Bump the prod-deps group across 1 directory with 3 updates

[dependabot]

Bumps the prod-deps group with 3 updates in the / directory: io.quarkus.platform:quarkus-bom, io.quarkus.platform:quarkus-maven-plugin and org.apache.sshd:sshd-core.

Updates io.quarkus.platform:quarkus-bom from 3.35.1 to 3.36.0

Commits

• e34692d [maven-release-plugin] prepare release 3.36.0
• a9ac7f2 Merge pull request #1984 from quarkusio/dependabot/maven/quarkus-platform-bom...
• ced7b09 Bump quarkus-platform-bom-generator.version from 0.0.130 to 0.0.131
• 262a3f0 Merge pull request #1971 from quarkusio/update-automation/main-operatorsdk-7.7.5
• d90018e Merge pull request #1983 from zbendhiba/cq-3.36.0
• 39a1de6 Upgrade to Camel Quarkus 3.36.0
• 37de437 Merge pull request #1977 from gsmet/quarkus-3.36.0
• f683e9e Merge pull request #1975 from jmartisk/claude-md-version-overrides
• 63728a8 Upgrade to Quarkus 3.36.0
• b1ff02b Enhance CLAUDE.md with instructions how to override dependency versions
• Additional commits viewable in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.35.1 to 3.36.0

Commits

• e34692d [maven-release-plugin] prepare release 3.36.0
• a9ac7f2 Merge pull request #1984 from quarkusio/dependabot/maven/quarkus-platform-bom...
• ced7b09 Bump quarkus-platform-bom-generator.version from 0.0.130 to 0.0.131
• 262a3f0 Merge pull request #1971 from quarkusio/update-automation/main-operatorsdk-7.7.5
• d90018e Merge pull request #1983 from zbendhiba/cq-3.36.0
• 39a1de6 Upgrade to Camel Quarkus 3.36.0
• 37de437 Merge pull request #1977 from gsmet/quarkus-3.36.0
• f683e9e Merge pull request #1975 from jmartisk/claude-md-version-overrides
• 63728a8 Upgrade to Quarkus 3.36.0
• b1ff02b Enhance CLAUDE.md with instructions how to override dependency versions
• Additional commits viewable in compare view

Updates org.apache.sshd:sshd-core from 2.17.1 to 2.18.0

Release notes

Sourced from org.apache.sshd:sshd-core's releases.

Apache MINA SSHD 2.18.0

Bug Fixes

• GH-743 Ensure the Java ServiceLoader use a singleton SftpFileSystemProvider
• GH-879 Close SSH channel gracefully on exception in port forwarding
• Security: Improve handling of repository paths in sshd-git. Resolves CVE-2026-48827, announced 2026-05-30.

New Features

• GH-892 Align handling certificates without principals with OpenSSH 10.3

Wildcard principals in host certificates are handled now.

• Putty keys with non-ASCII passphrases

The passphrase needs to be converted to a byte sequence to compute a decryption key for an encrypted private key. This conversion depends on the character encoding. Putty on Windows uses the ANSI codepage set when the key was generated. Apache MINA SSHD now tries multiple encodings in sequence: UTF-8, then the OS encoding, and finally ISO-8859-1 as a last-chance fallback.

Potential Compatibility Issues

• GH-892 Align handling certificates without principals with OpenSSH 10.3

OpenSSH 10.3 changed the way such certificates are handled; see the OpenSSH 10.3 release notes. In Apache MINA SSHD, there is a new flag CoreModuleProperties.ALLOW_EMPTY_CERTIFICATE_PRINCIPALS (by default false) that can be set on an SshClient or SshServer or also on a Session directly. If the value is false, certificates without principals are rejected as in OpenSSH 10.3; if it is true, such certificates are considered to match any user or host name as in OpenSSH < 10.3.

Set the flag on an SshClient or ClientSession to determine the handling of host certificates. Set it on an SshServer or ServerSession to govern the handling of user certificates.

Changelog

Sourced from org.apache.sshd:sshd-core's changelog.

Previous Versions

• Version 2.1.0 to 2.2.0
• Version 2.2.0 to 2.3.0
• Version 2.3.0 to 2.4.0
• Version 2.4.0 to 2.5.0
• Version 2.5.0 to 2.5.1
• Version 2.5.1 to 2.6.0
• Version 2.6.0 to 2.7.0
• Version 2.7.0 to 2.8.0
• Version 2.8.0 to 2.9.0
• Version 2.9.0 to 2.9.1
• Version 2.9.1 to 2.9.2
• Version 2.9.2 to 2.10.0
• Version 2.10.0 to 2.11.0
• Version 2.11.0 to 2.12.0
• Version 2.12.0 to 2.12.1
• Version 2.12.1 to 2.13.0
• Version 2.13.0 to 2.13.1
• Version 2.13.1 to 2.13.2
• Version 2.13.2 to 2.14.0
• Version 2.14.0 to 2.15.0
• Version 2.15.0 to 2.16.0
• Version 2.16.0 to 2.17.0
• Version 2.17.0 to 2.17.1

Latest Version

• Version 2.17.1 to 2.18.0

Planned for Next Version

Bug Fixes

New Features

Potential Compatibility Issues

Major Code Re-factoring

Commits

• c2d7b7a [maven-release-plugin] prepare release sshd-2.18.0
• 084cee8 Prepare release documentation
• db0567b Improve git access
• 1285419 GH-743: Use a singleton SftpFileSystemProvider for the ServiceLoader
• 4e820c9 Add test cases to AuthorizedKeysCertificateTest
• a85a3b1 Better handling of Putty keys with non-ASCII passphrases
• 6c215e8 Bump BCFIPS bundles used in a test
• 9def203 Fix annotation to ignore an unstable test
• a0ef7a5 Host certificates: check both public keys for not being revoked
• b11c159 GH-892: Host certificate principals may contain wildcards
• Additional commits viewable in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.35.1 to 3.36.0

Commits

• e34692d [maven-release-plugin] prepare release 3.36.0
• a9ac7f2 Merge pull request #1984 from quarkusio/dependabot/maven/quarkus-platform-bom...
• ced7b09 Bump quarkus-platform-bom-generator.version from 0.0.130 to 0.0.131
• 262a3f0 Merge pull request #1971 from quarkusio/update-automation/main-operatorsdk-7.7.5
• d90018e Merge pull request #1983 from zbendhiba/cq-3.36.0
• 39a1de6 Upgrade to Camel Quarkus 3.36.0
• 37de437 Merge pull request #1977 from gsmet/quarkus-3.36.0
• f683e9e Merge pull request #1975 from jmartisk/claude-md-version-overrides
• 63728a8 Upgrade to Quarkus 3.36.0
• b1ff02b Enhance CLAUDE.md with instructions how to override dependency versions
• Additional commits viewable in compare view

[martinvisser]

@dependabot recreate

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud