalidation (#2953)
• Fixed a compilation performance regression in in PsiResolutionStrategy introduced in 2.3.8 (#2948)

Contributors

• Thanks to everyone who reported bugs and participated in discussions!

Full Changelog: google/ksp@2.3.8...2.3.9

Commits

• 799f6c1 Add unused test
• 0410308 return to using kgp api but gate with if statement
• 3b0ae6d Consolidate klib cross-compilation support check on KGP property
• 9746fb5 Add test for self referencing type variables
• b61da98 Fix release branch cherry-picking
• 555120d Add copyright header
• 1a80a30 Revert "Refactor CollectAnnotatedSymbolsPsiVisitor"
• b6684d4 Update auto-merge.yml to 2.3.9-release branch
• d350521 Add test for context parameters
• 811dbfe Merge test directories
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions