Skip to content

chore(deps): Bump the java group across 1 directory with 6 updates#37

Merged
thced merged 1 commit into
masterfrom
dependabot/maven/java-d1e4b70f36
May 8, 2026
Merged

chore(deps): Bump the java group across 1 directory with 6 updates#37
thced merged 1 commit into
masterfrom
dependabot/maven/java-d1e4b70f36

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 10, 2026

Copy link
Copy Markdown

Bumps the java group with 6 updates in the / directory:

Package From To
org.junit:junit-bom 6.0.1 6.0.2
org.mockito:mockito-bom 5.20.0 5.21.0
ch.qos.logback:logback-classic 1.5.21 1.5.29
org.assertj:assertj-core 3.27.6 3.27.7
org.apache.maven.plugins:maven-dependency-plugin 3.9.0 3.10.0
org.apache.maven.plugins:maven-compiler-plugin 3.14.1 3.15.0

Updates org.junit:junit-bom from 6.0.1 to 6.0.2

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

Commits
  • c5c5de5 Release 6.0.2
  • 98b6f78 Add missing checkout step
  • 732dc27 Finalize 6.0.2 release notes
  • 6a25736 Finalize 5.14.2 release notes
  • 33e66bf Move release notes for #5238 entry to 6.1.0-M2
  • 11f0f82 Update copyright headers
  • 6ce1265 Consistently add license header to all java source files
  • 4d454ee Update dependency @​antora/lunr-extension to v1.0.0-alpha.12
  • faf4a58 Use --since feature of Javadoc
  • 5cc8b05 Mark new recommended APIs as "maintained" rather than "experimental"
  • Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.20.0 to 5.21.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

Commits
  • 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
  • df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
  • 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
  • 756a3cf Add description of matchers to potential mismatch (#3760)
  • 58ba445 Forbid mocking WeakReference with inline mock maker (#3759)
  • 966d600 Bump actions/upload-artifact from 4 to 5 (#3756)
  • 632bf7b Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 (#3755)
  • 8564b43 Fix primitives support in GenericArrayReturnType for Android (#3753)
  • bf3a809 Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 (#3744)
  • cffddd4 Bump gradle/actions from 4 to 5 (#3743)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.21 to 1.5.29

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

• Removed all Receiver classes and components which were already disabled for several years.

• Refactored file scanning code for improved clarity.

• In SizeAndTimeBasedRollingPolicy modified totalSizeCap and maxFileSize comparison to taking into account file compression. This fixes issues/1007.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 3618eb01aad6672f9cd250dccf7546a69cbe982f associated with the tag v_1.5.27. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.26

2026-01-25 Release of logback version 1.5.26

• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in issues/1003 by Marius Hanl who also provided the relevant PR.

• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in issues/1002 by Christoph Gritschenberger.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.25

2026-01-17 Release of logback version 1.5.25

• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as CVE-2026-1225.

• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in issues/997.

• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.

• Added EpochConverter to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in issues/1000 who also provided the relevant implementation PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

... (truncated)

Commits
  • 5db1146 prepare release 1.5.29
  • c94a5fe minor changes
  • 2bc697f revert commit 4f560a0331b, once again, appender names of references are subje...
  • 4192131 start work on 1.5.29-SNAPSHOT
  • e7a1855 prepare release 1.5.28
  • e8dee44 cosmetic changes only
  • ded504c minor refactoring
  • 8af5459 fix NPE as reported in issues/1014
  • 4f560a0 appender names of references not subject to substitution
  • eab8e1d remove spurious Sytem.out, add javadoc
  • Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

  • Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

  • Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

  • Upgrade to Byte Buddy 1.18.3
  • Upgrade to JUnit BOM 5.14.1

Guava

  • Upgrade to Guava 33.5.0-jre
Commits
  • e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
  • 85ca7eb Deprecate XmlStringPrettyFormatter
  • 77081dc Merge commit from fork
  • b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
  • 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
  • d393ef1 Abort tests when symbolic links cannot be created (#3788)
  • 2212433 Add IntelliJ custom inspection for test class names
  • 5717d02 Update JetBrains icon
  • a8ec20b Add icon for JetBrains products
  • c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
  • 68b5e47 Add analyze-only to usage page
  • 09d5860 Fix Jenkin bages in README
  • 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
  • ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
  • 0d88b66 Only log dependency classpath when no property/file output is specified
  • 0075e31 Bump org.assertj:assertj-core (#1581)
  • 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
  • eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
  • ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps the java group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.1` | `6.0.2` |
| [org.mockito:mockito-bom](https://github.com/mockito/mockito) | `5.20.0` | `5.21.0` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.21` | `1.5.29` |
| [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.6` | `3.27.7` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.9.0` | `3.10.0` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.1` | `3.15.0` |



Updates `org.junit:junit-bom` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.1...r6.0.2)

Updates `org.mockito:mockito-bom` from 5.20.0 to 5.21.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.20.0...v5.21.0)

Updates `ch.qos.logback:logback-classic` from 1.5.21 to 1.5.29
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.21...v_1.5.29)

Updates `org.assertj:assertj-core` from 3.27.6 to 3.27.7
- [Release notes](https://github.com/assertj/assertj/releases)
- [Commits](assertj/assertj@assertj-build-3.27.6...assertj-build-3.27.7)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.9.0...maven-dependency-plugin-3.10.0)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.1 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.mockito:mockito-bom
  dependency-version: 5.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.29
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.assertj:assertj-core
  dependency-version: 3.27.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: java
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: java
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

@thced thced merged commit 0d25713 into master May 8, 2026
7 checks passed
@thced thced deleted the dependabot/maven/java-d1e4b70f36 branch May 8, 2026 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant