Merge branch 'master' into 25w06a

.github/dependabot.yml

@@ -1,17 +1,18 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
+# Dependabot version updates, see:
 # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
 
 version: 2
 updates:
-  - package-ecosystem: "gradle"
-    directory: "/"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "github-actions"
-    # Directory should be `/` instead of `/.github/workflows` according to the docs.
-    directory: "/"
-    schedule:
-      interval: "daily"
+- package-ecosystem: "gradle"
+  directory: "/"
+  schedule:
+    interval: "daily"
+    time: "06:00"
+    timezone: "Europe/Berlin"
+- package-ecosystem: "github-actions"
+  # Directory should be `/` instead of `/.github/workflows` according to the docs.
+  directory: "/"
+  schedule:
+    interval: "daily"
+    time: "06:00"
+    timezone: "Europe/Berlin"

build.gradle

@@ -1,6 +1,6 @@
 buildscript {
 	dependencies {
-		classpath "org.kohsuke:github-api:1.326"
+		classpath "org.kohsuke:github-api:1.327"
 	}
 }
 
@@ -27,6 +27,16 @@ repositories {
 	// for more information about repositories.
 }
 
+// Override vulnerable dependencies until Minecraft updates to newer versions
+configurations.all {
+	resolutionStrategy {
+		// v2.5.1, used by Minecraft 1.21.4 - 1.21.5, is vulnerable to CVE-2024-57699
+		force "net.minidev:json-smart:2.5.2"
+		// v1.115.Final, used by Minecraft 1.21.4 - 1.21.5, is vulnerable to CVE-2025-24970
+		force "io.netty:netty-handler:4.1.118.Final"
+	}
+}
+
 dependencies {
 	// To change the versions see the gradle.properties file
 	minecraft "com.mojang:minecraft:${project.minecraft_version}"