[CORE-69]: Bump the minor-patch-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the minor-patch-dependencies group with 12 updates in the / directory:

Package	From	To
io.projectreactor.netty:reactor-netty-http	1.3.0	1.3.1
bio.terra:terra-common-lib	1.1.65-SNAPSHOT	1.1.68-SNAPSHOT
bio.terra:terra-cloud-resource-lib	1.2.41-SNAPSHOT	1.2.42-SNAPSHOT
com.google.cloud:google-cloud-pubsub	1.143.1	1.144.1
org.apache.commons:commons-dbcp2	2.13.0	2.14.0
org.apache.commons:commons-pool2	2.12.1	2.13.0
io.swagger.core.v3:swagger-annotations	2.2.40	2.2.41
org.webjars.npm:swagger-ui-dist	5.30.2	5.31.0
com.google.cloud.tools.jib	3.5.1	3.5.2
org.sonarqube	7.0.1.6134	7.2.2.6593
ch.qos.logback:logback-classic	1.5.21	1.5.23
com.google.auth:google-auth-library-oauth2-http	1.40.0	1.41.0

Updates io.projectreactor.netty:reactor-netty-http from 1.3.0 to 1.3.1

Release notes

Sourced from io.projectreactor.netty:reactor-netty-http's releases.

v1.3.1

Reactor Netty 1.3.1 is part of 2025.0.1 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.8.1 by @​violetagg in 2c05ba7fcc6165daf4c713709a71deb38f9ce842, see release notes
• Support HTTP Authentication in HttpClient by @​raccoonback in #3813 and by @​violetagg in 4c2071fab83b8f97ce169fd407557871bf2a8b62, #4025, #4028

🐞 Bug fixes

• HTTP/3: Fix NullPointerException when configuring HttpClient#responseTimeout by @​violetagg in #3999
• Fix Http3.isHttp3Available() to check for native QUIC library by @​violetagg in #4013
• Enable lazy initialisation of proxy providers with configuration coming from system properties by @​violetagg in #4015

📖 Documentation

• Update HttpServer#compressOptions javadoc by @​violetagg in #4004
• Improve documentation clarity for HttpClient#followRedirect methods by @​violetagg in #4021

Full Changelog: reactor/reactor-netty@v1.3.0...v1.3.1

Commits

• 2c05ba7 [release] Prepare and release 1.3.1
• a2e8f88 Merge-ignore release 1.2.13 into 1.3.1
• bf40a0c [release] Back to snapshots, next is 1.2.14-SNAPSHOT
• bc2fb49 [release] Prepare and release 1.2.13
• 93c11c5 Fix authenticator invoked on redirect after authentication (#4028)
• a1e1e95 Merge #4027 into 1.3.1
• 0f08f5b Bump org.apache.tomcat.embed:tomcat-embed-core from 9.0.112 to 9.0.113 (#4027)
• 4634f6d Merge #4026 into 1.3.1
• 226526d Bump ruby/setup-ruby from 1.268.0 to 1.269.0 (#4026)
• 10f4593 [test] Remove duplications (#4025)
• Additional commits viewable in compare view

Updates bio.terra:terra-common-lib from 1.1.65-SNAPSHOT to 1.1.68-SNAPSHOT

Updates bio.terra:terra-cloud-resource-lib from 1.2.41-SNAPSHOT to 1.2.42-SNAPSHOT

Updates com.google.cloud:google-cloud-pubsub from 1.143.1 to 1.144.1

Release notes

Sourced from com.google.cloud:google-cloud-pubsub's releases.

v1.144.1

1.144.1 (2025-12-22)

Bug Fixes

• Lower the Subscriber protocol version to disable the streaming pull keepalive feature (#2652) (ca99c2a)

v1.144.0

1.144.0 (2025-12-11)

Features

• Add keepalive feature to tear down streams in their absence (#2605) (99aca4f)
• Make v1 the default protocolVersion (#2623) (12f014d)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.64.2 (b4b7f83)

Dependencies

• Update actions/checkout action to v5 (#2613) (a69ffdd)
• Update actions/checkout action to v6 (#2619) (6cd2bb6)
• Update dependency com.google.cloud:google-cloud-bigquery to v2.56.0 (#2617) (13d5e3d)
• Update dependency com.google.cloud:google-cloud-core to v2.62.1 (#2608) (fee0500)
• Update dependency com.google.cloud:google-cloud-core to v2.62.2 (#2632) (2d567d1)
• Update dependency com.google.cloud:google-cloud-storage to v2.60.0 (#2610) (1cae247)
• Update dependency com.google.cloud:sdk-platform-java-config to v3.54.2 (#2633) (5081aac)
• Update dependency com.google.protobuf:protobuf-java-util to v4.33.1 (#2612) (e92debc)
• Update dependency com.google.protobuf:protobuf-java-util to v4.33.2 (#2625) (900783f)

Documentation

• Add the IDENTIFIER field behavior annotation to fields of Cloud Pub/Sub methods that represent a specific identity and need to be sourced with additional care (b4b7f83)

Changelog

Sourced from com.google.cloud:google-cloud-pubsub's changelog.

1.144.1 (2025-12-22)

Bug Fixes

• Lower the Subscriber protocol version to disable the streaming pull keepalive feature (#2652) (ca99c2a)

1.144.0 (2025-12-11)

Features

• Add keepalive feature to tear down streams in their absence (#2605) (99aca4f)
• Make v1 the default protocolVersion (#2623) (12f014d)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.64.2 (b4b7f83)

Dependencies

• Update actions/checkout action to v5 (#2613) (a69ffdd)
• Update actions/checkout action to v6 (#2619) (6cd2bb6)
• Update dependency com.google.cloud:google-cloud-bigquery to v2.56.0 (#2617) (13d5e3d)
• Update dependency com.google.cloud:google-cloud-core to v2.62.1 (#2608) (fee0500)
• Update dependency com.google.cloud:google-cloud-core to v2.62.2 (#2632) (2d567d1)
• Update dependency com.google.cloud:google-cloud-storage to v2.60.0 (#2610) (1cae247)
• Update dependency com.google.cloud:sdk-platform-java-config to v3.54.2 (#2633) (5081aac)
• Update dependency com.google.protobuf:protobuf-java-util to v4.33.1 (#2612) (e92debc)
• Update dependency com.google.protobuf:protobuf-java-util to v4.33.2 (#2625) (900783f)

Documentation

• Add the IDENTIFIER field behavior annotation to fields of Cloud Pub/Sub methods that represent a specific identity and need to be sourced with additional care (b4b7f83)

Commits

• d164024 chore(main): release 1.144.1 (#2654)
• ca99c2a fix: Lower the Subscriber protocol version to disable the streaming pull keep...
• 4e59581 chore(main): release 1.144.1-SNAPSHOT (#2637)
• 006ce07 chore(main): release 1.144.0 (#2635)
• 4746abe chore(main): release 1.143.2-SNAPSHOT (#2614)
• 6cd2bb6 deps: update actions/checkout action to v6 (#2619)
• 5081aac deps: update dependency com.google.cloud:sdk-platform-java-config to v3.54.2 ...
• 2d567d1 deps: update dependency com.google.cloud:google-cloud-core to v2.62.2 (#2632)
• 900783f deps: update dependency com.google.protobuf:protobuf-java-util to v4.33.2 (#2...
• b4b7f83 chore: Update generation configuration at Thu Dec 11 02:39:02 UTC 2025 (#2621)
• Additional commits viewable in compare view

Updates org.apache.commons:commons-dbcp2 from 2.13.0 to 2.14.0

Updates org.apache.commons:commons-pool2 from 2.12.1 to 2.13.0

Updates io.swagger.core.v3:swagger-annotations from 2.2.40 to 2.2.41

Updates org.webjars.npm:swagger-ui-dist from 5.30.2 to 5.31.0

Release notes

Sourced from org.webjars.npm:swagger-ui-dist's releases.

v5.31.0

5.31.0 (2025-12-11)

Features

• add dark mode (#10653) (5f42eee), closes #5327 #9964 #10089

v5.30.3

5.30.3 (2025-11-25)

Bug Fixes

• deps: update vulnerable @​release-it/conventional-changelog to 10.0.2 (#10645) (6acfc6e)
• deps: update vulnerable dependencies (js-yaml & glob) (#10644) (03cf01b)
• utils: handle sanitizing multi-level relative paths (#10640) (58aff59), closes #4107

Commits

• 61dddd4 chore(release): cut the 5.31.0 release
• cf11271 Revert "chore(release): cut the 5.31.0 release" (#10658)
• e52faf8 chore(release): cut the 5.31.0 release
• 5f42eee feat: add dark mode (#10653)
• 199761a chore(release): cut the 5.30.3 release
• 6acfc6e fix(deps): update vulnerable @​release-it/conventional-changelog to 10.0.2 (#1...
• 03cf01b fix(deps): update vulnerable dependencies (js-yaml & glob) (#10644)
• 8d9142e chore(deps): bump actions/checkout from 5 to 6 (#10643)
• 58aff59 fix(utils): handle sanitizing multi-level relative paths (#10640)
• 85f0c5f chore(deps): bump js-yaml from 4.1.0 to 4.1.1 (#10637)
• Additional commits viewable in compare view

Updates com.google.cloud.tools.jib from 3.5.1 to 3.5.2

Updates org.sonarqube from 7.0.1.6134 to 7.2.2.6593

Updates ch.qos.logback:logback-classic from 1.5.21 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.22

2025-12-11 Release of logback version 1.5.22

• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in issues/986.

• Logback now takes the overridden toString() method of Throwable subclasses into account when printing stack traces. This issue was reported in LOGBACK-543 by Alvin Chee, with a fix provided in PR 404 by Brett Kail.

• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• 572379a prepare release 1.5.22
• 39d17ea fix status printing of variable substitution when the variable name contains ...
• 75509a9 fix PR 404, LOGBACK-543
• Additional commits viewable in compare view

Updates com.google.auth:google-auth-library-oauth2-http from 1.40.0 to 1.41.0

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
com.google.cloud.tools.jib	[>= 3.4.3.a, < 3.4.4]
com.google.cloud.tools.jib	[>= 3.4.2.a, < 3.4.3]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud