Bump the all-maven-dependencies group across 2 directories with 3 updates

[dependabot]

Bumps the all-maven-dependencies group with 3 updates in the / directory: com.sap.cloud.sdk:sdk-modules-bom, com.sap.cloud.security:java-bom and com.diffplug.spotless:spotless-maven-plugin.
Bumps the all-maven-dependencies group with 3 updates in the /srv directory: com.sap.cloud.sdk:sdk-modules-bom, com.sap.cloud.security:java-bom and com.diffplug.spotless:spotless-maven-plugin.

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.29.0 to 5.30.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.30.0

What's Changed

All Release Changes

🚧 Known Issues

🔧 Compatibility Notes

• [OpenAPI] In Apache HttpClient generator, file upload parameters are now pinned to type java.io.File, unmodifiable with <typeMappings> in generator configuration.

✨ New Functionality

📈 Improvements

• Enable Retry behavior for HttpClient5 instances, to mirror legacy behvior for HttpClient4: 1 retry with 1s delay for response codes 429 (Too Many Requests) and 503 (Service Unavailable).

All Commits

• fix: JavaDoc PR link in prepare-release workflow by @​newtork in SAP/cloud-sdk-java#1159
• chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses by @​newtork in SAP/cloud-sdk-java#1009
• fix: [OpenAPI] Pin file upload parameter to File type by @​rpanackal in SAP/cloud-sdk-java#1160
• chore: [DevOps] bump the production-minor-patch group with 18 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1161
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1163
• chore: [DevOps] bump the production-minor-patch group with 19 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1164
• feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration by @​dira-AUR in SAP/cloud-sdk-java#1153

New Contributors

• @​dira-AUR made their first contribution in SAP/cloud-sdk-java#1153

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.30.0

Commits

• 872aacf Update to version 5.30.0
• 0abcdf9 feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration (#1153)
• 58e368d chore: [DevOps] bump the production-minor-patch group with 19 updates (#1164)
• 468661b chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the ...
• 033be69 chore: [DevOps] bump the production-minor-patch group with 18 updates (#1161)
• 265bb3d fix: [OpenAPI] Pin file upload parameter to File type (#1160)
• d5d3dfd chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses (#1009)
• 432c829 fix: JavaDoc PR link in prepare-release workflow (#1159)
• bed1833 Release 5.29.0 (#1158)
• See full diff in compare view

Updates com.sap.cloud.security:java-bom from 3.7.1 to 3.7.2

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.7.2

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension
  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

Change Log

All notable changes to this project will be documented in this file.

4.0.5

• Restore deprecated HttpClientFactory.services field and ServiceLoader-based factory discovery for backward compatibility

  • Custom HttpClientFactory implementations registered via META-INF/services are discovered again
  • A deprecation warning is logged when a custom factory is used, guiding users to migrate to SecurityHttpClientFactory with SecurityHttpClientProvider
  • Token services with default (no-arg) constructors continue to use the new SecurityHttpClientProvider internally

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension

  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

4.0.4

• Improve domain validation handling in JwtValidatorBuilder for IAS tokens

4.0.3

• Fix multi-tenant IAS token exchange to use token issuer URL instead of provider IAS URL from configuration in DefaultIdTokenExtension

4.0.2

• Fix token exchange credential handling to use getClientIdentity() instead of manually checking for certificate vs client secret
• Add IAS certificate properties (certificate, key, credential-type, certurl) to IdentityServicesPropertySourceFactory to properly map X.509 credentials for IAS service bindings

4.0.1

• Fix IAS token exchange to use getUrl() instead of getCertUrl() in DefaultIdTokenExtension

4.0.0 - Major Release

This is a major release with breaking changes. The library has been upgraded to Spring Boot 4.x and Jakarta EE 10. For applications still on Spring Boot 3.x, compatibility modules are provided. Please check the 4.0 Migration Guide for comprehensive upgrade instructions

⚠️ BREAKING CHANGES

Spring Boot and Jakarta EE Version Upgrades

• Spring Boot: Upgraded from 3.x to 4.0.3
• Spring Framework: Upgraded from 6.x to 7.0.5
• Spring Security: Upgraded from 6.x to 7.0.3
• Jakarta Servlet API: Upgraded from 6.0.0 to 6.1.0
• Java: Minimum version remains Java 17
• JUnit Jupiter: Upgraded from 5.12.2 to 6.0.3

HTTP Client Default Changed

Token-client module now uses Java 11's HttpClient as the default implementation. Apache HttpClient 4 remains available as a dependency for backward compatibility.

Impact:

... (truncated)

Commits

• d1f6f21 Bugfix/3.x add app tid to id token exchange (#1950)
• See full diff in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Commits

• b87eb75 Published maven/3.5.0
• 97c3baf Published gradle/8.5.0
• 3dd1a96 Published lib/4.6.0
• 05d8954 Feature maven expand wildcard import (#2930 fixes #2829)
• 0267bed Merge remote-tracking branch 'origin/main' into feature-maven-expand-wildcard...
• 3b6401d feat: read scalafmt version from scalafmt config if not provided (#2922)
• 886ee99 Fix wildcard import expansion for JDK XML types (#2921)
• 1d898d0 Merge branch 'main' into fix-expand-wildcard-jdk-xml-types
• a2acb39 Use Collator when sorting Eclipse JDT members (#2920)
• a88d0f0 Fix JDBI named bind params being uppercased and losing spaces in DBeaver SQL ...
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.29.0 to 5.30.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.30.0

What's Changed

All Release Changes

🚧 Known Issues

🔧 Compatibility Notes

• [OpenAPI] In Apache HttpClient generator, file upload parameters are now pinned to type java.io.File, unmodifiable with <typeMappings> in generator configuration.

✨ New Functionality

📈 Improvements

• Enable Retry behavior for HttpClient5 instances, to mirror legacy behvior for HttpClient4: 1 retry with 1s delay for response codes 429 (Too Many Requests) and 503 (Service Unavailable).

All Commits

• fix: JavaDoc PR link in prepare-release workflow by @​newtork in SAP/cloud-sdk-java#1159
• chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses by @​newtork in SAP/cloud-sdk-java#1009
• fix: [OpenAPI] Pin file upload parameter to File type by @​rpanackal in SAP/cloud-sdk-java#1160
• chore: [DevOps] bump the production-minor-patch group with 18 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1161
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1163
• chore: [DevOps] bump the production-minor-patch group with 19 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1164
• feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration by @​dira-AUR in SAP/cloud-sdk-java#1153

New Contributors

• @​dira-AUR made their first contribution in SAP/cloud-sdk-java#1153

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.30.0

Commits

• 872aacf Update to version 5.30.0
• 0abcdf9 feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration (#1153)
• 58e368d chore: [DevOps] bump the production-minor-patch group with 19 updates (#1164)
• 468661b chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the ...
• 033be69 chore: [DevOps] bump the production-minor-patch group with 18 updates (#1161)
• 265bb3d fix: [OpenAPI] Pin file upload parameter to File type (#1160)
• d5d3dfd chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses (#1009)
• 432c829 fix: JavaDoc PR link in prepare-release workflow (#1159)
• bed1833 Release 5.29.0 (#1158)
• See full diff in compare view

Updates com.sap.cloud.security:java-bom from 3.7.1 to 3.7.2

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.7.2

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension
  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

Change Log

All notable changes to this project will be documented in this file.

4.0.5

• Restore deprecated HttpClientFactory.services field and ServiceLoader-based factory discovery for backward compatibility

  • Custom HttpClientFactory implementations registered via META-INF/services are discovered again
  • A deprecation warning is logged when a custom factory is used, guiding users to migrate to SecurityHttpClientFactory with SecurityHttpClientProvider
  • Token services with default (no-arg) constructors continue to use the new SecurityHttpClientProvider internally

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension

  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

4.0.4

• Improve domain validation handling in JwtValidatorBuilder for IAS tokens

4.0.3

• Fix multi-tenant IAS token exchange to use token issuer URL instead of provider IAS URL from configuration in DefaultIdTokenExtension

4.0.2

• Fix token exchange credential handling to use getClientIdentity() instead of manually checking for certificate vs client secret
• Add IAS certificate properties (certificate, key, credential-type, certurl) to IdentityServicesPropertySourceFactory to properly map X.509 credentials for IAS service bindings

4.0.1

• Fix IAS token exchange to use getUrl() instead of getCertUrl() in DefaultIdTokenExtension

4.0.0 - Major Release

This is a major release with breaking changes. The library has been upgraded to Spring Boot 4.x and Jakarta EE 10. For applications still on Spring Boot 3.x, compatibility modules are provided. Please check the 4.0 Migration Guide for comprehensive upgrade instructions

⚠️ BREAKING CHANGES

Spring Boot and Jakarta EE Version Upgrades

• Spring Boot: Upgraded from 3.x to 4.0.3
• Spring Framework: Upgraded from 6.x to 7.0.5
• Spring Security: Upgraded from 6.x to 7.0.3
• Jakarta Servlet API: Upgraded from 6.0.0 to 6.1.0
• Java: Minimum version remains Java 17
• JUnit Jupiter: Upgraded from 5.12.2 to 6.0.3

HTTP Client Default Changed

Token-client module now uses Java 11's HttpClient as the default implementation. Apache HttpClient 4 remains available as a dependency for backward compatibility.

Impact:

... (truncated)

Commits

• d1f6f21 Bugfix/3.x add app tid to id token exchange (#1950)
• See full diff in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Commits

• b87eb75 Published maven/3.5.0
• 97c3baf Published gradle/8.5.0
• 3dd1a96 Published lib/4.6.0
• 05d8954 Feature maven expand wildcard import (#2930 fixes #2829)
• 0267bed Merge remote-tracking branch 'origin/main' into feature-maven-expand-wildcard...
• 3b6401d feat: read scalafmt version from scalafmt config if not provided (#2922)
• 886ee99 Fix wildcard import expansion for JDK XML types (#2921)
• 1d898d0 Merge branch 'main' into fix-expand-wildcard-jdk-xml-types
• a2acb39 Use Collator when sorting Eclipse JDT members (#2920)
• a88d0f0 Fix JDBI named bind params being uppercased and losing spaces in DBeaver SQL ...
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.29.0 to 5.30.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.30.0

What's Changed

All Release Changes

🚧 Known Issues

🔧 Compatibility Notes

• [OpenAPI] In Apache HttpClient generator, file upload parameters are now pinned to type java.io.File, unmodifiable with <typeMappings> in generator configuration.

✨ New Functionality

📈 Improvements

• Enable Retry behavior for HttpClient5 instances, to mirror legacy behvior for HttpClient4: 1 retry with 1s delay for response codes 429 (Too Many Requests) and 503 (Service Unavailable).

All Commits

• fix: JavaDoc PR link in prepare-release workflow by @​newtork in SAP/cloud-sdk-java#1159
• chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses by @​newtork in SAP/cloud-sdk-java#1009
• fix: [OpenAPI] Pin file upload parameter to File type by @​rpanackal in SAP/cloud-sdk-java#1160
• chore: [DevOps] bump the production-minor-patch group with 18 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1161
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1163
• chore: [DevOps] bump the production-minor-patch group with 19 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1164
• feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration by @​dira-AUR in SAP/cloud-sdk-java#1153

New Contributors

• @​dira-AUR made their first contribution in SAP/cloud-sdk-java#1153

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.30.0

Commits

• 872aacf Update to version 5.30.0
• 0abcdf9 feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration (#1153)
• 58e368d chore: [DevOps] bump the production-minor-patch group with 19 updates (#1164)
• 468661b chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the ...
• 033be69 chore: [DevOps] bump the production-minor-patch group with 18 updates (#1161)
• 265bb3d fix: [OpenAPI] Pin file upload parameter to File type (#1160)
• d5d3dfd chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses (#1009)
• 432c829 fix: JavaDoc PR link in prepare-release workflow (#1159)
• bed1833 Release 5.29.0 (#1158)
• See full diff in compare view

Updates com.sap.cloud.security:java-bom from 3.7.1 to 3.7.2

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.7.2

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension
  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

Change Log

All notable changes to this project will be documented in this file.

4.0.5

• Restore deprecated HttpClientFactory.services field and ServiceLoader-based factory discovery for backward compatibility

  • Custom HttpClientFactory implementations registered via META-INF/services are discovered again
  • A deprecation warning is logged when a custom factory is used, guiding users to migrate to SecurityHttpClientFactory with SecurityHttpClientProvider
  • Token services with default (no-arg) constructors continue to use the new SecurityHttpClientProvider internally

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension

  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

4.0.4

• Improve domain validation handling in JwtValidatorBuilder for IAS tokens

4.0.3

• Fix multi-tenant IAS token exchange to use token issuer URL instead of provider IAS URL from configuration in DefaultIdTokenExtension

4.0.2

• Fix token exchange credential handling to use getClientIdentity() instead of manually checking for certificate vs client secret
• Add IAS certificate properties (certificate, key, credential-type, certurl) to IdentityServicesPropertySourceFactory to properly map X.509 credentials for IAS service bindings

4.0.1

• Fix IAS token exchange to use getUrl() instead of getCertUrl() in DefaultIdTokenExtension

4.0.0 - Major Release

This is a major release with breaking changes. The library has been upgraded to Spring Boot 4.x and Jakarta EE 10. For applications still on Spring Boot 3.x, compatibility modules are provided. Please check the 4.0 Migration Guide for comprehensive upgrade instructions

⚠️ BREAKING CHANGES

Spring Boot and Jakarta EE Version Upgrades

• Spring Boot: Upgraded from 3.x to 4.0.3
• Spring Framework: Upgraded from 6.x to 7.0.5
• Spring Security: Upgraded from 6.x to 7.0.3
• Jakarta Servlet API: Upgraded from 6.0.0 to 6.1.0
• Java: Minimum version remains Java 17
• JUnit Jupiter: Upgraded from 5.12.2 to 6.0.3

HTTP Client Default Changed

Token-client module now uses Java 11's HttpClient as the default implementation. Apache HttpClient 4 remains available as a dependency for backward compatibility.

Impact:

... (truncated)

Commits

• d1f6f21 Bugfix/3.x add app tid to id token exchange (#1950)
• See full diff in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Commits

• b87eb75 Published maven/3.5.0
• 97c3baf Published gradle/8.5.0
• 3dd1a96 Published lib/4.6.0
• 05d8954 Feature maven expand wildcard import (#2930 fixes #2829)
• 0267bed Merge remote-tracking branch 'origin/main' into feature-maven-expand-wildcard...
• 3b6401d feat: read scalafmt version from scalafmt config if not provided (#2922)
• 886ee99 Fix wildcard import expansion for JDK XML types (#2921)
• 1d898d0 Merge branch 'main' into fix-expand-wildcard-jdk-xml-types
• a2acb39 Use Collator when sorting Eclipse JDT members (#2920)
• a88d0f0 Fix JDBI named bind params being uppercased and losing spaces in DBeaver SQL ...
• Additional commits viewable in compare view

Updates com.sap.cloud.sdk:sdk-modules-bom from 5.29.0 to 5.30.0

Release notes

Sourced from com.sap.cloud.sdk:sdk-modules-bom's releases.

Release 5.30.0

What's Changed

All Release Changes

🚧 Known Issues

🔧 Compatibility Notes

• [OpenAPI] In Apache HttpClient generator, file upload parameters are now pinned to type java.io.File, unmodifiable with <typeMappings> in generator configuration.

✨ New Functionality

📈 Improvements

• Enable Retry behavior for HttpClient5 instances, to mirror legacy behvior for HttpClient4: 1 retry with 1s delay for response codes 429 (Too Many Requests) and 503 (Service Unavailable).

All Commits

• fix: JavaDoc PR link in prepare-release workflow by @​newtork in SAP/cloud-sdk-java#1159
• chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses by @​newtork in SAP/cloud-sdk-java#1009
• fix: [OpenAPI] Pin file upload parameter to File type by @​rpanackal in SAP/cloud-sdk-java#1160
• chore: [DevOps] bump the production-minor-patch group with 18 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1161
• chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the github-actions group by @​dependabot[bot] in SAP/cloud-sdk-java#1163
• chore: [DevOps] bump the production-minor-patch group with 19 updates by @​dependabot[bot] in SAP/cloud-sdk-java#1164
• feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration by @​dira-AUR in SAP/cloud-sdk-java#1153

New Contributors

• @​dira-AUR made their first contribution in SAP/cloud-sdk-java#1153

Full Changelog: https://github.com/SAP/cloud-sdk-java/commits/rel/5.30.0

Commits

• 872aacf Update to version 5.30.0
• 0abcdf9 feat: expose slowCallDurationThreshold in CircuitBreakerConfiguration (#1153)
• 58e368d chore: [DevOps] bump the production-minor-patch group with 19 updates (#1164)
• 468661b chore: [DevOps] bump slackapi/slack-github-action from 3.0.1 to 3.0.2 in the ...
• 033be69 chore: [DevOps] bump the production-minor-patch group with 18 updates (#1161)
• 265bb3d fix: [OpenAPI] Pin file upload parameter to File type (#1160)
• d5d3dfd chore: Enhance HttpClient5 Retry-Strategy for 429 and 503 responses (#1009)
• 432c829 fix: JavaDoc PR link in prepare-release workflow (#1159)
• bed1833 Release 5.29.0 (#1158)
• See full diff in compare view

Updates com.sap.cloud.security:java-bom from 3.7.1 to 3.7.2

Release notes

Sourced from com.sap.cloud.security:java-bom's releases.

3.7.2

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension
  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

Changelog

Sourced from com.sap.cloud.security:java-bom's changelog.

Change Log

All notable changes to this project will be documented in this file.

4.0.5

• Restore deprecated HttpClientFactory.services field and ServiceLoader-based factory discovery for backward compatibility

  • Custom HttpClientFactory implementations registered via META-INF/services are discovered again
  • A deprecation warning is logged when a custom factory is used, guiding users to migrate to SecurityHttpClientFactory with SecurityHttpClientProvider
  • Token services with default (no-arg) constructors continue to use the new SecurityHttpClientProvider internally

• Fix multi-tenant IAS token exchange by adding app_tid parameter to the token exchange request in DefaultIdTokenExtension

  • In multi-tenant applications, IAS requires app_tid in addition to client_id to uniquely identify the application
  • The app_tid is extracted from the incoming access token and included when present

4.0.4

• Improve domain validation handling in JwtValidatorBuilder for IAS tokens

4.0.3

• Fix multi-tenant IAS token exchange to use token issuer URL instead of provider IAS URL from configuration in DefaultIdTokenExtension

4.0.2

• Fix token exchange credential handling to use getClientIdentity() instead of manually checking for certificate vs client secret
• Add IAS certificate properties (certificate, key, credential-type, certurl) to IdentityServicesPropertySourceFactory to properly map X.509 credentials for IAS service bindings

4.0.1

• Fix IAS token exchange to use getUrl() instead of getCertUrl() in DefaultIdTokenExtension

4.0.0 - Major Release

This is a major release with breaking changes. The library has been upgraded to Spring Boot 4.x and Jakarta EE 10. For applications still on Spring Boot 3.x, compatibility modules are provided. Please check the 4.0 Migration Guide for comprehensive upgrade instructions

⚠️ BREAKING CHANGES

Spring Boot and Jakarta EE Version Upgrades

• Spring Boot: Upgraded from 3.x to 4.0.3
• Spring Framework: Upgraded from 6.x to 7.0.5
• Spring Security: Upgraded from 6.x to 7.0.3
• Jakarta Servlet API: Upgraded from 6.0.0 to 6.1.0
• Java: Minimum version remains Java 17
• JUnit Jupiter: Upgraded from 5.12.2 to 6.0.3

HTTP Client Default Changed

Token-client module now uses Java 11's HttpClient as the default implementation. Apache HttpClient 4 remains available as a dependency for backward compatibility.

Impact:

... (truncated)

Commits

• d1f6f21 Bugfix/3.x add app tid to id token exchange (#1950)
• See full diff in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.0

Added

• <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
• Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
• Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
• Add a expandWildcardImports API for java (#2829)

Fixed

• Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
• The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
• Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

• Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
• Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
• Bump default cleanthat version 2.24 -> 2.25. (#2903)
• Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Commits

• b87eb75 Published maven/3.5.0
• 97c3baf Published gradle/8.5.0
• 3dd1a96 Published lib/4.6.0
• 05d8954 Feature maven expand wildcard import (#2930 fixes #2829)
• 0267bed Merge remote-tracking branch 'origin/main' into feature-maven-expand-wildcard...
• 3b6401d feat: read scalafmt version from scalafmt config if not provided (#2922)
• 886ee99 Fix wildcard import expansion for JDK XML types (#2921)
• 1d898d0 Merge branch 'main' into fix-expand-wildcard-jdk-xml-types
• a2acb39 Use Collator when sorting Eclipse JDT members (#2920)
• a88d0f0 Fix JDBI named bind params being uppercased and losing spaces in DBeaver SQL ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase wil...

Description has been truncated