chore(deps): bump the all-maven-dependencies group across 4 directories with 8 updates

[dependabot]

Bumps the all-maven-dependencies group with 7 updates in the / directory:

Package	From	To
org.junit:junit-bom	5.13.2	5.13.4
com.google.errorprone:error_prone_core	2.39.0	2.41.0
net.sourceforge.pmd:pmd-core	7.15.0	7.16.0
net.sourceforge.pmd:pmd-java	7.15.0	7.16.0
org.apache.maven.plugins:maven-enforcer-plugin	3.5.0	3.6.1
org.codehaus.mojo:flatten-maven-plugin	1.7.1	1.7.2
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8

Bumps the all-maven-dependencies group with 1 update in the /nameprep/src/it/jpms-nameprep directory: org.junit.jupiter:junit-jupiter.
Bumps the all-maven-dependencies group with 1 update in the /saslprep/src/it/jpms-saslprep directory: org.junit.jupiter:junit-jupiter.
Bumps the all-maven-dependencies group with 1 update in the /stringprep/src/it/jpms-stringprep directory: org.junit.jupiter:junit-jupiter.

Updates org.junit:junit-bom from 5.13.2 to 5.13.4

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_core from 2.39.0 to 2.41.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.41.0

New checks:

• EffectivelyPrivate: Detect declarations that have public or protected modifiers, but are effectively private

Changes:

• Skip BooleanLiteral findings if the target type is boxed (#5134)

Full changelog: google/error-prone@v2.40.0...v2.41.0

Error Prone 2.40.0

Changes:

• Bug fixes and improvements
• Releases (including snapshots) have migrated from OSSRH to the Central Publisher Portal

Full changelog: google/error-prone@v2.39.0...v2.40.0

Commits

• d6539d6 Release Error Prone 2.41.0
• 6161d4e Skip BooleanLiteral findings if the target type is boxed
• 98d83bf Avoid touching parameters of @Subscribe methods.
• 13d46e7 Refactor to use WellKnownKeep
• ef33eee Fix a println statement left over from https://github.com/google/error-prone/...
• ce784a9 Detect non-private, non-override methods in anonymous classes
• 43759cd Recognise com.google.common.inject.components.OtherRequiredBindings as an i...
• ef5073b UnnecessaryQualifier: don't fire on interfaces, in deference to Dagger.
• 3d7b585 TruthIncompatibleType support for MultisetSubject#hasCount.
• b5c6175 Add a test confirming external #5151.
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-core from 7.15.0 to 7.16.0

Release notes

Sourced from net.sourceforge.pmd:pmd-core's releases.

PMD 7.16.0 (25-July-2025)

25-July-2025 - 7.16.0

The PMD team is pleased to announce PMD 7.16.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • 🚀 New: Java 25 Support
  • New: CPD support for CSS
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Experimental APIs that are now considered stable
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🚀 New: Java 25 Support

This release of PMD brings support for Java 25.

There are the following new standard language features:

• JEP 511: Module Import Declarations
• JEP 512: Compact Source Files and Instance Main Methods
• JEP 513: Flexible Constructor Bodies

And one preview language feature:

• JEP 507: Primitive Types in Patterns, instanceof, and switch (Third Preview)

In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 25-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-25-preview ...

Note: Support for Java 23 preview language features have been removed. The version "23-preview" is no longer available.

New: CPD support for CSS

CPD now supports CSS (Cascading Style Sheets), a language for describing the rendering of structured documents (such as HTML) on screen, on paper etc.
It is shipped with the new module pmd-css.

... (truncated)

Commits

• d60e268 [release] prepare release pmd_releases/7.16.0
• 0b80d90 Prepare pmd release 7.16.0
• 7d391f6 chore(deps): Update gems (#5929)
• e3bb9ec chore: [scala] Fix javadoc config (#5920)
• a5b3fe4 chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.3 to 2.9.4 ...
• 5cf96ff chore(deps): bump ostruct from 0.6.2 to 0.6.3 in /.ci/files in the all-gems g...
• 25950f3 chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 t...
• a3cbe4c Merge branch 'main' into chore/scala-javadoc
• 8ea3dc0 chore: [cli] Improve symbolic link tests for Windows (#5918)
• a0e0ed0 [doc] Reference CPD Capable Languages in CPD CLI docu (#5911)
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-java from 7.15.0 to 7.16.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.16.0 (25-July-2025)

25-July-2025 - 7.16.0

The PMD team is pleased to announce PMD 7.16.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • 🚀 New: Java 25 Support
  • New: CPD support for CSS
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Experimental APIs that are now considered stable
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🚀 New: Java 25 Support

This release of PMD brings support for Java 25.

There are the following new standard language features:

• JEP 511: Module Import Declarations
• JEP 512: Compact Source Files and Instance Main Methods
• JEP 513: Flexible Constructor Bodies

And one preview language feature:

• JEP 507: Primitive Types in Patterns, instanceof, and switch (Third Preview)

In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 25-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-25-preview ...

Note: Support for Java 23 preview language features have been removed. The version "23-preview" is no longer available.

New: CPD support for CSS

CPD now supports CSS (Cascading Style Sheets), a language for describing the rendering of structured documents (such as HTML) on screen, on paper etc.
It is shipped with the new module pmd-css.

... (truncated)

Commits

• d60e268 [release] prepare release pmd_releases/7.16.0
• 0b80d90 Prepare pmd release 7.16.0
• 7d391f6 chore(deps): Update gems (#5929)
• e3bb9ec chore: [scala] Fix javadoc config (#5920)
• a5b3fe4 chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.3 to 2.9.4 ...
• 5cf96ff chore(deps): bump ostruct from 0.6.2 to 0.6.3 in /.ci/files in the all-gems g...
• 25950f3 chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 t...
• a3cbe4c Merge branch 'main' into chore/scala-javadoc
• 8ea3dc0 chore: [cli] Improve symbolic link tests for Windows (#5918)
• a0e0ed0 [doc] Reference CPD Capable Languages in CPD CLI docu (#5911)
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-java from 7.15.0 to 7.16.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.16.0 (25-July-2025)

25-July-2025 - 7.16.0

The PMD team is pleased to announce PMD 7.16.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • 🚀 New: Java 25 Support
  • New: CPD support for CSS
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Experimental APIs that are now considered stable
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

🚀 New: Java 25 Support

This release of PMD brings support for Java 25.

There are the following new standard language features:

• JEP 511: Module Import Declarations
• JEP 512: Compact Source Files and Instance Main Methods
• JEP 513: Flexible Constructor Bodies

And one preview language feature:

• JEP 507: Primitive Types in Patterns, instanceof, and switch (Third Preview)

In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable PMD_JAVA_OPTS and select the new language version 25-preview:

export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-25-preview ...

Note: Support for Java 23 preview language features have been removed. The version "23-preview" is no longer available.

New: CPD support for CSS

CPD now supports CSS (Cascading Style Sheets), a language for describing the rendering of structured documents (such as HTML) on screen, on paper etc.
It is shipped with the new module pmd-css.

... (truncated)

Commits

• d60e268 [release] prepare release pmd_releases/7.16.0
• 0b80d90 Prepare pmd release 7.16.0
• 7d391f6 chore(deps): Update gems (#5929)
• e3bb9ec chore: [scala] Fix javadoc config (#5920)
• a5b3fe4 chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.3 to 2.9.4 ...
• 5cf96ff chore(deps): bump ostruct from 0.6.2 to 0.6.3 in /.ci/files in the all-gems g...
• 25950f3 chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 t...
• a3cbe4c Merge branch 'main' into chore/scala-javadoc
• 8ea3dc0 chore: [cli] Improve symbolic link tests for Windows (#5918)
• a0e0ed0 [doc] Reference CPD Capable Languages in CPD CLI docu (#5911)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

3.6.0

🚀 New features and improvements

• Warning about old enforcer api in rule implementation (#894) @​slawekjaranowski
• Introduce ruleName for rules configuration (#893) @​slawekjaranowski
• Improve performance of BannedPlugins and RequireReleaseDeps (#371) @​harrisric
• Enforce size bounds recursively on directory content (#368) @​zabetak
• Improve the performance of BannedDependencies (#367) @​harrisric
• [MENFORCER-516] - Use rule configuration in POM when executed from CLI (#344) @​bpfoster
• [MENFORCER-508] - Add option to enforce same versions among Maven modules (#328) @​kwin
• [MENFORCER-507] - Add xsltLocation parameter to ExternalRules (#322) @​ppalaga

🐛 Bug Fixes

• RequireSameVersions rule: consider entries in <plugins> when analyzing build- and report-plugins (#892) @​turing85
• [MENFORCER-495] - Remove "JAVA_HOME" from rule violation message (#346) @​elharo

📝 Documentation updates

• Improve example of custom rule (#890) @​slawekjaranowski
• Make documentation explicit about java versions for custom rules (#370) @​harrisric
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#351) @​Bukama

... (truncated)

Commits

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

Updates org.codehaus.mojo:flatten-maven-plugin from 1.7.1 to 1.7.2

Release notes

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.7.2

🐛 Bug Fixes

• Create missing target directories, use NIO for file block operations (#471) @​slawekjaranowski

📝 Documentation updates

• Clarify example in usage about updatePomFile behavior (#477) @​slawekjaranowski

👻 Maintenance

• Add stale GitHub Action (#476) @​slawekjaranowski
• Add Maven 4 to build matrix on GitHub Actions (#474) @​slawekjaranowski
• Improve assertions in no-overwrite tests (#475) @​slawekjaranowski
• Add a missing plugin version in ITS (#473) @​slawekjaranowski
• Add integration test for install and deploy flattened pom (#472) @​slawekjaranowski

📦 Dependency updates

• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#470) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#467) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.3.3 to 2.15.0 in /src/it/projects/bom-flattenMode/bom (#464) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.13.0 to 2.15.0 in /src/it/projects/bom-pomElements/bom (#463) @dependabot[bot]

Commits

• 9d80041 [maven-release-plugin] prepare release 1.7.2
• 6c62863 Clarify example in usage about updatePomFile behavior
• fc35f4c Add stale GitHub Action
• 0fb1ea0 Add Maven 4 to build matrix on GitHub Actions (#474)
• 35e0e0c Improve assertions in no-overwrite tests
• e193a20 Add a missing plugin version in ITS
• 87009a4 Add integration test for install and deploy flattened pom
• e02117c Create missing target directories, use NIO for file block operations
• f9289bf Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 227ae5e Bump mavenVersion from 3.9.10 to 3.9.11
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

• Make empty classifier null (not empty string) (#287) @​cstamas

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @​Bukama
• Describe how to prime a specific GPG key (#128) @​kwin

👻 Maintenance

• Enable GitHub issues (#134) @​Bukama
• Prefer Guice constructor injection (#126) @​elharo

📦 Dependency updates

• Update parent POM to 45 (#284) @​cstamas
• Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]
• Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]

Commits

• 8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
• 7012821 Fix issueManagement, ciManagement system and url
• a9a8c84 Make empty classifier null (not empty string) (#287)
• a8368b0 Add .mvn
• f0e45e0 Update parent POM to 45 (#284)
• cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
• 5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
• 8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
• 54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
• a6a412d Remove old JIRA issue link
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.13.2 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.13.2 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.13.2 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions