Skip to content

Bump the dependencies group across 1 directory with 9 updates#214

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/dependencies-a03b9305f2
Open

Bump the dependencies group across 1 directory with 9 updates#214
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/dependencies-a03b9305f2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Bumps the dependencies group with 9 updates in the / directory:

Package From To
tools.jackson:jackson-bom 3.0.4 3.1.2
de.fraunhofer.iosb.ilt:Settings 1.0 1.2
ch.qos.logback:logback-classic 1.5.29 1.5.32
commons-io:commons-io 2.21.0 2.22.0
org.junit.jupiter:junit-jupiter 6.0.2 6.0.3
org.mockito:mockito-core 5.21.0 5.23.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.5
org.owasp:dependency-check-maven 12.2.0 12.2.1
com.diffplug.spotless:spotless-maven-plugin 3.2.1 3.4.0

Updates tools.jackson:jackson-bom from 3.0.4 to 3.1.2

Commits
  • 0ae1c2a [maven-release-plugin] prepare release jackson-bom-3.1.2
  • 3c171eb Prep for 3.1.2 release
  • 8046ced Post-release dep version bump
  • ea00ca4 [maven-release-plugin] prepare for next development iteration
  • 0628060 [maven-release-plugin] prepare release jackson-bom-3.1.1
  • 22b8aee Prep for 3.1.1 release
  • 2d305e6 Add JDK 25 in CI
  • da85336 Merge pull request #123 from FasterXML/tatu/3.1/122-switch-to-junit6
  • 7ec5e0e Fix #122: switch 3.x (starting with 3.1.1) to use JUnit 6
  • ef09770 Update oss-parent dep
  • Additional commits viewable in compare view

Updates de.fraunhofer.iosb.ilt:Settings from 1.0 to 1.2

Changelog

Sourced from de.fraunhofer.iosb.ilt:Settings's changelog.

Version 1.2

Updates

  • Added default getThis implementation to ease extending ConfigProvider.

Version 1.1

Updates

  • Bumped dependencies.
  • Added unit tests.
  • Added missing set(String, int) method.
Commits
  • 5965410 Release v1.2
  • 3fb2c74 Added default implementation for getThis()
  • ae2c8d7 Prepare for next development iteration
  • 4b296bc Release v1.1
  • ace1663 Bump com.diffplug.spotless:spotless-maven-plugin (#22)
  • d2ebb5c Bumped dependencies
  • 50bf145 Added unit tests
  • 8d154e7 Bump actions/cache from 4 to 5 in the dependencies group (#17)
  • bd9c03e Bump actions/checkout from 5 to 6 in the dependencies group (#15)
  • 4e09a48 Bump the dependencies group across 1 directory with 7 updates (#16)
  • Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.29 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits
  • e807335 prepare release 1.5.32
  • dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
  • 8e32278 added simple test for appender definitiob via file inclusion
  • 834dbed start work on 1.5.32-SNAPSHOT
  • 168e42f add test to check that Logback SLF4J provider can be activated
  • ed45362 prepare release 1.5.31
  • 609dae7 fix missing META-INF directory
  • 7739739 start work on 1.5.31-SNAPSHOT
  • 44164f1 prepare release 1.5.30
  • 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
  • Additional commits viewable in compare view

Updates commons-io:commons-io from 2.21.0 to 2.22.0

Updates org.junit.jupiter:junit-jupiter from 6.0.2 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

Commits
  • 36e3253 Release 6.0.3
  • 295561f Finalize 6.0.3 release notes
  • ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
  • 869e232 Add 5.14.3 release notes
  • d4b34c4 Fix links to User Guide
  • 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
  • febb13f Check out entire repo so switching to main branch works in last step
  • 71fba90 Install poppler-utils for pdfinfo
  • 740e9e0 Update API baseline
  • 2ba535f Use release branch of examples repo
  • Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.21.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

Commits
  • a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
  • f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
  • aa2298a fix: make spotless happy
  • a6729d6 chore: update BDDMockito with jspecify annotation
  • bb83c92 chore: move jspecify as a compile only dependency
  • 47a4695 chore: add jspecify with minimal change. Fixes #3503
  • 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
  • ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
  • d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
  • 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.2.0 to 12.2.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

  • build: improve GHA workflow experience for forks (#8285)
  • build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
  • chore: avoid use of parent pom and maven properties where unnecessary (#8322)
  • chore: bump java development to 25.0 (#8365)
  • chore: fix Charset warnings; preferring typed charsets (#8326)
  • chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
  • chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
  • chore: remove unused properties and schemas (#8378)
  • docs: define schema locations in XML examples (#8254)
  • docs: document external data sources and hostnames (#8219)
  • docs: ensure OSS Index URL override is consistently documented (#8338)
  • docs: fix minor typo in README (#8246)
  • fix(core): correct xml schema validation handling without needing external access (#8272)
  • fix(deps): upgrade slf4j and logback (#8306)
  • fix(test): disable pnpm analyzer during test (#8305)
  • fix: Correct published/hosted suppressions namespace header and indent (#8258)
  • fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
  • fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
  • fix: #8140 fix version resolution
  • fix: #8140 hint azure_identity_library_for_.net
  • fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
  • fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • fix: evidence source in Retire JS analyzer (#8303)
  • fix: exclude deprecations from Yarn Berry audit results (#8380)
  • fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
  • fix: improve configuration consistency (casing) (#8355)
  • fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
  • fix: raw type warning in ProcessReader (#8324)
  • fix: suppress false positives for zabbix-utils #8087 (#8218)
  • fix: update docs (#8405)
  • fix: warn if deprecated configs are used (#8366)
  • test: Make tests locale independent (#8328)
  • test: #8140 reproduce current behavior
  • test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Commits
  • bda36b8 build: prepare release v12.2.1
  • ef83e7b docs: prepare release 12.2.1
  • 09af10d fix: update docs (#8405)
  • 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
  • 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
  • ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...
  • 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401)
  • 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394)
  • 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.4.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.4.0

Added

  • Add tableTest format type for standalone .table files. (#2880)

Changes

  • Bump default tabletest-formatter version 1.0.1 -> 1.1.1, now works with Java 17+. (#2880)

Lib v3.3.1

Fixed

  • GitPrePushHookInstaller didn't work on windows, now fixed. (#2562)

Lib v3.3.0

Added

  • Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
  • GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
  • Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

  • Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
  • Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
  • Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
  • Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

Maven Plugin v3.3.0

Added

  • Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

  • Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
  • [fix] ConcurrentModificationException in expandWildcardImports (#2830)
Commits
  • 708a1b0 Published maven/3.4.0
  • 1cc0163 Published gradle/8.4.0
  • a4cd808 Published lib/4.5.0
  • 9066bf6 Add links to the changelog.
  • db8dc1c Fix for illegal mutation issue with predeclareDeps (#2892)
  • 0eb98a9 chore: Updated gradle plugin change
  • 3f7f12e chore: Removes check for predeclare as it's not needed anymore
  • 55c0c5c fix: IsolatedProjectTest.predeclaredIsUnsupported() is now actually supported...
  • 47489af fix: avoid IllegalMutationException when root project uses predeclareDeps() w...
  • 4010e8b test: Introduce a test harnessing predeclared deps
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group across 1 directory with 9 updates
ccc54a0 
Bumps the dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [tools.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `3.0.4` | `3.1.2` |
| [de.fraunhofer.iosb.ilt:Settings](https://github.com/FraunhoferIOSB/Settings) | `1.0` | `1.2` |
| [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.29` | `1.5.32` |
| commons-io:commons-io | `2.21.0` | `2.22.0` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit-framework) | `6.0.2` | `6.0.3` |
| [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.21.0` | `5.23.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.2.0` | `12.2.1` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `3.2.1` | `3.4.0` |



Updates `tools.jackson:jackson-bom` from 3.0.4 to 3.1.2
- [Commits](FasterXML/jackson-bom@jackson-bom-3.0.4...jackson-bom-3.1.2)

Updates `de.fraunhofer.iosb.ilt:Settings` from 1.0 to 1.2
- [Changelog](https://github.com/FraunhoferIOSB/Settings/blob/main/CHANGELOG.md)
- [Commits](FraunhoferIOSB/Settings@v1.0...v1.2)

Updates `ch.qos.logback:logback-classic` from 1.5.29 to 1.5.32
- [Release notes](https://github.com/qos-ch/logback/releases)
- [Commits](qos-ch/logback@v_1.5.29...v_1.5.32)

Updates `commons-io:commons-io` from 2.21.0 to 2.22.0

Updates `org.junit.jupiter:junit-jupiter` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.2...r6.0.3)

Updates `org.mockito:mockito-core` from 5.21.0 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.21.0...v5.23.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.owasp:dependency-check-maven` from 12.2.0 to 12.2.1
- [Release notes](https://github.com/dependency-check/DependencyCheck/releases)
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.2.0...v12.2.1)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.2.1 to 3.4.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/3.2.1...maven/3.4.0)

---
updated-dependencies:
- dependency-name: tools.jackson:jackson-bom
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: de.fraunhofer.iosb.ilt:Settings
  dependency-version: '1.2'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ch.qos.logback:logback-classic
  dependency-version: 1.5.32
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: commons-io:commons-io
  dependency-version: 2.22.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.mockito:mockito-core
  dependency-version: 5.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Apr 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants