Bump the java group with 23 updates

[dependabot]

Bumps the java group with 23 updates:

Package	From	To
org.json:json	20250107	20250517
org.jsoup:jsoup	1.19.1	1.20.1
co.elastic.clients:elasticsearch-java	9.0.0	9.0.1
org.apache.activemq:artemis-jms-server	2.40.0	2.41.0
com.itextpdf:itext-core	9.1.0	9.2.0
com.itextpdf:cleanup	5.0.1	5.0.2
org.apache.commons:commons-imaging	1.0.0-alpha5	1.0.0-alpha6
org.springdoc:springdoc-openapi-starter-webmvc-ui	2.8.6	2.8.8
io.projectreactor:reactor-core	3.7.5	3.7.6
org.eclipse.jgit:org.eclipse.jgit	7.2.0.202503040940-r	7.2.1.202505142326-r
org.webjars:jquery	1.12.4	3.7.1
org.webjars:bootstrap	3.3.7-1	5.3.5
org.webjars.bower:bootstrap	4.1.1	5.3.3
org.webjars.bower:moment	2.29.3	2.29.4
org.webjars.npm:angular	1.8.2	1.8.3
org.webjars.bower:ace-builds	1.3.1	1.15.2
org.webjars.bower:tinymce	4.5.8	6.8.3
org.webjars.npm:angular-translate	2.19.0	2.19.1
org.webjars.npm:angular-resource	1.8.2	1.8.3
org.webjars.npm:angular-animate	1.8.2	1.8.3
org.webjars.npm:angular-sanitize	1.8.2	1.8.3
org.webjars.npm:angular-cookies	1.8.2	1.8.3
org.webjars.bower:angular-ui-sortable	0.14.3	0.19.0

Updates org.json:json from 20250107 to 20250517

Release notes

Sourced from org.json:json's releases.

20250517

Pull Request	Description
#969	refactored large test for strict mode
#968	Update keepStrings behavior to reflect changes in keepBooleanAsString, keepNumberAsString
#966	granular flags to control for keeping boolean or number values as strings
#962	Fix: handles edge case 'no \n at end of csv dataset + empty last column'
#961	Option to store null value in JSONObject when parsing a map
#960	Updated configuration to enable strictMode unit testing with Maven
#955	Add testWithStrictMode option to build.gradle
#951	Fixing and updating unit tests for default strictMode
#950	upgrade upload-artifact from v3 to v4 - pipeline change
#949	deprecated unnecessary setter method
#948	Use JSONTokener JSONParserConfiguration in JSONObject and JSONArray constructors
#946	add missing javaDoc for JSONParserConfiguration
#942	Copy all fields when cloning JSONParserConfiguration
#938	Strict mode unit tests
#937	Update JSONParserConfiguration usage in JSONTokener, JSONArray, and JSONObject
#931	remove-duplicate-moditect: from pom.xml

Changelog

Sourced from org.json:json's changelog.

20250517 Strict mode hardening and recent commits

Commits

• See full diff in compare view

Updates org.jsoup:jsoup from 1.19.1 to 1.20.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.20.1

Changes

• To better follow the HTML5 spec and current browsers, the HTML parser no longer allows self-closing tags (<foo />) to close HTML elements by default. Foreign content (SVG, MathML), and content parsed with the XML parser, still supports self-closing tags. If you need specific HTML tags to support self-closing, you can register a custom tag via the TagSet configured in Parser.tagSet(), using Tag#set(Tag.SelfClose). Standard void tags (such as <img>, <br>, etc.) continue to behave as usual and are not affected by this change. #2300.
• The following internal components have been deprecated. If you do happen to be using any of these, please take the opportunity now to migrate away from them, as they will be removed in jsoup 1.21.1.
  • ChangeNotifyingArrayList, Document.updateMetaCharsetElement(), Document.updateMetaCharsetElement(boolean), HtmlTreeBuilder.isContentForTagData(String), Parser.isContentForTagData(String), Parser.setTreeBuilder(TreeBuilder), Tag.formatAsBlock(), Tag.isFormListed(), TokenQueue.addFirst(String), TokenQueue.chompTo(String), TokenQueue.chompToIgnoreCase(String), TokenQueue.consumeToIgnoreCase(String), TokenQueue.consumeWord(), TokenQueue.matchesAny(String...)

Functional Improvements

• Rebuilt the HTML pretty-printer, to simplify and consolidate the implementation, improve consistency, support custom Tags, and provide a cleaner path for ongoing improvements. The specific HTML produced by the pretty-printer may be different from previous versions. #2286.
• Added the ability to define custom tags, and to modify properties of known tags, via the TagSet tag collection. Their properties can impact both the parse and how content is serialized (output as HTML or XML). #2285.
• Element.cssSelector() will prefer to return shorter selectors by using ancestor IDs when available and unique. E.g. #id > div > p instead of html > body > div > div > p #2283.
• Added Elements.deselect(int index), Elements.deselect(Object o), and Elements.deselectAll() methods to remove elements from the Elements list without removing them from the underlying DOM. Also added Elements.asList() method to get a modifiable list of elements without affecting the DOM. (Individual Elements remain linked to the DOM.) #2100.
• Added support for sending a request body from an InputStream with Connection.requestBodyStream(InputStream stream). #1122.
• The XML parser now supports scoped xmlns: prefix namespace declarations, and applies the correct namespace to Tags and Attributes. Also, added Tag#prefix(), Tag#localName(), Attribute#prefix(), Attribute#localName(), and Attribute#namespace() to retrieve these. #2299.
• CSS identifiers are now escaped and unescaped correctly to the CSS spec. Element#cssSelector() will emit appropriately escaped selectors, and the QueryParser supports those. Added Selector.escapeCssIdentifier() and ` Selector.unescapeCssIdentifier(). #2297, #2305

Structure and Performance Improvements

• Refactored the CSS QueryParser into a clearer recursive descent parser. #2310.
• CSS selectors with consecutive combinators (e.g. div >> p) will throw an explicit parse exception. #2311.
• Performance: reduced the shallow size of an Element from 40 to 32 bytes, and the NodeList from 32 to 24. #2307.
• Performance: reduced GC load of new StringBuilders when tokenizing input HTML. #2304.
• Made Parser instances threadsafe, so that inadvertent use of the same instance across threads will not lead to errors. For actual concurrency, use Parser#newInstance() per thread. #2314.

Bug Fixes

• Element names containing characters invalid in XML are now normalized to valid XML names when serializing. #1496.
• When serializing to XML, characters that are invalid in XML 1.0 should be removed (not encoded). #1743.
• When converting a Document to the W3C DOM in W3CDom, elements with an attribute in an undeclared namespace now get a declaration of xmlns:prefix="undefined". This allows subsequent serialization to XML via W3CDom.asString() to succeed. #2087.
• The StreamParser could emit the final elements of a document twice, due to how onNodeCompleted was fired when closing out the stack. #2295.
• When parsing with the XML parser and error tracking enabled, the trailing ? in <?xml version="1.0"?> would incorrectly emit an error. #2298.
• Calling Element#cssSelector() on an element with combining characters in the class or ID now produces the correct output. #1984.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.20.1 (2025-04-29)

Changes

• To better follow the HTML5 spec and current browsers, the HTML parser no longer allows self-closing tags (<foo />) to close HTML elements by default. Foreign content (SVG, MathML), and content parsed with the XML parser, still supports self-closing tags. If you need specific HTML tags to support self-closing, you can register a custom tag via the TagSet configured in Parser.tagSet(), using Tag#set(Tag.SelfClose). Standard void tags (such as <img>, <br>, etc.) continue to behave as usual and are not affected by this change. #2300.
• The following internal components have been deprecated. If you do happen to be using any of these, please take the opportunity now to migrate away from them, as they will be removed in jsoup 1.21.1.
  • ChangeNotifyingArrayList, Document.updateMetaCharsetElement(), Document.updateMetaCharsetElement(boolean), HtmlTreeBuilder.isContentForTagData(String), Parser.isContentForTagData(String), Parser.setTreeBuilder(TreeBuilder), Tag.formatAsBlock(), Tag.isFormListed(), TokenQueue.addFirst(String), TokenQueue.chompTo(String), TokenQueue.chompToIgnoreCase(String), TokenQueue.consumeToIgnoreCase(String), TokenQueue.consumeWord(), TokenQueue.matchesAny(String...)

Functional Improvements

• Rebuilt the HTML pretty-printer, to simplify and consolidate the implementation, improve consistency, support custom Tags, and provide a cleaner path for ongoing improvements. The specific HTML produced by the pretty-printer may be different from previous versions. #2286.
• Added the ability to define custom tags, and to modify properties of known tags, via the TagSet tag collection. Their properties can impact both the parse and how content is serialized (output as HTML or XML). #2285.
• Element.cssSelector() will prefer to return shorter selectors by using ancestor IDs when available and unique. E.g. #id > div > p instead of html > body > div > div > p #2283.
• Added Elements.deselect(int index), Elements.deselect(Object o), and Elements.deselectAll() methods to remove elements from the Elements list without removing them from the underlying DOM. Also added Elements.asList() method to get a modifiable list of elements without affecting the DOM. (Individual Elements remain linked to the DOM.) #2100.
• Added support for sending a request body from an InputStream with Connection.requestBodyStream(InputStream stream). #1122.
• The XML parser now supports scoped xmlns: prefix namespace declarations, and applies the correct namespace to Tags and Attributes. Also, added Tag#prefix(), Tag#localName(), Attribute#prefix(), Attribute#localName(), and Attribute#namespace() to retrieve these. #2299.
• CSS identifiers are now escaped and unescaped correctly to the CSS spec. Element#cssSelector() will emit appropriately escaped selectors, and the QueryParser supports those. Added Selector.escapeCssIdentifier() and Selector.unescapeCssIdentifier(). #2297, #2305

Structure and Performance Improvements

• Refactored the CSS QueryParser into a clearer recursive descent parser. #2310.
• CSS selectors with consecutive combinators (e.g. div >> p) will throw an explicit parse exception. #2311.
• Performance: reduced the shallow size of an Element from 40 to 32 bytes, and the NodeList from 32 to 24. #2307.
• Performance: reduced GC load of new StringBuilders when tokenizing input HTML. #2304.
• Made Parser instances threadsafe, so that inadvertent use of the same instance across threads will not lead to errors. For actual concurrency, use Parser#newInstance() per thread. #2314.

... (truncated)

Commits

• 8f0dc29 [maven-release-plugin] prepare release jsoup-1.20.1
• 6b96c74 Don't log InterruptedException
• dec21ef Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 (#2316)
• fccfaae Updating changelog
• 603261d Perf optimize these deep IT tests
• f0d8782 Use a ReentrantLock in HttpConnection
• 01c823e Make Parser instances threadsafe (#2314)
• dcb4f79 Only match ASCII letters and digits (#2312)
• c4dd25e Disallow consecutive combinators in CSS selectors (#2311)
• f70a7bc Revamp QueryParser (#2310)
• Additional commits viewable in compare view

Updates co.elastic.clients:elasticsearch-java from 9.0.0 to 9.0.1

Release notes

Sourced from co.elastic.clients:elasticsearch-java's releases.

v9.0.1

What's Changed

• Added missing dependency commons-logging
• Updated apache httpclient5 dependency to 5.4.4 (5.4.0 had a known vulnerability)

Full Changelog: elastic/elasticsearch-java@v9.0.0...v9.0.1

Commits

• 5c107bb [codegen] update to latest spec
• a3b8173 Fix dependencies + pom building (#1010)
• 54d8629 make sure to always target java 17 (#1008) (#1009)
• bcb019c bump version
• See full diff in compare view

Updates org.apache.activemq:artemis-jms-server from 2.40.0 to 2.41.0

Updates com.itextpdf:itext-core from 9.1.0 to 9.2.0

Release notes

Sourced from com.itextpdf:itext-core's releases.

iText Core/Community 9.2.0

Following the 25th anniversary release last time, you might think there wouldn’t be much to expect from iText Core 9.2.0. But hold onto your hats, because we have some very nice stuff to talk about, such as automated validation checks for PDF/UA-2 documents and improvements to iText’s general conformance checking mechanism.

Automated PDF/UA-2 Validation

Automated checks for PDF/UA-1 creation were introduced with iText Core 8.0.4. This release extends this feature to include the new PDF/UA-2 standard published last year.

The earlier checks were based on the PDF Association’s Matterhorn Protocol PDF/UA conformance testing model. For the PDF/UA-2 checks, we draw from the profile used by the industry-standard validation tool, veraPDF. That said, the way we’ve implemented the system of checkpoints and handle failure conditions is broadly the same. So, rest assured, iText Core will help you create PDFs that meet the new standard for universal accessibility.

While at present we’re not aware of any legislation mandating the switch to PDF/UA-2 from the current PDF/UA-1 standard, there are some pretty compelling reasons to consider adopting the latest version, particularly when it comes to handling PDF 2.0 documents. PDF/UA-2 brings improved support for modern Unicode to the table, and rolls out new document structure elements like Title, DocumentFragment, Aside, FENote, and Artifact which take advantage of enhancements in the PDF 2.0 specification.

In addition, we have refactored the conformance-checking mechanism by introducing the new PdfConformance abstraction to support multiple standards (e.g. PDF/A, PDF/UA), with PdfAConformance and PdfUAConformance now existing as enums, enabling modular, extensible validation.

Pull Requests

We’d like to thank Aviad Pineles for their PR to improve CSS style sheet logic for pdfHTML. While we eventually went with a different implementation of this fix, we’re very grateful for the inspiration!

Bug Fixes and Miscellaneous

In line with our efforts on the PDF/UA-2 checks and the upgraded API for converting HTML to PDF/UA, we also have some enhancements and fixes for general PDF 2.0 conformance. One of the standout updates is a dedicated checker that evaluates tag structure by examining the parent-child tag relationships as outlined in the PDF 2.0 specification. We’ve also addressed a number of issues related to PDF 2.0 tag conversion and structure repair operations, making sure everything operates seamlessly.

We would also like to highlight an additional change: in response to a bug report on StackOverflow, we identified and resolved a line wrap issue affecting non-wrapping italic and bold simulated text within table columns. This problem could lead to incorrect page breaks when the content width exceeded the column limits. To fix it, we’ve adjusted the table renderer logic to handle cases where text formatted in such ways exceeds the layout box width.

Other Stuff

We have a great new article on the Knowledge Base by Guust Ysebie from the iText SDK development team. If you caught the iText Core 9.1.0 release, you might remember how we managed to massively speed up table rendering, particularly in the case of tagged tables. If you wondered how this was possible, Guust has written up the whole story from beginning to end. It’s a very entertaining and enlightening read, so if optimization is your bag you’ll find a lot to enjoy.

NOTE: If you use iText for digital signing, you may be interested in the Digital Signatures Hub which contains a ton of useful resources and examples. In particular, we have a new chapter to our Digital Signing with iText series. In Part V, we take you through the steps of signing PDFs with Java via a remote signing service offering CSC API access.

Don’t forget that in addition to the resources on our Knowledge Base, on our GitHub you can find a ton of useful up-to-date samples in the following repos:

As always, you can see the Changelog below to see the full rundown on what’s new in Core, and details of other improvements and bug fixes for this release.

Java

• https://github.com/itext/itext-publications-examples-java
• https://github.com/itext/itext-publications-book-java
• https://github.com/itext/itext-publications-signing-examples-java
• https://github.com/itext/itext-publications-signatures-java
• https://github.com/itext/itext-publications-highlevel-java
• https://github.com/itext/itext-publications-jumpstart-java

.NET

• https://github.com/itext/itext-publications-samples-dotnet

NOTE: If you want to create ZUGFeRD/Factur-X-e-invoices with iText Core, we have both Java and .NET code samples available targeting the current ZUGFeRD/Factur-X specification. They demonstrate how to embed the XML invoice data and add the metadata required for conformance.

Bear in mind that our master branch contains samples for the current stable release, while the default develop branch is for the bleeding edge commits towards the next release.

... (truncated)

Commits

• 678f4a6 [RELEASE] iText 9.2.0
• f8b8895 [RELEASE] 9.2.0
• aea7e82 Support Replacements and alternatives rules for UA-2
• a921c5a Make lower/upper casing locale independent
• 4de65ce Set contents entry for signature field created in PdfSigner when alternative ...
• bfdd38e Support Character encodings related rules in UA-2
• eb025ca Autoport fixes
• 6e0c368 Deprecate iharder implementation of Base64 in favor JDK implementation
• f9386ff Fix flex cross size calculations for blocks
• 4099ad7 Deprecate Pair<> class and remove all of its usages
• Additional commits viewable in compare view

Updates com.itextpdf:cleanup from 5.0.1 to 5.0.2

Updates org.apache.commons:commons-imaging from 1.0.0-alpha5 to 1.0.0-alpha6

Updates org.springdoc:springdoc-openapi-starter-webmvc-ui from 2.8.6 to 2.8.8

Release notes

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's releases.

v2.8.8

Full Changelog: springdoc/springdoc-openapi@v2.8.7...v2.8.8

Fixed

• #2977 - Handle projects not using kotlin-reflect #2977

springdoc-openapi v2.8.7 released!

What's Changed

Added

• #2944 - Introducing springdoc-openapi-bom project
• #2948 - Customize Servers via application.yml
• #2963 - Set default content type for problem details object to application/problem+jso
• #2971 - List of value classes in Kotlin

Changed

• Upgrade swagger-ui to v5.21.0
• Upgrade swagger-core to 2.2.30
• Upgrade spring-boot to version 3.4.5
• Upgrade spring-security-oauth2-authorization-server to version 1.4.3

Fixed

• #2947 - Unexpected warning "Appended trailing slash to static resource location"
• #2960 - NPE when customizing group's open-api without specifying any schema
• #2969 - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix
• #2964 - Cannot add custom description and example for java.time.Duration since v2.8.6
• #2972 - @​Header(schema = @​Schema(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0
• #2976, #2967 - Build Failure due to Private Inner Class.
• #2556 - Unable to determine if it is a Kotlin type

New Contributors

• @​lagoshny made their first contribution in springdoc/springdoc-openapi#2970
• @​mymx2 made their first contribution in springdoc/springdoc-openapi#2950

Full Changelog: springdoc/springdoc-openapi@v2.8.6...v2.8.7

Changelog

Sourced from org.springdoc:springdoc-openapi-starter-webmvc-ui's changelog.

[2.8.8] - 2025-05-04

Fixed

• #2977 - Handle projects not using kotlin-reflect #2977

[2.8.7] - 2025-05-04

Added

• #2944 - Introducing springdoc-openapi-bom project
• #2948 - Customize Servers via application.yml
• #2963 - Set default content type for problem details object to application/problem+jso
• #2971 - List of value classes in Kotlin

Changed

• Upgrade swagger-ui to v5.21.0
• Upgrade swagger-core to 2.2.30
• Upgrade spring-boot to version 3.4.5
• Upgrade spring-security-oauth2-authorization-server to version 1.4.3

Fixed

• #2947 - Unexpected warning "Appended trailing slash to static resource location"
• #2960 - NPE when customizing group's open-api without specifying any schema
• #2969 - fix path to register resource handler to work SwaggerIndexPageTransformer considering /webjar path prefix
• #2964 - Cannot add custom description and example for java.time.Duration since v2.8.6
• #2972 - @​Header(schema = @​Schema(type = "string")) generates empty or broken schema in OpenAPI output since 2.8.0
• #2976, #2967 - Build Failure due to Private Inner Class.

Commits

• bce44db [maven-release-plugin] prepare release v2.8.8
• 707fce0 Handle projects not using kotlin-reflect. Fixes #2977
• 7a3546c [maven-release-plugin] prepare for next development iteration
• 764ef2f [maven-release-plugin] prepare release v2.8.7
• 98dacbd Prepare for the next release
• 5eb7d77 pom.xml cleanup for #2944
• 9dffa3d pom.xml cleanup for #2944
• a68b42e List of value classes in Kotlin. Fixes #2971
• 95fa3bb Regression: @​Header(schema = @​Schema(type = "string")) generates empty or bro...
• 3d056d8 Build Failure due to Private Inner Class. Fixes #2976, #2967
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-core from 3.7.5 to 3.7.6

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.7.6

Reactor Core 3.7.6 is part of 2024.0.6 Release Train.

What's Changed

✨ New features and improvements

• Bump byteBuddyVersion from 1.17.2 to 1.17.5 by @​dependabot in reactor/reactor-core#4018
• Depend on Micrometer 1.14.7 by @​chemicL in 90909e5010215daca84433d5679eb7705276c3d7
• Depend on Micrometer Tracing 1.4.6 by @​chemicL in 90909e5010215daca84433d5679eb7705276c3d7

Full Changelog: reactor/reactor-core@v3.7.5...v3.7.6

Commits

• 90909e5 [release] Prepare and release 3.7.6
• bca63aa Merge-ignore release 3.6.17 into 3.7.6
• 264d689 [release] Next development version 3.6.18-SNAPSHOT
• 220fb6e [release] Prepare and release 3.6.17
• 4ae9adf Merge #4018 into 3.7.6
• c212a95 Bump byteBuddyVersion from 1.17.2 to 1.17.5 (#4018)
• b6e024d Merge #4021 into 3.7.6
• 945d52c Bump org.junit:junit-bom from 5.12.0 to 5.12.2 (#4021)
• 905295d Merge #4022 into 3.7.6
• 0531066 Bump actions/setup-java from 4.7.0 to 4.7.1 in /.github/workflows (#4022)
• Additional commits viewable in compare view

Updates org.eclipse.jgit:org.eclipse.jgit from 7.2.0.202503040940-r to 7.2.1.202505142326-r

Commits

• c212ced JGit v7.2.1.202505142326-r
• c6fc360 AmazonS3: Do not accept DOCTYPE and entities
• dab4f52 ManifestParser: Do not accept DOCTYPE and entities
• 46a6378 Fix package name of spring boot JarLauncher class in jgit.sh
• 79736e4 Prepare 7.2.1-SNAPSHOT builds
• See full diff in compare view

Updates org.webjars:jquery from 1.12.4 to 3.7.1

Commits

• af37ef2 [maven-release-plugin] prepare release jquery-3.7.1
• 8e97422 [maven-release-plugin] prepare for next development iteration
• 49d57c9 [maven-release-plugin] prepare release jquery-3.7.0
• 6485756 bump to 3.7.0 - fixes #177
• 7c10b2c [maven-release-plugin] prepare for next development iteration
• d26a605 [maven-release-plugin] prepare release jquery-3.6.4
• 5a9bc2a [maven-release-plugin] prepare for next development iteration
• a2482fb [maven-release-plugin] prepare release jquery-3.6.3
• b50d92d [maven-release-plugin] prepare for next development iteration
• fa3077d [maven-release-plugin] prepare release jquery-3.6.2
• Additional commits viewable in compare view

Updates org.webjars:bootstrap from 3.3.7-1 to 5.3.5

Commits

• 9e766f8 [maven-release-plugin] prepare release bootstrap-5.3.5
• 5fe871c bump to 5.3.5 - fixes #188
• 6a12822 [maven-release-plugin] prepare for next development iteration
• 42c06f4 [maven-release-plugin] prepare release bootstrap-5.3.3
• 514b36a [maven-release-plugin] prepare for next development iteration
• c9d4100 [maven-release-plugin] prepare release bootstrap-5.3.2
• 532bab6 [maven-release-plugin] prepare for next development iteration
• f277e83 [maven-release-plugin] prepare release bootstrap-5.3.1
• f131846 bump plugins
• 21c5464 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.webjars.bower:bootstrap from 4.1.1 to 5.3.3

Release notes

Sourced from org.webjars.bower:bootstrap's releases.

v5.3.3

Highlights

• Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
• Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

Color modes

• Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
• Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
• Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

Miscellaneous

• Allowed <dl>, <dt> and <dd> in the sanitizer.
• Dropped evenly items distribution for modal and offcanvas headers.
• Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
• Fixed the focus box-shadow for the validation stated form controls.
• Fixed the focus ring on focused checked buttons.
• Fixed the product example mobile navbar toggler.
• Changed the RTL processing of carousel control icons.

---

🎨 CSS

• #37508: Use child combinators to avoid inheriting parent accordion's flush styles
• #38719: Fix focus box-shadow for validation stated form-controls
• #38884: fix border-radius on radio-switch
• #39294: Tests: update navbar in visual modal test
• #39373: refactor css: modal and offcanvas header spacing
• #39380: Fix Sass compilation breaking change in v5.3
• #39387: docs: fix typo
• #39411: Optimize the accordion icon
• #39497: Fix a typo
• #39536: Changed RTL processing of carousel control icons
• #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
• #39595: CSS: Fix the focus ring on focused checked buttons

☕️ JavaScript

• #39201: Selector Engine: fix multiple IDs
• #39224: Fix edge case in color-mode.js
• #39376: Allow dl, dt and dd in sanitizer

📖 Docs

• #39200: Typo Fix
• #39214: Doc: use .text-bg-{color} for all badges
• #39246: Docs: fix for example code blocks have unnecessary 30px right-margin

... (truncated)

Commits

• 6e1f75f Release v5.3.3 (#39524)
• 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
• 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
• c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
• c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
• 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
• 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
• 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
• 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
• f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
• Additional commits viewable in compare view

Updates org.webjars.bower:moment from 2.29.3 to 2.29.4

Changelog

Sourced from org.webjars.bower:moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• See full diff in compare view

Updates org.webjars.npm:angular from 1.8.2 to 1.8.3

Changelog

Sourced from org.webjars.npm:angular's changelog.

1.8.3 ultimate-farewell (2022-04-07)

One final release of AngularJS in order to update package README files on npm.

Commits

• cf16b24 docs(changelog): add release notes for 1.8.3
• 757d56e docs(*): update end-of-life messages (#17177)
• f362437 docs(eol): add EOL options text and link to template header used in every page
• fb04e42 test(Angular): fix angularInit() tests on Safari v15+
• 6a52c4f test(input): fix tests on Firefox v93+
• ed30c4d docs(README.md): add wiki link to MVC
• 4032655 chore(deps): bump js-yaml from 3.5.5 to 3.14.1
• 47f8c65 chore(deps): bump normalize-url from 4.5.0 to 4.5.1
• 56b0ee3 chore(e2e): run tests against Chrome 91 on macOS Catalina
• 58cd897 chore(e2e): run tests against Firefox 85 on macOS Catalina
• Additional commits viewable in compare view

Updates org.webjars.bower:ace-builds from 1.3.1 to 1.15.2

Release notes

Sourced from org.webjars.bower:ace-builds's releases.

v1.5.0

1.5.0 (2022-05-12)

Features

• Added ability to configure certain format options for beautify extension (20275de)

Bug Fixes

• snippets tooltip display more friendly (b78d772)
• Render bidirectional unicode characters as control characters (#4693) (4d2ecf0)

New Contributors

• @​MasterOdin made their first contribution in ajaxorg/ace#4631
• @​jpschorr made their first contribution in ajaxorg/ace#4630
• @​hv15 made their first contribution in ajaxorg/ace#4625
• @​Zeng-J made their first contribution in ajaxorg/ace#4669

Full Changelog: ajaxorg/ace@v1.4.14...v1.5.0

Changelog

Sourced from org.webjars.bower:ace-builds's changelog.

1.15.2 (2023-02-16)

1.15.1 (2023-02-13)

Bug FixesDescription has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.