Bump the java-production-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the java-production-dependencies group with 6 updates in the / directory:

Package	From	To
org.cryptomator:siv-mode	1.5.2	1.6.0
org.bouncycastle:bcpkix-jdk18on	1.78.1	1.80
com.google.code.gson:gson	2.11.0	2.12.1
com.google.guava:guava	33.3.0-jre	33.4.0-jre
org.slf4j:slf4j-api	2.0.16	2.0.17
org.slf4j:slf4j-simple	2.0.16	2.0.17

Updates org.cryptomator:siv-mode from 1.5.2 to 1.6.0

Release notes

Sourced from org.cryptomator:siv-mode's releases.

1.6.0

Maven Coordinates

  <dependency>
    <groupId>org.cryptomator</groupId>
    <artifactId>siv-mode</artifactId>
    <version>1.6.0</version>
  </dependency>

Artifact Checksums

af7657d31f84edc631efad0a26871b18705aab9578fad329bbaccd0028a3ca5b  target/original-siv-mode-1.6.0.jar
e5ed02d246f0a413234f6c45322683d4a9071fc14a7f64a836ef2817cf152441  target/siv-mode-1.6.0-javadoc.jar
25b297b2a084c025c3af6a70b4a3ab40381469f532a276d0caef23990392abe7  target/siv-mode-1.6.0-sources.jar
355ca14cd4d95a498a1dfa3108ea885447db0a91ccd2e3b6f9a4de6a2f035a2d  target/siv-mode-1.6.0.jar

See README.md section regarding reproducing this build.

What's Changed

Added

• encrypt(SecretKey key, byte[] plaintext, byte[]... associatedData) and decrypt(SecretKey key, byte[] ciphertext, byte[]... associatedData) using a single 256, 384, or 512 bit key

Other Changes 📎

• Hardening the CI in relation to PRs by @​SailReal in cryptomator/siv-mode#53
• Update org.owasp:dependency-check-maven by @​infeo in cryptomator/siv-mode#56

New Contributors

• @​SailReal made their first contribution in cryptomator/siv-mode#53

Full Changelog: cryptomator/siv-mode@1.5.2...1.6.0

Changelog

Sourced from org.cryptomator:siv-mode's changelog.

1.6.0

Added

• This CHANGELOG file
• encrypt(SecretKey key, byte[] plaintext, byte[]... associatedData) and decrypt(SecretKey key, byte[] ciphertext, byte[]... associatedData) using a single 256, 384, or 512 bit key

Changed

• use maven-gpg-plugin's bc-based signer

Commits

• 01fde51 Merge branch 'release/1.6.0'
• a9f31ab prepare 1.6.0
• 8e5ec19 add a changelog
• 7fd5875 use BC signer for maven-gpg-plugin
• 540397c Bump the maven-build-plugins group across 1 directory with 6 updates (#60)
• e046d59 Bump the java-test-dependencies group across 1 directory with 4 updates (#58)
• 59a2551 convenience method for sole 256, 384, 512 bit key
• 5529c38 fix grammar mistake in javadoc
• f37781e Update org.owasp:dependency-check-maven from 9.2.0 to 10.0.2 (#56)
• eb67103 Merge pull request #53 from cryptomator/ci-hardening
• Additional commits viewable in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.78.1 to 1.80

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      2025, 14th January.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.code.gson:gson from 2.11.0 to 2.12.1

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.12.1

The only difference between this release and 2.12.0 is that OSGi declarations in the Gson jar now specify that com.google.errorprone.annotations is an optional dependency, not a required one. If you do not use OSGi then there is no effective change.

Gson 2.12.0

What's Changed

The biggest change is that we no longer support Java 7. People who still need to run on Java 7 will need to use an earlier version of Gson.

Other changes:

• Allow registering adapters for JsonElement again by @​Marcono1234 in google/gson#2789
• Add nesting limit for JsonReader by @​Marcono1234 in google/gson#2588
• Add @CheckReturnValue to our packages. by @​cpovirk in google/gson#2693
• Add NullSafeTypeAdapter to prevent TypeAdapter.nullSafe() from returning nested null-safe type adapters (#2729) by @​lyubomyr-shaydariv in google/gson#2731
• Support Properties subclasses in GsonTypes.getMapKeyAndValueTypes by @​panic08 in google/gson#2758
• Enforce rawType to be a Class in ParameterizedTypeImpl by @​panic08 in google/gson#2759
• Remove AccessController usage for enum adapter by @​Marcono1234 in google/gson#2704
• Fix typeArguments array not being cloned when resolving ParameterizedType with changed owner by @​TBlueF in google/gson#2706
• Remove duplicated declaration of required OSGi execution environment by @​HannesWell in google/gson#2711
• Move bnd.bnd file configuration into 'bnd' element of bnd-maven-plugin by @​HannesWell in google/gson#2712
• Move enum and JsonElement adapter classes to separate class files by @​Marcono1234 in google/gson#2727
• EnumTypeAdapter constructor optimization by @​esaulpaugh in google/gson#2734
• OSGi / bnd: Remove the self-Import of gson.annotations by @​chrisrueger in google/gson#2735

New Contributors

• @​cpovirk made their first contribution in google/gson#2693
• @​jabagawee made their first contribution in google/gson#2701
• @​TBlueF made their first contribution in google/gson#2706
• @​HannesWell made their first contribution in google/gson#2711
• @​esaulpaugh made their first contribution in google/gson#2734
• @​chrisrueger made their first contribution in google/gson#2735
• @​panic08 made their first contribution in google/gson#2756

Full Changelog: google/gson@gson-parent-2.11.0...gson-parent-2.12.0

Commits

• 29e3d1d [maven-release-plugin] prepare release gson-parent-2.12.1
• be456cf Make the import of com.google.errorprone optional (#2795)
• b2e26fa Bump the github-actions group with 3 updates (#2785)
• 10bdd6d Simplify collection type adapters slightly. (#2791)
• ab9c54f [maven-release-plugin] prepare for next development iteration
• aaf7a12 [maven-release-plugin] prepare release gson-parent-2.12.0
• a2b1c3c Allow registering adapters for JsonElement again (#2789)
• e5dce84 Bump the maven group with 8 updates (#2784)
• 84e5f16 Bump the maven group with 7 updates (#2777)
• 9f3e577 Bump the github-actions group with 2 updates (#2778)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.3.0-jre to 33.4.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.0-jre</version>
  <!-- or, for Android: -->
  <version>33.4.0-android</version>
</dependency>

Jar files

• 33.4.0-jre.jar
• 33.4.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.2.jar

Javadoc

• 33.4.0-jre
• 33.4.0-android

JDiff

• 33.4.0-jre vs. 33.3.1-jre
• 33.4.0-android vs. 33.3.1-android
• 33.4.0-android vs. 33.4.0-jre

Changelog

• Exposed additional Java 8 APIs to Android users. (6082782134, 9b0109c662, 6ace8bc8ea, b650b9fe77, c6c268006c, 984f713d76, f9f3fffb87, cdc225474e)
• base: Deprecated Charsets constants in favor of StandardCharsets. We will not remove the constants, but we recommend using StandardCharsets for consistency. (45e6be2688)
• base: Added ToStringHelper.omitEmptyValues(). (f5ec2ab85c)
• collect: Added an optimized copyOf method to TreeRangeMap. (a46565dd1c)
• collect.testing: Fixed @Require annotations so that features implied by absent features are not also required to be absent. (81be061f85)
• io: Changed ByteSink and CharSink to no longer call flush() in some cases before close(). This is a no-op for well-behaved streams, which internally flush their data as part of closing. However, we have discovered some stream implementations that have overridden close() to do nothing, including not to flush some buffered data. If this change causes problems, the simplest fix is usually to change the close() override to at least call flush(). (6ace8bc8ea)
• net: Added HttpHeaders.ALT_SVC and MediaType.CBOR. (503ba429f9, 7c0bf0892d)

33.3.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates org.slf4j:slf4j-api from 2.0.16 to 2.0.17

Updates org.slf4j:slf4j-simple from 2.0.16 to 2.0.17

Updates org.slf4j:slf4j-simple from 2.0.16 to 2.0.17

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions