From a225430d27b010ec8b0b56ae98d7ebfe19053426 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 19:18:44 +0000
Subject: [PATCH 01/12] build(deps-dev): bump
 nl.jqno.equalsverifier:equalsverifier

Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.15.2 to 3.15.4.
- [Release notes](https://github.com/jqno/equalsverifier/releases)
- [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.15.2...equalsverifier-3.15.4)

---
updated-dependencies:
- dependency-name: nl.jqno.equalsverifier:equalsverifier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-google-bigquery/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/athena-google-bigquery/pom.xml b/athena-google-bigquery/pom.xml
index a05a962ac3..cc3d4b00eb 100644
--- a/athena-google-bigquery/pom.xml
+++ b/athena-google-bigquery/pom.xml
@@ -75,7 +75,7 @@
         <dependency>
             <groupId>nl.jqno.equalsverifier</groupId>
             <artifactId>equalsverifier</artifactId>
-            <version>3.15.2</version>
+            <version>3.15.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From 14458bd617b79c7b3563b68031b590ad145e17d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 20:36:34 +0000
Subject: [PATCH 02/12] build(deps): bump io.lettuce:lettuce-core

Bumps [io.lettuce:lettuce-core](https://github.com/lettuce-io/lettuce-core) from 6.2.6.RELEASE to 6.3.0.RELEASE.
- [Release notes](https://github.com/lettuce-io/lettuce-core/releases)
- [Changelog](https://github.com/lettuce-io/lettuce-core/blob/main/RELEASE-NOTES.md)
- [Commits](https://github.com/lettuce-io/lettuce-core/compare/6.2.6.RELEASE...6.3.0.RELEASE)

---
updated-dependencies:
- dependency-name: io.lettuce:lettuce-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-redis/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/athena-redis/pom.xml b/athena-redis/pom.xml
index 2683a1f7c0..7e738cede8 100644
--- a/athena-redis/pom.xml
+++ b/athena-redis/pom.xml
@@ -106,7 +106,7 @@
         <dependency>
             <groupId>io.lettuce</groupId>
             <artifactId>lettuce-core</artifactId>
-            <version>6.2.6.RELEASE</version>
+            <version>6.3.0.RELEASE</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>

From a47a41f9b6395f8497d55cca4c8d2d1db584b419 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 20:36:36 +0000
Subject: [PATCH 03/12] build(deps): bump org.junit:junit-bom from 5.10.0 to
 5.10.1

Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.10.0 to 5.10.1.
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.0...r5.10.1)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index acbeb315b6..7d71c4c4eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,7 +51,7 @@
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>
-                <version>5.10.0</version>
+                <version>5.10.1</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

From 3f3589509071a81c6216283230fefd3501e15191 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 20:36:37 +0000
Subject: [PATCH 04/12] build(deps): bump
 com.github.spotbugs:spotbugs-annotations

Bumps [com.github.spotbugs:spotbugs-annotations](https://github.com/spotbugs/spotbugs) from 4.8.0 to 4.8.2.
- [Release notes](https://github.com/spotbugs/spotbugs/releases)
- [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spotbugs/spotbugs/compare/4.8.0...4.8.2)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-annotations
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-cloudera-impala/pom.xml | 2 +-
 athena-jdbc/pom.xml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/athena-cloudera-impala/pom.xml b/athena-cloudera-impala/pom.xml
index e25d94d2ba..aa47da2b9c 100644
--- a/athena-cloudera-impala/pom.xml
+++ b/athena-cloudera-impala/pom.xml
@@ -65,7 +65,7 @@
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>
-            <version>4.8.0</version>
+            <version>4.8.2</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>
diff --git a/athena-jdbc/pom.xml b/athena-jdbc/pom.xml
index 48e0650560..b4904c8739 100644
--- a/athena-jdbc/pom.xml
+++ b/athena-jdbc/pom.xml
@@ -211,7 +211,7 @@
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>
-            <version>4.8.0</version>
+            <version>4.8.2</version>
             <scope>compile</scope>
         </dependency>
     </dependencies>

From c374a1f55f7d0359df34da6b8e0b2fe2f07a5bfc Mon Sep 17 00:00:00 2001
From: burhan94 <hamburha@amazon.com>
Date: Sat, 2 Dec 2023 15:47:14 -0500
Subject: [PATCH 05/12] Update auto-approve.yml

---
 .github/workflows/auto-approve.yml | 34 +++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
index 9fd7eccc8f..a689395973 100644
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -1,21 +1,35 @@
-name: Dependabot auto-approve
-on: pull_request
+name: Dependabot reviewer
+
+on: pull_request_target
 
 permissions:
   pull-requests: write
+  contents: write
 
 jobs:
-  dependabot:
+  review-dependabot-pr:
     runs-on: ubuntu-latest
-    if: github.actor == 'dependabot[bot]'
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
       - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.3.1
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve patch and minor updates
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Comment on major updates of non-development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major'}}
+        run: |
+          gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency**"
+          gh pr edit $PR_URL --add-label "requires-manual-qa"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

From dfe35ba9a1ed2c4eadb6f06d19e61f7be5644498 Mon Sep 17 00:00:00 2001
From: burhan94 <hamburha@amazon.com>
Date: Sat, 2 Dec 2023 15:49:03 -0500
Subject: [PATCH 06/12] Update auto-approve.yml

---
 .github/workflows/auto-approve.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
index a689395973..c96803de8c 100644
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.1
+        uses: dependabot/fetch-metadata@v1
       - name: Enable auto-merge for Dependabot PRs
         run: gh pr merge --auto --merge "$PR_URL"
         env:

From 8de9157e940991f14b247a5029c7a34415328eca Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:03:10 +0000
Subject: [PATCH 07/12] build(deps): bump net.sf.jt400:jt400 from 20.0.3 to
 20.0.6

Bumps [net.sf.jt400:jt400](https://github.com/IBM/JTOpen) from 20.0.3 to 20.0.6.
- [Release notes](https://github.com/IBM/JTOpen/releases)
- [Changelog](https://github.com/IBM/JTOpen/blob/main/changes.html)
- [Commits](https://github.com/IBM/JTOpen/compare/v20.0.3...v20.0.6)

---
updated-dependencies:
- dependency-name: net.sf.jt400:jt400
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-db2-as400/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/athena-db2-as400/pom.xml b/athena-db2-as400/pom.xml
index ab204d5b37..1135e3f580 100644
--- a/athena-db2-as400/pom.xml
+++ b/athena-db2-as400/pom.xml
@@ -31,7 +31,7 @@
         <dependency>
             <groupId>net.sf.jt400</groupId>
             <artifactId>jt400</artifactId>
-            <version>20.0.3</version>
+            <version>20.0.6</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-rds -->
         <dependency>

From b5e576b789715187fdce4ac9689658c9c5b81c26 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:04:15 +0000
Subject: [PATCH 08/12] build(deps): bump fasterxml.jackson.version from 2.15.3
 to 2.16.0

Bumps `fasterxml.jackson.version` from 2.15.3 to 2.16.0.

Updates `com.fasterxml.jackson.datatype:jackson-datatype-jsr310` from 2.15.3 to 2.16.0

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-cbor` from 2.15.3 to 2.16.0
- [Commits](https://github.com/FasterXML/jackson-dataformats-binary/compare/jackson-dataformats-binary-2.15.3...jackson-dataformats-binary-2.16.0)

Updates `com.fasterxml.jackson.core:jackson-core` from 2.15.3 to 2.16.0
- [Release notes](https://github.com/FasterXML/jackson-core/releases)
- [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.15.3...jackson-core-2.16.0)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.15.3 to 2.16.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.15.3 to 2.16.0
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.module:jackson-module-jaxb-annotations` from 2.15.3 to 2.16.0
- [Commits](https://github.com/FasterXML/jackson-modules-base/compare/jackson-modules-base-2.15.3...jackson-modules-base-2.16.0)

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.core:jackson-core
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.core:jackson-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.module:jackson-module-jaxb-annotations
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index acbeb315b6..4620fafa6d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
         <jqwik.version>1.8.1</jqwik.version>
         <assertj.version>3.24.2</assertj.version>
         <testng.version>7.8.0</testng.version>
-        <fasterxml.jackson.version>2.15.3</fasterxml.jackson.version>
+        <fasterxml.jackson.version>2.16.0</fasterxml.jackson.version>
         <surefire.failsafe.version>3.2.2</surefire.failsafe.version>
         <log4j2Version>2.21.1</log4j2Version>
         <apache.arrow.version>13.0.0</apache.arrow.version>

From ccb3f9447b7f5d0548ba91b4a68d20b83e00cb90 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:05:22 +0000
Subject: [PATCH 09/12] build(deps): bump org.apache.commons:commons-text from
 1.10.0 to 1.11.0

Bumps org.apache.commons:commons-text from 1.10.0 to 1.11.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-jdbc/pom.xml    | 2 +-
 athena-neptune/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/athena-jdbc/pom.xml b/athena-jdbc/pom.xml
index 48e0650560..1171c65ae3 100644
--- a/athena-jdbc/pom.xml
+++ b/athena-jdbc/pom.xml
@@ -112,7 +112,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-text</artifactId>
-            <version>1.10.0</version>
+            <version>1.11.0</version>
         </dependency>
         <dependency>
             <groupId>org.antlr</groupId>
diff --git a/athena-neptune/pom.xml b/athena-neptune/pom.xml
index 59fd52eabf..18a6f0ff77 100644
--- a/athena-neptune/pom.xml
+++ b/athena-neptune/pom.xml
@@ -61,7 +61,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-text</artifactId>
-            <version>1.10.0</version>
+            <version>1.11.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>

From c81ff9ea32fdad2580adb50af85219406399f9f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:06:14 +0000
Subject: [PATCH 10/12] build(deps): bump software.amazon.jsii:jsii-runtime

Bumps [software.amazon.jsii:jsii-runtime](https://github.com/aws/jsii) from 1.90.0 to 1.92.0.
- [Release notes](https://github.com/aws/jsii/releases)
- [Changelog](https://github.com/aws/jsii/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/jsii/compare/v1.90.0...v1.92.0)

---
updated-dependencies:
- dependency-name: software.amazon.jsii:jsii-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4620fafa6d..2af835f543 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,7 @@
         <aws.lambda-java-core.version>1.2.2</aws.lambda-java-core.version>
         <aws.lambda-java-log4j2.version>1.5.1</aws.lambda-java-log4j2.version>
         <aws-cdk.version>1.204.0</aws-cdk.version>
-        <jsii.version>1.90.0</jsii.version>
+        <jsii.version>1.92.0</jsii.version>
         <slf4j-log4j.version>2.0.9</slf4j-log4j.version>
         <mockito.version>4.11.0</mockito.version>
         <junit.version>4.13.2</junit.version>

From 08fe1b7f7ec86ae05b3f0afece1277470990c87f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:12:38 +0000
Subject: [PATCH 11/12] build(deps): bump com.ibm.db2:jcc from 11.5.8.0 to
 11.5.9.0

Bumps com.ibm.db2:jcc from 11.5.8.0 to 11.5.9.0.

---
updated-dependencies:
- dependency-name: com.ibm.db2:jcc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 athena-db2/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/athena-db2/pom.xml b/athena-db2/pom.xml
index 3859aae0ed..fbe105f1b7 100644
--- a/athena-db2/pom.xml
+++ b/athena-db2/pom.xml
@@ -31,7 +31,7 @@
         <dependency>
             <groupId>com.ibm.db2</groupId>
             <artifactId>jcc</artifactId>
-            <version>11.5.8.0</version>
+            <version>11.5.9.0</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-rds -->
         <dependency>

From 63f1e1fbefa7ae7fcf897905ba49410c91bfe69b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Dec 2023 21:18:22 +0000
Subject: [PATCH 12/12] build(deps): bump netty.version from 4.1.100.Final to
 4.1.101.Final

Bumps `netty.version` from 4.1.100.Final to 4.1.101.Final.

Updates `io.netty:netty-buffer` from 4.1.100.Final to 4.1.101.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.100.Final...netty-4.1.101.Final)

Updates `io.netty:netty-common` from 4.1.100.Final to 4.1.101.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.100.Final...netty-4.1.101.Final)

Updates `io.netty:netty-transport` from 4.1.100.Final to 4.1.101.Final
- [Commits](https://github.com/netty/netty/compare/netty-4.1.100.Final...netty-4.1.101.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-buffer
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-common
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: io.netty:netty-transport
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2af835f543..c0c1e9a1f9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
         <surefire.failsafe.version>3.2.2</surefire.failsafe.version>
         <log4j2Version>2.21.1</log4j2Version>
         <apache.arrow.version>13.0.0</apache.arrow.version>
-        <netty.version>4.1.100.Final</netty.version>
+        <netty.version>4.1.101.Final</netty.version>
         <guava.version>32.1.3-jre</guava.version>
         <protobuf3.version>3.24.4</protobuf3.version>
         <antlr.st4.version>4.3.4</antlr.st4.version>