Skip to content

Bump io.quarkus:quarkus-bom from 3.36.1 to 3.37.3 in /s3-uploader/runtimes/quarkus_native_on_provided_al2#3693

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/s3-uploader/runtimes/quarkus_native_on_provided_al2/io.quarkus-quarkus-bom-3.37.3
Open

Bump io.quarkus:quarkus-bom from 3.36.1 to 3.37.3 in /s3-uploader/runtimes/quarkus_native_on_provided_al2#3693
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/maven/s3-uploader/runtimes/quarkus_native_on_provided_al2/io.quarkus-quarkus-bom-3.37.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps io.quarkus:quarkus-bom from 3.36.1 to 3.37.3.

Release notes

Sourced from io.quarkus:quarkus-bom's releases.

3.37.2

Complete changelog

  • #49524 - IllegalStateException: GlobalOpenTelemetry.set has already been called
  • #54999 - Produce ServiceStartBuildItem for OTel
  • #55134 - Add regression tests for QuteProcessor
  • #55137 - Null boxed Integer and Boolean fields dropped from JSON by reflection-free serializers (Quarkus 3.37)
  • #55142 - @JsonProperty is ignored or duplicated + 'visibility'-setting is ignored in 'ObjectMapperCustomizer' by reflection-free Jackson serializers
  • #55183 - Fix typo
  • #55214 - Reflection-free serializers break Kotlin boolean "is" properties and @JsonProperty annotations
  • #55216 - Avoid duplicate fields when using @JsonProperty + improve Kotlin support + obey visibility defined in ObjectMapperCustomizer in reflection-free Jackson serializers
  • #55229 - Bump com.ongres.scram:scram-client from 3.2 to 3.3 in /bom/application
  • #55238 - Bump SmallRye GraphQL to 2.18.3
  • #55254 - [3.37 Regression] quarkus-rest-jackson drops ObjectNode request body fields with reflection-free Jackson enabled
  • #55255 - [Reflection-free Jackson deserialisers] Unknown field throws plain JsonMappingException instead of MismatchedInputException, bypassing custom exception mappers
  • #55256 - Avoid generating reflection-free Jackson serializers for classes in the jackson.databind package
  • #55261 - Reflection-free Jackson deserialisers: @JsonUnwrapped prefix/suffix not honored
  • #55278 - Serialize null boxed primitives in reflection-free Jackson serializers
  • #55279 - Fix exception thrown in case of unknown field in reflection-free Jackson serializer
  • #55280 - Honor @JsonUnwrapped prefix/suffix in reflection-free Jackson serialisers
  • #55302 - jackson-module-kotlin incompatible with reflection-free serializers
  • #55304 - OIDC: include invalid_dpop_proof in AuthenticationFailedException to clarify why exception was thrown
  • #55309 - Opt-out Kotlin classes from generation of reflection-free Jackson serializers
  • #55318 - @JsonFormat with pattern on java.time types (e.g. ZonedDateTime, LocalDateTime) ignored by reflection-free Jackson serializers
  • #55322 - Fix serialization of java.time fields with custom format in generated reflection-free Jackson serializers
  • #55331 - Jackson Reflectionfree Serializer with Raw Types
  • #55334 - Fix reflection-free Jackson serializers when using raw types

3.37.1

Complete changelog

  • #49919 - Prevent invocation of Task.project at execution time in Gradle plugin
  • #54854 - OIDC DPoP Nonce response uses from status code and message
  • #54855 - For missing and invalid nonces, return 401/use_dpop_nonce
  • #54889 - Response not handled in ContainerResponseFilter for dropped HTTP requests
  • #54903 - Allow the use of @Cancellable on ContainerResponseFilter
  • #54909 - Change log level of some OIDC log messages from debug to warn
  • #54919 - Improve the update-quarkus.adoc guide a bit
  • #54924 - Fix status in update-quarkus.adoc
  • #54942 - Include additional args in AOTMode=create" command
  • #54949 - Infinispan - Add missing service implementations for native
  • #54950 - JAXB - Register a new service implementation for native
  • #54955 - Significant CPU regression
  • #54958 - Prevent invocation of Task.project at execution time in Gradle plugin
  • #54975 - Infinispan - Register services properly and enforce basic client intelligence in ITs
  • #54997 - Bump org.hibernate.validator:hibernate-validator from 9.1.0.Final to 9.1.1.Final
  • #55008 - Quarkus REST sub-resources return 500 for malformed content type unlike 415 from top-level resource
  • #55009 - Quarkus REST: fix response status for sub-resource requests with a malformed content type

... (truncated)

Commits
  • d647aef [RELEASE] - Bump version to 3.37.3
  • 7a51b0e Merge pull request #55460 from gsmet/3.37.3-backports-4
  • 036eb11 Fix serialization of java.time.Duration in generated reflection-free Jackson ...
  • a435cb1 Fix native image build failure caused by Netty's SelfSignedCertificate
  • 34eacf7 Register gRPC codegen configuration properties
  • 9a31621 fix(quarkus-rest): @​serverexceptionmapper in sub-resource shouldn't be global
  • 81b8969 Ignore unresolvable POMs for bundled CycloneDX components
  • c0090b9 Disable Mockito class cache for thenThrow across component tests
  • 5868f10 Harden remote dev mode against unsafe deserialization
  • 49cfd7e Harden remote dev mode against path traversal
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [io.quarkus:quarkus-bom](https://github.com/quarkusio/quarkus) from 3.36.1 to 3.37.3.
- [Release notes](https://github.com/quarkusio/quarkus/releases)
- [Commits](quarkusio/quarkus@3.36.1...3.37.3)

---
updated-dependencies:
- dependency-name: io.quarkus:quarkus-bom
  dependency-version: 3.37.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants