chore(deps): bump the gradle-dependencies group across 1 directory with 14 updates

[dependabot]

Bumps the gradle-dependencies group with 12 updates in the /booklore-api directory:

Package	From	To
org.mariadb.jdbc:mariadb-java-client	3.5.7	3.5.8
org.flywaydb:flyway-mysql	12.0.3	12.4.0
org.projectlombok:lombok	1.18.42	1.18.44
org.apache.pdfbox:pdfbox	3.0.6	3.0.7
com.github.RouHim:jaudiotagger	2.0.16	2.0.19
com.github.junrar:junrar	7.5.8	7.5.10
org.springdoc:springdoc-openapi-starter-webmvc-ui	3.0.2	3.0.3
org.glassfish.jaxb:jaxb-runtime	4.0.6	4.0.7
tools.jackson:jackson-bom	3.1.0	3.1.2
org.springframework.boot	4.0.3	4.0.5
org.hibernate.orm	7.2.6.Final	7.3.1.Final
gradle-wrapper	9.4.0	9.4.1

Updates org.mariadb.jdbc:mariadb-java-client from 3.5.7 to 3.5.8

Release notes

Sourced from org.mariadb.jdbc:mariadb-java-client's releases.

MariaDB Connector/Java 3.5.8

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

• CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
• CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

• CONJ-1298 - Performance improvement: avoid decoding extended format

Changelog

Sourced from org.mariadb.jdbc:mariadb-java-client's changelog.

3.5.8 (Apr 2026)

Full Changelog

Issues Resolved

• CONJ-1305 - XAResource.isSameRM() incorrectly returns true when rewriteBatchedStatements differs between connections
• CONJ-1303 - Statement.cancel() fails to kill running query during result streaming

Other

• CONJ-1298 - Performance improvement: avoid decoding extended format

Commits

• 26b34a2 Merge branch 'develop'
• 06d6efe bump CI actions/checkout@v5
• a86a83c bump 3.5.8
• 975f991 [misc] refactor TimestampCodec to implement Codec directly and extract shared...
• 75bb509 [misc] code formatting cleanup
• 4c0b6a0 [misc] refactor TimestampCodec to extend UtilDateCodec and extract common dat...
• a5b7fb1 [misc] convert Reader and Writer from interfaces to final class implementatio...
• d31eb06 [misc] convert ReadableByteBuf from interface to final class implementation, ...
• 11d45a9 [misc] optimize binary row decoder null bitmap checks and simplify signed Big...
• 5aad14c [misc] optimize BigInt column decoding and improve type safety in codec inter...
• Additional commits viewable in compare view

Updates org.flywaydb:flyway-mysql from 12.0.3 to 12.4.0

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

• FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
• BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
• BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

• 17c78fe [version] pre-release version bump
• 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
• e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
• a54cecd [trivial][changelog]
• 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
• 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
• 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
• d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
• d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
• f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
• Additional commits viewable in compare view

Updates org.apache.pdfbox:pdfbox from 3.0.6 to 3.0.7

Updates org.apache.pdfbox:pdfbox-io from 3.0.6 to 3.0.7

Updates org.apache.pdfbox:xmpbox from 3.0.6 to 3.0.7

Updates com.github.RouHim:jaudiotagger from 2.0.16 to 2.0.19

Updates com.github.junrar:junrar from 7.5.8 to 7.5.10

Release notes

Sourced from com.github.junrar:junrar's releases.

Release v7.5.10

Changelog

🐛 Fixes

• better handling of files outside directory when extracting (d77e9a8)

🧪 Tests

• disable test on windows due to path (154e3bf)

🛠 Build

• publish test results (e36ee09)
• update homebrew action (a60857b)

Contributors

We'd like to thank the following people for their contributions: Gauthier Roebroeck

Release v7.5.9

Changelog

🐛 Fixes

• ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction (9b69c6b)
• seek past SubHeader packed data after parsing to prevent corrupt reads (ad7ad33)

🛠 Build

deps

• bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (7e1b558)
• bump org.mockito:mockito-core from 5.22.0 to 5.23.0 (f800f10)
• bump com.fasterxml.jackson.core:jackson-databind (1886aec)
• bump gradle-wrapper from 9.4.0 to 9.4.1 (832f685)
• bump gradle/actions from 5 to 6 (b2f434d)
• bump codecov/codecov-action from 5 to 6 (aaaede2)
• bump EndBug/add-and-commit from 9 to 10 (884dde4)
• bump gradle-wrapper from 9.3.1 to 9.4.0 (5ff5c7e)
• bump org.mockito:mockito-core from 5.21.0 to 5.22.0 (d9e9e49)
• bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.32 (935ece8)
• bump org.jreleaser from 1.22.0 to 1.23.0 (000fcdb)
• bump actions/upload-artifact from 6 to 7 (2c83103)

Contributors

We'd like to thank the following people for their contributions: Gauthier, Ryan Campbell

Changelog

Sourced from com.github.junrar:junrar's changelog.

7.5.10 (2026-04-15)

🐛 Fixes

• better handling of files outside directory when extracting (d77e9a8)

🧪 Tests

• disable test on windows due to path (154e3bf)

🛠 Build

• publish test results (e36ee09)
• update homebrew action (a60857b)

7.5.9 (2026-04-13)

🐛 Fixes

• ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction (9b69c6b)
• seek past SubHeader packed data after parsing to prevent corrupt reads (ad7ad33)

🛠 Build

deps

• bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 (7e1b558)
• bump org.mockito:mockito-core from 5.22.0 to 5.23.0 (f800f10)
• bump com.fasterxml.jackson.core:jackson-databind (1886aec)
• bump gradle-wrapper from 9.4.0 to 9.4.1 (832f685)
• bump gradle/actions from 5 to 6 (b2f434d)
• bump codecov/codecov-action from 5 to 6 (aaaede2)
• bump EndBug/add-and-commit from 9 to 10 (884dde4)
• bump gradle-wrapper from 9.3.1 to 9.4.0 (5ff5c7e)
• bump org.mockito:mockito-core from 5.21.0 to 5.22.0 (d9e9e49)
• bump ch.qos.logback:logback-classic from 1.5.26 to 1.5.32 (935ece8)
• bump org.jreleaser from 1.22.0 to 1.23.0 (000fcdb)
• bump actions/upload-artifact from 6 to 7 (2c83103)

Commits

• e36ee09 ci: publish test results
• 154e3bf test: disable test on windows due to path
• d77e9a8 fix: better handling of files outside directory when extracting
• a60857b ci: update homebrew action
• 72cd364 chore(release): 7.5.9 [skip ci]
• 7e1b558 build(deps): bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310
• f800f10 build(deps): bump org.mockito:mockito-core from 5.22.0 to 5.23.0
• 1886aec build(deps): bump com.fasterxml.jackson.core:jackson-databind
• 832f685 build(deps): bump gradle-wrapper from 9.4.0 to 9.4.1
• 9b69c6b fix: ArrayIndexOutOfBoundsException in solid RAR v20 archive extraction
• Additional commits viewable in compare view

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 3.0.2 to 3.0.3

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

springdoc-openapi v3.0.3 released!

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

New Contributors

• @​seregamorph made their first contribution in springdoc/springdoc-openapi#3260

Full Changelog: springdoc/springdoc-openapi@v3.0.2...v3.0.3

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[3.0.3] - 2026-04-12

Added

• #3246 – Add Springdoc OpenAPI MCP (Model Context Protocol) support
• #3256 – Auto-set nullable: true for Kotlin nullable types in schema properties
• #3239 – Add support for the @Range constraint validation annotation
• #3244 – Handle default values for LocalDate

Changed

• Upgrade Spring Boot to version 4.0.5
• Upgrade swagger-core to version 2.2.47
• Upgrade swagger-ui to version 5.32.2
• #3260 – @ConditionalOnClass(HateoasProperties.class) in SpringDocHateoasConfiguration
• Forwards all MCP non-transport headers to downstream methods
• Dynamically resolve the base path from window.location.pathname for MCP UI

Fixed

• #3258 – Setting API Version Required when using WebFlux breaks the Swagger UI
• #3259 – Annotated Generic properties getting applied to sibling properties
• #3255 – Direction enum: fixed visibility scope of group order so that setGroupsOrder method can be used
• #3247 – Preserve YAML group URLs in Swagger UI
• #3245 – Upgrade swagger-core from version 2.2.43 to 2.2.45
• #3235 – PropertyResolverUtils retains a JsonNode when reading an ExtensionProperty annotation
• #3226 – Propagate JsonView context when resolving Page<T> schema

Commits

• 3c30283 [maven-release-plugin] prepare release v3.0.3
• 4184c05 update .gitignore
• 89745c2 CHANGELOG.md update
• 4d1a730 Merge pull request #3260 from seregamorph/SpringDocHateoasConfiguration-class...
• 54e7650 ConditionalOnClass (HateoasProperties.class) in SpringDocHateoasConfiguration
• 9f354b2 Spring-boot upgrade to version 4.0.5
• 14df32f Forwards all MCP non-transport headers, to downstream methods
• 3ee9a44 Forwards all MCP non-transport headers, to downstream methods
• df99408 upgrade swagger-ui to version 5.32.2
• 6ee70f4 upgrade swagger-api to version 2.2.47
• Additional commits viewable in compare view

Updates org.glassfish.jaxb:jaxb-runtime from 4.0.6 to 4.0.7

Updates tools.jackson:jackson-bom from 3.1.0 to 3.1.2

Commits

• 0ae1c2a [maven-release-plugin] prepare release jackson-bom-3.1.2
• 3c171eb Prep for 3.1.2 release
• 8046ced Post-release dep version bump
• ea00ca4 [maven-release-plugin] prepare for next development iteration
• 0628060 [maven-release-plugin] prepare release jackson-bom-3.1.1
• 22b8aee Prep for 3.1.1 release
• 2d305e6 Add JDK 25 in CI
• da85336 Merge pull request #123 from FasterXML/tatu/3.1/122-switch-to-junit6
• 7ec5e0e Fix #122: switch 3.x (starting with 3.1.1) to use JUnit 6
• ef09770 Update oss-parent dep
• Additional commits viewable in compare view

Updates org.springframework.boot from 4.0.3 to 4.0.5

Release notes

Sourced from org.springframework.boot's releases.

v4.0.5

🐞 Bug Fixes

• Test starter for Spring Integration does not include Spring Integration test module #49784
• Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #49782
• WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #49753
• WebSocket app fails to start when Jackson is on the classpath but there's no JsonMapper bean #49749
• Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #49738
• Override of property in external 'application.properties' or 'application.yaml' is ignored #49731
• NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #49706
• Add @ConditionalOnWebApplication to NettyReactiveWebServerAutoConfiguration #49695
• @GraphQlTest does not include @ControllerAdvice #49672

📔 Documentation

• Fix incorrect indefinite articles in Javadoc #49727
• Add some more Kotlin examples and trivial style fixes #49714
• Overhaul Spring Session documentation following modularization #49704

🔨 Dependency Upgrades

• Upgrade to Brave 6.3.1 #49763
• Upgrade to Jackson 2 Bom 2.21.2 #49764
• Upgrade to jOOQ 3.19.31 #49765
• Upgrade to Netty 4.2.12.Final #49794
• Upgrade to Tomcat 11.0.20 #49767
• Upgrade to Zipkin Reporter 3.5.3 #49762

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, @​kwondh5217, @​ljrmorgan, and @​quaff

v4.0.4

⚠️ Attention Required

• OpenTelemetry's ZipkinSpanExporter has been deprecated and its support will be removed in Spring Boot 4.2. #49453
• Jackson 2 has been upgraded to 2.21.1 in response to the Jackson team ending support for Jackson 2.20.x. #49389
• Jackson has been upgraded to 3.1.0 in response to the Jackson team ending support for Jackson 3.0.x. #49383
• The default value for server.tomcat.max-part-count has been increased from 10 to 50. This aligns it with Tomcat's own default and the default in Spring Boot 3.x. #49311

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #49649
• "/cloudfoundryapplication" web path is not limited to Actuator #49646
• Fix EndpointRequest.toLinks() when base-path is '/' #49617
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #49596
• RSocket exposes duplicate endpoint for websocket setups #49593
• Failure analysis for a missing mail sender is misleading #49582

... (truncated)

Commits

• fe74b31 Release v4.0.5
• e1d6e5a Merge branch '3.5.x' into 4.0.x
• 6c9e52a Next development version (v3.5.14-SNAPSHOT)
• a413e95 Upgrade to Netty 4.2.12.Final
• c1694b5 Add missing Spring Integration test module to the relevant starter
• 51ffdc6 Merge branch '3.5.x' into 4.0.x
• 696a60e Full auto-configure transaction management in slice tests
• ba70d41 Upgrade to Tomcat 11.0.20
• fd94ca0 Upgrade to Netty 4.2.11.Final
• 7e6833b Upgrade to jOOQ 3.19.31
• Additional commits viewable in compare view

Updates org.hibernate.orm from 7.2.6.Final to 7.3.1.Final

Updates gradle-wrapper from 9.4.0 to 9.4.1

Release notes

Sourced from gradle-wrapper's releases.

9.4.1

The Gradle team is excited to announce Gradle 9.4.1.

Here are the highlights of this release:

• Java 26 support
• Non-class-based JVM tests
• Enhanced console progress bar

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle: akankshaa-00, Attila Kelemen, Björn Kautler, dblood, Dennis Rieks, duvvuvenkataramana, John Burns, Julian, kevinstembridge, Niels Doucet, Philip Wedemann, ploober, Richard Hernandez, Roberto Perez Alcolea, Sebastian Lövdahl, stephan2405, Stephane Landelle, Ujwal Suresh Vanjare, Victor Merkulov, Vincent Potuček, Vladimir Sitnikov.

Upgrade instructions

Switch your build to use Gradle 9.4.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.4.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines. If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

Commits

• 2d63270 Ignore test (#37180)
• 4c15906 Ignore test
• 9759ac1 Make console/SIGINT test deterministic (#37178)
• aaf6ed4 Make console/SIGINT test deterministic
• 47cb783 Fix OSC 9;4 progress bar not cleared on SIGINT (#37038)
• ef03f1d Fix order-dependent assertion in CrossBuildScriptCachingIntegrationSpec
• fd26fd3 Fix OSC 9;4 taskbar progress bar not cleared on build end or SIGINT
• 0a84d67 Release notes for 9.4.1 (#37148)
• e569c31 cleanup
• 9f227de cleanup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: backend, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Frontend Test Results

0 tests   - 419   0 ✅  - 419   0s ⏱️ -2s
0 suites  -   8   0 💤 ±  0 
0 files    -   1   0 ❌ ±  0 

Results for commit 965daf7. ± Comparison against base commit fe7e697.

[github-actions]

Backend Test Results

  472 files  ±0    472 suites  ±0   2m 40s ⏱️ +4s
3 462 tests ±0  3 441 ✅  - 6  15 💤 ±0  6 ❌ +6 
3 519 runs  ±0  3 498 ✅  - 6  15 💤 ±0  6 ❌ +6 

For more details on these failures, see this check.

Results for commit 965daf7. ± Comparison against base commit fe7e697.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.