Bump the all-minor-patch group across 1 directory with 11 updates by dependabot[bot] · Pull Request #731 · ehrbase/openEHR_SDK

dependabot · 2026-03-16T20:39:09Z

Bumps the all-minor-patch group with 11 updates in the / directory:

Package	From	To
org.apache.maven.plugins:maven-surefire-plugin	`3.5.4`	`3.5.5`
org.apache.maven.plugins:maven-failsafe-plugin	`3.5.4`	`3.5.5`
com.fasterxml.jackson:jackson-bom	`2.19.4`	`2.21.1`
org.glassfish.jaxb:jaxb-runtime	`4.0.6`	`4.0.7`
org.mockito:mockito-core	`5.21.0`	`5.23.0`
org.assertj:assertj-core	`3.27.6`	`3.27.7`
org.junit:junit-bom	`5.14.2`	`5.14.3`
org.springframework:spring-core	`6.2.15`	`6.2.17`
org.apache.maven.plugins:maven-dependency-plugin	`3.9.0`	`3.10.0`
org.apache.maven:maven-plugin-api	`3.9.12`	`3.9.14`
org.apache.maven:maven-core	`3.9.12`	`3.9.14`

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @olamy

Pass slf4j context to spawned thread (#3241) @scottrw93

[SUREFIRE-3239] - allow override of statistics file checksum (#3247) @XN137

Reduce log level for skipped tests result to info (#3232) @strangelookingnerd

🐛 Bug Fixes

Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)

Properly work with test failures caused during beforeAll phase (#3194) @Frawless

📝 Documentation updates

Clarify how late placeholder replacement (@{...}) deals with (#3208) @kwin

👻 Maintenance

Fix Jenkin badges in README (#3254) @slawekjaranowski

Use JUnit5 in failsafe ITs (#3251) @slawekjaranowski

Remove long-deprecated unused encoding property from VerifyMojo (#3198) @Tomlincoln

Add IT and deal with corner cases of handling beforeAll failures (#3200) @Frawless

Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @Frawless

🔧 Build

Missing many files in the GH Artifacts of CI ex-post. (#3219) @Tibor17

📦 Dependency updates

Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]

Bump parent from 44 to 47 (#3253) @slawekjaranowski

Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]

Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

968cb38 [maven-release-plugin] prepare release surefire-3.5.5
8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
e5c01a6 Build only by the latest Maven on Jenkins (#3255)
9c99e97 Fix Jenkin badges in README (#3254)
20930ea Bump parent from 44 to 47 (#3253)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.5

🚀 New features and improvements

Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @olamy

Pass slf4j context to spawned thread (#3241) @scottrw93

[SUREFIRE-3239] - allow override of statistics file checksum (#3247) @XN137

Reduce log level for skipped tests result to info (#3232) @strangelookingnerd

🐛 Bug Fixes

Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)

Properly work with test failures caused during beforeAll phase (#3194) @Frawless

📝 Documentation updates

Clarify how late placeholder replacement (@{...}) deals with (#3208) @kwin

👻 Maintenance

Fix Jenkin badges in README (#3254) @slawekjaranowski

Use JUnit5 in failsafe ITs (#3251) @slawekjaranowski

Remove long-deprecated unused encoding property from VerifyMojo (#3198) @Tomlincoln

Add IT and deal with corner cases of handling beforeAll failures (#3200) @Frawless

Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @Frawless

🔧 Build

Missing many files in the GH Artifacts of CI ex-post. (#3219) @Tibor17

📦 Dependency updates

Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]

Bump parent from 44 to 47 (#3253) @slawekjaranowski

Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]

Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

968cb38 [maven-release-plugin] prepare release surefire-3.5.5
8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
e5c01a6 Build only by the latest Maven on Jenkins (#3255)
9c99e97 Fix Jenkin badges in README (#3254)
20930ea Bump parent from 44 to 47 (#3253)
Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.4 to 2.21.1

Commits

08a5a9a [maven-release-plugin] prepare release jackson-bom-2.21.1
5b03376 Prep for 2.21.1 release
1d78778 Merge branch '2.20' into 2.21
cd46b24 Post-release dep version bump
17179ff [maven-release-plugin] prepare for next development iteration
2a26844 [maven-release-plugin] prepare release jackson-bom-2.20.2
6adf11b Prep for 2.20.2 release
441df8a Post-release version bump
a1b4814 [maven-release-plugin] prepare for next development iteration
901b398 [maven-release-plugin] prepare release jackson-bom-2.21.0
Additional commits viewable in compare view

Updates org.glassfish.jaxb:jaxb-runtime from 4.0.6 to 4.0.7

Updates org.mockito:mockito-core from 5.21.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

2026-03-11 - 6 commit(s) by Brice Dutheil, Joshua Selbo, Philippe Kernevez

Replace mockito-android mock maker implementation with dexmaker-mockito-inline [(#3792)](mockito/mockito#3792)

Fix StackOverflowError with AbstractList after using mockSingleton [(#3790)](mockito/mockito#3790)

Mark parameters of Mockito.when @Nullable [(#3503)](mockito/mockito#3503)

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son

Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)

Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)

Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)

Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)

docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)

Add tests for Sets utility class [(#3771)](mockito/mockito#3771)

Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)

Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)

Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

Commits

a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
aa2298a fix: make spotless happy
a6729d6 chore: update BDDMockito with jspecify annotation
bb83c92 chore: move jspecify as a compile only dependency
47a4695 chore: add jspecify with minimal change. Fixes #3503
25f1395 Add core API to enable Kotlin singleton mocking (#3762)
ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)

See GHSA-rqfh-9r24-8c9r for details; many thanks to @wxt201 and @Song-Li for responsibly reporting it!

🚫 Deprecated

Core

Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

Upgrade to Byte Buddy 1.18.3

Upgrade to JUnit BOM 5.14.1

Guava

Upgrade to Guava 33.5.0-jre

Commits

e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
85ca7eb Deprecate XmlStringPrettyFormatter
77081dc Merge commit from fork
b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
d393ef1 Abort tests when symbolic links cannot be created (#3788)
2212433 Add IntelliJ custom inspection for test class names
5717d02 Update JetBrains icon
a8ec20b Add icon for JetBrains products
c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.14.2 to 5.14.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.3 = Platform 1.14.3 + Jupiter 5.14.3 + Vintage 5.14.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.2...r5.14.3

Commits

1c14c1b Release 5.14.3
698391f Finalize 5.14.3 release notes
5655c22 Fix link to milestone
b4d1f56 Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
5b6dfef Fix references
718ee15 Fail build if xref fragment is invalid
a809887 Install poppler-utils for pdfinfo
b568f5a Update API baseline
1ebb6bc Add missing checkout step
4ca615b Back to snapshots for further development
See full diff in compare view

Updates org.springframework:spring-core from 6.2.15 to 6.2.17

Release notes

Sourced from org.springframework:spring-core's releases.

v6.2.17

⭐ New Features

Leverage ResourceHandlerUtils in ScriptTemplateView #36459

Restore ScriptTemplateViewTests #36457

Fix log message in ConfigurationClassBeanDefinitionReader #36454

Resolve context initializers only once in AbstractTestContextBootstrapper #36431

Exclude legacy @javax.validation.Constraint from convention-based annotation attribute override check #36412

Optimize MediaType(MediaType, Charset) constructor #36351

Optimize the addition of a charset to the MediaType in AbstractHttpMessageConverter #36350

Consistent adaptation of HTTP headers on Servlet responses #36345

Improve performance of validation groups determination in WebFlux #36337

Detect all common size exceptions from Tomcat and Commons FileUpload 2.x #36324

🐞 Bug Fixes

Guard against invalid id/event values in Server Sent Events #36442

Incomplete debug message in ConfigurationClassBeanDefinitionReader #36411

Inconsistent ApplicationEventMulticaster state after removing ApplicationListener implemented by FactoryBean #36405

Graceful shutdown of SimpleAsyncTaskExecutor #36384

HttpMediaTypeException thrown when calculating compatible media types #36363

ResolvableType#getGenerics() breaks serialization #36347

Multipart upload leak on client abort (ByteBuf.release() not called) #36327

📔 Documentation

Document @Fallback alongside Primary in the reference manual and @Bean Javadoc #36441

Document registration recommendations for BeanPostProcessor and BeanFactoryPostProcessor #36436

Fix links to UriComponentsBuilder and polish examples #36406

Emphasize @Configuration classes over XML and Groovy in testing chapter #36394

Polish SpEL operator examples in reference docs #36375

🔨 Dependency Upgrades

Upgrade to JUnit 5.14.3 #36388

Upgrade to Micrometer 1.15.10 #36446

Upgrade to Reactor 2024.0.16 #36445

v6.2.16

⭐ New Features

Improve performance of hashcode calculations for request mappings #36297

Improve performance of HandlerMethod bean lookup #36296

Improve performance of validation groups determination #36295

Improve performance of single pattern request mappings #36294

Optimize NamedParameterUtils#buildValueArray by lazily fetching SqlParameter #36232

Consistently close streams through try-with-resources in FileCopyUtils #36224

SqlBinaryValue and SqlCharacterValue should support InputStream content with undetermined length #36220

DataBufferUtils.write() with NettyDataBuffer on JDK 25 hangs indefinitely #36189

WebClient (Reactor) attributes on Netty channel do not clear after connection release #36163

... (truncated)

Commits

4e35a12 Release v6.2.17
317a1f9 Leverage ResourceHandlerUtils in ScriptTemplateView
de6601f Restore ScriptTemplateViewTests
47dc1c4 Fix log message in ConfigurationClassBeanDefinitionReader
d8c7793 Upgrade to SnakeYAML 2.6, Protobuf 4.34, H2 2.4.240
99fbce1 Polishing (aligned with main)
d1e69a9 Upgrade to Reactor 2024.0.16 and Micrometer 1.15.10
8dc888e Guard against invalid id/event values in Server Sent Events
131f94f Use link for first reference to @⁠Fallback in @⁠Bean Javadoc
d4f4c69 Document @Fallback alongside Primary in the reference docs and @Bean Javadoc
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

Introduce graphRoots for dependencyFilter based mojos (#1571) @rfscholte

🐛 Bug Fixes

Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins (#1583) @slawekjaranowski

Only log dependency classpath when no property/file output is specified (#1551) @mwalser

[MDEP-974] - strip ansi codes when writing to a file (#1564) @elharo

📝 Documentation updates

Add analyze-only to usage page (#1587) @slawekjaranowski

Move doc comment to correct location (#1568) @elharo

Focus on most recent version (#1537) @elharo

👻 Maintenance

Fix Jenkin bages in README (#1586) @slawekjaranowski

Improve dependencies filtering in AbstractAnalyzeMojo (#1579) @slawekjaranowski

Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1574) @slawekjaranowski

Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1569) @slawekjaranowski

Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1563) @slawekjaranowski

Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1562) @slawekjaranowski

Migration to JUnit 5 (#1558) @slawekjaranowski

JUnit Jupiter best practices (#1548) @slachiewicz

Migrate JUnit3 based Tests to JUnit 5 (#1541) @sparsick

📦 Dependency updates

Bump org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0 (#1584) @dependabot[bot]

Bump org.assertj:assertj-core from 2.9.1 to 3.27.7 in /src/it/projects/analyze-testDependencyWithNonTestScope (#1581) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1578) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#1576) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1573) @dependabot[bot]

Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 (#1572) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#1570) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1559) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1552) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#1553) @dependabot[bot]

Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#1554) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1555) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#1550) @dependabot[bot]

Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (#1538) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#1539) @dependabot[bot]

Commits

4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
68b5e47 Add analyze-only to usage page
09d5860 Fix Jenkin bages in README
4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
0d88b66 Only log dependency classpath when no property/file output is specified
0075e31 Bump org.assertj:assertj-core (#1581)
65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
Additional commits viewable in compare view

Updates org.apache.maven:maven-plugin-api from 3.9.12 to 3.9.14

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.14

🐛 Bug Fixes

plexus-testing dependencies should be use in test scope (#11761) @slawekjaranowski

📦 Dependency updates

Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#11747) @dependabot[bot]

Bump actions/download-artifact from 7.0.0 to 8.0.0 (#11748) @dependabot[bot]

3.9.13

🐛 Bug Fixes

Bug: SecDispatcher is managed by legacy Plexus DI (#11711) @cstamas

[3.9.x] MavenPluginJavaPrerequisiteChecker: Handle 8/1.8 Java version in ranges as well (#11577) @cstamas

👻 Maintenance

Update Maven plugin versions in default-bindings.xml (#11721) @slachiewicz

Migrate to JUnit 5 - avoid using TestCase (#11547) @slawekjaranowski

📦 Dependency updates

Maven Resolver 1.9.27 (#11732) @cstamas

Bump resolverVersion from 1.9.25 to 1.9.26 (#11725) @dependabot[bot]

Update Maven plugin versions in default-bindings.xml (#11721) @slachiewicz

Bump version.sisu-maven-plugin from 0.9.0.M4 to 1.0.0 (#11706) @dependabot[bot]

Bump actions/cache from 5.0.2 to 5.0.3 (#11688) @dependabot[bot]

Bump org.apache.maven:maven-parent from 45 to 47 (#11647) @dependabot[bot]

Bump actions/checkout from 6.0.1 to 6.0.2 (#11666) @dependabot[bot]

Bump actions/setup-java from 5.1.0 to 5.2.0 (#11667) @dependabot[bot]

Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#11658) @dependabot[bot]

Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.1 to 3.3.0 (#11657) @dependabot[bot]

Bump actions/cache from 5.0.1 to 5.0.2 (#11659) @dependabot[bot]

Bump org.codehaus.plexus:plexus-testing from 2.0.2 to 2.1.0 (#11620) @dependabot[bot]

Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#11585) @slachiewicz

Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#11557) @dependabot[bot]

Bump actions/download-artifact from 6.0.0 to 7.0.0 (#11556) @dependabot[bot]

Bump actions/cache from 5.0.0 to 5.0.1 (#11558) @dependabot[bot]

Commits

996c630 [maven-release-plugin] prepare release maven-3.9.14
3d3ecce plexus-testing dependencies should be use in test scope
1f24dae Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#11747)
8d1f2c2 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#11748)
d48250a [maven-release-plugin] prepare for next development iteration
39d686b [maven-release-plugin] prepare release maven-3.9.13
1779f34 Maven Resolver 1.9.27 (#11732)
18a5264 Bump resolverVersion from 1.9.25 to 1.9.26 (#11725)
c081a92 Update Maven plugin versions in default-bindings.xml
dea5f14 Bug: SecDispatcher is managed by legacy Plexus DI (#11711)
Additional commits viewable in compare view

Updates org.apache.maven:maven-core from 3.9.12 to 3.9.14

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-minor-patch group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` | | [com.fasterxml.jackson:jackson-bom](https://github.com/FasterXML/jackson-bom) | `2.19.4` | `2.21.1` | | org.glassfish.jaxb:jaxb-runtime | `4.0.6` | `4.0.7` | | [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.21.0` | `5.23.0` | | [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.6` | `3.27.7` | | [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `5.14.2` | `5.14.3` | | [org.springframework:spring-core](https://github.com/spring-projects/spring-framework) | `6.2.15` | `6.2.17` | | [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.9.0` | `3.10.0` | | [org.apache.maven:maven-plugin-api](https://github.com/apache/maven) | `3.9.12` | `3.9.14` | | org.apache.maven:maven-core | `3.9.12` | `3.9.14` | Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5) Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.4 to 3.5.5 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5) Updates `com.fasterxml.jackson:jackson-bom` from 2.19.4 to 2.21.1 - [Commits](FasterXML/jackson-bom@jackson-bom-2.19.4...jackson-bom-2.21.1) Updates `org.glassfish.jaxb:jaxb-runtime` from 4.0.6 to 4.0.7 Updates `org.mockito:mockito-core` from 5.21.0 to 5.23.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](mockito/mockito@v5.21.0...v5.23.0) Updates `org.assertj:assertj-core` from 3.27.6 to 3.27.7 - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.27.6...assertj-build-3.27.7) Updates `org.junit:junit-bom` from 5.14.2 to 5.14.3 - [Release notes](https://github.com/junit-team/junit-framework/releases) - [Commits](junit-team/junit-framework@r5.14.2...r5.14.3) Updates `org.springframework:spring-core` from 6.2.15 to 6.2.17 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](spring-projects/spring-framework@v6.2.15...v6.2.17) Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.9.0 to 3.10.0 - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.9.0...maven-dependency-plugin-3.10.0) Updates `org.apache.maven:maven-plugin-api` from 3.9.12 to 3.9.14 - [Release notes](https://github.com/apache/maven/releases) - [Commits](apache/maven@maven-3.9.12...maven-3.9.14) Updates `org.apache.maven:maven-core` from 3.9.12 to 3.9.14 --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: com.fasterxml.jackson:jackson-bom dependency-version: 2.21.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-minor-patch - dependency-name: org.glassfish.jaxb:jaxb-runtime dependency-version: 4.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.mockito:mockito-core dependency-version: 5.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-minor-patch - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.junit:junit-bom dependency-version: 5.14.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.springframework:spring-core dependency-version: 6.2.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-version: 3.10.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-minor-patch - dependency-name: org.apache.maven:maven-plugin-api dependency-version: 3.9.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: org.apache.maven:maven-core dependency-version: 3.9.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-23T10:43:13Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 16, 2026

dependabot bot closed this Mar 23, 2026

dependabot bot deleted the dependabot/maven/all-minor-patch-44b1b0db1f branch March 23, 2026 10:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-minor-patch group across 1 directory with 11 updates#731

Bump the all-minor-patch group across 1 directory with 11 updates#731
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/all-minor-patch-44b1b0db1f

dependabot bot commented on behalf of github Mar 16, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

🔧 Build

📦 Dependency updates

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

🔧 Build

📦 Dependency updates

v5.23.0

NOTE: Breaking change for Android

5.23.0

v5.22.0

5.22.0

v3.27.7

🔒 Security

Core

🚫 Deprecated

Core

🐛 Bug Fixes

Guava

🔨 Dependency Upgrades

Core

Guava

v6.2.17

⭐ New Features

🐞 Bug Fixes

📔 Documentation

🔨 Dependency Upgrades

v6.2.16

⭐ New Features

3.10.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.9.14

🐛 Bug Fixes

📦 Dependency updates

3.9.13

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Uh oh!

dependabot bot commented on behalf of github Mar 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 16, 2026 •

edited

Loading