chore(deps): bump the maven-version-updates group across 1 directory with 25 updates

[dependabot]

Bumps the maven-version-updates group with 25 updates in the / directory:

Package	From	To
org.bouncycastle:bcprov-jdk18on	1.81	1.82
org.bouncycastle:bcpkix-jdk18on	1.81	1.82
com.google.errorprone:error_prone_core	2.40.0	2.42.0
com.uber.nullaway:nullaway	0.12.7	0.12.10
com.nimbusds:nimbus-jose-jwt	10.4	10.5
com.nimbusds:oauth2-oidc-sdk	11.26	11.29.2
org.apache.httpcomponents.client5:httpclient5	5.5	5.5.1
com.fasterxml.jackson.core:jackson-core	2.19.2	2.20.0
com.fasterxml.jackson.core:jackson-annotations	2.19.2	2.20.0
com.fasterxml.jackson.core:jackson-databind	2.19.2	2.20.0
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider	2.19.2	2.20.0
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.19.2	2.20.0
org.openapitools:jackson-databind-nullable	0.2.6	0.2.7
org.junit.jupiter:junit-jupiter-api	5.13.4	6.0.0
io.github.classgraph:classgraph	4.8.181	4.8.184
com.google.errorprone:error_prone_annotations	2.40.0	2.42.0
com.github.spotbugs:spotbugs-maven-plugin	4.9.3.2	4.9.6.0
org.apache.maven.plugins:maven-compiler-plugin	3.14.0	3.14.1
org.apache.maven.plugins:maven-enforcer-plugin	3.6.1	3.6.2
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-javadoc-plugin	3.11.2	3.12.0
org.jacoco:jacoco-maven-plugin	0.8.13	0.8.14
org.apache.maven.plugins:maven-failsafe-plugin	3.5.3	3.5.4
com.diffplug.spotless:spotless-maven-plugin	2.46.0	3.0.0
org.sonatype.central:central-publishing-maven-plugin	0.8.0	0.9.0

Updates org.bouncycastle:bcprov-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.81 to 1.82

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.83 Date:      TBD

2.2.1 Version Release: 1.82 Date:      2025, 17th September.

... (truncated)

Commits

• See full diff in compare view

Updates com.google.errorprone:error_prone_core from 2.40.0 to 2.42.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.42.0

New checks:

• ExplicitArrayForVarargs: discourage unnecessary explicit construction of an array to provide varargs.
• FloggerPerWithoutRateLimit: discourage Flogger's perUnique without rate limiting
• StringJoin: Ban String.join(CharSequence) and String.join(CharSequence, CharSequence)
• ThreadBuilderNameWithPlaceholder: Do not allow placeholders in Thread.Builder.name(String) or name(String, int).

Changes:

• The return type of ASTHelpers.asFlagSet has changed. The previous type was EnumSet<Flags.Flag>, where Flags.Flag is an enum in the javac class Flags. A recent JDK change has replaced that enum with a new top-level enum called FlagsEnum. It is not possible to change ASTHelpers.asFlagSet in a way that would be type-safe and compatible with the enums from JDKs both before and after the change. Instead, the method now returns ImmutableSet<String>, where the strings come from the toString() of the enum constants. That means they are "native", "abstract", etc.
• Flag IO.print[ln]() in SystemOut.

Full changelog: google/error-prone@v2.41.0...v2.42.0

Error Prone 2.41.0

New checks:

• EffectivelyPrivate: Detect declarations that have public or protected modifiers, but are effectively private

Changes:

• Skip BooleanLiteral findings if the target type is boxed (#5134)

Full changelog: google/error-prone@v2.40.0...v2.41.0

Commits

• 52b6180 Release Error Prone 2.42.0
• 691c64a Flag IO.print[ln]() in SystemOut.
• 0b751cd ExpicitArrayForVarargs: flag unnecessary explicit construction of an array to...
• 982fe20 Tweak links to point to newer versions.
• a2df97f [StatementSwitchToExpressionSwitch] fix bug where case null can sometimes b...
• e691be5 Fix (behind a flag) a silly bug in RedundantSetterCall.
• ce1a422 Add Durations.wait() to WaitMatchers.waitMethodWithTimeout (and make them...
• da03fea Update MethodCanBeStatic to be able to detect and trigger on Guice @​Provides ...
• 83e6582 RedundantSetterCall: note that setFooValue and setFooBytes can be aliases for...
• db62c8c Automated rollback of commit e1b16e24461d90f2b11f8213a68bfccc0426d4f3.
• Additional commits viewable in compare view

Updates com.uber.nullaway:nullaway from 0.12.7 to 0.12.10

Release notes

Sourced from com.uber.nullaway:nullaway's releases.

NullAway 0.12.10

This release contains significant improvements to inference support for generic method calls in JSpecify mode (#1075). We expect that many more valid calls will pass NullAway, but that some new bugs may have been introduced. Please report any issues that you see. There is also a new flag, -XepOpt:NullAway:WarnOnGenericInferenceFailure to make NullAway report a warning when inference fails, to help identify any issues.

• Improved inference for generic method calls (#1244)
• Suppress CastToNonNull warnings for @NullUnmarked method calls by @​raccoonback (#1258)
• JSpecify: Fix crash when overriding with raw types (#1265)
• Better handle calls to super constructors and superclass methods in JSpecify mode (#1248)
• issue-1250 pattern matching for instanceof in switch case by @​dhruv-agr (#1259)
• Account for annotations in extends / implements when computing view as supertype (#1266)
• Bug fix with type substitutions after inference (#1277)
• JSpecify: Improve error messages for type incompatibility at pseudo-assignments (#1279)
• Support java.util.Objects.toString() by @​gulikoza (#1283)
• Record when generic method inference fails (#1280)
• issue 1275 - report unboxing warning for for-each loop by @​dhruv-agr (#1281)
• Abstract iterating over invocation arguments (#1284)
• Invoke generic method inference in more places (#1286)
• Maintenance
  • Build Spring with snapshot build as a CI job (#1251)
  • Add more instance fields to GenericsChecks (#1256)
  • remove unneeded checkNotCall call (#1257)
  • Fail build on JDK 21 versions before 21.0.8 (#1261)
  • Clarify JDK version to use for best JSpecify support (#1269)
  • Simplified set of CI jobs (#1271)
  • Build: upgrade to Gradle 9 + AGP 8.7.2 (#1270)
  • Compile with JDK 24 (#1276)
  • Don't use deprecated buildDir by @​mernst (#1278)

NullAway 0.12.9

• Add a case in our inference for generic method calls (#1240)
• Add library model for Apache Commons CollectionUtils.isNotEmpty, Amazon CollectionUtils.IsNullOrEmpty, and a couple Amazon StringUtils methods (#1242)
• Maintenance
  • Fix maven central link in RELEASING.md (#1237)
  • Update to Error Prone 2.41.0 (#1239)
  • Add tests for gh-1246 (#1247)
  • Test reading JSpecify annotations from bytecodes on JDK 21 (#1245)

NullAway 0.12.8

• Document interactions between Guava and JSpecify mode in README (#1208)
• JSpecify: handle nullness annotations from extends / inherits clauses (#1211)
• Allowing NewClassTree to be passed into getGenericParameterNullnessAtInvocation (#1210)
• Support @​NullMarked on modules (#1216)
• Handle NewClassTree in compareGenericTypeParameterNullabilityForCall(#1212) (#1217)
• More flexible handling of AssertJ isNotNull methods (#1221)
• Support AssertJ hasSize() (#1229)
• Inference of generic method type arguments based on returns and parameter passing (#1226)
• Prototype implementation of javac plugin to serialize nullness annotations (#1225)
• Add AdditionalSuppressionNames configuration option (#1231)

... (truncated)

Changelog

Sourced from com.uber.nullaway:nullaway's changelog.

Version 0.12.10

This release contains significant improvements to inference support for generic method calls in JSpecify mode (#1075). We expect that many more valid calls will pass NullAway, but that some new bugs may have been introduced. Please report any issues that you see. There is also a new flag, -XepOpt:NullAway:WarnOnGenericInferenceFailure to make NullAway report a warning when inference fails, to help identify any issues.

• Improved inference for generic method calls (#1244)
• Suppress CastToNonNull warnings for @NullUnmarked method calls by @​raccoonback (#1258)
• JSpecify: Fix crash when overriding with raw types (#1265)
• Better handle calls to super constructors and superclass methods in JSpecify mode (#1248)
• issue-1250 pattern matching for instanceof in switch case by @​dhruv-agr (#1259)
• Account for annotations in extends / implements when computing view as supertype (#1266)
• Bug fix with type substitutions after inference (#1277)
• JSpecify: Improve error messages for type incompatibility at pseudo-assignments (#1279)
• Support java.util.Objects.toString() by @​gulikoza (#1283)
• Record when generic method inference fails (#1280)
• issue 1275 - report unboxing warning for for-each loop by @​dhruv-agr (#1281)
• Abstract iterating over invocation arguments (#1284)
• Invoke generic method inference in more places (#1286)
• Maintenance
  • Build Spring with snapshot build as a CI job (#1251)
  • Add more instance fields to GenericsChecks (#1256)
  • remove unneeded checkNotCall call (#1257)
  • Fail build on JDK 21 versions before 21.0.8 (#1261)
  • Clarify JDK version to use for best JSpecify support (#1269)
  • Simplified set of CI jobs (#1271)
  • Build: upgrade to Gradle 9 + AGP 8.7.2 (#1270)
  • Compile with JDK 24 (#1276)
  • Don't use deprecated buildDir by @​mernst (#1278)

Version 0.12.9

• Add a case in our inference for generic method calls (#1240)
• Add library model for Apache Commons CollectionUtils.isNotEmpty, Amazon CollectionUtils.IsNullOrEmpty, and a couple Amazon StringUtils methods (#1242)
• Maintenance
  • Fix maven central link in RELEASING.md (#1237)
  • Update to Error Prone 2.41.0 (#1239)
  • Add tests for gh-1246 (#1247)
  • Test reading JSpecify annotations from bytecodes on JDK 21 (#1245)

Version 0.12.8

• Document interactions between Guava and JSpecify mode in README (#1208)
• JSpecify: handle nullness annotations from extends / inherits clauses (#1211)
• Allowing NewClassTree to be passed into getGenericParameterNullnessAtInvocation (#1210)
• Support @​NullMarked on modules (#1216)
• Handle NewClassTree in compareGenericTypeParameterNullabilityForCall(#1212) (#1217)
• More flexible handling of AssertJ isNotNull methods (#1221)

... (truncated)

Commits

• 13580d5 Prepare for release 0.12.10.
• f8c214b Update changelog for release 0.12.10 (#1292)
• 2e578d6 Invoke generic method inference in more places (#1286)
• c187bf5 Abstract iterating over invocation arguments (#1284)
• dd0da6d issue 1275 - report unboxing warning for for-each loop (#1281)
• 533986c Record when generic method inference fails (#1280)
• cb72c5a Support java.util.Objects.toString() (#1283)
• 8f40500 JSpecify: Improve error messages for type incompatibility at pseudo-assignmen...
• 9272d8b Bug fix with type substitutions after inference (#1277)
• 66e9f57 Don't use deprecated buildDir (#1278)
• Additional commits viewable in compare view

Updates com.nimbusds:nimbus-jose-jwt from 10.4 to 10.5

Changelog

Sourced from com.nimbusds:nimbus-jose-jwt's changelog.

10.4 (2025-07-19) * Creates a hierarchy of Option interfaces, extended by JWSSignerOption, JWEEncrypterOption and JWEDecrypterOption. Intended to provide optional configuration parameters to RSASSASigner, ECDSASigner, RSADecrypter, etc. * Introduces CipherMode implementing JWEEncrypterOption and JWEDecrypterOption, to specify a preferred JCA Cipher mode, such as MODE_ENCRYPT / MODE_DECRYPT when the default MODE_WRAP / MODE_UNWRAP is not supported by the JCA provider (iss #576). * Updates RSAEncrypter and RSADecrypter to support the JWEEncrypterOption CipherMode.ENCRYPT_DECRYPT (iss #576). * Factors out OptionUtils.ensureMinRSAPrivateKeySize. * Deprecates OptionUtils.optionIsPresent.

10.4.1 (2025-08-05) * Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595).

10.4.2 (2025-08-14) * Updates GSon to 2.13.1. * Updates BouncyCastle to 1.81.

10.5 (2025-09-05) * Support for specifying a ScheduledExecutorService instance in RefreshAheadCachingJWKSetSource and JWKSourceBuilder (iss #592).

Commits

• 584951f Adds support for specifying the ScheduledExecutorService-instance in RefreshA...
• adf2576 [maven-release-plugin] prepare for next development iteration
• 436fb18 Add tests for JWKSourceBuilder and RefreshAheadCachingJWKSetSource
• d4137db Adds "requires java.sql" to module com.nimbusds.jose.jwt (iss #595)
• c6c8025 [maven-release-plugin] prepare release 10.4.1
• e7c7a8c [maven-release-plugin] prepare for next development iteration
• b33b54b Bumps GSon and BouncyCastle
• 3eeaada [maven-release-plugin] prepare release 10.4.2
• 2aa473f [maven-release-plugin] prepare for next development iteration
• d52acf5 Merged in iss592 (pull request #129)
• Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.26 to 11.29.2

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 04a94cf [maven-release-plugin] prepare for next development iteration
• 6ef84cc fix: allow some leniency with uri comparisons for issuer
• ef401a7 Fixes JakartaServletUtils JavaDoc typos
• 6f727b4 JakartaServletUtils.createHTTPRequest must parse query string params for POST...
• f0faf6e Updates to Nimbus JOSE+JWT 10.4
• 0eb6157 Migrates to central-publishing-maven-plugin
• f210078 [maven-release-plugin] prepare release 11.26.1
• 38e6027 [maven-release-plugin] prepare for next development iteration
• 1488221 Merge branch 'master' of https://bitbucket.org/connect2id/oauth-2.0-sdk-with-...
• 6eafee5 feat: rework issuer compare with new resolve method
• Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.5.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.5.1

This is a maintenance release that fixes several defects in the connection management code and a regression in the DIGEST authentication reported since the previous release. It also upgrades HttpCore to version 5.3.6.

Change Log

• HTTPCLIENT-2391: Improved GRACEGUL shutdown of ExecutorService used internally by async clients. Contributed by Oleg Kalnichevski

• Bug fix: Use a 1 second timeout when closing out connections inside a connection pool lock. Contributed by Oleg Kalnichevski

• Clarified the behavior of the protocol-level responseTimeout and the connection management level socketTimeout and their interrelation. Contributed by ChangYong

• Bug fix: Connection managers to ensure open connections have a socket timeout set based on ConnectionConfig upon lease. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2393: Remove rspauth attribute from Authorization DIGEST header (#716) RFC 7616 compliance: rspauth is server-side (Authentication-Info 3.5) only. Contributed by Arturo Bernal

• HTTPCLIENT-2386: Classic transport to use the connect timeout as a default if the TLS timeout has not been explicitly set. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2384: Socket options related to TcpKeepAlive are ignored. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2371: Logging of request re-execution at INFO priority. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2379: Fixed a defect in H2SharingConnPool causing an IllegalStateException when releasing the same connection from multiple threads. (#663) Contributed by Arturo Bernal [email protected]

• Fixed the behavior of the validateAfterInactivity connection setting by the async connection manager. Contributed by Ryan Schmitt

• HTTPCLIENT-2376: Fixed the problem with ContentCompressionExec not taking acceptEncoding parameter into account.

... (truncated)

Commits

• 6a3d332 HttpClient 5.5.1 release
• 66dea80 Updated release notes for HttpClient 5.5.1 release
• 61f21a5 Upgraded HttpCore to version 5.3.6
• 694394c HTTPCLIENT-2391: improved GRACEGUL shutdown of ExecutorService used internall...
• 038b74f Bug fix: Use 1 second timeout when closing out connections inside a connectio...
• 6675520 Clarify behavior of the protocol level responseTimeout and the connection man...
• cb2ccda Bug fix: connections managers to ensure open connections have socket timeout ...
• 4466cca HTTPCLIENT-2393 - remove rspauth from Authorization (#716)
• da1a8e0 Imporved TestAsyncClient wiring; added internal methods to get the underlying...
• ab40ec9 Upgraded HttpCore to version 5.3.5
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.19.2 to 2.20.0

Commits

• ea0830a [maven-release-plugin] prepare release jackson-core-2.20.0
• e16733a Prep for 2.20.0
• 93deb38 Drop RC from version pre-2.20.0 release
• f0bcc3c Handle deprecation warnings
• 6e70d08 Fix #1462: deprecate JsonFactory.createParser(URL) (#1464)
• 588cc76 Post release version bump
• 018f9e1 [maven-release-plugin] prepare for next development iteration
• 360e498 [maven-release-plugin] prepare release jackson-core-2.20.0-rc1
• 538ac44 Prep for 2.20.0-rc1
• dfbf47b Merge branch '2.19' into 2.x
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.19.2 to 2.20.0

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.19.2 to 2.20.0

Updates org.openapitools:jackson-databind-nullable from 0.2.6 to 0.2.7

Release notes

Sourced from org.openapitools:jackson-databind-nullable's releases.

v0.2.7 released

What's Changed

• Update parent and dependencies by @​Til7701 in OpenAPITools/jackson-databind-nullable#61
• 0.2.7 release by @​wing328 in OpenAPITools/jackson-databind-nullable#63
• update pom.xml to use central publishing maven plugin, add workflow by @​wing328 in OpenAPITools/jackson-databind-nullable#66

New Contributors

• @​Til7701 made their first contribution in OpenAPITools/jackson-databind-nullable#61

Full Changelog: OpenAPITools/jackson-databind-nullable@v0.2.6...v0.2.7

Commits

• 2f8776c set version for plugins
• 27dd77c update pom.xml with deploy and production
• 872a3d9 update pom.xml to use central publishing maven plugin, add workflow (#66)
• 10d3f44 add sec.gpg.enc
• 674ac07 0.2.7 release (#63)
• 6687b74 Update parent and dependencies (#61)
• See full diff in compare view

Updates org.junit.jupiter:junit-jupiter-api from 5.13.4 to 6.0.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

New Contributors

• @​eric6iese made their first contribution in junit-team/junit-framework#4717

Full Changelog: junit-team/junit-framework@r6.0.0-M1...r6.0.0-M2

... (truncated)

Commits

• 4f79594 Release 6.0.0
• 55af30a Revert "Use develop/6.x branch for junit-examples during release build"
• df3cfdd Release 5.14.0
• fcb84a2 Disable backward compatibility check when offline
• c9c8344 Prune 5.14.0 release notes
• 03d8a72 Update broken link to using API Gaurdian with bndtools
• 3a0b29b Use temporary JUnit 6 logo
• 6603caa Rename eclipseClasspath to eclipseConventions to avoid confusion
• ab3470b Make sealed MediaType work in Eclipse
• a8cd41e Remove annotations not visible in Eclipse
• Additional commits viewable in compare view

Updates io.github.classgraph:classgraph from 4.8.181 to 4.8.184

Release notes

Sourced from io.github.classgraph:classgraph's releases.

classgraph-4.8.184

• Fix #919 -- thanks to @​aurimasniekis
• Fix #920 via #921 -- thanks to @​chubert-ch

classgraph-4.8.183

• Fixed some build issues.

classgraph-4.8.182

• Dropped support for JDK 7 (since JDK 7 is no longer supported by javac as of JDK 20).
• Dropped support for JVM-Driver for overcoming strong encapsulation in problematic classloaders (Narcissus is still supported).
• Fix broken module declaration (#923, #922, #911).

Commits

• 49a64e7 Bump version number
• ef5c888 Merge branch 'latest' of https://github.com/classgraph/classgraph into latest
• 11cd1aa Probably fix #916
• b42e9b8 Merge pull request #919 from aurimasniekis/latest
• 4024fbf Build fix
• 6f60747 Bump minimum JDK version to 8
• 1534463 Remove EOL JVM-Driver support (Narcissus is still supported)
• f329d65 Remove EOL JVM-Driver support (Narcissus is still supported)
• f1b1a4f Update version number
• 4d94192 feat(scan): propagate ScanResult to module and package annotations
• Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_annotations from 2.40.0 to 2.42.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.42.0

New checks:

• ExplicitArrayForVarargs: discourage unnecessary explicit construction of an array to provide varargs.
• FloggerPerWithoutRateLimit: discourage Flogger's perUnique without rate limiting
• StringJoin: Ban String.join(CharSequence) and String.join(CharSequence, CharSequence)
• ThreadBuilderNameWithPlaceholder: Do not allow placeholders in Thread.Builder.name(String) or name(String, int).

Changes:

• The return type of ASTHelpers.asFlagSet has changed. The previous type was EnumSet<Flags.Flag>, where Flags.Flag is an enum in the javac class Flags. A recent JDK change has replaced that enum with a new top-level enum called FlagsEnum. It is not possible to change ASTHelpers.asFlagSet in a way that would be type-safe and compatible with the enums from JDKs both before and after the change. Instead, the method now returns ImmutableSet<String>, where the strings come from the toString() of the enum constants. That means they are "native", "abstract", etc.
• Flag IO.print[ln]() in SystemOut.

Full changelog: google/error-prone@v2.41.0...v2.42.0

Error Prone 2.41.0

New checks:

• EffectivelyPrivate: Detect declarations that have public or protected modifiers, but are effectively private

Changes:

• Skip BooleanLiteral findings if the target type is boxed (#5134)

Full changelog: google/error-prone@v2.40.0...v2.41.0

Commits

• 52b6180 Release Error Prone 2.42.0
• 691c64a Flag IO.print[ln]() in SystemOut.
• 0b751cd ExpicitArrayForVarargs: flag unnecessary explicit construction of an array to...
• 982fe20 Tweak links to point to newer versions.
• a2df97f [StatementSwitchToExpressionSwitch] fix bug where case null can sometimes b...
• e691be5 Fix (behind a flag) a silly bug in RedundantSetterCall.
• ce1a422 Add Durations.wait() to WaitMatchers.waitMethodWithTimeout (and make them...
• da03fea Update MethodCanBeStatic to be able to detect and trigger on Guice @​Provides ...
• 83e6582 RedundantSetterCall: note that setFooValue and setFooBytes can be aliases for...
• db62c8c Automated rollback of commit e1b16e24461d90f2b11f8213a68bfccc0426d4f3.
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.3.2 to 4.9.6.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.
• Commons io fileutils replaced by files.walk with detailed output moved to debug collection only rather than all runs
• Normalization of path to linux style
• Any regex usage is now precompiled
• Use re-entrant lock for source indexer
• Correct locale usage to use default if not given
• Block doctype and XXE when processing xml files
• Cleanup some fields from resources and in code never used

Producer

• Pin versions of github actions tools
• Run maven 3.6.3 integration test on windows to get more broad support
• Run maven integration test on mac to get more broad support
• Maven 4 integration tests will continue on linux
• Fix maven wrapper perceived path traversal issue
• Corrections to invoker to re-establish integration test verification's
• Fix bugs in integration tests
• Better secure xml usage in integration tests
• Cleanup integration test warnings
• Make sure transfer of artifacts is correctly disabled on integration tests

Spotbugs Maven Plugin 4.9.4.0

Release is large but mainly rewriting of underlying code. This supports spotbugs 4.9.4, additional details below.

Consumer

• Supporting spotbugs 4.9.4
• Updated all underlying dependencies

... (truncated)

Commits

• 9e8ce9d [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.6.0
• 96d5347 [pom] Bump spotbugs to 4.9.6
• 3408913 Merge pull request #1210 from spotbugs/renovate/spotbugs.version
• 13c11ab Update dependency com.github.spotbugs:spotbugs to v4.9.6

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.