deps(deps): bump net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.7 in /benchmarks by dependabot[bot] · Pull Request #111 · DemchaAV/GraphCompose

dependabot · 2026-06-01T10:41:31Z

Bumps net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.7.

Release notes

Sourced from net.sf.jasperreports:jasperreports's releases.

JasperReports 7.0.7

add deserialization class filter to fix the CVE-2026-6009 security vulnerability;

introduce URL whitelist filter for controlling repository resources access;

new keepTogether flag for crosstab row groups;

various fixes made to the PDF exporter to better support the PDF/UA (accessibility) and PDF/A (archiving) standards;

new OSGi and Spring Boot samples;

support for versioning in the Jackson JRXML writer;

various dependencies upgrades including: Spring 6.2.18, Jackson 2.18.6, Bouncy Castle 1.84, Jetty 12.0.35 and Apache Log4J 2.25.4;

minor bug fixes and improvements;

JasperReports 7.0.6

introducing an official JasperReports Maven Plugin for compiling, decompiling and updating report design files (groupId: net.sf.jasperreports, artifactId: jasperreports-maven-plugin);

improved performance of the Ant tasks for compiling, decompiling and updating report design files by implementing multi-threading support;

various dependencies upgrades including: Apache Commons Lang 3.20.0, Rhino 1.8.1, ICU4J 78.2 and Apache Log4J 2.25.3;

minor bug fixes and improvements;

JasperReports 7.0.5

support for proportional table column resize using negative weight values convention;

minor bug fixes and improvements;

JasperReports 7.0.4

add deserialization class filter to fix the CVE-2025-10492 security vulnerability;

new net.sf.jasperreports.export.docx.size.page.to.content export configuration property added to support variable DOCX page size;

minor bug fixes and improvements;

JasperReports 7.0.3

minor bug fixes and improvements;

JasperReports 7.0.2

added support for horizontalPosition and shrinkWidth properties to table component and weight property to table columns to better control table resize behavior when table columns are hidden or resized.

... (truncated)

Changelog

Sourced from net.sf.jasperreports:jasperreports's changelog.

JasperReports 7.0.7 (2026-05-30)

add deserialization class filter to fix the CVE-2026-6009 security vulnerability;

introduce URL whitelist filter for controlling repository resources access;

new keepTogether flag for crosstab row groups;

various fixes made to the PDF exporter to better support the PDF/UA (accessibility) and PDF/A (archiving) standards;

new OSGi and Spring Boot samples;

support for versioning in the Jackson JRXML writer;

various dependencies upgrades including: Spring 6.2.18, Jackson 2.18.6, Bouncy Castle 1.84, Jetty 12.0.35 and Apache Log4J 2.25.4;

minor bug fixes and improvements;

JasperReports 7.0.6 (2026-03-13)

introducing an official JasperReports Maven Plugin for compiling, decompiling and updating report design files (groupId: net.sf.jasperreports, artifactId: jasperreports-maven-plugin);

improved performance of the Ant tasks for compiling, decompiling and updating report design files by implementing multi-threading support;

various dependencies upgrades including: Apache Commons Lang 3.20.0, Rhino 1.8.1, ICU4J 78.2 and Apache Log4J 2.25.3;

minor bug fixes and improvements;

JasperReports 7.0.5 (2026-02-27)

support for proportional table column resize using negative weight values convention;

... (truncated)

Commits

072738a eula and version update
9e373de check file repository root for output stream
0e2fb70 changes.txt update
5b02656 check root folder in HTML resource handler
9751ee0 check repository root on context resolve
9ff7da8 version update
f90c29b Merge branch 'release-7.0.7-JSSEC-167' into 'release-7.0.7'
ea320a1 add whitelist classes for virtualized JasperPrint
d1945b4 maven plugin api upgrade
728f395 build number plugin config
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [net.sf.jasperreports:jasperreports](https://github.com/Jaspersoft/jasperreports) from 6.21.3 to 7.0.7. - [Release notes](https://github.com/Jaspersoft/jasperreports/releases) - [Changelog](https://github.com/Jaspersoft/jasperreports/blob/master/changes.txt) - [Commits](Jaspersoft/jasperreports@6.21.3...7.0.7) --- updated-dependencies: - dependency-name: net.sf.jasperreports:jasperreports dependency-version: 7.0.7 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

) Bumps [net.sf.jasperreports:jasperreports](https://github.com/Jaspersoft/jasperreports) from 6.21.3 to 7.0.7. - [Release notes](https://github.com/Jaspersoft/jasperreports/releases) - [Changelog](https://github.com/Jaspersoft/jasperreports/blob/master/changes.txt) - [Commits](Jaspersoft/jasperreports@6.21.3...7.0.7) --- updated-dependencies: - dependency-name: net.sf.jasperreports:jasperreports dependency-version: 7.0.7 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Cherry-picked 252abef (PR #111) from main to develop in the preceding commit. Adding the corresponding CHANGELOG entry under v1.6.7 - Planned § Build so the cut tag includes the bump and the release notes acknowledge it. The original PR landed on main only because dependabot.yml had no `target-branch` override and the repo's default branch is main. The structural fix (`target-branch: develop`) is queued as v1.6.8 Track J1. Pre-cut review (2026-06-01) flagged this divergence; cherry-pick + this note clear the only critical from that review before tagging v1.6.7.

…117) * deps(deps): bump the maven-minor-patch group across 3 directories with 11 updates (#115) Bumps the maven-minor-patch group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.21.3` | `2.21.4` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.32` | `1.5.34` | | [org.apache.maven.plugins:maven-clean-plugin](https://github.com/apache/maven-clean-plugin) | `3.4.0` | `3.5.0` | | [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) | `3.21.0` | `3.22.0` | | [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) | `3.3.1` | `3.5.0` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.5.0` | `3.6.3` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.5` | `3.5.6` | | [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.1` | `3.4.0` | | [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.2.7` | `3.2.8` | | [org.sonatype.central:central-publishing-maven-plugin](https://github.com/sonatype/central-publishing-maven-plugin) | `0.7.0` | `0.9.0` | | [com.github.siom79.japicmp:japicmp-maven-plugin](https://github.com/siom79/japicmp) | `0.23.1` | `0.26.1` | Bumps the maven-minor-patch group with 2 updates in the /benchmarks directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire). Bumps the maven-minor-patch group with 2 updates in the /examples directory: [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) and [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire). Updates `com.fasterxml.jackson:jackson-bom` from 2.21.3 to 2.21.4 - [Commits](FasterXML/jackson-bom@jackson-bom-2.21.3...jackson-bom-2.21.4) Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.32...v_1.5.34) Updates `org.apache.maven.plugins:maven-clean-plugin` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.4.0...maven-clean-plugin-3.5.0) Updates `org.apache.maven.plugins:maven-site-plugin` from 3.21.0 to 3.22.0 - [Release notes](https://github.com/apache/maven-site-plugin/releases) - [Commits](apache/maven-site-plugin@maven-site-plugin-3.21.0...maven-site-plugin-3.22.0) Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.3.1 to 3.5.0 - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...maven-resources-plugin-3.5.0) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.5.0 to 3.6.3 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.3) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.2.7 to 3.2.8 - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8) Updates `org.sonatype.central:central-publishing-maven-plugin` from 0.7.0 to 0.9.0 - [Commits](https://github.com/sonatype/central-publishing-maven-plugin/commits) Updates `com.github.siom79.japicmp:japicmp-maven-plugin` from 0.23.1 to 0.26.1 - [Release notes](https://github.com/siom79/japicmp/releases) - [Changelog](https://github.com/siom79/japicmp/blob/master/release.py) - [Commits](siom79/japicmp@japicmp-base-0.23.1...japicmp-base-0.26.1) Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.32...v_1.5.34) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6) Updates `ch.qos.logback:logback-classic` from 1.5.32 to 1.5.34 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](qos-ch/logback@v_1.5.32...v_1.5.34) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.5 to 3.5.6 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.5...surefire-3.5.6) --- updated-dependencies: - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.21.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.34 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-version: 3.22.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-version: 3.2.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: org.sonatype.central:central-publishing-maven-plugin dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: com.github.siom79.japicmp:japicmp-maven-plugin dependency-version: 0.26.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-minor-patch - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.34 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.34 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-minor-patch - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(dependabot): pin target-branch develop on both ecosystems Closes the root cause of the v1.6.7-era #111 / #115 divergence pattern. Dependabot was reading the repo's default branch (main) and opening grouped PRs there; releases are cut from develop then merged to main, so every grouped PR landed alongside the latest release and force-diverged from ongoing dev work. Each one required a cherry-pick to align — fixed once by a small explicit `target-branch: develop` on the maven and github-actions ecosystem blocks. Sibling cherry-pick (preceding commit on this branch) brings the PR #115 deps bump bundle from main to develop so the two branches match before the policy takes effect. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency maven Java/Maven dependency updates labels Jun 1, 2026

dependabot Bot requested a review from DemchaAV as a code owner June 1, 2026 10:41

dependabot Bot added dependencies Pull requests that update a dependency maven Java/Maven dependency updates labels Jun 1, 2026

DemchaAV merged commit 252abef into main Jun 1, 2026
11 checks passed

DemchaAV deleted the dependabot/maven/benchmarks/net.sf.jasperreports-jasperreports-7.0.7 branch June 1, 2026 11:46

DemchaAV mentioned this pull request Jun 1, 2026

ci(dependabot): pin target-branch develop + sync deps from main #115 #117

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.7 in /benchmarks#111

deps(deps): bump net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.7 in /benchmarks#111
DemchaAV merged 1 commit into
mainfrom
dependabot/maven/benchmarks/net.sf.jasperreports-jasperreports-7.0.7

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

JasperReports 7.0.7

JasperReports 7.0.6

JasperReports 7.0.5

JasperReports 7.0.4

JasperReports 7.0.3

JasperReports 7.0.2

JasperReports 7.0.7 (2026-05-30)

JasperReports 7.0.6 (2026-03-13)

JasperReports 7.0.5 (2026-02-27)

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant