chore(deps): bump io.smallrye.config:smallrye-config from 3.4.4 to 3.10.0 in /jans-keycloak-integration

[dependabot]

Bumps io.smallrye.config:smallrye-config from 3.4.4 to 3.10.0.

Release notes

Sourced from io.smallrye.config:smallrye-config's releases.

3.10.0

• #1244 Release 3.10.0
• #1243 Release 3.10.0
• #1242 Bump version.curator from 5.7.0 to 5.7.1
• #1240 Bump kotlin.version from 2.0.20 to 2.0.21
• #1239 Add @​ConfigMapping beanStyleGetter to enable / disable bean style getter names matching with configuration names
• #1237 Bump org.ow2.asm:asm from 9.7 to 9.7.1
• #1236 Rename ConfigClassWithPrefix to ConfigClass and use it in SmallRyeConfigBuilder
• #1235 Bump version.smallrye.testing from 2.3.0 to 2.3.1
• #1234 Bump io.smallrye.common:smallrye-common-bom from 2.4.0 to 2.7.0
• #1233 Split release into two workflows
• #1231 Slight optimization when looking up System properties
• #1229 Bump io.fabric8:docker-maven-plugin from 0.45.0 to 0.45.1
• #1226 Move local classes to inner to reduce the number of classes in the main package
• #1224 Remove constructor arguments from examples
• #1223 Fix docs of interceptor service registration
• #1222 Bump io.smallrye:smallrye-parent from 45 to 46
• #1220 Support a fixed list of Map keys statically @​WithKeys
• #1218 Bump org.yaml:snakeyaml from 2.2 to 2.3
• #1217 Cache profile prefixes
• #1216 Avoid expensive exception and log when getValues fails lookup for indexed properties and fallbacks to comma
• #1215 Check if profile file resources are in the location ClassLoader
• #1214 Internal cleanup of AbstractLocationConfigSourceLoader
• #1213 Reduce allocations of iterateNames
• #1212 Improve mappings documentation
• #1211 Avoid using string concatenation to forge impl name
• #1210 Bump kotlin.version from 2.0.0 to 2.0.20
• #1209 ConfigValue name consistent with PropertiesConfigSource
• #1204 Search for indexed property names before flattened comma separated value name when loading Collections for CDI injection
• #1203 Remove the generation of a comma separated value name for Collections in the YamlConfigSource
• #1202 Search for indexed property names before flattened comma separated value name when loading Collections
• #1201 Drop support for full YAML content in parent property names
• #1200 Bump io.fabric8:docker-maven-plugin from 0.44.0 to 0.45.0
• #1198 Update sample ordinal in custom.md
• #1195 Bump zipp from 3.15.0 to 3.19.1 in /documentation

3.9.1

• #1206 Release 3.9.1
• #1205 Keep a reference to the full interceptor chain to call restart

3.9.0

• #1196 Release 3.9.0
• #1193 Make jakarta.annotation-api compile scope so SmallRyeConfig can be used without any extra set up
• #1192 Test discover of application configuration
• #1191 Support .env file by default
• #1190 Support application configuration file by default
• #1189 Bump io.smallrye:smallrye-parent from 44 to 45
• #1187 PropertiesConfigSource implement ConfigValueConfigSource
• #1186 Remove KeyMapBackedConfigSource
• #1185 Move ConfigValue Map views to ConfigValueConfigSource

... (truncated)

Commits

• e2054ca [maven-release-plugin] prepare release 3.10.0
• 1f6cf9d Release 3.10.0 (#1244)
• 1627e75 Do not release test and example modules
• bedbff5 Add @​ConfigMapping beanStyleGetter to enable / disable bean style getter name...
• ecadfeb Bump version.curator from 5.7.0 to 5.7.1 (#1242)
• 0e553be Bump kotlin.version from 2.0.20 to 2.0.21 (#1240)
• a03bcdd Bump org.ow2.asm:asm from 9.7 to 9.7.1 (#1237)
• 4d235b6 Test for optional Map values
• 1e7134a Boolean mapping getter name in Kotlin
• ef49586 Fix NPE on ConfigValue#getSourceName
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The pull request updates the smallrye-config.version property in the pom.xml file from 3.4.4 to 3.10.0, which is a routine dependency update that does not appear to introduce any immediate security concerns, but it's important to review the changes in the new version to ensure compatibility and identify any potential security implications.

Expand for full summary

Summary:

This pull request updates the smallrye-config.version property in the pom.xml file from 3.4.4 to 3.10.0. From an application security perspective, this change is not directly related to any security vulnerabilities or concerns. The smallrye-config library is a configuration management library for Java applications, and the version update is likely to introduce new features, bug fixes, or performance improvements.

However, it's always important to review dependency updates carefully, as they can sometimes introduce new security vulnerabilities or breaking changes. In this case, the version change seems to be a minor update, and there are no immediate security concerns that can be identified. It's a good practice to review the release notes or change log for the new version of the smallrye-config library to understand what changes have been made and whether they might have any impact on the application. Additionally, it's important to ensure that the new version is compatible with the rest of the application's dependencies and does not introduce any conflicts or compatibility issues.

Files Changed:

• jans-keycloak-integration/pom.xml: This file has been updated to change the smallrye-config.version property from 3.4.4 to 3.10.0. This is a routine dependency update and does not appear to introduce any immediate security concerns. However, it's important to review the changes in the new version of the smallrye-config library to ensure compatibility and identify any potential security implications.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[moabu]

@dependabot recreate