Bump the maven group across 1 directory with 2 updates

[dependabot]

Bumps the maven group with 2 updates in the /eap-dependencies directory: com.xuxueli:xxl-job-core and org.apache.tika:tika-core.

Updates com.xuxueli:xxl-job-core from 2.4.2 to 3.2.0

Release notes

Sourced from com.xuxueli:xxl-job-core's releases.

XXL-JOB v3.2.0 | 分布式任务调度平台

• 1、【强化】AI任务（ollamaJobHandler）优化：针对 “model” 模型配置信息，从执行器侧文件类配置调整至调度中心“任务参数”动态配置，支持集成多模型、并结合任务动态配置切换。
• 2、【安全】登录认证重构：密码加密算法从Md5改为Sha256；登录态改为登录后动态随机生成；提升系统安全性；（需要针对用户表进行字段调整，同时需要重新初始化密码信息；相关SQL脚本如下）

// 1、用户表password字段需要调整长度，执行如下命令
ALTER TABLE xxl_job_user
    MODIFY COLUMN `password` varchar(100) NOT NULL COMMENT '密码加密信息';
ALTER TABLE xxl_job_user
    ADD COLUMN `token` varchar(100) DEFAULT NULL COMMENT '登录token';
// 2、存量用户密码需要修改，可执行如下命令将密码初始化 “123456”；也可以自行通过 “SHA256Tool.sha256” 工具生成其他初始化密码；

UPDATE xxl_job_user t SET t.password = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92' WHERE t.username = {用户名};

• 3、【强化】GLUE模式(Python) 扩展，支持 "GLUE(Python3)" 与 "GLUE(Python2)" 两种模式，分别支持 python3/2 多版本；
• 4、【强化】调度中心系统日志调整，支持启动时指定 -DLOG_HOME 参数自定义日志位置；同时优化日志格式提升易读性；
• 5、【优化】任务Bean扫描规则调整，过滤冗余不必要扫描，避免系统组件提前初始化；
• 6、【优化】登录信息页面空值处理优化，避免空值影响ftl渲染；
• 7、【优化】异常页面处理逻辑优化，新增兜底落地页配置；
• 8、【重构】ReturnT 重构，简化代码结构，提升API易用性以及可维护性；
• 9、【重构】项目结构重构，提升可维护性与易读性；
• 10、【修复】漏洞修复（CVE-2025-7787），针对 httpJobHandler 支持配置URL白名单限制，防止服务器端请求伪造（SSRF）攻击。
• 11、【修复】合并PR-3738，修复拼写问题；
• 12、【修复】合并PR-3506，修复小概率情况下任务重复调度问题；
• 13、【修复】合并PR-3747，修复异常情况下资源泄漏风险；
• 14、【修复】IDOR越权问题修复，提升任务操作及日志管理安全性；
• 15、【升级】升级多项maven依赖至较新版本，如 netty、groovy、mybatis、spring、spring-ai、dify 等；

XXL-JOB v3.1.1 | 分布式任务调度平台

• 1、【调整】AI任务（difyWorkflowJobHandler）优化：针对 “baseUrl、apiKey” 等Dify配置信息，从执行器侧文件类配置调整至调度中心“任务参数”动态配置，支持多Dify应用集成并提升研发效率；
• 2、【优化】合并PR-2417，修复任务管理时JobHandler录入空格问题；
• 3、【优化】合并PR-2504，规避SQL注入问题；
• 4、【升级】多个项目依赖升级至较新稳定版本，涉及 netty、spring/springboot、groovy 等；

XXL-JOB v3.1.0 | 分布式任务调度平台

• 1、【新增】新增提供 “AI执行器” 并内置多个Bean模式 AI任务Handler，与spring-ai、ollama、dify等集成打通，支持快速开发AI类任务。
  • AppName：xxl-job-executor-sample-ai
  • 执行器代码：xxl-job-executor-sample-springboot-ai
  • 执行器初始化脚本：执行参考SQL脚本，或自行人工创建：

    INSERT INTO `xxl_job_group`(`app_name`, `title`, `address_type`, `address_list`, `update_time`)
        VALUES ('xxl-job-executor-sample-ai', 'AI执行器Sample', 0, NULL, now());
    

• 2、【新增】新增多个 Bean模式 AI任务Handler，如 ollamaJobHandler、difyWorkflowJobHandler 等，支持快速集成开发AI任务。任务配置可参考 AI执行器
  • a、ollamaJobHandler： OllamaChat任务，支持自定义prompt、input等输入信息。
  • b、difyWorkflowJobHandler：DifyWorkflow 任务，支持自定义inputs、user等输入信息。
• 3、【修复】合并PR-3708、PR-3704，解决固定速度调度模式下，下次计算执行时间小概率（间隔超长时）不准问题。
• 4、【修复】任务操作逻辑优化，修复边界情况下逻辑中断问题 (ISSUE-2081)。
• 5、【修复】调度中心Cron前端组件优化，解决week配置与后端兼容性问题 (ISSUE-2220)。
• 6、【修复】任务RollingLog权限逻辑调整：修复非管理员账号越权访问问题 (ISSUE-3705)。
• 7、【优化】Glue IDE调整，版本回溯支持查看修改时间；

... (truncated)

Commits

• 57b181b update doc
• ed0d65a refactor(xxl-job-admin):重构管理员界面代码
• c5d514b refactor(xxl-job-admin):优化代码结构和逻辑
• 6fa7237 refactor(xxl-job): 重构错误处理和权限验证逻辑
• be44018 refactor(xxl-job): 重构页面模板结构
• 8c6f022 refactor(xxl-job): 重构页面模板结构
• 8ae13cf refactor(xxl-job): 重构页面模板结构
• bfe7687 refactor(admin): 重构管理员界面并优化用户体验
• d71e69a refactor(xxl-job): 优化日志页面 JobGroup 和 JobId 的处理逻辑
• 5429455 【修复】IDOR越权问题修复，提升任务操作及日志管理安全性；
• Additional commits viewable in compare view

Updates org.apache.tika:tika-core from 3.1.0 to 3.2.2

Changelog

Sourced from org.apache.tika:tika-core's changelog.

Release 4.0.0-BETA1 - ???

BREAKING CHANGES

• Moved towards default json based configuration (TIKA-4544 and many others).

• tika-pipes implementation modules have been reorganized by resource (tika-pipes-solr) vs task (tika-pipes-fetcher-solr) (TIKA-4543). Note that the file-system pipes components have been taken out of tika-pipes-core and placed in their own pf4j module: tika-pipes-file-system.

• tika-pipes implementation modules are now pf4j plugins (TIKA-4519).

• tika-pipes core classes have been moved to a new module: tika-pipes-core, and the FileSystem pipes components have moved (TIKA-4334).

• MetadataListFilter has been renamed MetadataFilter, and MetadataFilter has been removed (TIKA-4546).

• Removed several modules, including: tika-batch (TIKA-4333), snaps deployment (TIKA-4502), dotnet (TIKA-4332), advanced media module (TIKA-4500), tika-dl module (TIKA-4499), tika-fuzzing module (TIKA-4506).

• Headers are no longer injected into the body/content of MSG files (TIKA-4345). Please open a ticket if you need this behavior across email formats.

• API changes in the EmbeddedStreamTranslator (TIKA-4518).

OTHER CHANGES

• Fix concurrency bug in TikaToXMP (TIKA-4393)

Release 3.3.0 - ???

• Add detection of compressed bmp (TIKA-4511).

• Allow per file timeouts in tika-pipes (TIKA-4497).

• Add matroska detector (TIKA-1180).

• Allow multiple values for many Dublin Core keys (TIKA-4466).

• Extract macros by default in tika-app's commandline and gui (TIKA-4472).

• Improve extraction of Javascript from PDFs (TIKA-4465).

Release 3.2.3 - ???

• Allow backwards compatibility with versions of commons-compress before 1.28.0 (TIKA-4469).

... (truncated)

Commits

• c5c9d00 [maven-release-plugin] prepare release 3.2.2-rc1
• 5d87ef3 update CHANGES.txt for 3.2.2 rc1
• a608cc2 further improvements
• 948c753 TIKA-4455: update microsoft-graph, aws, nimbus
• 0f78344 TIKA-4455: update microsoft-graph
• 94acef2 Improve configuration of xmlinputfactory (#2294)
• 0c89f4b Simplify path naming
• 0b889d1 TIKA-4455: update commons-cli
• d20be6c TIKA-4455: replace deprecated
• 8b580d8 TIKA-4455: remove json-smart exclusion, no longer needed
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}