This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/orc.git
The following commit(s) were added to refs/heads/main by this push:
new f433e5dff ORC-2060: Upgrade `bouncycastle` to 1.83
f433e5dff is described below
commit f433e5dfff1a0cc2463d17af720cb046b20902ba
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Jan 6 08:41:49 2026 +0900
ORC-2060: Upgrade `bouncycastle` to 1.83
Bumps [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java)
from 1.82 to 1.83.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html";>org.bouncycastle:bcpkix-jdk18on's
changelog</a>.</em></p>
<blockquote>
<p>2.1.1 VersionRelease: 1.84Date: TBD</p>
<p>2.2.1 VersionRelease: 1.83Date: 2025, November 27th.</p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/bcgit/bc-java/commits";>compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that
have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI
passes on it
- `dependabot cancel merge` will cancel a previously requested merge and
block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it.
You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of
the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen the PR
or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the PR or
upgrade to it yourself)
</details>
Closes #2489 from
dependabot[bot]/dependabot/maven/java/org.bouncycastle-bcpkix-jdk18on-1.83.
Authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
java/pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/java/pom.xml b/java/pom.xml
index fa1f6f95b..89545a4f2 100644
--- a/java/pom.xml
+++ b/java/pom.xml
@@ -60,7 +60,7 @@
</modules>
<properties>
- <bouncycastle.version>1.82</bouncycastle.version>
+ <bouncycastle.version>1.83</bouncycastle.version>
<brotli4j.version>1.20.0</brotli4j.version>
<checkstyle.version>12.3.1</checkstyle.version>
<commons-cli.version>1.11.0</commons-cli.version>
