vlsi opened a new pull request, #6711: URL: https://github.com/apache/jmeter/pull/6711
## Description Update four dependency groups to their latest stable releases. Each upgrade is a separate commit, with the Gradle dependency-verification metadata regenerated and the full test suite run green before committing. | Group | From | To | Scope | | --- | --- | --- | --- | | `org.bouncycastle` (bcmail/bcpkix/bcprov-jdk18on) | 1.82 | 1.84 | compile-only + test | | `org.apache.logging.log4j` (log4j-1.2-api/api/core/slf4j2-impl) | 2.25.3 | 2.26.0 | runtime (shipped) | | `org.apache.activemq` (activemq-broker/client/spring) | 6.2.0 | 6.2.6 | test | | `org.apache.mina` (mina-core) | 2.2.5 | 2.2.8 | test | log4j and mina both expose a pre-release as their Maven `release` marker (`3.0.0-beta3` and `3.0.0-M2`). Those are major-version pre-releases, so this PR stays on the current stable lines. ## Motivation and Context Routine security maintenance: pick up the latest upstream security and bug fixes for the shipped logging stack (log4j) and the Bouncy Castle crypto provider, and keep the test-only message-broker and networking libraries current. ## How Has This Been Tested? For each group, in its own commit: 1. Bumped the version in the relevant BOM (`src/bom-thirdparty/build.gradle.kts` for bouncycastle and log4j; `src/bom-testing/build.gradle.kts` for activemq and mina). 2. Regenerated verification metadata with `./gradlew --console=plain --dependency-verification lenient -q --write-verification-metadata sha256,pgp dependencies`. This refreshed `gradle/verification-metadata.xml` and, for log4j, `src/dist/src/dist/expected_release_jars.csv`. 3. Ran `./gradlew --quiet test` — green for all four bumps. All four groups verify through trusted PGP keys, so no per-jar checksums change. log4j is the only shipped artifact among them, so it is the only group that updates the expected-release-jar list. ## Types of changes - Bug fix (non-breaking change which fixes an issue) ## Checklist: - [x] My code follows the code style of this project. - [ ] I have updated the documentation accordingly. (Version-only updates; no documentation change needed.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
