From 91bed18df2084212355965c5088acafb21257ebc Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Fri, 1 Aug 2025 06:57:09 +0800 Subject: [PATCH 01/10] Optimize Dockerfiles (#4069) # Description of Changes Summary from GitHub Copilot: > Optimize Dockerfiles > > This pull request includes updates to multiple Dockerfiles to improve efficiency, simplify permissions management, and enhance consistency across development environments. The most important changes involve optimizing `pip` installations, consolidating `chmod` commands, and removing redundant script permissions. > > ### Efficiency Improvements: > * Updated `pip install` commands in `Dockerfile`, `Dockerfile.dev`, and `Dockerfile.fat` to use the `--no-cache-dir` flag, reducing disk usage during package installations. [[1]](diffhunk://#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L81-R81) [[2]](diffhunk://#diff-86930c95a19b82f7e64a962a0053d44e855824813019b3698eae4917a90cdcacL39-R39) [[3]](diffhunk://#diff-571631582b988e88c52c86960cc083b0b8fa63cf88f056f26e9e684195221c27L94-R94) > > ### Permissions Management: > * Consolidated `chmod` commands for scripts in `Dockerfile.dev` to simplify permissions setup. Combined `git-init.sh` and `init-setup.sh` into a single command. > * Removed redundant `chmod +x` for `init.sh` in `Dockerfile` and `Dockerfile.fat`, as permissions for `/scripts/*` already cover this file. [[1]](diffhunk://#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557L92) [[2]](diffhunk://#diff-571631582b988e88c52c86960cc083b0b8fa63cf88f056f26e9e684195221c27L105) --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --- Dockerfile | 3 +-- Dockerfile.dev | 5 ++--- Dockerfile.fat | 3 +-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4ea6316ae..375ab94c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -78,7 +78,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a # URW Base 35 fonts for better PDF rendering font-urw-base35 && \ python3 -m venv /opt/venv && \ - /opt/venv/bin/pip install --upgrade pip setuptools && \ + /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \ /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \ ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \ ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \ @@ -89,7 +89,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \ fc-cache -f -v && \ chmod +x /scripts/* && \ - chmod +x /scripts/init.sh && \ # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \ diff --git a/Dockerfile.dev b/Dockerfile.dev index 78460115f..48084878d 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -36,7 +36,7 @@ ENV SETUPTOOLS_USE_DISTUTILS=local \ # Installation der benötigten Python-Pakete RUN python3 -m venv --system-site-packages /opt/venv \ && . /opt/venv/bin/activate \ - && pip install --upgrade pip setuptools \ + && pip install --no-cache-dir --upgrade pip setuptools \ && pip install --no-cache-dir WeasyPrint pdf2image pillow unoserver opencv-python-headless pre-commit # Füge den venv-Pfad zur globalen PATH-Variable hinzu, damit die Tools verfügbar sind @@ -54,8 +54,7 @@ RUN echo "devuser ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/devuser \ # Setze das Arbeitsverzeichnis (wird später per Bind-Mount überschrieben) WORKDIR /workspace -RUN chmod +x /workspace/.devcontainer/git-init.sh -RUN sudo chmod +x /workspace/.devcontainer/init-setup.sh +RUN chmod +x /workspace/.devcontainer/git-init.sh /workspace/.devcontainer/init-setup.sh # Wechsel zum Nicht‑Root Benutzer USER devuser diff --git a/Dockerfile.fat b/Dockerfile.fat index fd5964baf..fda3d89c4 100644 --- a/Dockerfile.fat +++ b/Dockerfile.fat @@ -91,7 +91,7 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a py3-pillow@testing \ py3-pdf2image@testing && \ python3 -m venv /opt/venv && \ - /opt/venv/bin/pip install --upgrade pip setuptools && \ + /opt/venv/bin/pip install --no-cache-dir --upgrade pip setuptools && \ /opt/venv/bin/pip install --no-cache-dir --upgrade unoserver weasyprint && \ ln -s /usr/lib/libreoffice/program/uno.py /opt/venv/lib/python3.12/site-packages/ && \ ln -s /usr/lib/libreoffice/program/unohelper.py /opt/venv/lib/python3.12/site-packages/ && \ @@ -102,7 +102,6 @@ RUN echo "@main https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/a ln -s /usr/share/fontconfig/conf.avail/69-urw-*.conf /etc/fonts/conf.d/ && \ fc-cache -f -v && \ chmod +x /scripts/* && \ - chmod +x /scripts/init.sh && \ # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline /tmp/stirling-pdf && \ From 6879d5fb7331f084411a43db346b9fe0985cb7d6 Mon Sep 17 00:00:00 2001 From: Lukas <38840142+lukasstorck@users.noreply.github.com> Date: Fri, 1 Aug 2025 00:58:31 +0200 Subject: [PATCH 02/10] fix: adjust margin of bookmark editor (#4068) # Description of Changes - remove overlapping margins of bookmark editor to the checkbox above - add bottom margin for the bookmark editor element to the "Info"-button below - I guess this simply was a typo `margin-top` vs. `margin-bottom` as the margin to the element above is overlapping --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [x] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) *before / after*:

before edit with margin highlighted after edit with margin highlighted

before / after with margin highlighted:

before edit with margin highlighted after edit with margin highlighted

### Testing (if applicable) - [x] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --- .../src/main/resources/static/css/edit-table-of-contents.css | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/core/src/main/resources/static/css/edit-table-of-contents.css b/app/core/src/main/resources/static/css/edit-table-of-contents.css index 11a4bf777..d85813a73 100644 --- a/app/core/src/main/resources/static/css/edit-table-of-contents.css +++ b/app/core/src/main/resources/static/css/edit-table-of-contents.css @@ -1,6 +1,6 @@ /* Main bookmark container styles */ .bookmark-editor { - margin-top: 20px; + margin-bottom: 20px; padding: 20px; border: 1px solid var(--border-color, #ced4da); border-radius: 0.25rem; @@ -273,4 +273,4 @@ --text-muted: var(--md-sys-color-on-surface-variant, #adb5bd); --bg-empty: var(--md-sys-color-surface-container-low, #24282e); --border-empty: var(--md-sys-color-outline, #495057); -} \ No newline at end of file +} From 422af007dc18b23512782f85c6615ddc4736aca5 Mon Sep 17 00:00:00 2001 From: Ludy Date: Fri, 1 Aug 2025 00:58:56 +0200 Subject: [PATCH 03/10] fix(pipeline): allow slashes in pipeline operation values (#4066) # Description of Changes - Extended the validation regex for `operation` in the pipeline processor to allow slashes (`/`), in addition to alphanumeric characters, underscores, and hyphens. - This resolves the issue where valid operation strings (e.g., with subpaths like `/api/v1/general/remove-pages`) were incorrectly rejected. - Added an explicit log message for better debugging in case of invalid `operation` values. --- ## Checklist ### General - [x] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [x] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md) (if applicable) - [x] I have performed a self-review of my own code - [x] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/devGuide/DeveloperGuide.md#6-testing) for more details. --- .../api/pipeline/PipelineProcessor.java | 10 ++++++--- .../api/pipeline/PipelineProcessorTest.java | 21 +++++++++++-------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java index 44f2b892a..070d681e4 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java @@ -108,9 +108,13 @@ public class PipelineProcessor { if (inputFileTypes == null) { inputFileTypes = new ArrayList(Arrays.asList("ALL")); } - if (!operation.matches("^[a-zA-Z0-9_-]+$")) { - throw new IllegalArgumentException("Invalid operation value received."); + + if (!apiDocService.isValidOperation(operation, parameters)) { + log.error("Invalid operation or parameters: o:{} p:{}", operation, parameters); + throw new IllegalArgumentException( + "Invalid operation: " + operation + " with parameters: " + parameters); } + String url = getBaseUrl() + operation; List newOutputFiles = new ArrayList<>(); if (!isMultiInputOperation) { @@ -136,7 +140,7 @@ public class PipelineProcessor { // skip // this // file - if (operation.startsWith("filter-") + if (operation.startsWith("/api/v1/filter/filter-") && (response.getBody() == null || response.getBody().length == 0)) { filtersApplied = true; diff --git a/app/core/src/test/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessorTest.java b/app/core/src/test/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessorTest.java index 60e3f975d..0a40fcd5b 100644 --- a/app/core/src/test/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessorTest.java +++ b/app/core/src/test/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessorTest.java @@ -45,23 +45,26 @@ class PipelineProcessorTest { @Test void runPipelineWithFilterSetsFlag() throws Exception { PipelineOperation op = new PipelineOperation(); - op.setOperation("filter-page-count"); + op.setOperation("/api/v1/filter/filter-page-count"); op.setParameters(Map.of()); PipelineConfig config = new PipelineConfig(); config.setOperations(List.of(op)); - Resource file = new ByteArrayResource("data".getBytes()) { - @Override - public String getFilename() { - return "test.pdf"; - } - }; + Resource file = + new ByteArrayResource("data".getBytes()) { + @Override + public String getFilename() { + return "test.pdf"; + } + }; List files = List.of(file); - when(apiDocService.isMultiInput("filter-page-count")).thenReturn(false); - when(apiDocService.getExtensionTypes(false, "filter-page-count")) + when(apiDocService.isMultiInput("/api/v1/filter/filter-page-count")).thenReturn(false); + when(apiDocService.getExtensionTypes(false, "/api/v1/filter/filter-page-count")) .thenReturn(List.of("pdf")); + when(apiDocService.isValidOperation(eq("/api/v1/filter/filter-page-count"), anyMap())) + .thenReturn(true); doReturn(new ResponseEntity<>(new byte[0], HttpStatus.OK)) .when(pipelineProcessor) From dc76840568b224c3c1334b7c9b9d38ff0a1b9ea5 Mon Sep 17 00:00:00 2001 From: "stirlingbot[bot]" <195170888+stirlingbot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:24:21 +0100 Subject: [PATCH 04/10] :globe_with_meridians: Sync Translations + Update README Progress Table (#4041) ### Description of Changes This Pull Request was automatically generated to synchronize updates to translation files and documentation. Below are the details of the changes made: #### **1. Synchronization of Translation Files** - Updated translation files (`messages_*.properties`) to reflect changes in the reference file `messages_en_GB.properties`. - Ensured consistency and synchronization across all supported language files. - Highlighted any missing or incomplete translations. #### **2. Update README.md** - Generated the translation progress table in `README.md`. - Added a summary of the current translation status for all supported languages. - Included up-to-date statistics on translation coverage. #### **Why these changes are necessary** - Keeps translation files aligned with the latest reference updates. - Ensures the documentation reflects the current translation progress. --- Auto-generated by [create-pull-request][1]. [1]: https://github.com/peter-evans/create-pull-request Co-authored-by: stirlingbot[bot] <195170888+stirlingbot[bot]@users.noreply.github.com> --- README.md | 2 +- scripts/ignore_translation.toml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 836762158..b0a563fa5 100644 --- a/README.md +++ b/README.md @@ -152,7 +152,7 @@ Stirling-PDF currently supports 40 languages! | Swedish (Svenska) (sv_SE) | ![67%](https://geps.dev/progress/67) | | Thai (ไทย) (th_TH) | ![60%](https://geps.dev/progress/60) | | Tibetan (བོད་ཡིག་) (bo_CN) | ![66%](https://geps.dev/progress/66) | -| Traditional Chinese (繁體中文) (zh_TW) | ![77%](https://geps.dev/progress/77) | +| Traditional Chinese (繁體中文) (zh_TW) | ![99%](https://geps.dev/progress/99) | | Turkish (Türkçe) (tr_TR) | ![82%](https://geps.dev/progress/82) | | Ukrainian (Українська) (uk_UA) | ![72%](https://geps.dev/progress/72) | | Vietnamese (Tiếng Việt) (vi_VN) | ![58%](https://geps.dev/progress/58) | diff --git a/scripts/ignore_translation.toml b/scripts/ignore_translation.toml index fde2da33f..9a379eb84 100644 --- a/scripts/ignore_translation.toml +++ b/scripts/ignore_translation.toml @@ -1026,8 +1026,5 @@ ignore = [ [zh_TW] ignore = [ - 'lang.dzo', - 'lang.iku', - 'lang.que', 'language.direction', ] From 31ade3e496bae0d4784543db8eeba6264e2f3523 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:24:40 +0100 Subject: [PATCH 05/10] build(deps): bump actions/ai-inference from 1.1.0 to 1.2.3 (#4006) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/ai-inference](https://github.com/actions/ai-inference) from 1.1.0 to 1.2.3.
Release notes

Sourced from actions/ai-inference's releases.

v1.2.3

What's Changed

Full Changelog: https://github.com/actions/ai-inference/compare/v1.2.2...v1.2.3

v1.2.2

What's Changed

Full Changelog: https://github.com/actions/ai-inference/compare/v1.2.1...v1.2.2

v1.2.1

What's Changed

Full Changelog: https://github.com/actions/ai-inference/compare/v1.2.0...v1.2.1

v1.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/ai-inference/compare/v1.1.0...v1.2.0

Commits
  • 9693b13 Merge pull request #61 from actions/sgoedecke/prompt-file
  • d0b2f23 Merge branch 'main' into sgoedecke/prompt-file
  • 0df9647 Merge pull request #60 from actions/sgoedecke/update-readme
  • 446f075 Merge branch 'main' into sgoedecke/update-readme
  • ce58b26 Merge pull request #59 from actions/sgoedecke-patch-1
  • 1cf96b0 Merge branch 'main' into sgoedecke/update-readme
  • f79e4e1 regenerate dist
  • 72102e5 Update src/prompt.ts
  • 2bc30a5 regenerate dist
  • 8f64ac1 Fixup types and tests
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/ai-inference&package-manager=github_actions&previous-version=1.1.0&new-version=1.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ai_pr_title_review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ai_pr_title_review.yml b/.github/workflows/ai_pr_title_review.yml index 7c47b8d58..b7d944c34 100644 --- a/.github/workflows/ai_pr_title_review.yml +++ b/.github/workflows/ai_pr_title_review.yml @@ -87,7 +87,7 @@ jobs: - name: AI PR Title Analysis if: steps.actor.outputs.is_repo_dev == 'true' id: ai-title-analysis - uses: actions/ai-inference@d645f067d89ee1d5d736a5990e327e504d1c5a4a # v1.1.0 + uses: actions/ai-inference@9693b137b6566bb66055a713613bf4f0493701eb # v1.2.3 with: model: openai/gpt-4o system-prompt-file: ".github/config/system-prompt.txt" From 1eb96f08df8defb2c630402bcc544bb810f181e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:25:23 +0100 Subject: [PATCH 06/10] build(deps): bump github/codeql-action from 3.29.3 to 3.29.5 (#4061) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.3 to 3.29.5.
Release notes

Sourced from github/codeql-action's releases.

v3.29.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

See the full CHANGELOG.md for more information.

v3.29.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #2986

3.29.4 - 23 Jul 2025

No user facing changes.

3.29.3 - 21 Jul 2025

No user facing changes.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #2935

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #2938
  • Update default CodeQL bundle version to 2.22.1. #2950

3.29.0 - 11 Jun 2025

  • Update default CodeQL bundle version to 2.22.0. #2925
  • Bump minimum CodeQL bundle version to 2.16.6. #2912

3.28.21 - 28 July 2025

No user facing changes.

3.28.20 - 21 July 2025

3.28.19 - 03 Jun 2025

  • The CodeQL Action no longer includes its own copy of the extractor for the actions language, which is currently in public preview. The actions extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the actions language and you have pinned your tools: property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable actions analysis.
  • Update default CodeQL bundle version to 2.21.4. #2910

... (truncated)

Commits
  • 51f7732 Merge pull request #2997 from github/update-v3.29.5-80a09d7b0
  • 8e90243 Update changelog for v3.29.5
  • 80a09d7 Merge pull request #2996 from github/dependabot/npm_and_yarn/npm-240ab9fad0
  • 8388115 Merge pull request #2994 from github/mergeback/changelog/v3.28.21
  • 401ecaf Merge branch 'main' into mergeback/changelog/v3.28.21
  • ab5c0c5 Merge branch 'main' into dependabot/npm_and_yarn/npm-240ab9fad0
  • cd264d4 Merge pull request #2986 from github/update-bundle/codeql-bundle-v2.22.2
  • 4599055 Merge branch 'main' into update-bundle/codeql-bundle-v2.22.2
  • fd7ad51 Merge pull request #2971 from github/update-supported-enterprise-server-versions
  • ac0c9bf Merge branch 'main' into update-supported-enterprise-server-versions
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.3&new-version=3.29.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 120a223ad..47fae4f83 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -74,6 +74,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3 + uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5 with: sarif_file: results.sarif From 1399a306a6c30fb013e33f4469512d0a7d7918ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:25:36 +0100 Subject: [PATCH 07/10] build(deps): bump edu.sc.seis.launch4j from 3.0.6 to 3.0.7 (#4062) Bumps edu.sc.seis.launch4j from 3.0.6 to 3.0.7. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=edu.sc.seis.launch4j&package-manager=gradle&previous-version=3.0.6&new-version=3.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 897e0ef38..4b2b2c31b 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ plugins { id "org.springframework.boot" version "3.5.3" id "org.springdoc.openapi-gradle-plugin" version "1.9.0" id "io.swagger.swaggerhub" version "1.3.2" - id "edu.sc.seis.launch4j" version "3.0.6" + id "edu.sc.seis.launch4j" version "3.0.7" id "com.diffplug.spotless" version "7.2.1" id "com.github.jk1.dependency-license-report" version "2.9" //id "nebula.lint" version "19.0.3" From 213949d499417dff79e07dd0186f79de894ea21c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:25:48 +0100 Subject: [PATCH 08/10] build(deps): bump com.opencsv:opencsv from 5.11.2 to 5.12.0 (#4060) Bumps com.opencsv:opencsv from 5.11.2 to 5.12.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.opencsv:opencsv&package-manager=gradle&previous-version=5.11.2&new-version=5.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- app/core/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/core/build.gradle b/app/core/build.gradle index ca7a007b7..d37ee9354 100644 --- a/app/core/build.gradle +++ b/app/core/build.gradle @@ -62,7 +62,7 @@ dependencies { exclude group: 'com.google.code.gson', module: 'gson' } implementation 'org.apache.pdfbox:jbig2-imageio:3.0.4' - implementation 'com.opencsv:opencsv:5.11.2' // https://mvnrepository.com/artifact/com.opencsv/opencsv + implementation 'com.opencsv:opencsv:5.12.0' // https://mvnrepository.com/artifact/com.opencsv/opencsv // Batik implementation 'org.apache.xmlgraphics:batik-all:1.19' From 6aa474596ee7544ae3b76ed2d903e36c76d1b54a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:26:03 +0100 Subject: [PATCH 09/10] build(deps): bump org.springframework.boot from 3.5.3 to 3.5.4 (#4059) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.5.3 to 3.5.4.
Release notes

Sourced from org.springframework.boot's releases.

v3.5.4

:lady_beetle: Bug Fixes

  • LambdaSafe.withFilter is not public #46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #46203
  • Permissions are applied inconsistently when building uber archives with Gradle #46194
  • Environment variables using legacy dash format can no longer be bound #46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
  • Executable JAR application class encounters performance issues #46177
  • Executable JAR application class encounters performance issues #46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
  • SslInfo does not use its Clock when checking certificate validity #46011

:notebook_with_decorative_cover: Documentation

  • Fix description of spring.batch.job.enabled #46247
  • Fix broken Kotlin examples in reference documentation #46168
  • Add Logback Access Reactor Netty to community starters #46060

:hammer: Dependency Upgrades

  • Upgrade to ActiveMQ 6.1.7 #46373
  • Upgrade to Caffeine 3.2.2 #46432
  • Upgrade to Couchbase Client 3.8.2 #46460
  • Upgrade to GraphQL Java 24.1 #46395
  • Upgrade to Groovy 4.0.28 #46516
  • Upgrade to Hibernate 6.6.22.Final #46492
  • Upgrade to HikariCP 6.3.1 #46493
  • Upgrade to Infinispan 15.2.5.Final #46461
  • Upgrade to Jackson Bom 2.19.2 #46494
  • Upgrade to Jetty 12.0.23 #46375
  • Upgrade to MariaDB 3.5.4 #46376
  • Upgrade to Maven Invoker Plugin 3.9.1 #46377
  • Upgrade to Micrometer 1.15.2 #46280
  • Upgrade to Micrometer Tracing 1.5.2 #46281
  • Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
  • Upgrade to MySQL 9.3.0 #46371
  • Upgrade to Neo4j Java Driver 5.28.9 #46434
  • Upgrade to Netty 4.1.123.Final #46435
  • Upgrade to Prometheus Client 1.3.10 #46379
  • Upgrade to Reactor Bom 2024.0.8 #46282
  • Upgrade to RxJava3 3.1.11 #46380
  • Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits
  • 925f9bc Release v3.5.4
  • d82fb35 Merge branch '3.4.x' into 3.5.x
  • 4b6064f Next development version (v3.4.9-SNAPSHOT)
  • a39c8f0 Merge branch '3.4.x' into 3.5.x
  • 99d53de Upgrade to Spring Integration 6.5.1
  • 1b4aad5 Upgrade to Groovy 4.0.28
  • 3f0f79b Upgrade to Spring Integration 6.4.6
  • ff8443c Upgrade to Groovy 4.0.28
  • aed8550 Merge branch '3.4.x' into 3.5.x
  • 5406976 Apply commercial input consistently
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot&package-manager=gradle&previous-version=3.5.3&new-version=3.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 4b2b2c31b..4c210ef64 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ plugins { id "java" id "jacoco" id "io.spring.dependency-management" version "1.1.7" - id "org.springframework.boot" version "3.5.3" + id "org.springframework.boot" version "3.5.4" id "org.springdoc.openapi-gradle-plugin" version "1.9.0" id "io.swagger.swaggerhub" version "1.3.2" id "edu.sc.seis.launch4j" version "3.0.7" From 31598f3f1e160d7010cf34e23dbe6af0876edbc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Aug 2025 14:26:25 +0100 Subject: [PATCH 10/10] build(deps): bump org.springframework.boot:spring-boot-dependencies from 3.5.3 to 3.5.4 (#4058) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) from 3.5.3 to 3.5.4.
Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.4

:lady_beetle: Bug Fixes

  • LambdaSafe.withFilter is not public #46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #46203
  • Permissions are applied inconsistently when building uber archives with Gradle #46194
  • Environment variables using legacy dash format can no longer be bound #46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
  • Executable JAR application class encounters performance issues #46177
  • Executable JAR application class encounters performance issues #46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
  • SslInfo does not use its Clock when checking certificate validity #46011

:notebook_with_decorative_cover: Documentation

  • Fix description of spring.batch.job.enabled #46247
  • Fix broken Kotlin examples in reference documentation #46168
  • Add Logback Access Reactor Netty to community starters #46060

:hammer: Dependency Upgrades

  • Upgrade to ActiveMQ 6.1.7 #46373
  • Upgrade to Caffeine 3.2.2 #46432
  • Upgrade to Couchbase Client 3.8.2 #46460
  • Upgrade to GraphQL Java 24.1 #46395
  • Upgrade to Groovy 4.0.28 #46516
  • Upgrade to Hibernate 6.6.22.Final #46492
  • Upgrade to HikariCP 6.3.1 #46493
  • Upgrade to Infinispan 15.2.5.Final #46461
  • Upgrade to Jackson Bom 2.19.2 #46494
  • Upgrade to Jetty 12.0.23 #46375
  • Upgrade to MariaDB 3.5.4 #46376
  • Upgrade to Maven Invoker Plugin 3.9.1 #46377
  • Upgrade to Micrometer 1.15.2 #46280
  • Upgrade to Micrometer Tracing 1.5.2 #46281
  • Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
  • Upgrade to MySQL 9.3.0 #46371
  • Upgrade to Neo4j Java Driver 5.28.9 #46434
  • Upgrade to Netty 4.1.123.Final #46435
  • Upgrade to Prometheus Client 1.3.10 #46379
  • Upgrade to Reactor Bom 2024.0.8 #46282
  • Upgrade to RxJava3 3.1.11 #46380
  • Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits
  • 925f9bc Release v3.5.4
  • d82fb35 Merge branch '3.4.x' into 3.5.x
  • 4b6064f Next development version (v3.4.9-SNAPSHOT)
  • a39c8f0 Merge branch '3.4.x' into 3.5.x
  • 99d53de Upgrade to Spring Integration 6.5.1
  • 1b4aad5 Upgrade to Groovy 4.0.28
  • 3f0f79b Upgrade to Spring Integration 6.4.6
  • ff8443c Upgrade to Groovy 4.0.28
  • aed8550 Merge branch '3.4.x' into 3.5.x
  • 5406976 Apply commercial input consistently
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.springframework.boot:spring-boot-dependencies&package-manager=gradle&previous-version=3.5.3&new-version=3.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 4c210ef64..7ec5d4e3c 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ import java.nio.file.Files import java.time.Year ext { - springBootVersion = "3.5.3" + springBootVersion = "3.5.4" pdfboxVersion = "3.0.5" imageioVersion = "3.12.0" lombokVersion = "1.18.38"