Skip to content

Bump quarkus.platform.version from 3.35.2 to 3.35.3#691

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/quarkus.platform.version-3.35.3
Open

Bump quarkus.platform.version from 3.35.2 to 3.35.3#691
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/quarkus.platform.version-3.35.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Bumps quarkus.platform.version from 3.35.2 to 3.35.3.
Updates io.quarkus.platform:quarkus-bom from 3.35.2 to 3.35.3

Commits
  • 68f64bc [maven-release-plugin] prepare release 3.35.3
  • ab425a6 Merge pull request #1944 from gsmet/quarkus-3.35.3
  • ad87944 Upgrade to Quarkus 3.35.3
  • 9f2d3c4 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.35.2 to 3.35.3

Commits
  • 68f64bc [maven-release-plugin] prepare release 3.35.3
  • ab425a6 Merge pull request #1944 from gsmet/quarkus-3.35.3
  • ad87944 Upgrade to Quarkus 3.35.3
  • 9f2d3c4 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump quarkus.platform.version from 3.35.2 to 3.35.3
5e30df7 
Bumps `quarkus.platform.version` from 3.35.2 to 3.35.3.

Updates `io.quarkus.platform:quarkus-bom` from 3.35.2 to 3.35.3
- [Commits](quarkusio/quarkus-platform@3.35.2...3.35.3)

Updates `io.quarkus.platform:quarkus-maven-plugin` from 3.35.2 to 3.35.3
- [Commits](quarkusio/quarkus-platform@3.35.2...3.35.3)

---
updated-dependencies:
- dependency-name: io.quarkus.platform:quarkus-bom
  dependency-version: 3.35.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.quarkus.platform:quarkus-maven-plugin
  dependency-version: 3.35.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 22, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 22, 2026

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
Upgrade to version org.elasticsearch:elasticsearch:6.8.14;7.10.0                                |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | elasticsearch-5.6.15.jar     | CVE-2021-22135 | Upgrade to version org.elasticsearch.plugin:x-pack-security:v6.8.15,v7.12.0                     |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | elasticsearch-5.6.15.jar     | CVE-2021-22137 | Upgrade to version org.elasticsearch.plugin:x-pack-security:v6.8.15,v7.11.2                     |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | elasticsearch-5.6.15.jar     | CVE-2021-22144 | org.elasticsearch:elasticsearch:7.13.3,org.elasticsearch:elasticsearch:6.8.17                   |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | elasticsearch-5.6.15.jar     | CVE-2024-23444 | Upgrade to version org.elasticsearch:elasticsearch:7.17.23,8.13.0                               |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | elasticsearch-5.6.15.jar     | CVE-2024-52979 | Upgrade to version org.elasticsearch.plugin:lang-mustache-client:7.17.25,                       |
|          |                              |                | https://github.com/elastic/elasticsearch.git - v7.17.25,                                        |
|          |                              |                | https://github.com/elastic/elasticsearch.git - v8.16.0                                          |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| MEDIUM   | opentelemetry-api-1.60.1.jar | CVE-2026-45292 | Upgrade to version  https://github.com/open-telemetry/opentelemetry-java.git - v1.62.0,         |
|          |                              |                | io.opentelemetry:opentelemetry-api:1.62.0,                                                      |
|          |                              |                | io.opentelemetry:opentelemetry-extension-trace-propagators:1.62.0                               |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+
| LOW      | elasticsearch-5.6.15.jar     | CVE-2020-7020  | Upgrade to version org.elasticsearch:elasticsearch:6.8.13,7.9.3                                 |
+----------+------------------------------+----------------+-------------------------------------------------------------------------------------------------+


Paths at risk

P = policy violation
MSC = malicious vulnerability
CRITICAL/HIGH/MEDIUM/LOW = vulnerability severity

jsonrpc2-base-2.2.jar
|-- json-smart-2.5.1.jar [1 HIGH]
quarkus-messaging-kafka-3.35.3.jar
|-- smallrye-reactive-messaging-kafka-4.34.0.jar
	|-- smallrye-reactive-messaging-otel-4.34.0.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
quarkus-micrometer-3.35.3.jar
|-- smallrye-reactive-messaging-api-4.34.0.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
quarkus-opentelemetry-3.35.3.jar
|-- opentelemetry-instrumentation-annotations-support-2.26.1-alpha.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-instrumentation-annotations-2.26.1.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-instrumentation-api-2.26.1.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-jdbc-2.26.1-alpha.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-runtime-telemetry-java17-2.26.1-alpha.jar
	|-- opentelemetry-runtime-telemetry-2.26.1-alpha.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-api-incubator-1.60.1-alpha.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-exporter-otlp-common-1.60.1.jar
	|-- opentelemetry-exporter-common-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
|-- opentelemetry-sdk-1.60.1.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-sdk-common-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-sdk-logs-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-sdk-metrics-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-sdk-trace-1.60.1.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
elasticsearch-rest-high-level-client-5.6.15.jar
|-- aggs-matrix-stats-client-5.6.15.jar
	|-- elasticsearch-5.6.15.jar [1 HIGH, 8 MEDIUM, 1 LOW]
|-- parent-join-client-5.6.15.jar
	|-- elasticsearch-5.6.15.jar [1 HIGH, 8 MEDIUM, 1 LOW]
|-- elasticsearch-5.6.15.jar [1 HIGH, 8 MEDIUM, 1 LOW]
	|-- lucene-memory-6.6.1.jar
		|-- lucene-queryparser-6.6.1.jar [1 CRITICAL]
	|-- lucene-queryparser-6.6.1.jar [1 CRITICAL]
pnc-common-3.5.0-jakarta.jar
|-- opentelemetry-ext-cli-java-2.0.0.jar
	|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]
	|-- opentelemetry-semconv-1.29.0-alpha.jar
		|-- opentelemetry-api-1.60.1.jar [1 MEDIUM]


No Policy violations were detected

Project 'bifrost' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=6f96f5b2-9c9b-4278-9b82-9d6df74668d4
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=36adb091fafb4fcca42e3c432dc659d2db604300d8004d4a845f39d4f10a292f

Mend AI scan succeeded.

Support Token: 1160f7ad0765a4aaebf0a75994c5c2da51779476547146
SAST scan output 
warning: 'getInstance' method of 'java.security.MessageDigest' uses a non-recommended hash algorithm. (src/main/java/org/jboss/pnc/bifrost/common/ChecksumValidatingStream.java:47)

Full logs and artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants