Bump net.sf.jasperreports:jasperreports from 6.20.6 to 7.0.7

[dependabot]

Bumps net.sf.jasperreports:jasperreports from 6.20.6 to 7.0.7.

Release notes

Sourced from net.sf.jasperreports:jasperreports's releases.

JasperReports 7.0.7

• add deserialization class filter to fix the CVE-2026-6009 security vulnerability;

• introduce URL whitelist filter for controlling repository resources access;

• new keepTogether flag for crosstab row groups;

• various fixes made to the PDF exporter to better support the PDF/UA (accessibility) and PDF/A (archiving) standards;

• new OSGi and Spring Boot samples;

• support for versioning in the Jackson JRXML writer;

• various dependencies upgrades including: Spring 6.2.18, Jackson 2.18.6, Bouncy Castle 1.84, Jetty 12.0.35 and Apache Log4J 2.25.4;

• minor bug fixes and improvements;

JasperReports 7.0.6

• introducing an official JasperReports Maven Plugin for compiling, decompiling and updating report design files (groupId: net.sf.jasperreports, artifactId: jasperreports-maven-plugin);

• improved performance of the Ant tasks for compiling, decompiling and updating report design files by implementing multi-threading support;

• various dependencies upgrades including: Apache Commons Lang 3.20.0, Rhino 1.8.1, ICU4J 78.2 and Apache Log4J 2.25.3;

• minor bug fixes and improvements;

JasperReports 7.0.5

• support for proportional table column resize using negative weight values convention;

• minor bug fixes and improvements;

JasperReports 7.0.4

• add deserialization class filter to fix the CVE-2025-10492 security vulnerability;

• new net.sf.jasperreports.export.docx.size.page.to.content export configuration property added to support variable DOCX page size;

• minor bug fixes and improvements;

JasperReports 7.0.3

• minor bug fixes and improvements;

JasperReports 7.0.2

• added support for horizontalPosition and shrinkWidth properties to table component and weight property to table columns to better control table resize behavior when table columns are hidden or resized.

... (truncated)

Changelog

Sourced from net.sf.jasperreports:jasperreports's changelog.

JasperReports 7.0.7 (2026-05-30)

• add deserialization class filter to fix the CVE-2026-6009 security vulnerability;

• introduce URL whitelist filter for controlling repository resources access;

• new keepTogether flag for crosstab row groups;

• various fixes made to the PDF exporter to better support the PDF/UA (accessibility) and PDF/A (archiving) standards;

• new OSGi and Spring Boot samples;

• support for versioning in the Jackson JRXML writer;

• various dependencies upgrades including: Spring 6.2.18, Jackson 2.18.6, Bouncy Castle 1.84, Jetty 12.0.35 and Apache Log4J 2.25.4;

• minor bug fixes and improvements;

JasperReports 7.0.6 (2026-03-13)

• introducing an official JasperReports Maven Plugin for compiling, decompiling and updating report design files (groupId: net.sf.jasperreports, artifactId: jasperreports-maven-plugin);

• improved performance of the Ant tasks for compiling, decompiling and updating report design files by implementing multi-threading support;

• various dependencies upgrades including: Apache Commons Lang 3.20.0, Rhino 1.8.1, ICU4J 78.2 and Apache Log4J 2.25.3;

• minor bug fixes and improvements;

JasperReports 7.0.5 (2026-02-27)

• support for proportional table column resize using negative weight values convention;

... (truncated)

Commits

• 072738a eula and version update
• 9e373de check file repository root for output stream
• 0e2fb70 changes.txt update
• 5b02656 check root folder in HTML resource handler
• 9751ee0 check repository root on context resolve
• 9ff7da8 version update
• f90c29b Merge branch 'release-7.0.7-JSSEC-167' into 'release-7.0.7'
• ea320a1 add whitelist classes for virtualized JasperPrint
• d1945b4 maven plugin api upgrade
• 728f395 build number plugin config
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)