Update all non-major dependencies

.github/workflows/build-mariadb.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-24.04
     services:
         mariad:
-            image: mariadb:11.5
+            image: mariadb:11.7
             ports:
                 - 3306:3306
             env:

.github/workflows/build-mysql.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-24.04
     services:
         mariad:
-            image: mysql:9.1
+            image: mysql:9.2
             ports:
                 - 3306:3306
             env:

.github/workflows/build-postgresql.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-24.04
     services:
         postgresql:
-            image: postgres:17.2
+            image: postgres:17.4
             ports:
                 - 5432:5432
             env:

build.gradle

@@ -97,17 +97,17 @@ plugins {
     id 'com.github.hierynomus.license' version '0.16.1' apply false
     id 'com.github.jk1.dependency-license-report' version '2.9' apply false
     id 'org.zeroturnaround.gradle.jrebel' version '1.2.0' apply false
-    id 'org.springframework.boot' version '3.3.5' apply false
+    id 'org.springframework.boot' version '3.3.9' apply false
     id 'net.ltgt.errorprone' version '4.1.0' apply false
     id 'io.swagger.core.v3.swagger-gradle-plugin' version '2.2.23' apply false
     id 'com.gorylenko.gradle-git-properties' version '2.4.2' apply false
     id 'org.asciidoctor.jvm.convert' version '3.3.2' apply false
     id 'org.asciidoctor.jvm.pdf' version '3.3.2' apply false
     id 'com.google.cloud.tools.jib' version '3.4.4' apply false
     id 'org.sonarqube' version '6.0.1.5171'
-    id 'com.github.andygoossens.modernizer' version '1.10.0' apply false
+    id 'com.github.andygoossens.modernizer' version '1.11.0' apply false
     // TODO: upgrade to 6.0.4
-    id 'com.github.spotbugs' version '6.0.26' apply false
+    id 'com.github.spotbugs' version '6.1.6' apply false
     id 'se.thinkcode.cucumber-runner' version '0.0.11' apply false
     id "com.github.davidmc24.gradle.plugin.avro-base" version "1.9.1" apply false
     id 'org.openapi.generator' version '7.8.0' apply false

buildSrc/build.gradle

@@ -20,7 +20,7 @@
 import static org.slf4j.LoggerFactory.*
 
 plugins {
-    id 'io.spring.dependency-management' version '1.1.6'
+    id 'io.spring.dependency-management' version '1.1.7'
     id 'groovy'
     id 'java-gradle-plugin'
     id 'groovy-gradle-plugin'

buildSrc/src/main/groovy/org.apache.fineract.dependencies.gradle

@@ -23,59 +23,59 @@ apply plugin: 'io.spring.dependency-management'
 dependencyManagement {
     imports {
         mavenBom 'com.squareup.okhttp3:okhttp-bom:4.12.0'
-        mavenBom 'org.slf4j:slf4j-bom:2.0.16'
-        mavenBom 'io.micrometer:micrometer-bom:1.13.6'
-        mavenBom 'org.springframework:spring-framework-bom:6.1.14'
-        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.3.5'
-        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.2.1'
-        mavenBom 'io.opentelemetry:opentelemetry-bom:1.44.1'
-        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.0.21'
-        mavenBom 'org.junit:junit-bom:5.11.3'
-        mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.1'
-        mavenBom 'io.cucumber:cucumber-bom:7.20.1'
-        mavenBom 'io.netty:netty-bom:4.1.114.Final'
-        mavenBom 'org.mockito:mockito-bom:5.14.2'
-        mavenBom 'software.amazon.awssdk:bom:2.29.9'
-        mavenBom 'io.github.resilience4j:resilience4j-bom:2.2.0'
+        mavenBom 'org.slf4j:slf4j-bom:2.0.17'
+        mavenBom 'io.micrometer:micrometer-bom:1.14.4'
+        mavenBom 'org.springframework:spring-framework-bom:6.2.3'
+        mavenBom 'org.springframework.boot:spring-boot-dependencies:3.3.9'
+        mavenBom 'io.awspring.cloud:spring-cloud-aws-dependencies:3.3.0'
+        mavenBom 'io.opentelemetry:opentelemetry-bom:1.47.0'
+        mavenBom 'org.jetbrains.kotlin:kotlin-bom:2.1.10'
+        mavenBom 'org.junit:junit-bom:5.12.0'
+        mavenBom 'com.fasterxml.jackson:jackson-bom:2.18.3'
+        mavenBom 'io.cucumber:cucumber-bom:7.21.1'
+        mavenBom 'io.netty:netty-bom:4.1.119.Final'
+        mavenBom 'org.mockito:mockito-bom:5.15.2'
+        mavenBom 'software.amazon.awssdk:bom:2.30.31'
+        mavenBom 'io.github.resilience4j:resilience4j-bom:2.3.0'
     }
 
     dependencies {
         // We use fixed versions, instead of inheriting them from the Spring BOM, to be able to be on more recent ones.
         // We do not use :+ to get the latest available version available on Maven Central, as that could suddenly break things.
         // We use the Renovate Bot to automatically propose Pull Requests (PRs) when upgrades for all of these versions are available.
 
-        dependency 'ch.qos.logback:logback-core:1.5.12'
-        dependency 'ch.qos.logback:logback-classic:1.5.12'
+        dependency 'ch.qos.logback:logback-core:1.5.17'
+        dependency 'ch.qos.logback:logback-classic:1.5.17'
         dependency 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
         dependency 'ch.qos.logback.contrib:logback-jackson:0.1.5'
         dependency 'org.codehaus.janino:janino:3.1.12'
 
 
         dependency 'org.eclipse.persistence:org.eclipse.persistence.jpa:4.0.2'
         dependency 'com.google.guava:guava:32.0.0-jre'
-        dependency 'com.google.code.gson:gson:2.11.0'
-        dependency 'com.google.googlejavaformat:google-java-format:1.24.0'
+        dependency 'com.google.code.gson:gson:2.12.1'
+        dependency 'com.google.googlejavaformat:google-java-format:1.25.2'
         dependency 'org.apache.commons:commons-collections4:4.4'
-        dependency ('software.amazon.msk:aws-msk-iam-auth:2.2.0') {
+        dependency ('software.amazon.msk:aws-msk-iam-auth:2.3.0') {
             exclude 'commons-logging:commons-logging:'
         }
         dependency ('org.apache.commons:commons-email:1.6.0') {
             exclude 'com.sun.mail:javax.mail'
             exclude 'javax.activation:activation'
         }
-        dependency 'commons-io:commons-io:2.17.0'
+        dependency 'commons-io:commons-io:2.18.0'
         dependency 'com.github.librepdf:openpdf:2.0.3'
         dependency ('org.mnode.ical4j:ical4j:3.2.19') {
             exclude 'com.sun.mail:javax.mail'
             exclude 'org.codehaus.groovy:groovy'
         }
-        dependency 'org.apache.commons:commons-csv:1.12.0'
-        dependency 'org.quartz-scheduler:quartz:2.3.2'
+        dependency 'org.apache.commons:commons-csv:1.13.0'
+        dependency 'org.quartz-scheduler:quartz:2.5.0'
         dependency 'org.ehcache:ehcache:3.10.8'
         dependency 'com.github.spullara.mustache.java:compiler:0.9.14'
         dependency 'com.jayway.jsonpath:json-path:2.9.0'
-        dependency 'org.apache.tika:tika-core:2.9.2'
-        dependency ('org.apache.tika:tika-parser-microsoft-module:2.9.2') {
+        dependency 'org.apache.tika:tika-core:2.9.3'
+        dependency ('org.apache.tika:tika-parser-microsoft-module:2.9.3') {
             exclude 'org.bouncycastle:bcprov-jdk15on'
             exclude 'org.bouncycastle:bcmail-jdk15on'
             exclude 'org.bouncycastle:bcprov-jdk18on'
@@ -115,12 +115,12 @@ dependencyManagement {
         dependency 'jakarta.management.j2ee:jakarta.management.j2ee-api:1.1.4'
         dependency 'jakarta.jms:jakarta.jms-api:3.1.0'
         dependency 'jakarta.ws.rs:jakarta.ws.rs-api:3.1.0'
-        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.9'
+        dependency 'org.glassfish.jersey.media:jersey-media-multipart:3.1.10'
         dependency 'org.glassfish.jaxb:jaxb-runtime:2.3.6' // Swagger needs exactly this version
         dependency 'org.apache.bval:org.apache.bval.bundle:3.0.1'
-        dependency 'joda-time:joda-time:2.13.0'
+        dependency 'joda-time:joda-time:2.13.1'
 
-        dependency 'io.github.classgraph:classgraph:4.8.177'
+        dependency 'io.github.classgraph:classgraph:4.8.179'
         dependency 'org.awaitility:awaitility:4.2.2'
         // TODO: upgrade to 4.8.3
         dependency 'com.github.spotbugs:spotbugs-annotations:4.8.6'
@@ -150,16 +150,16 @@ dependencyManagement {
         dependency "org.apache.oltu.oauth2:org.apache.oltu.oauth2.httpclient4:1.0.1"
         dependency "io.gsonfire:gson-fire:1.9.0"
         dependency "com.google.code.findbugs:jsr305:3.0.2"
-        dependency "commons-codec:commons-codec:1.17.1"
-        dependency "org.projectlombok:lombok:1.18.34"
+        dependency "commons-codec:commons-codec:1.18.0"
+        dependency "org.projectlombok:lombok:1.18.36"
 
-        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.79'
-        dependency 'org.bouncycastle:bcprov-jdk15to18:1.79'
+        dependency 'org.bouncycastle:bcpkix-jdk15to18:1.80'
+        dependency 'org.bouncycastle:bcprov-jdk15to18:1.80'
         dependency 'org.bouncycastle:bcprov-jdk15on:1.70'
         dependency 'org.bouncycastle:bcpg-jdk15on:1.70'
 
         dependency 'org.eclipse.jgit:org.eclipse.jgit:6.10.0.202406032230-r'
-        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.0.0.202409031743-r'
+        dependency 'org.eclipse.jgit:org.eclipse.jgit.ssh.apache:7.1.0.202411261347-r'
 
         dependency 'org.tmatesoft.svnkit:svnkit:1.10.11'
         dependency 'com.vdurmont:semver4j:3.1.0'
@@ -169,9 +169,9 @@ dependencyManagement {
             exclude 'io.swagger.core.v3:swagger-core'
         }
 
-        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.21.0'
+        dependency 'com.google.cloud.sql:mysql-socket-factory-connector-j-8:1.23.1'
 
-        dependency ('org.apache.activemq:activemq-client:6.1.3') {
+        dependency ('org.apache.activemq:activemq-client:6.1.5') {
             exclude 'javax.annotation:javax.annotation-api'
         }
 
@@ -193,7 +193,7 @@ dependencyManagement {
             exclude 'jakarta.activation:jakarta.activation-api'
         }
 
-        dependency ('org.liquibase:liquibase-core:4.30.0') {
+        dependency ('org.liquibase:liquibase-core:4.31.1') {
             exclude 'javax.xml.bind:jaxb-api'
         }
         dependency 'org.liquibase.ext:liquibase-postgresql:4.30.0.1'
@@ -205,46 +205,46 @@ dependencyManagement {
             exclude 'pull-parser:pull-parser'
         }
 
-        dependency 'org.owasp.esapi:esapi:2.5.5.0'
-        dependency 'org.awaitility:awaitility:4.2.2'
+        dependency 'org.owasp.esapi:esapi:2.6.0.0'
+        dependency 'org.awaitility:awaitility:4.3.0'
 
         dependencySet(group: 'org.apache.poi', version: '5.3.0') {
             entry 'poi'
             entry 'poi-ooxml'
             entry 'poi-ooxml-schemas'
         }
 
-        dependencySet(group: 'io.rest-assured', version: '5.5.0') {
+        dependencySet(group: 'io.rest-assured', version: '5.5.1') {
             entry 'rest-assured'
             entry 'json-path'
             entry 'xml-path'
         }
-        dependency 'org.apache.groovy:groovy-xml:4.0.24'
-        dependency 'org.apache.groovy:groovy-json:4.0.24'
+        dependency 'org.apache.groovy:groovy-xml:4.0.26'
+        dependency 'org.apache.groovy:groovy-json:4.0.26'
 
         dependency 'org.mapstruct:mapstruct:1.6.3'
         dependency 'org.mapstruct:mapstruct-processor:1.6.3'
 
         dependency "org.apache.avro:avro:1.12.0"
 
-        dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.0') {
+        dependency ('org.mariadb.jdbc:mariadb-java-client:3.5.2') {
             exclude 'org.slf4j:jcl-over-slf4j'
             exclude 'org.slf4j:slf4j-api'
         }
 
-        dependency 'org.postgresql:postgresql:42.7.4'
+        dependency 'org.postgresql:postgresql:42.7.5'
 
-        dependency 'org.assertj:assertj-core:3.26.3'
+        dependency 'org.assertj:assertj-core:3.27.3'
 
         dependency 'org.apache.commons:commons-math3:3.6.1'
 
         dependency 'org.mockito:mockito-inline:5.2.0'
 
         dependency 'com.github.tomakehurst:wiremock-standalone:3.0.1'
 
-        dependency 'io.cucumber:cucumber-java:7.20.1'
-        dependency 'io.cucumber:cucumber-java8:7.20.1'
-        dependency 'io.cucumber:cucumber-junit-platform-engine:7.20.1'
-        dependency 'io.cucumber:cucumber-spring:7.20.1'
+        dependency 'io.cucumber:cucumber-java:7.21.1'
+        dependency 'io.cucumber:cucumber-java8:7.21.1'
+        dependency 'io.cucumber:cucumber-junit-platform-engine:7.21.1'
+        dependency 'io.cucumber:cucumber-spring:7.21.1'
     }
 }

docker-compose-postgresql-kafka.yml

@@ -20,7 +20,7 @@
 version: "3.7"
 services:
   kafka:
-    image: "bitnami/kafka:3.8.1-debian-12-r1"
+    image: "bitnami/kafka:3.9.0-debian-12-r11"
     ports:
       - "9092:9092"
     env_file:

fineract-document/build.gradle

@@ -69,7 +69,8 @@ modernizer {
     ignoreClassNamePatterns = [
         '.*AbstractPersistableCustom',
         '.*EntityTables',
-        '.*domain.*'
+        '.*domain.*',
+        '.*FileSystemContentRepository'
     ]
 }
 

fineract-provider/build.gradle

@@ -123,7 +123,12 @@ modernizer {
     ignoreClassNamePatterns = [
         '.*AbstractPersistableCustom',
         '.*EntityTables',
-        '.*domain.*'
+        '.*domain.*',
+        '.*BulkImportWorkbookServiceImpl',
+        '.*ExecuteEmailTasklet',
+        '.*ExecuteReportMailingJobsTasklet',
+        '.*ReadReportingServiceImpl',
+        '.*PdfDatatableReportExportService'
     ]
 }
 

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

settings.gradle

@@ -19,7 +19,7 @@
 
 plugins {
     id 'com.gradle.develocity' version '3.18.2'
-    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2'
+    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.1'
 }
 
 def isCI = System.getenv('JENKINS_URL') != null