Bump the dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the dependencies group with 10 updates in the / directory:

Package	From	To
software.amazon.awssdk:secretsmanager	2.29.6	2.35.0
com.github.spotbugs:spotbugs-annotations	4.8.6	4.9.6
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.14.1
org.apache.maven.plugins:maven-javadoc-plugin	3.11.1	3.12.0
com.github.spotbugs:spotbugs-maven-plugin	4.8.6.5	4.9.6.0
org.jacoco:jacoco-maven-plugin	0.8.12	0.8.13
org.apache.maven.plugins:maven-dependency-plugin	3.8.1	3.9.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.4
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.9.0

Updates software.amazon.awssdk:secretsmanager from 2.29.6 to 2.35.0

Updates com.github.spotbugs:spotbugs-annotations from 4.8.6 to 4.9.6

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.9.6

SpotBugs 4.9.6

CHANGELOG

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.6-javadoc.jar	b4b9373ad6f22ad2547a8274501f87b01e2428c30aabaea3aeec3f9095636e24
spotbugs-4.9.6-sources.jar	89687b6e685c9a07f7faf49f29b832fb861884f2160947eb4396498cdbb33cc4
spotbugs-4.9.6.tgz	55aa9b9e3deef0391be285335dcf134d1ce54aae222bba1da757eaa616108957
spotbugs-4.9.6.zip	86fb3f93c4147383f76fe21ab2807956b34cf17108a42a76311efa4977f952cc
spotbugs-annotations-4.9.6-javadoc.jar	4c9f8027f6a2313ef22347f4832e5dccc9c58d350d1bd5bff4d5a53f37e1c220
spotbugs-annotations-4.9.6-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	523d394a6b36174ad0a22f0c1c75b105ccff42869a8b7ce86e7fd339ca6f86ce
spotbugs-ant-4.9.6-javadoc.jar	9b510af8cd3a5c62560fe544b730ebf44cbb109e085fe526add155258612273c
spotbugs-ant-4.9.6-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	62a0def31899338200fc9013b4db8a8aedfc3536ca7d70d59038b092dfaa6819
test-harness-4.9.6-javadoc.jar	bdcef7587312fb9a85d0d292623ea1a779bfe8b9a5e321d73bb8ad92ce79ed0a
test-harness-4.9.6-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.6.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.6-javadoc.jar	7d7a7d6944e7199e06384104b163c11145ed60dd567fefd9b788f3ac03770e18
test-harness-core-4.9.6-sources.jar	656579431db1b2714faeeca3c3d59426e2ffdfdb0725546b4090f993d2413eeb
test-harness-core-4.9.6.jar	66db286ae1dd056458c1e0303a8e2f81fe95a2c5d2888172a3ed17e993434bf1
test-harness-jupiter-4.9.6-javadoc.jar	8925836d7d1198ec223c4ff5118fd596278df4157d910eb767f7f312a7df8904
test-harness-jupiter-4.9.6-sources.jar	59bbb8581ed4bdd212a669d94ec363b6c1d6df9276a608359c66d7f0c1688279
test-harness-jupiter-4.9.6.jar	0582a99bdc66e24c7e36753014729149189fd27129ec5a2f38a8d67457bc9696

SpotBugs 4.9.5

CHANGELOG

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

CHECKSUM

| file | checksum (sha256) |

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)

... (truncated)

Commits

• aa3a737 release v4.9.6
• 7d37faa chore(build): Temporarily remove the publish part
• 923f053 chore(docs): Minor syntax
• d662709 chore(build): Rework the bin/hub to gh replacement
• 95470b8 prepare for next release
• 71e3706 release v4.9.6
• 68013c0 chore(Build): Rename as yaml extensions, use gh, and update conf versions (#3...
• 9f0ec12 chore: Use proper import (#3716)
• 6f81754 chore(deps): update plugin com.gradle.develocity to v4.2 (#3714)
• 1f1fd68 Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest ...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

• Improve DeltaList behavior for large projects (#335) @​gsmet
• Allow to not use --module-version for the Java compiler (#331) @​pzygielo

🐛 Bug Fixes

• Add generatedSourcesPath back to the maven project (#312) @​mensinda
• [MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @​mensinda

📦 Dependency updates

• Enforce asm version used here, to not depend on brittle transitive (#964) @​olamy
• Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

3.14.0

🚀 New features and improvements

• Enable GitHub Issues (#305) @​slawekjaranowski
• [MCOMPILER-579] - allow module-version configuration (#273) @​mguillem
• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Update release-drafter configuration, PR automation (#281) @​slawekjaranowski
• [MCOMPILER-588] - JUnit4 test framework to JUnit5 migration (#236) @​MidNight-er

🐛 Bug Fixes

• Fix release-drafter config (#292) @​slawekjaranowski
• [MCOMPILER-591] - testCompile - fix detections of target less than 1.9 (#240) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0 - JDK 24 support (#293) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#283) @dependabot[bot]
• Bump org.mockito:mockito-core from 4.8.0 to 4.11.0 (#288) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#285) @dependabot[bot]
• [MCOMPILER-590] - Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#235) @dependabot[bot]

👻 Maintenance

• Update scm tag according to branch (#303) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#300) @​Bukama
• Use JUnit version from parent (#299) @​slawekjaranowski
• [MCOMPILER-529] - Update docs about version schema (Maven 3) (#295) @​Bukama

... (truncated)

Commits

• 0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
• 1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
• f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
• 63846f1 Improve DeltaList behavior for large projects (#335)
• ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
• 164bad4 Allow to not use --module-version for the Java compiler
• 0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
• 5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
• 17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
• d44d1be Add generatedSourcesPath back to the maven project
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

• remove fix mojo (#1263) @​elharo
• detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @​olamy

🐛 Bug Fixes

• Fix legacyMode (#1265) @​fridrich
• Fix package {...} does not exist in legacyMode (#1243) @​JackPGreen
• Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @​elharo
• Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @​perceptron8

👻 Maintenance

• protect 3.8.x branch (#1238) @​hboutemy
• feat: enable prevent branch protection rules (#1228) @​sparsick

📦 Dependency updates

• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

• Remove workaround for long patched CVE in javadoc (#388) @​elharo

🚀 New features and improvements

• Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @​olamy

🐛 Bug Fixes

• Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @​fridrich
• [MJAVADOC-826] - Don't try to modify project source roots (#358) @​oehme

📝 Documentation updates

• Correct javadoc-no-fork description on index-page (#368) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @​Bukama
• (doc) Close links tag in links parameter javadoc example (#355) @​sixcorners

👻 Maintenance

• Be consistent about data encoding when copying files (#1215) @​fridrich
• Clean up JavadocUtilTest (#1210) @​elharo
• Use Java 7 relativization instead of hand-rolled code (#385) @​elharo
• Rephrase source code fix interactive messages for clarity (#390) @​elharo

... (truncated)

Commits

• 2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
• a71ecf9 bump version 3.12.0-SNAPSHOT
• 88f2b71 [maven-release-plugin] prepare for next development iteration
• 7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4
• c11b76c In legacyMode, don't use -sourcepath, unless excludePackageNames is not empty...
• bc9904b remove fix mojo (#1263)
• f310135 Fix package {...} does not exist in legacyMode (#1243)
• c8270f9 detectOfflineLinks is now false per default for all jar mojo issue #1258 ...
• 953e609 Delete flaky test (#1260)
• 2bba7a4 Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.5 to 4.9.6.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.
• Commons io fileutils replaced by files.walk with detailed output moved to debug collection only rather than all runs
• Normalization of path to linux style
• Any regex usage is now precompiled
• Use re-entrant lock for source indexer
• Correct locale usage to use default if not given
• Block doctype and XXE when processing xml files
• Cleanup some fields from resources and in code never used

Producer

• Pin versions of github actions tools
• Run maven 3.6.3 integration test on windows to get more broad support
• Run maven integration test on mac to get more broad support
• Maven 4 integration tests will continue on linux
• Fix maven wrapper perceived path traversal issue
• Corrections to invoker to re-establish integration test verification's
• Fix bugs in integration tests
• Better secure xml usage in integration tests
• Cleanup integration test warnings
• Make sure transfer of artifacts is correctly disabled on integration tests

Spotbugs Maven Plugin 4.9.4.0

Release is large but mainly rewriting of underlying code. This supports spotbugs 4.9.4, additional details below.

Consumer

• Supporting spotbugs 4.9.4
• Updated all underlying dependencies

... (truncated)

Commits

• 9e8ce9d [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.6.0
• 96d5347 [pom] Bump spotbugs to 4.9.6
• 3408913 Merge pull request #1210 from spotbugs/renovate/spotbugs.version
• 13c11ab Update dependency com.github.spotbugs:spotbugs to v4.9.6
• 560c469 Merge pull request #1208 from spotbugs/release/4.9.5.0
• 7cf0beb [maven-release-plugin] prepare for next development iteration
• 9cd9b6f [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.5.0
• 3171de8 Set version for next release to 4.9.5.0 snapshot
• 7770420 Merge pull request #1207 from spotbugs/renovate/spotbugs.version
• 03f9784 Update dependency com.github.spotbugs:spotbugs to v4.9.5
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.13

New Features

• JaCoCo now officially supports Java 23 and Java 24 (GitHub #1757, #1631, #1867).
• Experimental support for Java 25 class files (GitHub #1807).
• Calculation of line coverage for Kotlin inline functions (GitHub #1670).
• Calculation of line coverage for Kotlin inline functions with reified type parameter (GitHub #1670, #1700).
• Calculation of coverage for Kotlin JvmSynthetic functions (GitHub #1700).
• Part of bytecode generated by the Kotlin Compose compiler plugin is filtered out during generation of report (GitHub #1616).
• Part of bytecode generated by the Kotlin compiler for inline value classes is filtered out during generation of report (GitHub #1475).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas without suspension points is filtered out during generation of report (GitHub #1283).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable enum subject is filtered out during generation of report (GitHub #1774).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable String subject is filtered out during generation of report (GitHub #1769).
• Part of bytecode generated by the Kotlin compiler for chains of safe call operators is filtered out during generation of report (GitHub #1810, #1818).
• Method getEntries generated by the Kotlin compiler for enum classes is filtered out during generation of report (GitHub #1625).
• Methods generated by the Kotlin compiler for constructors and functions with JvmOverloads annotation are filtered out (GitHub #1768).

Fixed bugs

• Fixed interpretation of Kotlin SMAP (GitHub #1525).
• File extensions are preserved in HTML report in case of clashes of normalized file names (GitHub #1660).

Non-functional Changes

• JaCoCo build now uses Maven Wrapper and requires at least Maven 3.9.9 (GitHub #1708, #1707, #1681).
• JaCoCo now depends on ASM 9.8 (GitHub #1862).
• More context information when IllegalArgumentException occurs during reading of zip file (GitHub #1833).

Commits

• 78d5eff Prepare release 0.8.13
• e579092 Happy birthday Java 24! (#1867)
• 17d31aa Upgrade ASM to 9.8 (#1863)
• ee07ecb Upgrade Kotlin to 2.1.20 (#1860)
• f0dcc6b Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#1861)
• 99707c3 Upgrade spotless-maven-plugin to 2.44.3 (#1851)
• 21f6a99 Upgrade maven-deploy-plugin to 3.1.4 (#1854)
• c7da68b Upgrade maven-install-plugin to 3.1.4 (#1853)
• 80ebc77 Upgrade maven-clean-plugin to 3.4.1 (#1850)
• 0bb8bd5 Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#1852)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

• Use Resolver API in go-offline for dependencies resolving (#1533) @​slawekjaranowski
• Use Resolver API in go-offline for plugins resolving (#1532) @​slawekjaranowski
• Fixes #1522, add render-dependencies mojo (#1523) @​rmannibucau
• Use Resolver API in resolve-plugin (#1521) @​slawekjaranowski
• [MEDP-964] - unconditionally ignore dependencies known to be loaded by reflection (#1492) @​elharo
• Update maven-dependency-analyzer to support Java24 (#528) @​talios
• [MDEP-972] - copy-dependencies: copy signatures alongside artifacts (#514) @​Ndacyayisenga-droid
• [MDEP-776] - Warn when multiple dependencies have the same file name (#463) @​elharo
• [MDEP-966] - Migrate AnalyzeDepMgt to Sisu (#473) @​elharo
• [MDEP-957] - By default, don't report slf4j-simple as unused (#433) @​elharo

🐛 Bug Fixes

• ProjectBuildingRequest should not be modified (#1520) @​slawekjaranowski
• Fix - markersDirectory is not working when unpack goal is executed from command line (#537) @​vaibhavbatra15
• Fix broken link for analyze-exclusions-mojo on usage-page (#521) @​Bukama
• [MDEP-839] - Avoid extra blank lines in file (#495) @​elharo
• Update collect URL (#510) @​elharo
• [MDEP-689] - Fixes ignored dependency filtering in go-offline goal (#417) @​ldhardy
• [MDEP-960] - Repair silent logging (#447) @​elharo

📝 Documentation updates

• [MDEP-933] - Document dependency tree output formats (#535) @​Ndacyayisenga-droid
• Add additional comment to clarify the minimal supported version of ou… (#465) @​gluxhappy
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#511) @​Bukama
• Unix file separators (#507) @​elharo

👻 Maintenance

• Simplify usage of RepositoryManager and DependencyResolver (#1518) @​slawekjaranowski
• Use Resolver API in copy and unpack (#1514) @​slawekjaranowski
• Update site descriptor to 2.0.0 (#1508) @​slawekjaranowski
• Enable prevent branch protection rules (#1503) @​slawekjaranowski
• Fix [MDEP-931] - Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses (#530) @​Ndacyayisenga-droid
• Cleanups dependencies (#1496) @​slawekjaranowski
• Copy edit parameter descriptions (#1488) @​elharo
• Small Javadoc clarifications (#533) @​elharo
• [MDEP-967] - Change info to debug logging in AbstractFromConfigurationMojo (#529) @​Ndacyayisenga-droid
• fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml (#526) @​Ndacyayisenga-droid
• Enable GH issues (#522) @​Bukama
• Remove redundant/unneeded code (#519) @​elharo
• Add PR Automation and Stale actions (#513) @​slawekjaranowski
• Keep files in temporary directory to be deleted after test (#508) @​pzygielo
• Drop unnecessary call (#509) @​pzygielo
• Avoid deprecated ArtifactFactory (#489) @​elharo

... (truncated)

Commits

• 826e5f0 [maven-release-plugin] prepare release maven-dependency-plugin-3.9.0
• 0db1acc Use Resolver API in go-offline for dependencies resolving (#1533)
• e50031a Use Resolver API in go-offline for plugins resolving
• 6ed4b1a Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
• 8776c61 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
• d2af78e Ignore Mockito 5.x and SLF4j 2.x by dependabot
• dcd4b7d Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
• 7523948 Strict check of dependencies usage
• 23186d4 Fixes #1522, add render-dependencies mojo (#1523)
• bc1893f Use Resolver API in resolve-plugin
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski

... (truncated)

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
• 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
• 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
• 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
• 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)