chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.10#3916
Merged
vlsi merged 1 commit intopgjdbc:masterfrom Jan 19, 2026
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.9.9→2.9.10Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
playframework/playframework (com.typesafe.play:sbt-plugin)
v2.9.10: Play 2.9.10Compare Source
We are pleased to announce the release of Play 2.9.10! 🎉
📗 About this Release
This release fixes several bugs and addresses reported security vulnerabilities (CVEs) and - as always - updates dependencies. We strongly recommend upgrading at your earliest convenience.
If you're considering upgrading to Play 2.9, please check the Play 2.9 release announcement for highlights and further details on how to migrate. Many projects have already smoothly upgraded to Play 2.9.
Noteworthy Pull Request
We now limit the maximum allowed nesting depth of JSON structures (arrays, objects, or a mix of both) to 1000.
This limit can be adjusted using the system property
play.json.parser.maxNestingDepth.We assume a depth of 1000 should be more than sufficient for virtually all real-world use cases.
This change helps prevent both potential
OutOfMemoryErrors andStackOverflowErrors.The latter, however, is not a concern for Play JSON, since it already uses a @tailrec-optimized parsing method.
As a result, Play JSON is not affected by GHSA-h46c-h94j-95f3, which specifically addresses StackOverflowError risks.
This improvement is simply an additional safety measure.
ch.qos.logback:logback-coreto fix CVE-2025-11226 (see "Patch updates" below)Following pull requests got merged for this release:
For more details see the full list of changes and the 2.9.10 milestone.
❤️ Thanks to our premium sponsors!
If you find this OSS project useful for work, please consider asking your company to support it by becoming a sponsor.
You can also individually sponsor the project by becoming a backer.
🙇 Thanks to our contributors
Finally, thanks to the community for their help with detailed bug reports, discussions about new features and pull request reviews. This project is only possible due to the help we had from amazing contributors.
Special thanks to all code contributors who helped with this particular release (they are listed below)!
Configuration
📅 Schedule: Branch creation - "every 3 weeks on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.