ci(playwright): Disable playwright jobs (#17534)

chore(): bump default CLI version to 1.6.0 & release notes (#17525)

Co-authored-by: Cursor <cursoragent@cursor.com>

build(deps): bump jackson-core to 2.21.3 and align parquet to 1.17.1 (#…

…17507)

Co-authored-by: Cursor <cursoragent@cursor.com>

fix(deps): bump OpenTelemetry to 1.62.0 for CVE-2026-45292

Align all io.opentelemetry artifacts (including trace-propagators) to
1.62.0+, which fixes unbounded memory allocation in W3C Baggage
propagation. Exclude legacy opentelemetry-semconv from alignment and
skip copyAvroSchemas during lockfile regeneration.

Co-authored-by: Cursor <cursoragent@cursor.com>

fix(deps): bump OpenTelemetry to 1.62.0 for CVE-2026-45292

Align all io.opentelemetry artifacts (including trace-propagators) to
1.62.0+, which fixes unbounded memory allocation in W3C Baggage
propagation. Exclude legacy opentelemetry-semconv from alignment and
skip copyAvroSchemas during lockfile regeneration.

Co-authored-by: Cursor <cursoragent@cursor.com>

test(cypress): use https URLs in nested domain link tests

Scheme-less URLs are rejected by LinkUtils after #17489; use https://www.test.com so add-link mutations succeed.

Co-authored-by: Cursor <cursoragent@cursor.com>

fix(deps): exclude grpc-netty-shaded and align reactor-netty (#17504)

Backport on release line (Spring Boot 3.5.x): drop grpc-netty-shaded from the
classpath (CVE-2026-42579/42581/42584), keep reactor-netty at 1.2.17.

Co-authored-by: Cursor <cursoragent@cursor.com>

fix(docker): remove kubectl from datahub-upgrade image

fix(deps): bump Netty to 4.2.13.Final for CVE-2026-41417 and CVE-2026… (

#17352)

Co-authored-by: Cursor <cursoragent@cursor.com>

fix(deps): bump Netty to 4.2.13.Final for CVE-2026-41417 and CVE-2026… (

#17352)

Co-authored-by: Cursor <cursoragent@cursor.com>