build(deps): Bump the dev-dependencies group with 4 updates#11
Merged
github-actions[bot] merged 1 commit intoMay 16, 2026
Merged
Conversation
Bumps the dev-dependencies group with 4 updates: software.amazon.awssdk:dynamodb, software.amazon.awssdk:dynamodb-enhanced, [com.diffplug.spotless:spotless-plugin-gradle](https://github.com/diffplug/spotless) and com.diffplug.spotless. Updates `software.amazon.awssdk:dynamodb` from 2.44.6 to 2.44.7 Updates `software.amazon.awssdk:dynamodb-enhanced` from 2.44.6 to 2.44.7 Updates `software.amazon.awssdk:dynamodb-enhanced` from 2.44.6 to 2.44.7 Updates `com.diffplug.spotless:spotless-plugin-gradle` from 8.5.0 to 8.5.1 - [Release notes](https://github.com/diffplug/spotless/releases) - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](diffplug/spotless@gradle/8.5.0...gradle/8.5.1) Updates `com.diffplug.spotless` from 8.5.0 to 8.5.1 Updates `com.diffplug.spotless` from 8.5.0 to 8.5.1 --- updated-dependencies: - dependency-name: software.amazon.awssdk:dynamodb dependency-version: 2.44.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: software.amazon.awssdk:dynamodb-enhanced dependency-version: 2.44.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: software.amazon.awssdk:dynamodb-enhanced dependency-version: 2.44.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.diffplug.spotless:spotless-plugin-gradle dependency-version: 8.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.diffplug.spotless dependency-version: 8.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies - dependency-name: com.diffplug.spotless dependency-version: 8.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dev-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
github-actions
Bot
deleted the
dependabot/gradle/dev-dependencies-f39d0927a4
branch
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
wolpert
added a commit
that referenced
this pull request
May 16, 2026
- ceremony: default UV to REQUIRED so WebAuthn4J enforces flagUV (#2) - ceremony: refuse the non-strict WebAuthnManager when attestation conveyance is not NONE; force operators to wire a strict manager explicitly (#3) - jwt(spring): fail-fast on HS256 secrets shorter than 32 bytes; remove the silent expand() helper that masked weak keys (#4) - jwt(micronaut): fail-fast on blank or short HS256 secrets; remove the zero-pad and random-on-blank fallbacks (#5) - persistence: make signCount updates atomic against concurrent racing assertions so clone detection cannot be silently defeated — JDBI adds AND sign_count < :sc, DynamoDB adds a conditional UpdateItem (#6) - starters: gate LoggingEmailSender / LoggingSmsSender behind dev-mode so magic-link tokens and OTP codes don't silently leak to production logs (#7) - magic-link: replace the unbounded ConcurrentHashMap of consumed JTIs with a TTL-bounded Caffeine cache; fix the Javadoc to match reality (#8) - magic-link: bind verification email to the user via UserLookup#emailFor and reject mismatches; admin service maps the new EmailMismatch result to a 400 (#9) - persistence(dynamodb): server-enforce single-use for backup-code consume and OTP consume/incrementAttempts via ConditionExpression (#10) - persistence(dynamodb): server-enforce challenge expiry in takeOnce via ConditionExpression on expiresAt instead of post-filtering in Java (#11) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
wolpert
added a commit
that referenced
this pull request
May 16, 2026
#9 — Dropwizard auto-wires OTP/MagicLink/BackupCode via AltFlowsModule + new bundle ctor #10 — shared BackupCodesCountResponse / EmailVerificationResult in pk-auth-admin-api #11 — shared AdminRequests records in pk-auth-admin-api; all three adapters consume them #12 — AdminErrorBody + test deleted; DESIGN.md error envelope aligned with mappers #14 — new OtpPepperResolver in pk-auth-otp; Spring + Micronaut adapters share it #16 — Micronaut credential-id path template renamed to {credentialId} #17 — Spring toResponse collapsed into single entrypoint auto-detecting null → 204 #19 — RelyingParty defaults dropped in Spring and Micronaut; fail fast #20 — JWT defaults dropped; new JwtSecretResolver in pk-auth-jwt; Spring random-key fallback removed #21 — typed boolean devMode added to PkAuthProperties / PkAuthConfiguration #26 — ChallengeStore.put Javadoc + TTL validation; all three impls enforce #27 — BackupCodeRepository.replaceAll abstract; DynamoDB impl uses TransactWriteItems #29 — UserLookup methods renamed; USERNAMELESS_KEY constant added (#36 bundled) #30 — AssertionResult.Success convenience constructor removed Blocked: #13, #15, #22, #23, #24, #25, #31 — deferred per user pause Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the dev-dependencies group with 4 updates: software.amazon.awssdk:dynamodb, software.amazon.awssdk:dynamodb-enhanced, com.diffplug.spotless:spotless-plugin-gradle and com.diffplug.spotless.
Updates
software.amazon.awssdk:dynamodbfrom 2.44.6 to 2.44.7Updates
software.amazon.awssdk:dynamodb-enhancedfrom 2.44.6 to 2.44.7Updates
software.amazon.awssdk:dynamodb-enhancedfrom 2.44.6 to 2.44.7Updates
com.diffplug.spotless:spotless-plugin-gradlefrom 8.5.0 to 8.5.1Release notes
Sourced from com.diffplug.spotless:spotless-plugin-gradle's releases.
Commits
c1595c8Published gradle/8.5.1b26b570Published lib/4.6.1ac3f6f1Bump plexus-utils to 4.0.3 to address CVE-2025-67030 (#2932)f5039f6Bump plexus-utils to 4.0.3 to address CVE-2025-670300e77837Fix shell-injection in LicenseHeaderStep SET_FROM_GIT mode (#2931)84f6423Fix shell-injection in LicenseHeaderStep SET_FROM_GIT modeb87eb75Published maven/3.5.0Updates
com.diffplug.spotlessfrom 8.5.0 to 8.5.1Updates
com.diffplug.spotlessfrom 8.5.0 to 8.5.1Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions