From 5276648b4301edb7588edc0311acd47a44c5923f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Oct 2025 03:01:40 +0000
Subject: [PATCH 01/18] Bump org.apache.maven.plugins:maven-enforcer-plugin
 from 3.5.0 to 3.6.2

Bumps [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) from 3.5.0 to 3.6.2.
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](https://github.com/apache/maven-enforcer/compare/enforcer-3.5.0...enforcer-3.6.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b38ac1ae..f1574da0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -532,7 +532,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-enforcer-plugin</artifactId>
-          <version>3.5.0</version>
+          <version>3.6.2</version>
           <executions>
             <execution>
               <id>enforce</id>

From a2d1c9a660d8c9fdbdeb65f032e20aedb551a456 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Sep 2025 03:03:22 +0000
Subject: [PATCH 02/18] Bump org.mockito:mockito-core from 5.17.0 to 5.20.0

Bumps [org.mockito:mockito-core](https://github.com/mockito/mockito) from 5.17.0 to 5.20.0.
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](https://github.com/mockito/mockito/compare/v5.17.0...v5.20.0)

---
updated-dependencies:
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f1574da0..68f9d0b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -420,7 +420,7 @@
       <dependency>
         <groupId>org.mockito</groupId>
         <artifactId>mockito-core</artifactId>
-        <version>5.17.0</version>
+        <version>5.20.0</version>
         <scope>test</scope>
       </dependency>
       <dependency>

From 8ef6e503861d4dc6acdc01889e0504d92fd3c7b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Sep 2025 03:01:24 +0000
Subject: [PATCH 03/18] Bump org.apache.maven.plugins:maven-compiler-plugin

Bumps [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) from 3.13.0 to 3.14.1.
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.13.0...maven-compiler-plugin-3.14.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 68f9d0b4..6a9ad3dc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -458,7 +458,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.13.0</version>
+          <version>3.14.1</version>
           <executions>
             <execution>
               <goals>

From 592932915e625440263609039b794315201bda5c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 22 Sep 2025 03:01:13 +0000
Subject: [PATCH 04/18] Bump org.apache.maven.plugins:maven-javadoc-plugin from
 3.11.2 to 3.12.0

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.11.2 to 3.12.0.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.11.2...maven-javadoc-plugin-3.12.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6a9ad3dc..229a8c5f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -675,7 +675,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-javadoc-plugin</artifactId>
-            <version>3.11.2</version>
+            <version>3.12.0</version>
             <configuration>
               <source>8</source>
             </configuration>

From c7f53ca9ded6059794c69d8facdbb9fc20cf1bd9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 3 Jul 2025 03:13:00 +0000
Subject: [PATCH 05/18] Bump org.apache.maven.plugins:maven-gpg-plugin from
 3.2.7 to 3.2.8

Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.2.7 to 3.2.8.
- [Release notes](https://github.com/apache/maven-gpg-plugin/releases)
- [Commits](https://github.com/apache/maven-gpg-plugin/compare/maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-gpg-plugin
  dependency-version: 3.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 229a8c5f..84c89095 100644
--- a/pom.xml
+++ b/pom.xml
@@ -653,7 +653,7 @@
           <plugin>
             <groupId>org.apache.maven.plugins</groupId>
             <artifactId>maven-gpg-plugin</artifactId>
-            <version>3.2.7</version>
+            <version>3.2.8</version>
             <executions>
               <execution>
                 <id>sign-artifacts</id>

From 489a0a5591b0a8ecaeee9d49f9f2f6dd01b03f98 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Jun 2025 03:08:18 +0000
Subject: [PATCH 06/18] Bump org.codehaus.mojo:build-helper-maven-plugin from
 3.6.0 to 3.6.1

Bumps [org.codehaus.mojo:build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) from 3.6.0 to 3.6.1.
- [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases)
- [Commits](https://github.com/mojohaus/build-helper-maven-plugin/compare/3.6.0...3.6.1)

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:build-helper-maven-plugin
  dependency-version: 3.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 dbeam-bom/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dbeam-bom/pom.xml b/dbeam-bom/pom.xml
index 4e7d364e..5c6d6e56 100644
--- a/dbeam-bom/pom.xml
+++ b/dbeam-bom/pom.xml
@@ -47,7 +47,7 @@
       <plugin>
         <groupId>org.codehaus.mojo</groupId>
         <artifactId>build-helper-maven-plugin</artifactId>
-        <version>3.6.0</version>
+        <version>3.6.1</version>
         <executions>
           <execution>
             <id>attach-effective-pom</id>

From ea7e26ac51f9a72cb19c77d1522ec4f24270c674 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Feb 2025 04:54:19 +0000
Subject: [PATCH 07/18] Bump
 org.apache.maven.plugins:maven-project-info-reports-plugin

Bumps [org.apache.maven.plugins:maven-project-info-reports-plugin](https://github.com/apache/maven-project-info-reports-plugin) from 3.8.0 to 3.9.0.
- [Release notes](https://github.com/apache/maven-project-info-reports-plugin/releases)
- [Commits](https://github.com/apache/maven-project-info-reports-plugin/compare/maven-project-info-reports-plugin-3.8.0...maven-project-info-reports-plugin-3.9.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-project-info-reports-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 84c89095..715a8374 100644
--- a/pom.xml
+++ b/pom.xml
@@ -519,7 +519,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-project-info-reports-plugin</artifactId>
-          <version>3.8.0</version>
+          <version>3.9.0</version>
         </plugin>
         <plugin>
           <artifactId>maven-surefire-plugin</artifactId>

From 8e4a759ecef18cbca59943f490a3caad32588ee0 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 15:19:59 +0200
Subject: [PATCH 08/18] Bump PostgreSQL JDBC driver from 42.7.4 to 42.7.7

Fixes CVE-2025-49146 (https://nvd.nist.gov/vuln/detail/CVE-2025-49146)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 715a8374..4b690bc6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,7 +138,7 @@
     <junit.version>4.13.2</junit.version>
     <mysql.version>8.4.0</mysql.version>
     <mariadb.version>3.5.3</mariadb.version>
-    <postgresql.version>42.7.4</postgresql.version>
+    <postgresql.version>42.7.7</postgresql.version>
     <socket-factory.version>1.18.0</socket-factory.version>
   </properties>
 

From 50dd3dc6655eeb361e5784294207de9eebdf13f2 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:16:18 +0200
Subject: [PATCH 09/18] Bump Avro from 1.11.4 to 1.11.5

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4b690bc6..26d49486 100644
--- a/pom.xml
+++ b/pom.xml
@@ -110,7 +110,7 @@
     <beam.version>2.65.0</beam.version>
     <!-- versions from beam -->
     <auto-value.version>1.9</auto-value.version>
-    <avro.version>1.11.4</avro.version>
+    <avro.version>1.11.5</avro.version>
     <checker-qual.version>3.42.0</checker-qual.version>
     <commons-codec.version>1.17.1</commons-codec.version>
     <commons-compress.version>1.26.2</commons-compress.version>

From 94307a9fe954c5501fcc286386ad34efb993680f Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:15:20 +0200
Subject: [PATCH 10/18] Bump Apache Beam SDK from 2.65.0 to 2.72.0

Beam 2.65.0 reaches end-of-support in May 2026. Beam 2.72.0 is the
latest stable release, supported until March 2027.

Updated dependency versions to match Beam 2.72.0:
- errorprone: 2.10.0 -> 2.31.0
- joda-time: 2.10.14 -> 2.14.0
- netty: 4.1.121.Final -> 4.1.124.Final
- slf4j: 1.7.30 -> 2.0.16
- google-cloud-libraries-bom: 26.57.0 -> 26.76.0

Added dependency management overrides to resolve version convergence
between Beam BOM and libraries-bom:
- jackson-dataformat-xml 2.18.2 (from google-cloud-storage)
- google-cloud-bigtable 2.73.1 and proto stubs (from beam-io-gcp)
- j2objc-annotations 3.1 (from libraries-bom)
- failureaccess 1.0.3 (from transitives)
---
 pom.xml | 55 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 47 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 26d49486..1914b853 100644
--- a/pom.xml
+++ b/pom.xml
@@ -106,30 +106,30 @@
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 
     <!-- apache beam BOM -->
-    <!-- https://github.com/apache/beam/blob/release-2.65/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L588 -->
-    <beam.version>2.65.0</beam.version>
+    <!-- https://github.com/apache/beam/blob/release-2.72/buildSrc/src/main/groovy/org/apache/beam/gradle/BeamModulePlugin.groovy#L588 -->
+    <beam.version>2.72.0</beam.version>
     <!-- versions from beam -->
     <auto-value.version>1.9</auto-value.version>
     <avro.version>1.11.5</avro.version>
     <checker-qual.version>3.42.0</checker-qual.version>
     <commons-codec.version>1.17.1</commons-codec.version>
     <commons-compress.version>1.26.2</commons-compress.version>
-    <errorprone.version>2.10.0</errorprone.version>
+    <errorprone.version>2.31.0</errorprone.version>
     <guava.version>33.1.0-jre</guava.version>
     <hamcrest.version>2.1</hamcrest.version>
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.14</httpcore.version>
     <jackson.version>2.15.4</jackson.version>
-    <joda-time.version>2.10.14</joda-time.version>
-    <netty.version>4.1.121.Final</netty.version>
-    <slf4j.version>1.7.30</slf4j.version>
+    <joda-time.version>2.14.0</joda-time.version>
+    <netty.version>4.1.124.Final</netty.version>
+    <slf4j.version>2.0.16</slf4j.version>
     <threetenbp.version>1.6.8</threetenbp.version>
     <zstd-jni.version>1.5.6-3</zstd-jni.version>
 
     <!-- GCP BOM -->
     <!-- https://github.com/googleapis/java-cloud-bom/releases -->
-    <!-- https://storage.googleapis.com/cloud-opensource-java-dashboard/com.google.cloud/libraries-bom/26.45.0/index.html -->
-    <google-cloud-libraries-bom.version>26.57.0</google-cloud-libraries-bom.version>
+    <!-- https://storage.googleapis.com/cloud-opensource-java-dashboard/com.google.cloud/libraries-bom/26.76.0/index.html -->
+    <google-cloud-libraries-bom.version>26.76.0</google-cloud-libraries-bom.version>
     <!-- versions from GCP bom -->
     <opencensus.version>0.31.1</opencensus.version>
 
@@ -238,6 +238,45 @@
         <artifactId>opencensus-contrib-grpc-metrics</artifactId>
         <version>${opencensus.version}</version>
       </dependency>
+      <!-- resolve jackson-dataformat-xml convergence: google-cloud-storage brings 2.18.2 -->
+      <dependency>
+        <groupId>com.fasterxml.jackson.dataformat</groupId>
+        <artifactId>jackson-dataformat-xml</artifactId>
+        <version>2.18.2</version>
+      </dependency>
+      <!-- resolve google-cloud-bigtable convergence: beam io brings 2.73.1 vs libraries-bom 2.73.0 -->
+      <dependency>
+        <groupId>com.google.cloud</groupId>
+        <artifactId>google-cloud-bigtable</artifactId>
+        <version>2.73.1</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>grpc-google-cloud-bigtable-v2</artifactId>
+        <version>2.73.1</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-bigtable-v2</artifactId>
+        <version>2.73.1</version>
+      </dependency>
+      <dependency>
+        <groupId>com.google.api.grpc</groupId>
+        <artifactId>proto-google-cloud-bigtable-admin-v2</artifactId>
+        <version>2.73.1</version>
+      </dependency>
+      <!-- resolve j2objc-annotations convergence: guava uses 3.0.0, libraries-bom brings 3.1 -->
+      <dependency>
+        <groupId>com.google.j2objc</groupId>
+        <artifactId>j2objc-annotations</artifactId>
+        <version>3.1</version>
+      </dependency>
+      <!-- resolve failureaccess convergence: guava 33.x uses 1.0.2, transitives bring 1.0.3 -->
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>failureaccess</artifactId>
+        <version>1.0.3</version>
+      </dependency>
       <!-- overrides to resolve dependency conflicts - end-->
       <!-- overrides with vulnerability fixes - start-->
       <!-- overrides with vulnerability fixes - end-->

From 8f94e325e93bd186ea74a3a43c9744abd5011525 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:17:56 +0200
Subject: [PATCH 11/18] Bump Jackson from 2.15.4 to 2.18.2

Aligns with the version provided by google-cloud-libraries-bom 26.76.0,
removing the separate jackson-dataformat-xml override.
---
 pom.xml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 1914b853..b01abde2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,7 +119,7 @@
     <hamcrest.version>2.1</hamcrest.version>
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.14</httpcore.version>
-    <jackson.version>2.15.4</jackson.version>
+    <jackson.version>2.18.2</jackson.version>
     <joda-time.version>2.14.0</joda-time.version>
     <netty.version>4.1.124.Final</netty.version>
     <slf4j.version>2.0.16</slf4j.version>
@@ -238,12 +238,6 @@
         <artifactId>opencensus-contrib-grpc-metrics</artifactId>
         <version>${opencensus.version}</version>
       </dependency>
-      <!-- resolve jackson-dataformat-xml convergence: google-cloud-storage brings 2.18.2 -->
-      <dependency>
-        <groupId>com.fasterxml.jackson.dataformat</groupId>
-        <artifactId>jackson-dataformat-xml</artifactId>
-        <version>2.18.2</version>
-      </dependency>
       <!-- resolve google-cloud-bigtable convergence: beam io brings 2.73.1 vs libraries-bom 2.73.0 -->
       <dependency>
         <groupId>com.google.cloud</groupId>

From 56ed88fe5bd267e3b6b3234fa098062d450d6988 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:23:02 +0200
Subject: [PATCH 12/18] Bump Guava from 33.1.0-jre to 33.5.0-jre

Aligns with the version provided by google-cloud-libraries-bom 26.76.0.
---
 pom.xml | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/pom.xml b/pom.xml
index b01abde2..2e7aa713 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,7 +115,7 @@
     <commons-codec.version>1.17.1</commons-codec.version>
     <commons-compress.version>1.26.2</commons-compress.version>
     <errorprone.version>2.31.0</errorprone.version>
-    <guava.version>33.1.0-jre</guava.version>
+    <guava.version>33.5.0-jre</guava.version>
     <hamcrest.version>2.1</hamcrest.version>
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.14</httpcore.version>
@@ -259,18 +259,6 @@
         <artifactId>proto-google-cloud-bigtable-admin-v2</artifactId>
         <version>2.73.1</version>
       </dependency>
-      <!-- resolve j2objc-annotations convergence: guava uses 3.0.0, libraries-bom brings 3.1 -->
-      <dependency>
-        <groupId>com.google.j2objc</groupId>
-        <artifactId>j2objc-annotations</artifactId>
-        <version>3.1</version>
-      </dependency>
-      <!-- resolve failureaccess convergence: guava 33.x uses 1.0.2, transitives bring 1.0.3 -->
-      <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>failureaccess</artifactId>
-        <version>1.0.3</version>
-      </dependency>
       <!-- overrides to resolve dependency conflicts - end-->
       <!-- overrides with vulnerability fixes - start-->
       <!-- overrides with vulnerability fixes - end-->

From 1526fa0b11e51b20a9881c924ab8b81a564f142b Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:32:35 +0200
Subject: [PATCH 13/18] Bump PostgreSQL JDBC driver from 42.7.7 to 42.7.8

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2e7aa713..b16b0305 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,7 +138,7 @@
     <junit.version>4.13.2</junit.version>
     <mysql.version>8.4.0</mysql.version>
     <mariadb.version>3.5.3</mariadb.version>
-    <postgresql.version>42.7.7</postgresql.version>
+    <postgresql.version>42.7.8</postgresql.version>
     <socket-factory.version>1.18.0</socket-factory.version>
   </properties>
 

From 46e52481dc0ac5ccede461da8559db78408948d6 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:35:07 +0200
Subject: [PATCH 14/18] Bump google-api-services-cloudkms from v1-rev20240314
 to v1-rev20260319

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b16b0305..0dd025c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -286,7 +286,7 @@
       <dependency>
         <groupId>com.google.apis</groupId>
         <artifactId>google-api-services-cloudkms</artifactId>
-        <version>v1-rev20240314-2.0.0</version>
+        <version>v1-rev20260319-2.0.0</version>
       </dependency>
 
       <!-- Runners -->

From d1111806b3ae54bc9b8f28849dffb1ff7716ffbd Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:36:56 +0200
Subject: [PATCH 15/18] Bump MariaDB JDBC driver from 3.5.3 to 3.5.8

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0dd025c3..9ac8fbb4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,7 +137,7 @@
     <bouncycastle.version>1.78.1</bouncycastle.version>
     <junit.version>4.13.2</junit.version>
     <mysql.version>8.4.0</mysql.version>
-    <mariadb.version>3.5.3</mariadb.version>
+    <mariadb.version>3.5.8</mariadb.version>
     <postgresql.version>42.7.8</postgresql.version>
     <socket-factory.version>1.18.0</socket-factory.version>
   </properties>

From 998d2c9b35a941a195b79f3150df591f9a24220e Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:39:55 +0200
Subject: [PATCH 16/18] Bump zstd-jni from 1.5.6-3 to 1.5.7-7

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9ac8fbb4..9f888229 100644
--- a/pom.xml
+++ b/pom.xml
@@ -124,7 +124,7 @@
     <netty.version>4.1.124.Final</netty.version>
     <slf4j.version>2.0.16</slf4j.version>
     <threetenbp.version>1.6.8</threetenbp.version>
-    <zstd-jni.version>1.5.6-3</zstd-jni.version>
+    <zstd-jni.version>1.5.7-7</zstd-jni.version>
 
     <!-- GCP BOM -->
     <!-- https://github.com/googleapis/java-cloud-bom/releases -->

From ad07d124ceff0867593b70517e0c2cda1b182d1e Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 16:43:26 +0200
Subject: [PATCH 17/18] Bump Cloud SQL socket factory from 1.18.0 to 1.25.0

1.25.0 is the highest version compatible with the current
libraries-bom 26.76.0 without introducing dependency conflicts.
Versions >= 1.25.1 require a newer google-api-client than what
the BOM provides.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9f888229..388402f2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,7 +139,7 @@
     <mysql.version>8.4.0</mysql.version>
     <mariadb.version>3.5.8</mariadb.version>
     <postgresql.version>42.7.8</postgresql.version>
-    <socket-factory.version>1.18.0</socket-factory.version>
+    <socket-factory.version>1.25.0</socket-factory.version>
   </properties>
 
   <dependencyManagement>

From 900fc1a91e6d702f4781487a66ed5c7c8e935ea5 Mon Sep 17 00:00:00 2001
From: Luis Bianchin <labianchin@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:01:54 +0200
Subject: [PATCH 18/18] Update avro-tools download URL to 1.11.5 in CI workflow

The previous URL for avro-tools 1.11.3 is no longer available on
dlcdn.apache.org, causing CI failures.
---
 .github/workflows/maven.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index c20bf249..6799ab3a 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -52,11 +52,11 @@ jobs:
       - name: Install avro tools
         if: matrix.java_version == '17'
         run: |
-          wget https://dlcdn.apache.org/avro/avro-1.11.3/java/avro-tools-1.11.3.jar
+          wget https://dlcdn.apache.org/avro/avro-1.11.5/java/avro-tools-1.11.5.jar
           mkdir -p /opt/avro
-          mv avro-tools-1.11.3.jar /opt/avro/
-          chmod +x /opt/avro/avro-tools-1.11.3.jar
-          echo "alias avro-tools='java -jar /opt/avro/avro-tools-1.11.3.jar'" > ~/.bashrc
+          mv avro-tools-1.11.5.jar /opt/avro/
+          chmod +x /opt/avro/avro-tools-1.11.5.jar
+          echo "alias avro-tools='java -jar /opt/avro/avro-tools-1.11.5.jar'" > ~/.bashrc
       - name: End to end tests
         shell: bash
         if: matrix.java_version == '17'