Stability checkpoint — dependency freshness sweep (18 build/lib bumps) - chore(deps): freshness sweep — 18 build/lib property bumps - docs(tasks): record upstream GitLab bug #605371 for compat-schedule - docs(tasks): compat-schedule 0-job confirmed GitLab bug CI : - OK Main pipeline #1186 green — https://gitlab.com/iris-7/iris-service-java/-/pipelines/2665135999 Covers compat matrix (SB3/SB4 x Java 17/21), integration-test, owasp-dependency-check, build-jar, build-native, terraform-plan + terraform-apply (GKE deploy), smoke-test. All green. - OK Pre-merge MR !321 pipeline #1184 green — https://gitlab.com/iris-7/iris-service-java/-/merge_requests/321 - OK owasp-dependency-check : green post-bump — no CVE introduced by the 18 updates. Local test pass : - SKIP ./mvnw verify — N/A : the full compat matrix + integration already ran green in main pipeline #1186 ; re-running locally would only duplicate CI for a deps-only, in-range property change. - SKIP bin/dev/stability-check.sh — N/A : deps-only rev, no source / arch / root hygiene change to re-audit. Regression check vs stable-v1.2.25 : - OK No known limitation regressed ; the bumps are in-range property updates only. - SKIP N/A — no AI / MCP change this rev. - owasp-dependency-check green post-bump — the 18 property updates introduce no new CVE. - SKIP N/A — deps maintenance only, no domain / endpoint change. - terraform-plan + terraform-apply ran green in #1186 — the GKE deploy path is exercised end-to-end at this checkpoint. - SKIP N/A — no observability change this rev. - 18 build/lib property bumps keep the dependency tree fresh ; full unit + integration suite green in CI. - Compat matrix SB3/SB4 x Java 17/21 green on main ; no pipeline definition change. - SKIP N/A — no architectural / ADR change. - SKIP N/A — backend repo. - Freshness sweep reduces upgrade debt ahead of the next feature wave. - compat-schedule scheduled pipeline runs 0 jobs — confirmed UPSTREAM GitLab bug #605371 (not our config). Tracked in TASKS.md ; recheck when GitLab ships a fix. - Next functional feature wave, or a major-version dependency bump that requires code changes (held out of this in-range sweep).