Skip to content

Bump net.bytebuddy:byte-buddy-agent from 1.17.8 to 1.18.11#1448

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/net.bytebuddy-byte-buddy-agent-1.18.11
Open

Bump net.bytebuddy:byte-buddy-agent from 1.17.8 to 1.18.11#1448
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/net.bytebuddy-byte-buddy-agent-1.18.11

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps net.bytebuddy:byte-buddy-agent from 1.17.8 to 1.18.11.

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

Byte Buddy 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

Byte Buddy 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

Byte Buddy 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

  • Add support for new build description in Android 9.

Byte Buddy 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

Byte Buddy 1.18.2

  • Support modifiers for value classes in Valhalla builds.
  • Improve use of build cache in Gradle.

Byte Buddy 1.18.1

  • Fix generated module-info to include new package.

Byte Buddy 1.18.0

  • Add support for module-info class files and ModuleDescriptions.
  • Allow for manipulating module information using the ByteBuddy API.
Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

2. July 2026: version 1.18.11

  • Add SBOM to published artifacts.
  • Check for traversable paths injected into class files as a rather hypothetical attack vector.

3. June 2026: version 1.18.10

  • Delay change of default for unsage use to Java 26 and improve error message.

1. June 2026: version 1.18.9

  • Disable use of Unsafe by default when Java 25or newer is discovered.
  • Check for escape when creating folders in Plugin.Engine.
  • Improve OpenJ9 attachment.
  • Avoid null pointer on missing annotation types.
  • Improve diagnostics for external agent attachment.
  • Improve on Gradle context discovery.
  • Support Android libraries on AGP9 or newer.
  • Update ASM.

1. April 2026: version 1.18.8

  • Improve support for repeatable builds.
  • Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

  • Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

  • Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
  • Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

  • Add support for new build description in Android 9.

26. November 2025: version 1.18.3

  • Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
  • Add additional safety when processing class files with illegally formed parameters.
  • Update to latest ASM.

26. November 2025: version 1.18.2

... (truncated)

Commits
  • 88dd0a3 [publish] Releasing Byte Buddy 1.18.11
  • 46fcade [release] Release new version
  • 6a68de6 Prevent path traversal from crafted type names when writing class files to fo...
  • 9ba4ab6 Pin ClusterFuzzLite base image and actions by hash.
  • dd4f81e Add SBOM to build.
  • 7dd9a0d Update internal Byte Buddy and release notes
  • d6b3e15 [publish] Start next development iteration 1.18.11-SNAPSHOT
  • e85623d [publish] Releasing Byte Buddy 1.18.10
  • e3bfa68 [release] Release new version
  • 5821ccc Delay disabling of unsafe by default to Java 26 and improve on error message.
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [net.bytebuddy:byte-buddy-agent](https://github.com/raphw/byte-buddy) from 1.17.8 to 1.18.11.
- [Release notes](https://github.com/raphw/byte-buddy/releases)
- [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md)
- [Commits](raphw/byte-buddy@byte-buddy-1.17.8...byte-buddy-1.18.11)

---
updated-dependencies:
- dependency-name: net.bytebuddy:byte-buddy-agent
  dependency-version: 1.18.11
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants