Skip to content

chore(deps): Bump the java group across 1 directory with 10 updates#29

Merged
thced merged 1 commit into
masterfrom
dependabot/maven/java-3f1eac7646
Nov 4, 2025
Merged

chore(deps): Bump the java group across 1 directory with 10 updates#29
thced merged 1 commit into
masterfrom
dependabot/maven/java-3f1eac7646

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Oct 13, 2025

Copy link
Copy Markdown

Bumps the java group with 10 updates in the / directory:

Package From To
org.junit:junit-bom 5.13.4 6.0.0
org.mockito:mockito-bom 5.19.0 5.20.0
ch.qos.logback:logback-classic 1.5.18 1.5.19
com.google.code.gson:gson 2.13.1 2.13.2
org.assertj:assertj-core 3.27.4 3.27.6
org.apache.maven.plugins:maven-dependency-plugin 3.8.1 3.9.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.3 3.5.4
org.apache.maven.plugins:maven-failsafe-plugin 3.5.3 3.5.4
org.jacoco:jacoco-maven-plugin 0.8.13 0.8.14
org.apache.maven.plugins:maven-compiler-plugin 3.14.0 3.14.1

Updates org.junit:junit-bom from 5.13.4 to 6.0.0

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0-M1...r6.0.0-M2

... (truncated)

Commits
  • 4f79594 Release 6.0.0
  • 55af30a Revert "Use develop/6.x branch for junit-examples during release build"
  • df3cfdd Release 5.14.0
  • fcb84a2 Disable backward compatibility check when offline
  • c9c8344 Prune 5.14.0 release notes
  • 03d8a72 Update broken link to using API Gaurdian with bndtools
  • 3a0b29b Use temporary JUnit 6 logo
  • 6603caa Rename eclipseClasspath to eclipseConventions to avoid confusion
  • ab3470b Make sealed MediaType work in Eclipse
  • a8cd41e Remove annotations not visible in Eclipse
  • Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.19.0 to 5.20.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

Commits
  • 3a1a19e Add support for generic types in MockedConstruction and MockedStatic (#3729)
  • f3c957a Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#3730)
  • 3cfbd42 Bump graalvm/setup-graalvm from 1.3.6 to 1.3.7 (#3725)
  • 6f9a04b Bump com.gradle.develocity from 4.1.1 to 4.2 (#3726)
  • c75dfb8 Bump org.eclipse.platform:org.eclipse.osgi from 3.23.100 to 3.23.200 (#3720)
  • 54474fa Bump graalvm/setup-graalvm from 1.3.5 to 1.3.6 (#3719)
  • bc06f21 Use Assume.assumeThat for SequencedCollection tests (#3711)
  • a10aed0 Bump actions/setup-java from 4 to 5 (#3715)
  • 37bb3e5 Fix metadata generation on GraalVM (#3710)
  • ef2fd6f Bump com.gradle.develocity from 4.1 to 4.1.1 (#3713)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.19

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
  • 4adae8b add plugin for Maven Central deployment
  • ee70cf4 prepare release 1.5.19
  • 20802cf mindor javadoc changes
  • 8116069 comment out code in COWArrayListConcurrencyTest to make IDE happy
  • 7f65340 minor changes
  • 8d2262d soften warning on using ConsoleAppender
  • c76fed3 ViewStatusMessagesServlet requires method POST for button 'Clear' (#971)
  • 61f6a25 disallow new in if condition attribute in config files
  • a07cfd5 logback-core: fix spelling errors (#956)
  • Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.13.1 to 2.13.2

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.13.2

The main changes in this release are just newer dependencies.

What's Changed

New Contributors

Full Changelog: google/gson@gson-parent-2.13.1...gson-parent-2.13.2

Commits
  • 686fad7 [maven-release-plugin] prepare release gson-parent-2.13.2
  • c2d252a Switch to using central-publishing-maven-plugin. (#2900)
  • 69cb755 Bump the github-actions group with 5 updates (#2894)
  • ea552c2 Bump the maven group across 1 directory with 3 updates (#2898)
  • fdc616d Set top-level permissions for CodeQL workflow (#2889)
  • 9334715 Create scorecard.yml (#2888)
  • f7de5c2 Bump the maven group with 8 updates (#2885)
  • 8c23cd3 Update sources to satisfy a new Error Prone check. (#2887)
  • 5eab3ed Bump the github-actions group with 2 updates (#2886)
  • 5f5c200 Bump the maven group across 1 directory with 10 updates (#2872)
  • Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.4 to 3.27.6

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.6

🐛 Bug Fixes

Core

  • Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

  • ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.17.7 #3947
  • Upgrade to JUnit BOM 5.13.4 #3947

Guava

  • Upgrade to Guava 33.4.8-jre #3947
Commits
  • 716b1e0 [maven-release-plugin] prepare release assertj-build-3.27.6
  • e189652 Add missing export for org.assertj.core.annotation (#3951)
  • 0cb489e Update Maven Central URL
  • 7286309 [maven-release-plugin] prepare for next development iteration
  • dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
  • 1d0defc Add missing permission to release workflow
  • 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
  • bdd7106 Add CodeQL custom workflow
  • a93d7e6 Remove EOL Java 24
  • 26ea866 Update production dependencies (#3947)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

... (truncated)

Commits
  • 826e5f0 [maven-release-plugin] prepare release maven-dependency-plugin-3.9.0
  • 0db1acc Use Resolver API in go-offline for dependencies resolving (#1533)
  • e50031a Use Resolver API in go-offline for plugins resolving
  • 6ed4b1a Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
  • 8776c61 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
  • d2af78e Ignore Mockito 5.x and SLF4j 2.x by dependabot
  • dcd4b7d Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
  • 7523948 Strict check of dependencies usage
  • 23186d4 Fixes #1522, add render-dependencies mojo (#1523)
  • bc1893f Use Resolver API in resolve-plugin
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
  • 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
  • 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
  • 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
  • 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
  • fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
  • 1e63159 Name the shutdown hook (#3170)
  • 76e806a feat: enable prevent branch protection rules (#3168)
  • 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
  • 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
  • Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

  • JaCoCo now officially supports Java 25 (GitHub #1950).
  • Experimental support for Java 26 class files (GitHub #1870).
  • Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
  • Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
  • Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
  • Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
  • Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
  • Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
  • Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
  • Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

  • Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
  • Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

  • JaCoCo now depends on ASM 9.9 (GitHub #1965).
Commits
  • 2eb2483 Prepare release v0.8.14
  • de76181 KotlinSerializableFilter should filter more methods (#1971)
  • 89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
  • 0981128 Migrate release staging to the Central Publisher Portal (#1968)
  • d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
  • 5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
  • c2fe5cc Upgrade ASM to 9.9 (#1965)
  • b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
  • c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
  • faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

Commits
  • 0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
  • 1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
  • f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
  • 63846f1 Improve DeltaList behavior for large projects (#335)
  • ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
  • 164bad4 Allow to not use --module-version for the Java compiler
  • 0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
  • 5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
  • 17949d1 Bump org.apache.maven...

    Description has been truncated

Bumps the java group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.13.4` | `6.0.0` |
| [org.mockito:mockito-bom](https://github.com/mockito/mockito) | `5.19.0` | `5.20.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.19` |
| [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.1` | `2.13.2` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.4` | `3.27.6` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.8.1` | `3.9.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` |
| [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` |
| [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.13` | `0.8.14` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.14.1` |



Updates `org.junit:junit-bom` from 5.13.4 to 6.0.0
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r5.13.4...r6.0.0)

Updates `org.mockito:mockito-bom` from 5.19.0 to 5.20.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.19.0...v5.20.0)

Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.19
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.18...v_1.5.19)

Updates `com.google.code.gson:gson` from 2.13.1 to 2.13.2
- [Release notes](https://github.com/google/gson/releases)
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md)
- [Commits](google/gson@gson-parent-2.13.1...gson-parent-2.13.2)

Updates `org.assertj:assertj-core` from 3.27.4 to 3.27.6
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.4...assertj-build-3.27.6)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.8.1 to 3.9.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.8.1...maven-dependency-plugin-3.9.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4)

Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4)

Updates `org.jacoco:jacoco-maven-plugin` from 0.8.13 to 0.8.14
- [Release notes](https://github.com/jacoco/jacoco/releases)
- [Commits](jacoco/jacoco@v0.8.13...v0.8.14)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.14.1
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.14.1)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: java
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: com.google.code.gson:gson
  dependency-version: 2.13.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-failsafe-plugin
  dependency-version: 3.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.jacoco:jacoco-maven-plugin
  dependency-version: 0.8.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Oct 13, 2025
@sonarqubecloud

Copy link
Copy Markdown

@thced thced merged commit 2774808 into master Nov 4, 2025
10 checks passed
@thced thced deleted the dependabot/maven/java-3f1eac7646 branch November 4, 2025 10:07
thced added a commit that referenced this pull request May 11, 2026
Wave 1 and the high-impact slices of Wave 2 (string formats, numeric
widths) have landed. Reorder the remaining work so that
parameter/request-body fidelity (old Wave 3) and refs/spec topology
(old Wave 5) come first, with extensions (old #29) pulled forward
into the new Wave 2. Niche JSON Schema keywords (object: orig #6,
array: orig #7) are demoted to a later wave. Original item numbers
are preserved in parentheses for back-reference.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant