fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Adoption	Passing	Confidence
docker.io/bitnami/kafka (source)		minor	3.8.1 -> 3.9.0
docker.io/curlimages/curl		minor	8.10.1 -> 8.11.1
docker.io/hapiproject/hapi		minor	v7.4.0 -> v7.6.0
docker.io/library/gradle	stage	minor	8.10.2-jdk21 -> 8.12.0-jdk21
docker.io/library/postgres		minor	17.0 -> 17.2
ghcr.io/miracum/fhir-pseudonymizer		patch	v2.22.0 -> v2.22.2
ghcr.io/miracum/loinc-conversion		patch	v1.15.2 -> v1.15.4
gradle (source)		minor	8.10.2 -> 8.12
com.uber.nullaway:nullaway	dependencies	patch	0.12.1 -> 0.12.3
com.google.errorprone:error_prone_core (source)	dependencies	minor	2.35.1 -> 2.36.0
io.micrometer:micrometer-core	dependencies	minor	1.13.6 -> 1.14.2
io.micrometer:micrometer-registry-prometheus	dependencies	minor	1.13.6 -> 1.14.2
ca.uhn.hapi.fhir:hapi-fhir-client-okhttp (source)	dependencies	minor	7.4.5 -> 7.6.1
ca.uhn.hapi.fhir:hapi-fhir-structures-r4 (source)	dependencies	minor	7.4.5 -> 7.6.1
ca.uhn.hapi.fhir:hapi-fhir-client (source)	dependencies	minor	7.4.5 -> 7.6.1
ca.uhn.hapi.fhir:hapi-fhir-base (source)	dependencies	minor	7.4.5 -> 7.6.1
org.springframework.cloud:spring-cloud-dependencies (source)	dependencies	patch	2023.0.3 -> 2023.0.5
io.spring.dependency-management	plugin	patch	1.1.6 -> 1.1.7
org.springframework.boot	plugin	minor	3.3.5 -> 3.4.1

---

Release Notes

curl/curl-container (docker.io/curlimages/curl)

v8.11.1

Compare Source

Changed

• bump to curl 8.11.1
• bump to alpine:3.21.0

v8.11.0

Compare Source

Changed

• bump to curl 8.11.0

miracum/fhir-pseudonymizer (ghcr.io/miracum/fhir-pseudonymizer)

v2.22.2

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​221) (c44413c)
• deps: update dependency fluentassertions to v7 (#​222) (0b2dc74)
• deps: update github-actions (#​220) (ec23ef7)
• deps: update mcr.microsoft.com/dotnet/sdk:9.0.100-noble docker digest to 3bdd7f7 (#​219) (7287877)

v2.22.1

Compare Source

Miscellaneous Chores

• deps: update all non-major dependencies (#​209) (909dbba)
• deps: update all non-major dependencies (#​213) (5c67d12)
• deps: update dependency duende.accesstokenmanagement to v3 (#​204) (745909c)
• deps: update dependency ubuntu to v24 (#​205) (0aa6b7f)
• deps: update dependency verify.xunit to v27 (#​210) (3e5ff40)
• deps: update docker.io/library/postgres:17.0 docker digest to 8d3be35 (#​208) (1e27d33)
• deps: update github-actions (#​203) (7aeb045)
• deps: update quay.io/keycloak/keycloak docker tag to v26 (#​211) (9639231)
• deps: updated to .NET 9 (#​218) (7b470d8)

miracum/loinc-conversion (ghcr.io/miracum/loinc-conversion)

v1.15.4

Compare Source

Miscellaneous Chores

• deps: update gcr.io/distroless/nodejs22-debian12:nonroot docker digest to 0ae346e (#​88) (8bfd650)

v1.15.3

Compare Source

Bug Fixes

• deps: update all non-major dependencies (#​91) (28ee1e6)

Miscellaneous Chores

• deps: bump cookie and light-my-request (#​87) (6966ac0)

gradle/gradle (gradle)

v8.12

Compare Source

v8.11.1: 8.11.1

Compare Source

This is a patch release for Gradle 8.11. We recommend users upgrade to 8.11.1 instead of 8.11.

It fixes the following issues:

• #​31268 BuildEventsListenerRegistry corrupted with Isolated Projects and parallel configuration
• #​31282 Running executables sporadically fails with ETXTBSY (Text file busy)
• #​31284 ArrayIndexOutOfBoundsException after upgrading to gradle 8.11 when generating problems report
• #​31310 Unable to run Gradle task in 8.10 due to bytecode interception

Read the Release Notes

Upgrade instructions

Switch your build to use Gradle 8.11.1 by updating your wrapper:

./gradlew wrapper --gradle-version=8.11.1

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v8.11: 8.11

Compare Source

The Gradle team is excited to announce Gradle 8.11.

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
alyssoncs,
Bilel MEDIMEGH,
Björn Kautler,
Chuck Thomas,
Daniel Lacasse,
Finn Petersen,
JK,
Jérémie Bresson,
luozexuan,
Mahdi Hosseinzadeh,
Markus Gaisbauer,
Matthew Haughton,
Matthew Von-Maszewski,
ploober,
Siarhei,
Titus James,
vrp0211

Upgrade instructions

Switch your build to use Gradle 8.11 by updating your wrapper:

./gradlew wrapper --gradle-version=8.11

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

uber/NullAway (com.uber.nullaway:nullaway)

v0.12.3

• Remove InferredJARModelsHandler (#​1079)
• Fix crash with annotation on enum (#​1097)
• Handle case null in switch statements (#​1100)
• Don't report errors for writes to @​NullUnmarked fields (#​1102)
• Support primitive static final fields as constant args in access paths (#​1105)
• Fix issue with annotations in module-info.java files (#​1109)
• Report error for @​nullable synchronized block expression (#​1106)
• Add support for parameter types with wildcards for JarInfer (#​1107)
• Properly handle nested generics and multiple wildcard type args in JarInfer (#​1114)
• Proper checking of vararg overrides with JSpecify annotations (#​1116)
• Add flag to indicate only @​NullMarked code should be checked (#​1117)
• Add support for static fields in contracts (#​1118)
• Maintenance
  • Fix comment positions (#​1098)
  • [refactoring] Wrap calls to Types.subst and Types.memberType (#​1115)
  • Build latest Caffeine on CI (#​1111)

v0.12.2

• Fix reading of JSpecify @​nullable annotations from varargs parameter in bytecode (#​1089)
• Fix JarInfer handling of generic types (#​1078)
• Fix another JSpecify mode crash involving raw types (#​1086)
• Fix bugs in handling of valueOf calls for map keys (#​1085)
• Suggest correct fix when array component of non-nullable array is made null. (#​1087)
• Substitute type arguments when checking type parameter nullability at call site (#​1070)
• Fix JarInfer parameter indexes for instance methods (#​1071)
• JSpecify mode: initial support for generic methods (with explicit type arguments at calls) (#​1053)
• Maintenance
  • Update to latest Error Prone and Error Prone Gradle plugin (#​1064)
  • Refactor serialization adapter retrieval by version (#​1066)
  • Remove fixes.tsv serialization from NullAway serialization service (#​1063)
  • Enable javac -parameters flag (#​1069)
  • Update to Gradle 8.11 (#​1073)
  • Add test for issue 1035 (#​1074)
  • remove use of deprecated Gradle API (#​1076)
  • Update to Error Prone 2.36.0 (#​1077)

google/error-prone (com.google.errorprone:error_prone_core)

v2.36.0: Error Prone 2.36.0

Changes:

• Add new matcher interfaces to ErrorProneScanner for AST nodes introduced after Java 11 (e5fd194)
• Fix compatibility with latest JDK 24 EA builds (google/error-prone@d67bc15)
• Check that --should-stop=ifError=FLOW is set when using the -Xplugin integration (e71db1f)

New checks:

• DuplicateBranches: Discourage conditional expressions and if statements where both branches are the same
• RedundantControlFlow: Reports redundant continue statements.

Closed issues: #​4633, #​4646

Full changelog: google/error-prone@v2.35.1...v2.36.0

micrometer-metrics/micrometer (io.micrometer:micrometer-core)

v1.14.2: 1.14.2

Compare Source

🐞 Bug Fixes

• Protect against concurrent reads/writes to Context keyvalues #​5739
• Null stacktrace in InvalidObservationException using Virtual Threads #​5702
• Deprecate AggregationTemporality#toOtlpAggregationTemporality #​5733
• Warn about gauge re-registration #​5688
• executor.queued metrics of ForkJoinPool does not include queued submissions #​5650
• Default ObservationConventions for Grpc do not always use a consistent set of keyvalues #​5609

🔨 Dependency Upgrades

• Bump software.amazon.awssdk:cloudwatch from 2.29.14 to 2.29.23 #​5724
• Bump io.prometheus:prometheus-metrics-bom from 1.3.3 to 1.3.4 #​5723
• Bump dropwizard-metrics from 4.2.28 to 4.2.29 #​5721

📔 Documentation

• Remove duplicated contextpropagation.adoc #​5693
• Polish "Grafana Dashboard" section #​5662
• Use BOM for Micrometer dependency examples in reference docs #​5652

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

v1.14.1: 1.14.1

Compare Source

📔 Documentation

• Gauges may be silently ignored when MeterFilters drop or transform tags #​5616

🔨 Dependency Upgrades

• Bump com.netflix.spectator:spectator-reg-atlas from 1.8.1 to 1.8.2 #​5685
• Bump software.amazon.awssdk:cloudwatch from 2.29.7 to 2.29.14 #​5669
• Bump shaded netty to 4.1.115.Final in micrometer-registry-statsd to address CVE-2024-47535 #​5660

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

v1.14.0: 1.14.0

Compare Source

Micrometer 1.14.0 is the GA version of a new feature release. See our support policy for support timelines.

Below are the combined release notes of all the pre-release milestones and release candidate preceding this GA release.

⚠️ Noteworthy

• Support ExponentialHistogram in OTLP #​3861
• Virtual thread metrics #​3956
• Validate expected Observation API call ordering on TestObservationRegistry #​5239

⭐ New Features / Enhancements

• Expose TestObservationRegistry as an AssertJ AssertProvider #​5551
• Use failure with actual and expected message to improve IDE experience for ObservationContextAssert #​5550
• Replace @Nonnull(when = When.MAYBE) with @CheckForNull in @Nullable #​5485
• Warn about Prometheus meter registration failure #​5228
• Improve performance of merging two Tags/KeyValues instances #​5140
• Allow user-provided custom scheduler for periodically binding KafkaMetrics #​4976
• Allow specifying the meterNameConsumer for HighCardinalityTagsDetector #​4028
• Virtual thread metrics #​3956
• Allow tagsBasedOnJoinPoint to override extraTags with CountedAspect #​2461
• Configurable _source.enabled Elastic mapping property #​1629
• Skip registering Caffeine meters when statistics are not enabled #​5409
• Log a warning when instrumenting a cache that is not recording stats in CaffeineCacheMetrics #​5402
• MultiGauge.register should accept more types #​5390
• Metrics not collected after ExecutorService recreation #​5366
• Add "cancelled" information to the GrpcServerObservationContext #​5301
• process_start_time_seconds HELP description inconsistency between Prometheus and micrometer #​5290
• Add history-tracking to ObservationValidator #​5370
• [dynatrace/v2] reduce log verbosity #​5306
• Validate expected Observation API call ordering on TestObservationRegistry #​5239
• Add JvmThreadDeadlockMetrics #​5222
• Allow multiple MeterTag annotations for multiple tags from same target #​4081
• Support ExponentialHistogram in OTLP #​3861
• Expose ForkJoinPool parallelism and pool size metrics #​5236
• Allow custom ThreadFactory for OtlpMeterRegistry #​5153
• Do not register GC metrics when GC notifications are unavailable #​5149
• Cancelled status code not reported in the gRPC server metrics #​5109
• Add counter of failed attempts to retrieve a connection from the pool #​5057
• Add Support for @MeterTag to @Counted #​4725
• Compile-time weaving support for aspects #​1149
• Service level objectives support on @Timed annotation #​5145

📔 Documentation

• Add docs for ObservationValidator #​5387
• Add docs for multiple MeterTag annotations #​5641
• Add docs for @MeterTag for @Counted #​5640
• Add docs for JvmThreadDeadlockMetrics #​5614
• Add docs for ForkJoinPool parallelism and pool size metrics #​5611
• Add docs for VirtualThreadMetrics #​5610

🔨 Dependency Upgrades

• Bump io.prometheus:prometheus-metrics-bom to 1.3.3 #​5649
• Bump software.amazon.awssdk:cloudwatch to 2.29.7 #​5645
• Bump com.google.cloud:libraries-bom to 26.50.0 #​5638
• Bump com.signalfx.public:signalfx-java to 1.0.47 #​5635
• Bump com.google.auth:google-auth-library-oauth2-http to 1.29.0 #​5634
• Bump software.amazon.awssdk:cloudwatch to 2.29.6 #​5631
• Bump com.netflix.spectator:spectator-reg-atlas to 1.8.1 #​5630
• Bump com.google.cloud:google-cloud-monitoring to 3.54.0 #​5628
• Bump dropwizard-metrics to 4.2.28 #​5569
• Bump io.opentelemetry.proto:opentelemetry-proto to 1.3.2-alpha #​5268
• Bump org.hdrhistogram:HdrHistogram to 2.2.2 #​5171

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​codesimplicity, @​genuss, @​izeye, @​mihalyr, @​lcavadas, @​filiphr, @​sean-heller, @​vasiliy-sarzhynskyi, @​ArtyomGabeev, @​kinddevil, @​mstyura, @​madhead, @​pirgeo, @​rkurniawati, @​lenin-jaganathan, @​smaxx

v1.13.9: 1.13.9

Compare Source

🐞 Bug Fixes

• Deprecate AggregationTemporality#toOtlpAggregationTemporality #​5733
• Warn about gauge re-registration #​5688
• executor.queued metrics of ForkJoinPool does not include queued submissions #​5650
• Default ObservationConventions for Grpc do not always use a consistent set of keyvalues #​5609

🔨 Dependency Upgrades

• Bump dropwizard-metrics from 4.2.28 to 4.2.29 #​5726

📔 Documentation

• Remove duplicated contextpropagation.adoc #​5693
• Polish "Grafana Dashboard" section #​5662
• Use BOM for Micrometer dependency examples in reference docs #​5652

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

v1.13.8: 1.13.8

Compare Source

📔 Documentation

• Gauges may be silently ignored when MeterFilters drop or transform tags #​5616

🔨 Dependency Upgrades

• Bump shaded netty to 4.1.115.Final in micrometer-registry-statsd to address CVE-2024-47535 #​5660

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

v1.13.7: 1.13.7

Compare Source

🐞 Bug Fixes

• Native Image Hazelcast error: java.lang.NoSuchMethodError: com.hazelcast.map.IMap.getName() #​5604

📔 Documentation

• Add documentation for @Counted #​5613

🔨 Dependency Upgrades

• Bump com.signalfx.public:signalfx-java from 1.0.46 to 1.0.47 #​5623
• Bump com.fasterxml.jackson.core:jackson-databind from 2.17.2 to 2.17.3 #​5622

📝 Tasks

• Enable japicmp task for micrometer-registry-statsd #​5612
• Improve UCUM time unit mapping for Dynatrace #​5594

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​izeye

hapifhir/hapi-fhir (ca.uhn.hapi.fhir:hapi-fhir-client-okhttp)

v7.6.1

7.6.1

v7.6.0

7.6.0

spring-cloud/spring-cloud-release (org.springframework.cloud:spring-cloud-dependencies)

v2023.0.5

v2023.0.4: 2023.0.4

Full Changelog: spring-cloud/spring-cloud-release@v2023.0.3...v2023.0.4

---

Configuration

📅 Schedule: Branch creation - "* * 1 */3 *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ ACTION	actionlint	4		0	0.04s
✅ DOCKERFILE	hadolint	2		0	0.08s
✅ EDITORCONFIG	editorconfig-checker	67		0	0.26s
✅ GROOVY	npm-groovy-lint	2		0	10.4s
✅ JAVA	checkstyle	19		0	4.73s
✅ JSON	jsonlint	5		0	0.2s
✅ JSON	prettier	5		0	1.95s
✅ JSON	v8r	5		0	4.76s
✅ MARKDOWN	markdownlint	2		0	0.29s
✅ PYTHON	bandit	1		0	1.11s
✅ PYTHON	black	1		0	2.01s
✅ PYTHON	flake8	1		0	1.15s
✅ PYTHON	isort	1		0	0.36s
✅ PYTHON	mypy	1		0	7.7s
✅ PYTHON	ruff	1		0	0.02s
✅ REPOSITORY	checkov	yes		no	21.93s
✅ REPOSITORY	gitleaks	yes		no	0.59s
✅ REPOSITORY	git_diff	yes		no	0.03s
✅ REPOSITORY	grype	yes		no	14.3s
✅ REPOSITORY	kics	yes		no	4.98s
✅ REPOSITORY	secretlint	yes		no	1.05s
✅ REPOSITORY	syft	yes		no	1.49s
✅ REPOSITORY	trivy	yes		no	6.68s
✅ REPOSITORY	trivy-sbom	yes		no	0.83s
✅ REPOSITORY	trufflehog	yes		no	2.94s
✅ XML	xmllint	1		0	0.2s
✅ YAML	prettier	17		0	0.8s
✅ YAML	yamllint	17		0	0.66s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

• Click here to request the new flavor

MegaLinter is graciously provided by

[github-actions]

Code Coverage Report

Overall Project	29.91%	❌

There is no coverage information present for the Files changed

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Trivy image scan report

ghcr.io/miracum/fhir-gateway:pr-184 (debian 12.7)

No Vulnerabilities found

No Misconfigurations found

Java

2 known vulnerabilities found (CRITICAL: 0 HIGH: 0 MEDIUM: 1 LOW: 1)

Show detailed table of vulnerabilities

Package	ID	Severity	Installed Version	Fixed Version
ch.qos.logback:logback-core	CVE-2024-12798	MEDIUM	1.5.12	1.5.13, 1.3.15
ch.qos.logback:logback-core	CVE-2024-12801	LOW	1.5.12	1.5.13, 1.3.15

No Misconfigurations found