fix(deps): bump the prod-deps group across 1 directory with 18 updates

[dependabot]

Bumps the prod-deps group with 18 updates in the / directory:

Package	From	To
org.camunda.bpm:camunda-bom	7.21.0	7.24.0
com.github.mwiede:jsch	0.2.26	2.27.7
com.microsoft.sqlserver:mssql-jdbc	12.8.2.jre11	13.2.1.jre11
com.googlecode.libphonenumber:libphonenumber	8.13.55	9.0.21
org.graalvm.js:js	24.2.2	25.0.0
org.graalvm.js:js-scriptengine	24.2.2	25.0.0
org.graalvm.python:python	24.2.2	25.0.0
org.graalvm.ruby:ruby	24.2.2	25.0.0
org.graalvm.shadowed:json	24.2.2	25.0.0
org.graalvm.polyglot:polyglot	24.2.2	25.0.0
org.graalvm.polyglot:java	24.2.2	25.0.0
org.graalvm.polyglot:js	24.2.2	25.0.0
org.graalvm.polyglot:llvm	24.2.2	25.0.0
org.graalvm.polyglot:lsp	24.2.2	25.0.0
org.graalvm.polyglot:python	24.2.2	25.0.0
org.graalvm.polyglot:ruby	24.2.2	25.0.0
org.graalvm.polyglot:wasm	24.2.2	25.0.0
org.jruby:jruby	9.4.14.0	10.0.2.0

Updates org.camunda.bpm:camunda-bom from 7.21.0 to 7.24.0

Updates com.github.mwiede:jsch from 0.2.26 to 2.27.7

Release notes

Sourced from com.github.mwiede:jsch's releases.

jsch-2.27.7

What's Changed

• SftpATTRS constructor should be public by @​jjlauer in mwiede/jsch#950

dependency updates

• Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 by @​dependabot[bot] in mwiede/jsch#945
• Bump errorprone.version from 2.43.0 to 2.44.0 by @​dependabot[bot] in mwiede/jsch#944
• Bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0 by @​dependabot[bot] in mwiede/jsch#943
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 by @​dependabot[bot] in mwiede/jsch#942
• Bump github/codeql-action from 4.31.2 to 4.31.4 by @​dependabot[bot] in mwiede/jsch#948
• Bump org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0 by @​dependabot[bot] in mwiede/jsch#949
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in mwiede/jsch#951
• Bump org.bouncycastle:bcprov-jdk18on from 1.82 to 1.83 by @​dependabot[bot] in mwiede/jsch#953
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in mwiede/jsch#952

Full Changelog: mwiede/jsch@jsch-2.27.6...jsch-2.27.7

jsch-2.27.6

What's Changed

• Fix logging a 'port is null' error when parsing openssh config file by @​jjlauer in mwiede/jsch#934

Dependency Updates

• Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in mwiede/jsch#937
• Bump actions/download-artifact from 5.0.0 to 6.0.0 by @​dependabot[bot] in mwiede/jsch#936
• Bump github/codeql-action from 4.30.9 to 4.31.0 by @​dependabot[bot] in mwiede/jsch#935
• Bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 by @​dependabot[bot] in mwiede/jsch#939
• Bump org.junit.jupiter:junit-jupiter from 5.14.0 to 5.14.1 by @​dependabot[bot] in mwiede/jsch#940
• Bump github/codeql-action from 4.31.0 to 4.31.2 by @​dependabot[bot] in mwiede/jsch#938

New Contributors

• @​jjlauer made their first contribution in mwiede/jsch#934

Full Changelog: mwiede/jsch@jsch-2.27.5...jsch-2.27.6

jsch-2.27.5

What's Changed

• Throw JSchException if an incorrect passphrase is provided to JSch.addIdentity() by @​norrisjeremy in mwiede/jsch#932

Dependency Updates

• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in mwiede/jsch#931
• Bump errorprone.version from 2.42.0 to 2.43.0 by @​dependabot[bot] in mwiede/jsch#930

Full Changelog: mwiede/jsch@jsch-2.27.4...jsch-2.27.5

jsch-2.27.4

What's Changed

• Slowness due to blocked threads in Channel.getChannel call by @​DavidTavoularis in mwiede/jsch#887
• Update to latest Maven Wrapper by @​norrisjeremy in mwiede/jsch#895
• Switch to using Java 25 for builds by @​norrisjeremy in mwiede/jsch#913

... (truncated)

Commits

• 79f96cb [maven-release-plugin] prepare release jsch-2.27.7
• c5d1c5f Merge pull request #952 from mwiede/dependabot/github_actions/actions/checkou...
• 45c4d9a Merge pull request #953 from mwiede/dependabot/maven/org.bouncycastle-bcprov-...
• 6b31ed3 Merge pull request #951 from mwiede/dependabot/github_actions/github/codeql-a...
• 6a26cee Bump org.bouncycastle:bcprov-jdk18on from 1.82 to 1.83
• 09a9a92 Bump actions/checkout from 5.0.0 to 6.0.0
• df7ca89 Bump github/codeql-action from 4.31.4 to 4.31.5
• 943739d Merge pull request #949 from mwiede/dependabot/maven/org.apache.maven.plugins...
• 089edb3 SftpATTRS constructor should be public (#950)
• 562b521 Merge pull request #948 from mwiede/dependabot/github_actions/github/codeql-a...
• Additional commits viewable in compare view

Updates com.microsoft.sqlserver:mssql-jdbc from 12.8.2.jre11 to 13.2.1.jre11

Release notes

Sourced from com.microsoft.sqlserver:mssql-jdbc's releases.

[13.2.1] Hotfix & Stable Release

Added

• Enable Vector data type tests on Azure SQL Database #2762 What was added: Vector data type tests are now enabled to run against Azure SQL Database. Who benefits: Developers testing VECTOR functionality in Azure SQL DB environments. Impact: Ensures VECTOR data type support test coverage.

• Enable JSON data type tests on Azure SQL Database #2756 What was added: JSON data type tests are now enabled to run against Azure SQL Database. Who benefits: Developers testing JSON functionality in Azure SQL DB environments. Impact: Ensures JSON data type support test coverage.

Changed

• Revert function/procedure filtering via sys.all_objects #2751 What changed: Reverted #2705 change that used sys.all_objects for filtering. Restores previous behavior to maintain consistency across metadata APIs. Who benefits: Developers using getProcedures() and getFunctions() in JDBC. Impact: Preserves compatibility with numbered procedures and avoids discrepancies between APIs.

Fixed issues

• Address a hostname validation vulnerability by securely parsing certificate common names. #2801 What was fixed: Secure hostname validation is enforced by replacing the vulnerable CN parsing logic in SQLServerCertificateUtils.java, preventing spoofing attacks. Who benefits: All users of the SQL Server JDBC driver, especially those relying on TLS for secure connections, benefit from improved certificate validation. Impact: This fix closes a security gap, protecting applications from man-in-the-middle attacks and ensuring compliance with security best practices.

• JDK 8 compatibility for vector datatype handling #2750 What was fixed: Ensured fallback to JVM system property javax.net.ssl.trustStoreType if connection property is unset. Who benefits: Users configuring SSL via system properties. Impact: Enables proper SSL trust store resolution, improving compatibility with system configurations.

• PreparedStatement getGeneratedKeys() failure with triggers #2742 What was fixed: Fixed error "The statement must be executed before any results can be obtained" when using insert triggers with generated keys. Who benefits: Developers retrieving generated keys from inserts with triggers. Impact: Restores correct behavior for both update count accuracy and generated keys retrieval in trigger scenarios.

• Byte Buddy dependency scope #2755 What was fixed: Corrected Byte Buddy (1.15.11) dependency scope to test instead of compile. Who benefits: Developers and users of runtime artifacts. Impact: Reduces runtime artifact size (~8 MB) and ensures Byte Buddy is only included for unit tests.

• DatabaseMetaData.getIndexInfo() NON_UNIQUE value inconsistency #2773 What was fixed: Fixed incorrect NON_UNIQUE values due to mismatched handling of sp_statistics and sys.indexes. Who benefits: Applications depending on accurate index metadata. Impact: Provides consistent value of NON_UNIQUE field across SQL Server and Azure Synapse Analytics.

• DatabaseMetaData.getIndexInfo() invalid cursor position exception 2763 What was fixed: Fixed SQLException: Invalid cursor position caused when calling ResultSet.next() after exhaustion due to CachedRowSet strict cursor validation. Who benefits: Developers consuming metadata via DatabaseMetaData.getIndexInfo() on SQL Server or Azure Synapse DW.

... (truncated)

Commits

• See full diff in compare view

Updates com.googlecode.libphonenumber:libphonenumber from 8.13.55 to 9.0.21

Release notes

Sourced from com.googlecode.libphonenumber:libphonenumber's releases.

v9.0.21

Hi all,

Please find the new JARs on the maven site here.

The new release contains mostly metadata changes. Thanks to all those who contributed by providing issue reports! See detailed release notes.

Want to be notified of future releases? Join the discussion group!

v9.0.20

Hi all,

Please find the new JARs on the maven site here.

The new release contains mostly metadata changes. Thanks to all those who contributed by providing issue reports! See detailed release notes.

Want to be notified of future releases? Join the discussion group!

v9.0.19

Hi all,

Please find the new JARs on the maven site here.

The new release contains mostly metadata changes. Thanks to all those who contributed by providing issue reports! See detailed release notes.

Want to be notified of future releases? Join the discussion group!

v9.0.18

Hi all,

Please find the new JARs on the maven site here.

The new release contains mostly metadata changes. Thanks to all those who contributed by providing issue reports! See detailed release notes.

Want to be notified of future releases? Join the discussion group!

v9.0.17

Hi all,

Please find the new JARs on the maven site here.

The new release contains mostly metadata changes.

... (truncated)

Changelog

Sourced from com.googlecode.libphonenumber:libphonenumber's changelog.

Dec 17, 2025: v9.0.21 Metadata changes:

• Updated alternate formatting data for country calling code(s): 91
• Updated phone metadata for region code(s): CL, EE, ET, GE, GY, HK, IN, KR, MG, SG, SV, US
• New geocoding data for country calling code(s): 1353 (en)
• Updated geocoding data for country calling code(s): 251 (en)
• Updated carrier data for country calling code(s): 34 (en), 36 (en), 43 (en), 48 (en), 56 (en), 65 (en), 261 (en), 501 (en), 503 (en), 852 (en, zh)
• Updated / refreshed time zone meta data.

Dec 04, 2025: v9.0.20 Metadata changes:

• Updated phone metadata for region code(s): GY, IL, MU, TD, TZ, UG, UZ
• New geocoding data for country calling code(s): 229 (en)
• Updated carrier data for country calling code(s): 34 (en), 230 (en), 255 (en), 256 (en), 998 (en)

Nov 19, 2025: v9.0.19 Metadata changes:

• Updated phone metadata for region code(s): CF, EE, EH, GE, IN, LB, MA, OM, SG, SN, SV, UG
• Updated geocoding data for country calling code(s): 61 (en), 91 (en), 212 (en)
• Updated carrier data for country calling code(s): 34 (en), 45 (en), 65 (en), 91 (en), 236 (en), 256 (en), 503 (en), 961 (en), 995 (en)

Nov 06, 2025: v9.0.18 Metadata changes:

• Updated phone metadata for region code(s): AU, BJ, CC, CX, ET, IL, IR, MC, PY, QA, SG, SV, TJ, UG, ZA
• Updated short number metadata for region code(s): PY
• Updated geocoding data for country calling code(s): 61 (en)
• Updated carrier data for country calling code(s): 61 (en), 65 (en), 98 (en, fa), 229 (en), 256 (en), 372 (en), 377 (en), 503 (en), 972 (en), 992 (en)
• Updated / refreshed time zone meta data.

Oct 23, 2025: v9.0.17 Metadata changes:

• Updated phone metadata for region code(s): AU, CC, CX, GB, LB, MG, SN
• Updated short number metadata for region code(s): RO
• Updated carrier data for country calling code(s): 57 (en), 61 (en), 221 (en), 255 (en), 261 (en), 852 (zh), 961 (en)
• Updated / refreshed time zone meta data.

Oct 09, 2025: v9.0.16 Metadata changes:

... (truncated)

Commits

• 3b7cd90 [maven-release-plugin] prepare release v9.0.21
• 7e29192 Metadata updates for release 9.0.21 (#3948)
• cf44656 Update README.md (#3947)
• ee2e977 Mandlil maven update (#3946)
• b6cc530 Metadata updates for release 9.0.20 (#3945)
• a1d3a79 Update README.md (#3941)
• 3b25e85 Kkeshava maven update (#3940)
• 6f383e6 Metadata updates for release 9.0.19 (#3939)
• 209b9d5 Update README.md (#3936)
• cc30505 Mandlil maven update (#3935)
• Additional commits viewable in compare view

Updates org.graalvm.js:js from 24.2.2 to 25.0.0

Release notes

Sourced from org.graalvm.js:js's releases.

GraalJS 25.0.0

GraalJS is an ECMAScript-compliant runtime to execute JavaScript and Node.js applications. It is fully standard-compliant, executes applications with high performance, and provides all benefits from the GraalVM stack, including language interoperability and common tooling.

GraalJS version 25.0.0 is designed for use with Oracle GraalVM 25.0.0 or GraalVM Community Edition 25.0.0, and can be downloaded separately.

There are two standalone types to choose from:

• Native Standalone: This contains a Native Image compiled launcher
• JVM Standalone: This contains JavaScript in the JVM configuration

To distinguish between them, the GraalVM Community Edition version has the suffix -community in its name. A JVM standalone has a -jvm suffix in its name.

Learn more about GraalJS and how to get started on the website at https://www.graalvm.org/javascript/.

Changelog

Sourced from org.graalvm.js:js's changelog.

Version 25.0.0

• ECMAScript 2025 mode/features enabled by default.
• Updated Node.js to version 22.17.1.
• Implemented the Intl.DurationFormat proposal.
• Made option js.text-encoding stable and allowed in SandboxPolicy.CONSTRAINED.
• Implemented the import defer proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Upsert proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Enabled source phase imports from WebAssembly modules (import source mod from "./mod.wasm") by default if the js.webassembly option is enabled and the js.source-phase-imports option is not explicitly set to false.

Version 24.2.0

• Updated Node.js to version 22.13.1.
• Implemented the Error.isError proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Math.sumPrecise proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Promise.try proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Atomics.pause proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Uint8Array to/from base64 and hex proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Source Phase Imports proposal. It is available behind the experimental option (--js.source-phase-imports).
• Implemented the WebAssembly/ES Module Integration proposal, allowing .wasm modules to be loaded via import statements.
• Implemented basic Worker API (resembling the API available in d8). It is available behind the experimental option --js.worker.
• Added option js.stack-trace-api that enables/disables Error.captureStackTrace, Error.prepareStackTrace and Error.stackTraceLimit. These non-standard extensions are disabled by default (unless js.v8-compat or js.nashorn-compat is used).
• Made option js.webassembly stable.
• Made options js.load, js.print, and js.graal-builtin stable and allowed in SandboxPolicy.UNTRUSTED.
• Made option js.locale stable and allowed in SandboxPolicy.UNTRUSTED. Its value, if non-empty, must be a well-formed Unicode BCP 47 locale identifier and is now validated.
• Added an experimental java.util.concurrent.Executor that can be used to post tasks into the event loop thread in graal-nodejs. It is available as require('node:graal').eventLoopExecutor.
• Implemented the TextDecoder and TextEncoder APIs of the WHATWG Encoding Standard. They are available behind the experimental option (--js.text-encoding).
• Implemented the RegExp.escape proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Regular Expression Pattern Modifiers proposal.
• Implemented the Iterator Sequencing proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).

Version 24.1.0

• ECMAScript 2024 mode/features enabled by default.
• Implemented the Make eval-introduced global vars redeclarable proposal.
• Implemented the Float16Array proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Array.fromAsync proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Resizable and Growable ArrayBuffers proposal.
• Updated Node.js to version 20.13.1.
• Made option js.esm-eval-returns-exports stable and allowed in SandboxPolicy.UNTRUSTED.

Version 24.0.0

• Implemented the WebAssembly threads proposal.
• Implemented the Promise.withResolvers proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implementation of Async Iterator Helpers proposal (that was split out from Iterator Helpers proposal) was moved behind the experimental option --js.async-iterator-helpers.
• Implemented the Well-Formed Unicode Strings proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the JSON.parse source text access proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Updated Node.js to version 18.18.2.
• WebAssembly support in Node.js has been enabled by default. It can be disabled using the experimental option --js.webassembly=false.
• --js.import-assertions option has been replaced by --js.import-attributes option because the corresponding proposal has migrated from the usage of assertions to the usage of attributes.

Version 23.1.0

• NOTE: GraalVM no longer ships with a "js" ScriptEngine. Please either use the Maven dependency or explicitly put js-scriptengine.jar on the module path. See ScriptEngine documentation for details.

... (truncated)

Commits

• 930257e Release GraalVM 25.0.0.
• 633e62a [GR-68100] Backport to 25: Build Graal.js and GraalNode.js native standalones...
• 44cb2a6 Do not set Vector API specific options for libjsvm and libgraal-nodejs on pre...
• 6073998 [GR-67852] Backport to 25.0: Merge master into release branch.
• fa450a6 Update the status of sequential test suite.
• 2b263ff Sync CI files.
• e863e8e Update graal import.
• 9957c13 Revert "Start 26.0.0 dev cycle."
• 1aa4a8a [GR-67647] Upgrading the underlying Node.js to version 22.17.1.
• 113cb44 [GR-65834] Fix possible deopt cycle in property cache.
• Additional commits viewable in compare view

Updates org.graalvm.js:js-scriptengine from 24.2.2 to 25.0.0

Release notes

Sourced from org.graalvm.js:js-scriptengine's releases.

GraalJS 25.0.0

GraalJS is an ECMAScript-compliant runtime to execute JavaScript and Node.js applications. It is fully standard-compliant, executes applications with high performance, and provides all benefits from the GraalVM stack, including language interoperability and common tooling.

GraalJS version 25.0.0 is designed for use with Oracle GraalVM 25.0.0 or GraalVM Community Edition 25.0.0, and can be downloaded separately.

There are two standalone types to choose from:

• Native Standalone: This contains a Native Image compiled launcher
• JVM Standalone: This contains JavaScript in the JVM configuration

To distinguish between them, the GraalVM Community Edition version has the suffix -community in its name. A JVM standalone has a -jvm suffix in its name.

Learn more about GraalJS and how to get started on the website at https://www.graalvm.org/javascript/.

Changelog

Sourced from org.graalvm.js:js-scriptengine's changelog.

Version 25.0.0

• ECMAScript 2025 mode/features enabled by default.
• Updated Node.js to version 22.17.1.
• Implemented the Intl.DurationFormat proposal.
• Made option js.text-encoding stable and allowed in SandboxPolicy.CONSTRAINED.
• Implemented the import defer proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Upsert proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Enabled source phase imports from WebAssembly modules (import source mod from "./mod.wasm") by default if the js.webassembly option is enabled and the js.source-phase-imports option is not explicitly set to false.

Version 24.2.0

• Updated Node.js to version 22.13.1.
• Implemented the Error.isError proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Math.sumPrecise proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Promise.try proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Atomics.pause proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Uint8Array to/from base64 and hex proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Source Phase Imports proposal. It is available behind the experimental option (--js.source-phase-imports).
• Implemented the WebAssembly/ES Module Integration proposal, allowing .wasm modules to be loaded via import statements.
• Implemented basic Worker API (resembling the API available in d8). It is available behind the experimental option --js.worker.
• Added option js.stack-trace-api that enables/disables Error.captureStackTrace, Error.prepareStackTrace and Error.stackTraceLimit. These non-standard extensions are disabled by default (unless js.v8-compat or js.nashorn-compat is used).
• Made option js.webassembly stable.
• Made options js.load, js.print, and js.graal-builtin stable and allowed in SandboxPolicy.UNTRUSTED.
• Made option js.locale stable and allowed in SandboxPolicy.UNTRUSTED. Its value, if non-empty, must be a well-formed Unicode BCP 47 locale identifier and is now validated.
• Added an experimental java.util.concurrent.Executor that can be used to post tasks into the event loop thread in graal-nodejs. It is available as require('node:graal').eventLoopExecutor.
• Implemented the TextDecoder and TextEncoder APIs of the WHATWG Encoding Standard. They are available behind the experimental option (--js.text-encoding).
• Implemented the RegExp.escape proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Regular Expression Pattern Modifiers proposal.
• Implemented the Iterator Sequencing proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).

Version 24.1.0

• ECMAScript 2024 mode/features enabled by default.
• Implemented the Make eval-introduced global vars redeclarable proposal.
• Implemented the Float16Array proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Array.fromAsync proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the Resizable and Growable ArrayBuffers proposal.
• Updated Node.js to version 20.13.1.
• Made option js.esm-eval-returns-exports stable and allowed in SandboxPolicy.UNTRUSTED.

Version 24.0.0

• Implemented the WebAssembly threads proposal.
• Implemented the Promise.withResolvers proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implementation of Async Iterator Helpers proposal (that was split out from Iterator Helpers proposal) was moved behind the experimental option --js.async-iterator-helpers.
• Implemented the Well-Formed Unicode Strings proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Implemented the JSON.parse source text access proposal. It is available in ECMAScript staging mode (--js.ecmascript-version=staging).
• Updated Node.js to version 18.18.2.
• WebAssembly support in Node.js has been enabled by default. It can be disabled using the experimental option --js.webassembly=false.
• --js.import-assertions option has been replaced by --js.import-attributes option because the corresponding proposal has migrated from the usage of assertions to the usage of attributes.

Version 23.1.0

• NOTE: GraalVM no longer ships with a "js" ScriptEngine. Please either use the Maven dependency or explicitly put js-scriptengine.jar on the module path. See ScriptEngine documentation for details.

... (truncated)

Commits

• 930257e Release GraalVM 25.0.0.
• 633e62a [GR-68100] Backport to 25: Build Graal.js and GraalNode.js native standalones...
• 44cb2a6 Do not set Vector API specific options for libjsvm and libgraal-nodejs on pre...
• 6073998 [GR-67852] Backport to 25.0: Merge master into release branch.
• fa450a6 Update the status of sequential test suite.
• 2b263ff Sync CI files.
• e863e8e Update graal import.
• 9957c13 Revert "Start 26.0.0 dev cycle."
• 1aa4a8a [GR-67647] Upgrading the underlying Node.js to version 22.17.1.
• 113cb44 [GR-65834] Fix possible deopt cycle in property cache.
• Additional commits viewable in compare view

Updates org.graalvm.python:python from 24.2.2 to 25.0.0

Release notes

Sourced from org.graalvm.python:python's releases.

GraalPy 25.0.0

GraalPy is a Python 3.12-compliant runtime on top of GraalVM.

You can download GraalPy as a standalone distribution for Oracle GraalVM or GraalVM Community Edition. There are two standalone types to choose from:

• Native Standalone: This contains a Native Image compiled launcher
• JVM Standalone: This contains Python in the JVM configuration

To distinguish between them, the GraalVM Community Edition version has the suffix -community in its name. A JVM standalone has a -jvm suffix in its name.

Learn more about GraalPy and how to get started on the website: https://www.graalvm.org/python/.

Changelog

Sourced from org.graalvm.python:python's changelog.

Version 25.0.0

• sys.implementation.version now returns the GraalPy version instead of the Python version it implements. Also available as sys.graalpy_version_info for better discoverability by people already familiar with PyPy and its sys.pypy_version_info.
• GRAALPY_VERSION_NUM C macro now inlcudes the release level and serial number at the end to conform to the hexversion format. This shouldn't break any existing comparisons.
• dir(foreign_object) now returns both foreign methods and Python methods (it used to return only foreign methods).
• Support __name__, __doc__, __text_signature__ fields on foreign executables to serve as their proper counterparts on the Python side. This is useful to, for example, use Java functional interfaces in lieu of Python functions for things like LangChain's @tool annotation that want to inspect the underlying function.
• Remove support for running C extensions as LLVM bitcode. This also removes the related options python.UseSystemToolchain and python.NativeModules. Isolation of native code when embedding GraalPy into Java projects is now provided via the GraalVM enterprise edition polyglot isolate feature, which can launch in a separate external sub-process by setting the --engine.IsolateMode=external option.
• Remove built-in HPy module. HPy can now be installed and used from the upstream sources.
• Update Python standard library and core to 3.12.8.
• Implement faulthandler.dump_traceback_later to better support testing frameworks that implement resilience to crashes.
• Fix various issues affecting cibuildwheels on Windows, to make it easier for Python projects to provide native extensions for GraalPy on all supported platforms.
• Add support for sharing Arrow arrays and tables between Java, PyArrow, and Pandas to avoid data copying when embedding those libraries into a Java project.
• Enable FTS3, FTS4, FTS5, RTREE, and math function features in the bundled sqlite3 library.
• Add support patches for Torch 2.7.0, PyGObject 3.52.3, xmlschema 4.0.0, lxml < 5.4.0, SciPy 1.15, jq 1.8.0, NumPy < 2.3, ormsgpack < 1.9.1, pandas 2.2.3, PyArrow 19.0, PyMuPDF 1.25.4.
• The GraalPy Native standalone on Linux now uses the G1 garbage collector which is much faster.
• The full-featured Python REPL is now available on GraalPy standalone builds for Windows.

Version 24.2.0

• Updated developer metadata of Maven artifacts.
• Added gradle plugin for polyglot embedding of Python packages into Java.
• When calling a method on a foreign object in Python code, Python methods are now prioritized over foreign members.
• Added polyglot.register_interop_type and @polyglot.interop_type to define custom Python methods for a given foreign class/type. See the documentation for more information.
• Foreign objects are now given a Python class corresponding to their interop traits.
  • Foreign lists now inherit from Python list, foreign dictionaries from dict, foreign strings from str, foreign iterators from iterator, foreign exceptions from BaseException, foreign numbers from polyglot.ForeignNumber, foreign booleans from polyglot.ForeignBoolean, and foreign null values from NoneType.
  • This means all Python methods of these types are available on the corresponding foreign objects, which behave as close as possible as if they were Python objects.
  • See the documentation for more information.
• Remove support for running with Sulong managed both in embeddings as well as through the graalpy-managed launcher.
• Rewrite wheelbuilder to be easier to use and contribute to. This version is now the same we run internally to build publishable wheels for some platforms we support, so the community can build the same wheels on their own hardware easily if desired.
• pip is now able to fetch newer versions of GraalPy patches for third-party packages from graalpython GitHub repository, allowing us to add new patches to released versions.
  • The patch repository can be overridden using PIP_GRAALPY_PATCHES_URL environment variable, which can point to a local path or a URL. It can be disabled by setting it to an empty string.
• Added GRAALPY_VERSION and GRAALPY_VERSION_NUM C macros.
• Remove ginstall module. It hasn't been necessary for several releases. Please, use pip install.
• Remove experimental SetupLLVMLibraryPaths option. It was used to pre-set library path for LLVM toolchain's libc++. The path can still be set manually.
• Added GRAALPY_VERSION and GRAALPY_VERSION_NUM C macros
• Added experimental python.IsolateNativeModules option to allow loading native extensions multiple times in different contexts. See the documentation for more information.
• GraalPy Embedding:
  • Introduced new types: KeywordArguments and PositionalArguments, in the GraalPy Embedding library (org.graalvm.python:python-embedding), to support directly passing keyword and positional arguments from Java to Python.
  • Deprecated the org.graalvm.python.embedding.util API package and added new equivalents to org.graalvm.python.embedding
  • Maven and Gradle plugins do not embed Python home into the generated virtual filesystem. Instead, the handling of language home for any Truffle language, including GraalPy, for the GraalVM Native Image build can be controlled by new Native Image options +H:IncludeLanguageResources and +H:CopyLanguageResources. By default, the whole Python home is embedded into the native executable. In the case of JVM deployment, the language home is embedded in the GraalPy artifacts at Mavencentral.
  • Removed deprecated methods in VirtualFileSystem
• No longer ship graalpy_virtualenv virtualenv plugin within the standard library. Instead, inject the dependency on it into virtualenv, so that it gets installed only when necessary and can be uninstalled.
• Rename graalpy_virtualenv to graalpy_virtualenv_seeder.

Version 24.1.0

• GraalPy is now considered stable for pure Python workloads. While many workloads involving native extension modules work, we continue to consider them experimental. You can use the command-line option --python.WarnExperimentalFeatures to enable warnings for such modules at runtime. In Java embeddings the warnings are enabled by default and you can suppress them by setting the context option 'python.WarnExperimentalFeatures' to 'false'.
• Update to Python 3.11.7.
• We now provide intrinsified _pickle module also in the community version.
• polyglot.eval now raises more meaningful exceptions. Unavailable languages raise ValueError. Exceptions from the polyglot language are raised directly as interop objects (typed as polyglot.ForeignException). The shortcut for executing python files without specifying language has been removed, use regular eval for executing Python code.
• In Jython emulation mode we now magically fall back to calling Java getters or setters when using Python attribute access for non-visible properties. This can help migrating away from Jython if you relied on this behavior.
• The option python.EmulateJython to enable Jython emulation is now marked as stable, and can thus be relied upon in production.
• Fixed parsing of pyvenv.cfg according to PEP 405, which is required to use uv generated venvs with GraalPy.

... (truncated)

Commits

• f36b74a Release GraalVM 25.0.0.
• fac92b5 [GR-68825] Backport to 25.0: Fix truncated decompression in java zlib backend
• 387d77d Default to native compression backend on standalone
• 97a4c7c Add CompressionModulesBackend context option to be able to prefer java impls
• 8e54b4c Fix multiple zlib decoding bugs
• ec030fd Fix handling negative max_length of zlib decompressor
• 7add173 [GR-68568] Backport to 25.0: Fix autopatch_capi overruning into preprocessor ...
• 72d38d3 Fix autopatch_capi overruning into preprocessor directives
• 26bab9c [GR-68516] Backport to 25.0: Fix post-merge benchmarks
• fdd159d [GR-68273] Backport to 25.0: Fix two emulated posix shortcomings reported on ...
• Additional commits viewable in compare view

Updates org.graalvm.ruby:ruby from 24.2.2 to 25.0.0

Release notes

Sourced from org.graalvm.ruby:ruby's releases.

TruffleRuby 25.0.0

TruffleRuby is a high-performance implementation of the Ruby programming language. TruffleRuby aims to be fully compatible with the standard implementation of Ruby, MRI. More information is available in the README. TruffleRuby comes in two standalone modes, native and jvm, each built with both Oracle GraalVM and Community Edition. See the documentation for which release asset corresponds to what.

Changelog

New features:

• Run C extensions marked as rb_ext_ractor_safe() or rb_ext_thread_safe() in parallel (without the C extension lock) (#2136, @​eregon).

Bug fixes:

• Fix Range#cover? on begin-less ranges and non-integer values (@​nirvdrum, @​rwstauner).
• Fix Time.new with String argument and handle nanoseconds correctly (#3836, @​andrykonchin).
• Fix a possible case of infinite recursion when implementing frozen? in a native extension (@​nirvdrum).
• Fix parameters forwarding to a method call executed with Kernel#eval (@​andrykonchin).
• Fix segfaults in native extensions when the reference processing thread is interrupted and would longjmp() incorrectly (#3903, @​eregon).

Compatibility:

• Support Timezone argument to Time.{new,at} and Time#{getlocal,localtime} (#1717, @​patricklinpl, @​manefz, @​rwstauner).
• Updated to Ruby 3.3.7 (@​andrykonchin).
• Implement StringScanner#{peek_byte,scan_byte,scan_integer,named_captures} methods (#3788, @​andrykonchin).
• Support String patterns in StringScanner#{exist?,scan_until,skip_until,check_until,search_full} methods (@​andrykonchin).
• Implement ObjectSpace::WeakKeyMap (#3681, @​andrykonchin).
• Fix String#slice called with negative offset (@​andrykonchin).
• Fix explicitly inherited Struct subclasses and don't provide #members method (#3802, @​andrykonchin).
• Support Digest plugins (#1390, @​nirvdrum).
• Joni has been updated from 2.2.1 to 2.2.6 (@​andrykonchin).
• Fix numeric coercing when #coerce method is not public (#3848, @​andrykonchin).
• Fix Kernel#raise and don't override cause at exception re-raising (#3831, @​andrykonchin).
• Return a pointer with #type_size of 1 for Pointer#read_pointer (@​eregon).
• Fix rb_str_locktmp() and rb_str_unlocktmp() to raise FrozenError when string argument is frozen (#3752, @​andrykonchin).
• Fix Struct setters to raise FrozenError when a struct is frozen (#3850, @​andrykonchin).
• Fix Struct#initialize when mixed positional and keyword arguments (#3855, @​andrykonchin).
• Fix Integer.sqrt for large values (#3872, @​tompng).
• Fix Data#inspect when data contains a recursive attribute (#3847, @​andrykonchin).
• Fix StringIO#{gets,readline} when it is called with both separator and limit to truncate the separator if the limit is exceeded (#3856, @​andrykonchin).
• Implement rb_error_frozen_object for the google-protobuf gem (@​nirvdrum).
• Adjust a FrozenError's message and add a receiver when a frozen module or class is modified (e.g. by defining or undefining an instance metho...

  Description has been truncated

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud