From 8f8f66d24bebcac2faaeb613502ed23ff4df2f24 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 6 May 2026 17:02:28 +0000
Subject: [PATCH] Bump the root-maven-security-updates group across 1 directory
 with 4 updates

Bumps the root-maven-security-updates group with 4 updates in the / directory: [org.apache.thrift:libthrift](https://github.com/apache/thrift), [org.apache.shiro:shiro-core](https://github.com/apache/shiro), [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) and [org.assertj:assertj-core](https://github.com/assertj/assertj).


Updates `org.apache.thrift:libthrift` from 0.13.0 to 0.14.0
- [Release notes](https://github.com/apache/thrift/releases)
- [Changelog](https://github.com/apache/thrift/blob/master/CHANGES.md)
- [Commits](https://github.com/apache/thrift/compare/v0.13.0...v0.14.0)

Updates `org.apache.shiro:shiro-core` from 1.13.0 to 2.1.0
- [Release notes](https://github.com/apache/shiro/releases)
- [Changelog](https://github.com/apache/shiro/blob/main/RELEASE-NOTES)
- [Commits](https://github.com/apache/shiro/compare/shiro-root-1.13.0...shiro-root-2.1.0)

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.84
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.assertj:assertj-core` from 1.7.0 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](https://github.com/assertj/assertj/compare/assertj-core-1.7.0...assertj-build-3.27.7)

---
updated-dependencies:
- dependency-name: org.apache.thrift:libthrift
  dependency-version: 0.14.0
  dependency-type: direct:production
  dependency-group: root-maven-security-updates
- dependency-name: org.apache.shiro:shiro-core
  dependency-version: 2.1.0
  dependency-type: direct:production
  dependency-group: root-maven-security-updates
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-version: '1.84'
  dependency-type: direct:production
  dependency-group: root-maven-security-updates
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:production
  dependency-group: root-maven-security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8fd194cd482..af45132868c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -113,7 +113,7 @@
     <slf4j.version>1.7.35</slf4j.version>
     <reload4j.version>1.2.25</reload4j.version>
     <log4j2.version>2.23.1</log4j2.version>
-    <libthrift.version>0.13.0</libthrift.version>
+    <libthrift.version>0.14.0</libthrift.version>
     <flexmark.all.version>0.62.2</flexmark.all.version>
     <gson.version>2.8.9</gson.version>
     <gson-extras.version>0.2.2</gson-extras.version>
@@ -133,8 +133,8 @@
     <commons.io.version>2.15.1</commons.io.version>
     <commons.collections.version>3.2.2</commons.collections.version>
     <commons.cli.version>1.4</commons.cli.version>
-    <shiro.version>1.13.0</shiro.version>
-    <bouncycastle.version>1.80</bouncycastle.version>
+    <shiro.version>2.1.0</shiro.version>
+    <bouncycastle.version>1.84</bouncycastle.version>
     <maven.version>3.6.3</maven.version>
     <dropwizard.version>4.2.29</dropwizard.version>
     <micrometer.version>1.14.2</micrometer.version>
@@ -153,7 +153,7 @@
     <!-- test library versions -->
     <junit.jupiter.version>5.7.1</junit.jupiter.version>
     <mockito.version>3.12.4</mockito.version>
-    <assertj.version>1.7.0</assertj.version>
+    <assertj.version>3.27.7</assertj.version>
     <awaitility.version>4.2.0</awaitility.version>
 
     <!-- plugin versions -->