(orc) branch branch-2.2 updated: ORC-2058 Upgrade `commons-lang3` to 3.20.0

Mon, 05 Jan 2026 15:33:48 -0800 

This is an automated email from the ASF dual-hosted git repository.

dongjoon pushed a commit to branch branch-2.2
in repository https://gitbox.apache.org/repos/asf/orc.git


The following commit(s) were added to refs/heads/branch-2.2 by this push:
     new 258c6b41b ORC-2058 Upgrade `commons-lang3` to 3.20.0
258c6b41b is described below

commit 258c6b41b548830d75a693a6c91da20a02649ba1
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Jan 6 08:30:52 2026 +0900

    ORC-2058 Upgrade `commons-lang3` to 3.20.0
    
    Bumps org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0.
    
    [![Dependabot compatibility 
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-lang3&package-manager=maven&previous-version=3.19.0&new-version=3.20.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
    
    Dependabot will resolve any conflicts with this PR as long as you don't 
alter it yourself. You can also trigger a rebase manually by commenting 
`dependabot rebase`.
    
    [//]: # (dependabot-automerge-start)
    [//]: # (dependabot-automerge-end)
    
    ---
    
    <details>
    <summary>Dependabot commands and options</summary>
    <br />
    
    You can trigger Dependabot actions by commenting on this PR:
    - `dependabot rebase` will rebase this PR
    - `dependabot recreate` will recreate this PR, overwriting any edits that 
have been made to it
    - `dependabot merge` will merge this PR after your CI passes on it
    - `dependabot squash and merge` will squash and merge this PR after your CI 
passes on it
    - `dependabot cancel merge` will cancel a previously requested merge and 
block automerging
    - `dependabot reopen` will reopen this PR if it is closed
    - `dependabot close` will close this PR and stop Dependabot recreating it. 
You can achieve the same result by closing it manually
    - `dependabot show <dependency name> ignore conditions` will show all of 
the ignore conditions of the specified dependency
    - `dependabot ignore this major version` will close this PR and stop 
Dependabot creating any more for this major version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this minor version` will close this PR and stop 
Dependabot creating any more for this minor version (unless you reopen the PR 
or upgrade to it yourself)
    - `dependabot ignore this dependency` will close this PR and stop 
Dependabot creating any more for this dependency (unless you reopen the PR or 
upgrade to it yourself)
    
    </details>
    
    Closes #2487 from 
dependabot[bot]/dependabot/maven/java/org.apache.commons-commons-lang3-3.20.0.
    
    Authored-by: dependabot[bot] 
<49699333+dependabot[bot]@users.noreply.github.com>
    Signed-off-by: Dongjoon Hyun <[email protected]>
    (cherry picked from commit ce6c1afd6753947427c332902656a979f9016d3d)
    Signed-off-by: Dongjoon Hyun <[email protected]>
---
 java/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/pom.xml b/java/pom.xml
index 0a3d432e5..90796bc57 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -153,7 +153,7 @@
       <dependency>
         <groupId>org.apache.commons</groupId>
         <artifactId>commons-lang3</artifactId>
-        <version>3.18.0</version>
+        <version>3.20.0</version>
         <scope>test</scope>
       </dependency>
       <dependency>

Reply via email to