fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
aws-cdk (source)	2.1018.0 -> 2.1022.0			devDependencies	minor
azul/zulu-openjdk-alpine	21.0.7-jre-headless -> 21.0.8-jre-headless			final	patch
azul/zulu-openjdk-alpine	21.0.7 -> 21.0.8			stage	patch
gradle (source)	8.14.2 -> 8.14.3				patch
localstack/localstack	4.5.0 -> 4.6.0				minor
quay.io/keycloak/keycloak	26.2.5 -> 26.3.2				minor
org.openrewrite:plugin	7.7.0 -> 7.12.1			dependencies	minor
com.diffplug.spotless:spotless-plugin-gradle	7.0.4 -> 7.2.1			dependencies	minor
com.gorylenko.gradle-git-properties:gradle-git-properties	2.5.0 -> 2.5.2			dependencies	patch
org.springframework.boot:spring-boot-gradle-plugin (source)	3.5.0 -> 3.5.4			dependencies	patch
org.openrewrite.recipe:rewrite-recipe-bom	3.9.0 -> 3.12.1			dependencies	minor
com.palantir.javaformat:palantir-java-format	2.67.0 -> 2.72.0			dependencies	minor
software.amazon.awscdk:aws-cdk-lib	2.200.1 -> 2.207.0			dependencies	minor
io.awspring.cloud:spring-cloud-aws-dependencies (source)	3.3.1 -> 3.4.0			dependencies	minor
org.webjars:bootstrap (source)	5.3.6 -> 5.3.7			dependencies	patch
com.github.dasniko:testcontainers-keycloak	3.7.0 -> 3.8.0			dependencies	minor
org.testcontainers:testcontainers-bom (source)	1.21.1 -> 1.21.3			dependencies	patch

---

Release Notes

aws/aws-cdk-cli (aws-cdk)

v2.1022.0

Compare Source

2.1022.0 (2025-07-24)

Features

• cli: --no-version-reporting equals --no-telemetry for cli telemetry and library metadata exclusion (#​718) (d40bf52)
• cli: cli-telemetry status command (#​697) (666f1b9), closes #​631
• cli: send telemetry events to local file (#​631) (a6755f0)
• cli: telemetry event deploy (#​698) (d441f68), closes #​631

Bug Fixes

• cli: running --telemetry-file without the --unstable option creates a telemetry file (#​731) (cde4468)

v2.1021.0

Compare Source

2.1021.0 (2025-07-16)

Features

• "cdk flags" command reports active and missing feature flags (unstable) (#​699) (d62b991)
• diff shows moved resources (#​708) (6beac2b)
• modification is forbidden during a refactor (#​667) (66594fd)
• overrides to resolve mapping ambiguities (#​679) (fdec382)
• toolkit-lib: list action contains metadata (#​719) (d71960e), closes #​501

Bug Fixes

• integ-testing: add test that forces cdk-assets to use the Docker credentials helper (#​663) (1f7527b)
• upgrade to jsii & typescript 5.8 (#​693) (90579c3)

v2.1020.2

Compare Source

2.1020.2 (2025-07-03)

v2.1020.1

Compare Source

2.1020.1 (2025-07-02)

v2.1020.0

Compare Source

2.1020.0 (2025-07-01)

Features

• cli: telemetry opt-out command (#​579) (3b4d18e), closes #​575

v2.1019.2

Compare Source

2.1019.2 (2025-06-25)

Bug Fixes

• cdk-assets: fails installation when new dependencies are released (#​603) (6625d97)
• cli: logs entire environment (#​623) (639455e)

v2.1019.1

Compare Source

2.1019.1 (2025-06-19)

Bug Fixes

• revert "retain type of context values and not convert them to string" (#​630) (76ac13c)

v2.1019.0

Compare Source

2.1019.0 (2025-06-18)

Features

• cli: aws-cdk bundle is now targeting node18 (#​610) (bdf1f66)

Bug Fixes

• cli: retain type of context values and not convert them to string (#​595) (6250b39), closes #​30583

v2.1018.1

Compare Source

2.1018.1 (2025-06-11)

Bug Fixes

• pin minimatch to 10.0.1 (#​599) (cb71364), closes #​597

gradle/gradle (gradle)

v8.14.3: 8.14.3

Compare Source

The Gradle team is excited to announce Gradle 8.14.3.

This is a patch release for 8.14. We recommend using 8.14.3 instead of 8.14.

Here are the highlights of this release:

• Java 24 support
• GraalVM Native Image toolchain selection
• Enhancements to test reporting
• Build Authoring improvements

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aurimas,
Ben Bader,
Björn Kautler,
chandre92,
Daniel Hammer,
Danish Nawab,
Florian Dreier,
Ivy Chen,
Jendrik Johannes,
jimmy1995-gu,
Madalin Valceleanu,
Na Minhyeok.

Upgrade instructions

Switch your build to use Gradle 8.14.3 by updating your wrapper:

./gradlew wrapper --gradle-version=8.14.3 && ./gradlew wrapper

See the Gradle 8.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

spring-projects/spring-boot (org.springframework.boot:spring-boot-gradle-plugin)

v3.5.4

v3.5.3

v3.5.2

v3.5.1

openrewrite/rewrite-recipe-bom (org.openrewrite.recipe:rewrite-recipe-bom)

v3.12.1: 3.12.1

What's Changed

• OpenRewrite v8.59.1
• rewrite-gradle-plugin v7.12.1
• rewrite-maven-plugin v6.15.0

Full Changelog: v6.15.0

v3.12.0: 3.12.0

What's Changed

• OpenRewrite v8.59.0
• rewrite-gradle-plugin v7.12.0
• rewrite-maven-plugin v6.14.0

Full Changelog: v6.14.0

v3.11.1

What's Changed

• rewrite-jackson v1.0.0 in https://github.com/openrewrite/rewrite-jackson/releases/tag/v1.0.0

Full Changelog: openrewrite/rewrite-recipe-bom@v3.11.0...v3.11.1

v3.11.0: 3.11.0

What's Changed

• OpenRewrite v8.57.0
• rewrite-gradle-plugin v7.10.0
• rewrite-maven-plugin v6.13.0

Full Changelog: v6.13.0

v3.10.1: 3.10.1

What's changed

• OpenRewrite v8.56.1

Full Changelog: openrewrite/rewrite-recipe-bom@v3.10.0...v3.10.1

v3.10.0: 3.10.0

What's Changed

• OpenRewrite v8.56.0
• rewrite-gradle-plugin v7.9.0
• rewrite-maven-plugin v6.12.0

Full Changelog: v6.12.0

palantir/palantir-java-format (com.palantir.javaformat:palantir-java-format)

v2.72.0

Compare Source

🐛 Fixes

• Intellij uses the native image from .gradle/palantir-java-formatter-caches (#​1306)

v2.71.0

Compare Source

🐛 Fixes

• Fix the following error when running under JDK 25 EA:

  'java.util.Queue com.sun.tools.javac.util.Log$DeferredDiagnosticHandler.getDiagnostics()'
  java.lang.NoSuchMethodError: 'java.util.Queue com.sun.tools.javac.util.Log$DeferredDiagnosticHandler.getDiagnostics()'
  ``` ([#​1367](https://redirect.github.com/palantir/palantir-java-format/pull/1367))
  

v2.70.0

Compare Source

🐛 Fixes

• Update to use the new configuration cache safe GradleOperatingSystem (#​1338)

v2.69.0

Compare Source

💡 Improvements

• Make palantir-java-format support spotless 6.22.0, which is transitively brought in from baseline to support the configuration cache (#​1313)

v2.68.0

Compare Source

🐛 Fixes

• bump gradle-idea-configuration and move off deprecated methods (#​1298)
• Support for var in record patterns (#​1312)

aws/aws-cdk (software.amazon.awscdk:aws-cdk-lib)

v2.207.0

Compare Source

Features

• core: allow validation report multi-write based on context keys (#​34927) (9571599)
• update L1 CloudFormation resource definitions (#​35020) (3f695b3)
• bedrockprompt: add prompt management to bedrock agents (#​34754) (c0d27ee)
• cloudwatch: add search expression to graph widget in cloudwatch dashboard (#​34933) (e3f505e), closes #​7237
• core: addInfoV2 method for suppressible info Annotations (#​34872) (fb1792c), closes #​34871
• logs: support ADC regions for infrequent access log class (#​34999) (1c57d69)
• rds: support Database Insights for RDS instances (#​34854) (304e2db), closes #​34743 #​32851
• cloudwatch logs transformer support (#​34996) (ba61463), closes #​34861

Bug Fixes

• autoscaling: add an option to run validation when migrating to launch template (#​34832) (c8d62f3), closes #​34283
• core: fix asset bundling for nested stack with exclusive flag (#​30983) (992b0a5), closes #​30967 #​30967
• kinesisfirehose: can't call grantPrincipal multiple times (#​34682) (ea226b5)
• s3-deployment: broken cross stack reference when using Source.data (#​34916) (0591c44), closes #​22843 #​22843

---

Alpha modules (2.207.0-alpha.0)

v2.206.0

Compare Source

Features

• custom-resource: Added async custom resource provider framework logging off by default (1302e3d)
• ecs: add L1 native blue/green deployment support for ECS services (3ef87e4)

---

Alpha modules (2.206.0-alpha.0)

v2.205.0

Compare Source

Features

• kinesisfirehose: support custom time zone settings for S3 destination (#​34738) (2bbe762), closes #​34737
• update L1 CloudFormation resource definitions (#​34979) (2e0e536)
• codebuild: cache sharing of CodeBuild projects (#​34257) (21e2d1e), closes /docs.aws.amazon.com/codebuild/latest/userguide/caching-s3.html#caching-s3
• update L1 CloudFormation resource definitions (#​34915) (748d03c)
• cloudwatch-dashboards: add support for queryLanguage property (#​34547) (8a77828), closes #​34482 /github.com/aws/aws-cdk/issues/34482#issuecomment-2887841701
• ec2: add c8gn instance class (#​34866) (aaf442b)
• events: add arnForPolicy attribute for api destination (#​34315) (e0ac9f8)
• rds: add fromLookup method for Amazon Aurora Database Cluster (#​34849) (23ca6fc), closes #​34848 #​33258
• synthetics: add maxRetries prop to configure automatic retries on canary runs (#​34541) (54d8a84), closes #​34511
• synthetics: add support for tag replication for aws synthetics (#​34830) (5ff59d9)
• core: report feature flag info into Cloud Assembly (#​34919) (72733ea)

Bug Fixes

• codecov: update codecov-upload.yml with a git checkout step (#​34929) (0a0adf7)
• lambda: handle token resolution issues in addToRolePolicy (#​34904) (6cd1802), closes #​34894
• pipelines: ensure assets with same hash but different destinations are published separately (#​34790) (05afab3), closes #​31070 #​31070
• region-info: integ use standalone package (#​34782) (6d1bcb3), closes #​34692 /github.com/aws/aws-cdk/blob/1ae14635cbbc8ba0f2dab8cbeb72c4af0fddce7a/packages/aws-cdk-lib/package.json#L507-L511
• tags: excludeResourceTypes does not work for tags applied at stack level (under feature flag) (#​31443) (4c7d9f4), closes #​28017 #​33945 #​30055

⚠ CHANGES TO L1 RESOURCES

L1 resources are automatically generated from public CloudFormation Resource Schemas. They are build to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-cdk-lib.aws_ec2.CfnTrafficMirrorFilterRule: Id attribute was removed
• aws-cdk-lib.aws_kinesis.StreamConsumer: Id attribute was removed
• aws-cdk-lib.aws_neptune.DBInstance: Id attribute was removed

---

Alpha modules (2.205.0-alpha.0)

v2.204.0

Features

• apigatewayv2: add stage variables support for HTTP and WebSocket API (#​34548) (965e055)
• cloudwatch: add id and visible properties for CloudWatch Metric (#​34870) (879afd6), closes #​19876
• report feature flags into Cloud Assembly (#​34884) (f70e46c), closes #​34798
• region-info: add support for region eusc-de (#​34860)

Bug Fixes

• ecr-assets: incorrect handling of nested excludes in .dockerignore (#​34810) (8328c79), closes #​13636 #​13636
• "Invalid Assembly Manifest" when used with CLI 2.1017.0 and 2.1018.0 (#​34880) (741b0a7), closes aws/aws-cdk#34798

---

Alpha modules (2.204.0-alpha.0)

Features

• lambda-python-alpha: support uv (#​33880) (ac6f136), closes #​31238 #​32413

v2.203.1

Bug Fixes

• "Invalid Assembly Manifest" when used with CLI 2.1017.0 and 2.1018.0 (#​34880) (32ee050), closes aws/aws-cdk#34798

---

Alpha modules (2.203.1-alpha.0)

v2.203.0

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cloudformation: Some L1 resources experienced breaking changes due to updated CloudFormation resources. Please check the notes for each specific module for more information.

• aws-cdk-lib.aws_kendra.CfnDataSource.TemplateConfigurationProperty: template property here has changed from string to json

Features

• rds: instance engine lifecycle support (#​34719) (bab7413), closes #​34492
• report feature flag configuration into Cloud Assembly (#​34798) (76af7dc)
• backup: add support for ScheduleExpressionTimezone (#​34603) (8ceea43), closes #​34532
• cloudformation: update L1 CloudFormation resource definitions (#​34839) (4c75889)
• cloudwatch: add account id field for log query and metric widgets to support cross account visibility (#​34793) (ac4d09d), closes #​26105
• lambda: function log removal policy (#​34723) (0388483), closes #​34669
• pipelines: cdk-assets version is configurable (#​34802) (a361c9c)
• update L1 CloudFormation resource definitions (#​34792) (074cb8c)

Bug Fixes

• codecov: update codecov-upload.yml (#​34845) (8055016), closes /github.com/aws/aws-cdk/blob/main/codecov.yml#L35
• codecov: update codecov-upload.yml action to upload report with correct path (#​34814) (705e76b)
• stepfunctions-tasks: properly serialize CallAwsServiceCrossRegion Lambda responses (#​34843) (a4b15df), closes #​34768

Reverts

• "ci: add tool to sync with project board" (#​34817) (1965014), closes aws/aws-cdk#34776

---

Alpha modules (2.203.0-alpha.0)

Features

• ec2: support for client route enforcement for client VPN endpoint (#​34405) (063f4e7)

Bug Fixes

• ec2: don't use inferenceAccellerators in the constructors if not needed (#​34618) (054c6c5), closes #​33505 /github.com/aws/aws-cdk/issues/33505#issuecomment-2770818825 #​34610

v2.202.0

Features

• lambda: support for schema registry for kafka (#​34746) (c6ea664)
• update L1 CloudFormation resource definitions (#​34730) (47a3ee3)
• cdk-pipeline: add url and sns topic for manual approval in cdk pipeline (re-create PR since original is auto-closed) (#​34654) (39f1636), closes #​32809 #​12273 #​34227
• eks: support eks with k8s 1.33 (#​34602) (fc46733), closes #​34520 /github.com/aws/aws-cdk/pull/33339#issuecomment-2643498256
• kms: implement .grant methods for Alias.fromAliasName (under feature flag) (#​34237) (8e19dd6), closes #​22697
• opensearch: add logic to only log specific field when less verbosity is needed for opensearch access policy custom resource (#​34701) (856e3b1), closes #​29093
• exclude lambda.Version and apigateway.Deployment from refactoring (#​34710) (dd14a17)

Bug Fixes

• core: splitting tree.json produces a lot of files (#​34718) (650134f), closes #​34478 #​34627
• pipelines: use display name for Asset actions when publishAssetsInParallel is false (#​34049) (754ad50), closes #​34042 #​33844
• route53: warn when ttl is provided with alias target in RecordSet (#​34526) (993d2fd)
• test-app: fix spelling error (#​34762) (1885062)

---

Alpha modules (2.202.0-alpha.0)

Features

• amplify: add compute role support for Amplify branches (#​34708) (817a21a)
• amplify-alpha: support custom response headers in monorepo structures (#​31771) (aea1372), closes #​31758

v2.201.0

Features

• opensearch: update default TLS security policy to TLS 1.2 for OpenSearch domains (#​34660) (3cc2dc2), closes #​34658
• update L1 CloudFormation resource definitions (#​34659) (ef02724)
• update L1 CloudFormation resource definitions (#​34687) (025c82e)
• appconfig: support customer managed key for hosted configuration (#​34256) (484719e)
• codepipeline-actions: native Amazon EC2 deployment support (#​33604) (9d39db7), closes #​33584 /docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-EC2Deploy.html#action-reference-EC2
• core: support adding additional cache key to cdk context values (#​31586) (8848134), closes #​26982
• core: throw typed Errors (#​34587) (4e63b1a), closes #​32569
• eks: added support for bootstrapSelfManagedAddons (#​33597) (cedc1b0), closes #​30792
• rds: DatabaseInstanceFromSnapshot support clusterSnapshotIdentifier (#​33982) (48d30b6), closes #​33889
• rds: support auto-pause configuration for Aurora Serverless v2 (#​34173) (2c55c28), closes #​32280 #​32563
• stepfunctions: add support for Jsonata expressions to Map.ItemSelector (#​34625) (dc30faa), closes #​34538 /github.com/aws/aws-cdk/blob/ed08f3f0b8ecd79a2fa5e804acc73a9ff23eab80/packages/aws-cdk-lib/aws-stepfunctions/lib/states/map-base.ts#L60-L77
• synthetics: playwright 2.0 runtime (#​34609) (1418204)
• synthetics: safe canary update (#​34608) (89c5350)

Bug Fixes

• export errors to make it available in region-info/lib/fact.ts (#​34691) (5c8f50c), closes #​34690 #​34690 #​33384
• apigateway: correct JsonSchema.additionalItems property type (#​33879) (464d521), closes #​33878 #​33878
• cloudfront: use wildcard when grant some cloudfront permission (#​33802) (452a5e1), closes #​33249
• lambda: disable aws-lambda:useCdkManagedLogGroup feature flag when not set (#​34613) (d696688), closes #​34612 #​34612
• logs: exposed metric from the metric filter will now include the dimension map (#​34648) (892b013), closes #​34643
• opensearch: opensearchservice: existing integ test is failing (#​34680) (be21625), closes 1#L59
• typo in jsdoc of noncurrentVersionTransitions property (#​34620) (ed08f3f)

---

Alpha modules (2.201.0-alpha.0)

Features

• amplify: add skew protection feature for Amplify branches (#​34656) (8808998)
• bedrock: adding bedrock l2 construct features (#​34065) (a028927)
• ec2: add interface VPC endpoint for DSQL (#​34487) (3e53c2c)
• ec2: support Firehose IDeliveryStream as flow log destination (#​34596) (cdfe6e7), closes #​33883 #​33757
• ec2: volume initialization rate for EBS volume (#​34570) (527d483)

Reverts

• ec2: support Firehose IDeliveryStream as flow log destination (#​34665) (b77bd0e), closes aws/aws-cdk#34596

v2.200.2

Bug Fixes

• export errors to make it available in region-info/lib/fact.ts (#​34691) (4a75032), closes #​34690 #​34690 #​33384

---

Alpha modules (2.200.2-alpha.0)

awspring/spring-cloud-aws (io.awspring.cloud:spring-cloud-aws-dependencies)

v3.4.0: 3.4.0

Reference documentation

📗 https://docs.awspring.io/spring-cloud-aws/docs/3.4.0/reference/html/index.html

What's Changed

SQS

• Observability Support for SQS by @​tomazfernandes in https://github.com/awspring/spring-cloud-aws/pull/1369
• Add auto-configuration for maxDelayBetweenPolls by @​krutip7 in https://github.com/awspring/spring-cloud-aws/pull/1365
• ImmediateRetryAsyncErrorHandler changes msg visibility timeout to zero. (#​1314) by @​rafaelcgpava in https://github.com/awspring/spring-cloud-aws/pull/1370
• Rename bean producer method to a unique name in SqsManualAckSample by @​joseiedo in https://github.com/awspring/spring-cloud-aws/pull/1384
• Properly handle Errors in listeners by @​isaacvando in https://github.com/awspring/spring-cloud-aws/pull/1383
• Add ExponentialBackoffErrorHandler to manage message visibility timout by @​brun0-4ugusto in https://github.com/awspring/spring-cloud-aws/pull/1381

DynamoDB

• Ability to override separator in DefaultDynamoDbTableNameResolver by @​beccagaspard in https://github.com/awspring/spring-cloud-aws/pull/1380

Dependency Upgrades

• Upgrade AWS SDK to 2.31.54 and Localstack to 4.4.0 by @​MatejNedic in https://github.com/awspring/spring-cloud-aws/pull/1402
• Upgrade to Spring Cloud 2025.0.0 and Spring Boot 3.5.0 by @​MatejNedic in https://github.com/awspring/spring-cloud-aws/pull/1401
• Do not manage WireMock version. by [@​maciejwalkowiak](https:/

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Bratislava, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud