Skip to content

chore(deps): Bump the java group across 1 directory with 9 updates#28

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/java-d035e53563
Closed

chore(deps): Bump the java group across 1 directory with 9 updates#28
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/java-d035e53563

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Oct 6, 2025

Copy link
Copy Markdown

Bumps the java group with 9 updates in the / directory:

Package From To
org.junit:junit-bom 5.13.4 6.0.0
org.mockito:mockito-bom 5.19.0 5.20.0
ch.qos.logback:logback-classic 1.5.18 1.5.19
com.google.code.gson:gson 2.13.1 2.13.2
org.assertj:assertj-core 3.27.4 3.27.6
org.apache.maven.plugins:maven-dependency-plugin 3.8.1 3.9.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.3 3.5.4
org.apache.maven.plugins:maven-failsafe-plugin 3.5.3 3.5.4
org.apache.maven.plugins:maven-compiler-plugin 3.14.0 3.14.1

Updates org.junit:junit-bom from 5.13.4 to 6.0.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M1...r6.0.0-M2

... (truncated)

Commits
  • 4f79594 Release 6.0.0
  • 55af30a Revert "Use develop/6.x branch for junit-examples during release build"
  • df3cfdd Release 5.14.0
  • fcb84a2 Disable backward compatibility check when offline
  • c9c8344 Prune 5.14.0 release notes
  • 03d8a72 Update broken link to using API Gaurdian with bndtools
  • 3a0b29b Use temporary JUnit 6 logo
  • 6603caa Rename eclipseClasspath to eclipseConventions to avoid confusion
  • ab3470b Make sealed MediaType work in Eclipse
  • a8cd41e Remove annotations not visible in Eclipse
  • Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.19.0 to 5.20.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

Commits
  • 3a1a19e Add support for generic types in MockedConstruction and MockedStatic (#3729)
  • f3c957a Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#3730)
  • 3cfbd42 Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 (#3725)
  • 6f9a04b Bump com.gradle.develocity from 4.1.1 to 4.2 (#3726)
  • c75dfb8 Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 (#3720)
  • 54474fa Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 (#3719)
  • bc06f21 Use Assume.assumeThat for SequencedCollection tests (#3711)
  • a10aed0 Bump actions/setup-java from 4 to 5 (#3715)
  • 37bb3e5 Fix metadata generation on GraalVM (#3710)
  • ef2fd6f Bump com.gradle.develocity from 4.1 to 4.1.1 (#3713)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
  • 4adae8b add plugin for Maven Central deployment
  • ee70cf4 prepare release 1.5.19
  • 20802cf mindor javadoc changes
  • 8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
  • 7f65340 minor changes
  • 8d2262d soften warning on using ConsoleAppender
  • c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
  • 61f6a25 disallow new in if condition attribute in config files
  • a07cfd5 logback-core: fix spelling errors (#956)
  • Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Commits
  • 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
  • c2d252a Switch to using central-publishing-maven-plugin. (#2900)
  • 69cb755 Bump the github-actions group with 5 updates (#2894)
  • ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
  • fdc616d Set top-level permissions for CodeQL workflow (#2889)
  • 9334715 Create scorecard.yml (#2888)
  • f7de5c2 Bump the maven group with 8 updates (#2885)
  • 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
  • 5eab3ed Bump the github-actions group with 2 updates (#2886)
  • 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
  • Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.4 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

  • Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

  • ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.17.7 #3947
  • Upgrade to JUnit BOM 5.13.4 #3947

Guava

  • Upgrade to Guava 33.4.8-jre #3947
Commits
  • 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
  • e189652 Add missing export for org.assertj.core.annotation (#3951)
  • 0cb489e Update Maven Central URL
  • 7286309 [maven-release-plugin] prepare for next development iteration
  • dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
  • 1d0defc Add missing permission to release workflow
  • 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
  • bdd7106 Add CodeQL custom workflow
  • a93d7e6 Remove EOL Java 24
  • 26ea866 Update production dependencies (#3947)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

... (truncated)

Commits
  • 826e5f0 [maven-release-plugin] prepare release maven-dependency-plugin-3.9.0
  • 0db1acc Use Resolver API in go-offline for dependencies resolving (#1533)
  • e50031a Use Resolver API in go-offline for plugins resolving
  • 6ed4b1a Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
  • 8776c61 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
  • d2af78e Ignore Mockito 5.x and SLF4j 2.x by dependabot
  • dcd4b7d Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
  • 7523948 Strict check of dependencies usage
  • 23186d4 Fixes #1522, add render-dependencies mojo (#1523)
  • bc1893f Use Resolver API in resolve-plugin
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

Commits
  • 0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
  • 1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
  • f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
  • 63846f1 Improve DeltaList behavior for large projects (#335)
  • ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
  • 164bad4 Allow to not use --module-version for the Java compiler
  • 0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
  • 5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
  • 17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
  • d44d1be Add generatedSourcesPath back to the maven project
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the java group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.13.4` | `6.0.0` |
| [org.mockito:mockito-bom](https://github.com/mockito/mockito) | `5.19.0` | `5.20.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.19` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.1` | `2.13.2` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.4` | `3.27.6` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.8.1` | `3.9.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.14.1` |



Updates `org.junit:junit-bom` from 5.13.4 to 6.0.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.13.4...r6.0.0)

Updates `org.mockito:mockito-bom` from 5.19.0 to 5.20.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.19.0...v5.20.0)

Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.19
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.19)

Updates `com.google.code.gson:gson` from 2.13.1 to 2.13.2
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.1...gson-parent-2.13.2)

Updates `org.assertj:assertj-core` from 3.27.4 to 3.27.6
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.4...assertj-build-3.27.6)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.8.1 to 3.9.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.8.1...maven-dependency-plugin-3.9.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.14.1
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.14.1)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: java
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 6, 2025
@sonarqubecloud

sonarqubecloud Bot commented Oct 6, 2025

Copy link
Copy Markdown

@dependabot @github

dependabot Bot commented on behalf of github Oct 13, 2025

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Oct 13, 2025
@dependabot dependabot Bot deleted the dependabot/maven/java-d035e53563 branch October 13, 2025 23:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants