Bump the maven-deps group with 4 updates #275

dependabot · 2025-05-30T13:01:32Z

Bumps the maven-deps group with 4 updates: org.jruby:jruby-core, javax.servlet:javax.servlet-api, jakarta.servlet.jsp:jakarta.servlet.jsp-api and jakarta.jms:jakarta.jms-api.

Updates org.jruby:jruby-core from 9.4.12.0 to 10.0.0.1

Release notes

Sourced from org.jruby:jruby-core's releases.

JRuby 10.0.0.1 Released

The JRuby community is pleased to announce the release of JRuby 10.0.0.1.

Homepage: https://www.jruby.org/

Download: https://www.jruby.org/download

We've jumped to Ruby 3.4 compatibility and Java 21 minimum to bring you the best Ruby on JVM experience possible. We are confident this is the most compatible and stable major release we've ever had.

Security

jruby-openssl has been updated to 0.15.4, which re-enables hostname verification by default. This addresses CVE-2025-46551 and GHSA-72qj-48g4-5xgx.

JRuby 10.0.0.0 Released

The JRuby community is pleased to announce the release of JRuby 10.0.0.0.

Homepage: https://www.jruby.org/

Download: https://www.jruby.org/download

JRuby 10 is finally here! We've jumped to Ruby 3.4 compatibility and Java 21 minimum to bring you the best Ruby on JVM experience possible. We are confident this is the most compatible and stable major release we've ever had.

Our blog post on JRuby 10 provides a high-level overview of the major changes, with some additional details below. We will update the blog post with additional detailed articles over the coming weeks: https://blog.jruby.org/2025/04/jruby-10-part-1-whats-new

As with any "dot zero" release, we are planning a series of quick updates to address any last-minute issues that snuck into the release. Please file bugs for any issues you see while testing JRuby 10.0: https://github.com/jruby/jruby/issues

Contributors

The JRuby core team today includes Charles Oliver Nutter (@headius), Thomas Enebo (@enebo), and Karol Bucek (@kares). Over the past year we have been honored to accept contributions from many other developers, and JRuby 10 would 8000 not be as stable or complete without their help:

[@andsel], [@mrnoname1000], [@ahorek], [@evaniainbrooks], [@edipofederle], [@ccutrer], [@danini-the-panini], [@ntkme], [@andrykonchin], [@mohamedhafez], [@jsvd], [@jpcamara], [@mullermp], [@ikaronen-relex], [@jimtng], [@ryannevell], [@eregon], [@moste00], [@sk757a]

Ruby Compatibility

Ruby compatibility has been updated to Ruby 3.4. We consider this release equivalent to Ruby 3.4.2.

Most features of Ruby 3.2, 3.3, 3.4 are complete, but some are still in progress. See our checklists based on CRuby's release notes: Ruby 3.2, Ruby 3.3, Ruby 3.4

Except where a more recent gem was available or a library is unsupported by JRuby, we have included the same standard libraries as Ruby 3.4.

Java 21

After nearly a decade of supporting Java 8, the JRuby team decided it's time for us to move to a more modern version of Java. The new requirement of Java 21 will allow us to take advantage of many features that were impossible to utilize while simultaneously supporting Java 8:

On-by-default optimization using InvokeDynamic, which has significantly improved since Java 8.

Support for thousands of Fibers using the lightweight virtual thread support from Project Loom.

Fast native function calling and native memory management using Project Panama.

Greatly improved startup time using Application Class Data Store, enabled by default by our launcher executables.

Easier access to post-Java 21 features like the Ahead-of-time compiler cache in Project Leyden.

... (truncated)

Commits

79cf1e4 Version 10.0.0.1 updated for release
3b432f5 Update to jruby-openssl 0.15.4
6ed59bc Version 10.0.0.0 updated for release
d067abe Try and exclude any jsa files from making it into windows installer .exe
1fdab6e Merge pull request #8759 from enebo/topic/javadoc
3c26d79 Revert "Version 10.0.0.0 updated for release"
dcc1325 moar javadoc fixes
c4ac45b many more javadoc warns fixed
614edf1 More javadoc warns fixed
2a24738 More javadoc warnings fixed
Additional commits viewable in compare view

Updates javax.servlet:javax.servlet-api from 3.0.1 to 4.0.1

Commits

5574e9b [maven-release-plugin] prepare release 4.0.1
6430ada Update pom with latest copyright plugin version
7265df0 Copyright changes. (#192)
9a27193 [maven-release-plugin] prepare for next development iteration
ef2740a [maven-release-plugin] prepare release 4.0.0
62e5c39 update the version to 4.0.0-SNAPSHOT
10f86f3 Update Bundle-License MANIFEST.MF property
779f324 fix typo in skip test
8ecb128 Remove watermark, and add preposition where needed
8c36bee Fix typo. Insert preposition "to" after "corresponding" as necessary.
Additional commits viewable in compare view

Updates jakarta.servlet.jsp:jakarta.servlet.jsp-api from 2.3.6 to 4.0.0

Commits

f723f99 Prepare release jakarta.servlet.jsp:jakarta.servlet.jsp-api:4.0.0
539dadf Update copyright year in Javadoc
91ccb19 POM version should be SNAPSHOT
65e89c3 Add dependency required to run the tests
4e0416b Fix compilation warnings
254f435 Various POM fixes
3956175 Merge pull request #266 from alwin-joseph/tck_rem_snapshotmodules
6a1b235 set jdk17 as compiler source/target
8abee4f use M1 modules of jakarta.tck project
dda566d pages tck documentation for 4.0
Additional commits viewable in compare view

Updates jakarta.jms:jakarta.jms-api from 2.0.3 to 3.1.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the maven-deps group with 4 updates: [org.jruby:jruby-core](https://github.com/jruby/jruby), [javax.servlet:javax.servlet-api](https://github.com/javaee/servlet-spec), [jakarta.servlet.jsp:jakarta.servlet.jsp-api](https://github.com/eclipse-ee4j/jsp-api) and jakarta.jms:jakarta.jms-api. Updates `org.jruby:jruby-core` from 9.4.12.0 to 10.0.0.1 - [Release notes](https://github.com/jruby/jruby/releases) - [Commits](jruby/jruby@9.4.12.0...10.0.0.1) Updates `javax.servlet:javax.servlet-api` from 3.0.1 to 4.0.1 - [Commits](javaee/servlet-spec@3.0.1...4.0.1) Updates `jakarta.servlet.jsp:jakarta.servlet.jsp-api` from 2.3.6 to 4.0.0 - [Release notes](https://github.com/eclipse-ee4j/jsp-api/releases) - [Commits](jakartaee/pages@2.3.6-RELEASE...4.0.0-RELEASE) Updates `jakarta.jms:jakarta.jms-api` from 2.0.3 to 3.1.0 --- updated-dependencies: - dependency-name: org.jruby:jruby-core dependency-version: 10.0.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: maven-deps - dependency-name: javax.servlet:javax.servlet-api dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: maven-deps - dependency-name: jakarta.servlet.jsp:jakarta.servlet.jsp-api dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: maven-deps - dependency-name: jakarta.jms:jakarta.jms-api dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: maven-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-05-31T08:44:18Z

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 30, 2025

dependabot bot closed this May 31, 2025

dependabot bot deleted the dependabot/maven/maven-deps-806cf42de6 branch May 31, 2025 08:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the maven-deps group with 4 updates #275

Bump the maven-deps group with 4 updates #275

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bump the maven-deps group with 4 updates #275

Bump the maven-deps group with 4 updates #275

Uh oh!

Conversation

Uh oh!

JRuby 10.0.0.1 Released

Security

JRuby 10.0.0.0 Released

Contributors

Ruby Compatibility

Java 21

Uh oh!

Uh oh!

Uh oh!