chore(deps): bump the low-risk group across 1 directory with 18 updates

[dependabot]

Bumps the low-risk group with 18 updates in the /java directory:

Package	From	To
org.springframework.boot:spring-boot-dependencies	3.3.13	3.5.7
io.projectreactor:reactor-bom	2024.0.0	2024.0.11
org.springframework.cloud:spring-cloud-context	4.1.4	4.3.0
au.com.dius.pact:consumer	4.6.15	4.6.17
org.aspectj:aspectjrt	1.9.22.1	1.9.24
ch.qos.logback:logback-classic	1.5.18	1.5.20
ch.qos.logback:logback-core	1.5.18	1.5.20
jakarta.validation:jakarta.validation-api	3.1.0	3.1.1
com.github.spotbugs:spotbugs	4.8.6	4.9.8
org.pitest:pitest-junit5-plugin	1.2.1	1.2.3
org.apache.maven.plugins:maven-surefire-report-plugin	3.5.2	3.5.4
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.4
org.jacoco:jacoco-maven-plugin	0.8.12	0.8.14
com.github.spotbugs:spotbugs-maven-plugin	4.8.6.6	4.9.8.1
org.pitest:pitest-maven	1.17.1	1.21.0
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.14.1
org.springframework.boot:spring-boot-maven-plugin	3.3.13	3.5.7
org.codehaus.mojo:exec-maven-plugin	3.5.0	3.6.2

Updates org.springframework.boot:spring-boot-dependencies from 3.3.13 to 3.5.7

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.7

⭐ New Features

• Add TWENTY_FIVE to JavaVersion enum #47609

🐞 Bug Fixes

• Signed jar verification fails when nested in an uber war running on an Oracle JVM #47771
• In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #47737
• Homebrew formula for the CLI should use libexec #47722
• When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #47717
• ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #47678
• OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #47635
• JavaVersion doesn't work reliably in native-image #47620
• LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #47346
• Launcher fails to find main method when it is parameterless #47311
• Package private Main class using Java 25 is not found by build plugins #47309
• Bitnami legacy images are not automatically detected #47275
• Maven plugin does not provide an easy way to exclude optional dependencies from uber jar #25403

📔 Documentation

• Some spring.test.* properties are not documented #47775
• Dependency management for Maven AntRun Plugin is missing changelog link #47744
• Developing Your First Spring Boot Application has outdated tools #47700
• Include deprecated configuration properties in the reference documentation #47669
• Aggregated Javadoc should link to the proper version of JakartaEE #47593
• Update javadoc of TestRestTemplate following change to redirect behavior #47474
• Use non-deprecated syntax to configure sourceCompatibility #47343
• Fix link to Framework's @Bean annotation #47330
• Update managed dependency version override examples in documentation #47306

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.8 #47767
• Upgrade to Angus Mail 2.0.5 #47525
• Upgrade to AssertJ 3.27.6 #47526
• Upgrade to Byte Buddy 1.17.8 #47527
• Upgrade to Cassandra Driver 4.19.1 #47768
• Upgrade to Classmate 1.7.1 #47528
• Upgrade to Elasticsearch Client 8.18.8 #47671
• Upgrade to Glassfish JAXB 4.0.6 #47529
• Upgrade to GraphQL Java 24.3 #47755
• Upgrade to Groovy 4.0.29 #47713
• Upgrade to Hibernate 6.6.33.Final #47530
• Upgrade to HttpClient5 5.5.1 #47531
• Upgrade to HttpCore5 5.3.6 #47532
• Upgrade to Jakarta Mail 2.1.5 #47533
• Upgrade to Jakarta XML Bind 4.0.4 #47242
• Upgrade to Jetty 12.0.29 #47728

... (truncated)

Commits

• d3152ea Release v3.5.7
• af07358 Merge branch '3.4.x' into 3.5.x
• b0bef35 Document missing spring.test.* properties
• 6683d0f Merge branch '3.4.x' into 3.5.x
• 5ba3642 Next development version (v3.4.12-SNAPSHOT)
• 59aba4e Merge branch '3.4.x' into 3.5.x
• 4525a0c Merge pull request #47284 from DKARAGODIN
• 43d91ae Write signature files to uber wars for Oracle Java 17 verification
• eaad688 Upgrade to Spring Batch 5.2.4
• edee2de Upgrade to Cassandra Driver 4.19.1
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-bom from 2024.0.0 to 2024.0.11

Release notes

Sourced from io.projectreactor:reactor-bom's releases.

2024.0.11

2024.0.11 release train is made of:

• reactor-core 3.7.12
• reactor-addons 3.5.4
• reactor-pool 1.1.5
• reactor-netty 1.2.11

These artifacts didn't have any changes:

• reactor-kotlin-extensions 1.2.4
• reactor-kafka 1.3.24

2024.0.10

2024.0.10 release train is made of:

• reactor-core 3.7.11
• reactor-addons 3.5.3
• reactor-pool 1.1.4
• reactor-netty 1.2.10
• reactor-kotlin-extensions 1.2.4
• reactor-kafka 1.3.24

2024.0.9

2024.0.9 release train is made of:

• reactor-core 3.7.9
• reactor-netty 1.2.9

These artifacts didn't have any changes:

• reactor-addons 3.5.2
• reactor-pool 1.1.3
• reactor-kotlin-extensions 1.2.3
• reactor-kafka 1.3.23

2024.0.8

2024.0.8 release train is made of:

• reactor-core 3.7.8
• reactor-netty 1.2.8

These artifacts didn't have any changes:

• reactor-addons 3.5.2
• reactor-pool 1.1.3
• reactor-kotlin-extensions 1.2.3
• reactor-kafka 1.3.23

2024.0.7

2024.0.7 release train is made of:

... (truncated)

Commits

• 75891c8 [release] Prepare and release BOM 2024.0.11
• c99bc5f Bump github/codeql-action from 3 to 4 (#766)
• 94ff9e2 [release] Back to snapshots, next BOM will be SR 11
• c9ba68d [release] Prepare and release BOM 2024.0.10
• ab3edc3 Bump actions/setup-java from 4.7.1 to 5.0.0 (#765)
• 8bdad65 Bump Gradle to version 8.14.3
• 5bb2464 Bump actions/checkout from 4.2.2 to 5.0.0 (#764)
• 7d296a1 [release] Back to snapshots, next BOM will be SR 10
• faf0218 [release] Prepare and release BOM 2024.0.9
• c2618ba [release] Back to snapshots, next BOM will be SR 9
• Additional commits viewable in compare view

Updates org.springframework.cloud:spring-cloud-context from 4.1.4 to 4.3.0

Release notes

Sourced from org.springframework.cloud:spring-cloud-context's releases.

v4.3.0-RC1

What's Changed

• Bump @​springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1482
• Improve GenericScope to remove unused evaluationContext by @​quaff in spring-cloud/spring-cloud-commons#1486

Full Changelog: spring-cloud/spring-cloud-commons@v4.3.0-M3...v4.3.0-RC1

4.3.0-M3

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot] and @​quaff

What's Changed

• Bump @​springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1459
• Bump @​springio/asciidoctor-extensions from 1.0.0-alpha.14 to 1.0.0-alpha.16 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1462
• Manage the version of okhttp in commons by @​ryanjbaxter in spring-cloud/spring-cloud-commons#1470
• Bump @​springio/antora-extensions from 1.14.2 to 1.14.4 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1474
• Add unit test to verify spring.config.activate.on-profile is supported in bootstrap.yaml by @​quaff in spring-cloud/spring-cloud-commons#1469
• Bump @​springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1480
• Bump @​springio/asciidoctor-extensions from 1.0.0-alpha.16 to 1.0.0-alpha.17 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1483
• Use okhttp bom to manage all okhttp dependencies by @​ryanjbaxter in spring-cloud/spring-cloud-commons#1484

Full Changelog: spring-cloud/spring-cloud-commons@v4.3.0-M2...v4.3.0-M3

4.3.0-M2

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dependabot[bot]

4.3.0-M1

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​quaff

What's Changed

• Bump @​antora/collector-extension from 1.0.0 to 1.0.1 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1440
• Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1438
• Bump antora from 3.2.0-alpha.6 to 3.2.0-alpha.8 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1439
• Bump @​antora/collector-extension from 1.0.0-alpha.3 to 1.0.1 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1435
• Bump @​springio/antora-extensions from 1.11.1 to 1.14.2 in /docs by @​dependabot in spring-cloud/spring-cloud-commons#1429
• Fix typo by @​quaff in spring-cloud/spring-cloud-commons#1444

... (truncated)

Commits

• 6424826 Update SNAPSHOT to 4.3.0
• c9c3e56 Bumping dependency versions after release
• fc90712 Bumping versions to 4.3.1-SNAPSHOT after release
• 4333a70 Going back to snapshots
• 8ca17bd Update SNAPSHOT to 4.3.0
• 5c681ab Going back to snapshots
• 5328a1a Update SNAPSHOT to 4.3.0-RC1
• 4695668 Merge branch '4.2.x'
• 7897df3 Merge branch '4.1.x' into 4.2.x
• 99e710d Removed outdated HTTP Clients documentation
• Additional commits viewable in compare view

Updates au.com.dius.pact:consumer from 4.6.15 to 4.6.17

Release notes

Sourced from au.com.dius.pact:consumer's releases.

4.6.17

Bugfix Release

• b3656418f - fix: Only coerce strings to numbers when comparing headers and query parameters
• 1b1cf8432 - chore(compatibility-suite): Correct the shared steps after updating the compatibility suite
• c3938b4c8 - chore: Fix compatibility-suite CI build
• dea8fb762 - chore: Fix compatibility-suite CI build
• 8c5b0b1da - fix: Only split values of known multi-value headers #1852
• d7d30304c - fix: Matching rule paths for fields with only digits should not be written as indices #1851
• 5dba442e2 - fix: Lambda based DSL stringType method did not match the old DSL #1850
• 287b16c44 - feat: Pass any transport config to the plugin in the test context under the transport_config key
• 80d8a8779 - chore: Add example of a test with a pending interaction

4.6.16

Maintenance Release

• 2d2016317 - fix: Dependency conflict with org.slf4j:slf4j-api was causing Spring tests to fail
• 38c0d27b8 - feat: Update LambdaDsl.newJsonArray to allow setting the number of examples
• 19c663c8c - chore: The pact-jvm-server main spec was not configured correctly
• 147a2a661 - fix: LambdaDslJsonArray has no datetime function #1839
• e95461a6a - Fix path to Clojure example (Christoph Burgmer)
• 9f6b209e2 - chore: Add a test + update docs on JUnit 4 report dir default #1836
• 3e501f58e - chore: Add a test for pact-jvm-server

Changelog

Sourced from au.com.dius.pact:consumer's changelog.

4.6.17 - Bugfix Release

• b3656418f - fix: Only coerce strings to numbers when comparing headers and query parameters (Ronald Holshausen, Fri Feb 14 10:27:01 2025 +1100)
• 00e4b409f - Merge commit '8cb9773b51dc729c4d03414bcb8bc0a8843662a1' (Ronald Holshausen, Fri Feb 14 10:24:30 2025 +1100)
• 8cb9773b5 - Squashed 'compatibility-suite/pact-compatibility-suite/' changes from cc76eac3c..1acfa1ecb (Ronald Holshausen, Fri Feb 14 10:24:30 2025 +1100)
• 1b1cf8432 - chore(compatibility-suite): Correct the shared steps after updating the compatibility suite (Ronald Holshausen, Thu Feb 13 10:23:52 2025 +1100)
• f6fa6e3fe - Squashed 'compatibility-suite/pact-compatibility-suite/' changes from 416f3a64d..cc76eac3c (Ronald Holshausen, Thu Feb 13 10:06:48 2025 +1100)
• 878949219 - Merge commit 'f6fa6e3fe1da4c8fa8a7285f844c3187252365b3' (Ronald Holshausen, Thu Feb 13 10:06:48 2025 +1100)
• c3938b4c8 - chore: Fix compatibility-suite CI build (Ronald Holshausen, Thu Feb 13 09:34:10 2025 +1100)
• dea8fb762 - chore: Fix compatibility-suite CI build (Ronald Holshausen, Thu Feb 13 09:15:34 2025 +1100)
• 8c5b0b1da - fix: Only split values of known multi-value headers #1852 (Ronald Holshausen, Wed Feb 12 16:01:17 2025 +1100)
• d7d30304c - fix: Matching rule paths for fields with only digits should not be written as indices #1851 (Ronald Holshausen, Wed Feb 12 11:21:26 2025 +1100)
• 5dba442e2 - fix: Lambda based DSL stringType method did not match the old DSL #1850 (Ronald Holshausen, Wed Feb 12 10:27:13 2025 +1100)
• 287b16c44 - feat: Pass any transport config to the plugin in the test context under the transport_config key (Ronald Holshausen, Mon Dec 16 10:34:56 2024 +1100)
• 80d8a8779 - chore: Add example of a test with a pending interaction (Ronald Holshausen, Fri Dec 6 09:38:52 2024 +1100)
• 8b09520f2 - bump version to 4.6.17 (Ronald Holshausen, Thu Dec 5 09:50:10 2024 +1100)

4.6.16 - Maintenance Release

• 2d2016317 - fix: Dependency conflict with org.slf4j:slf4j-api was causing Spring tests to fail (Ronald Holshausen, Wed Dec 4 14:21:15 2024 +1100)
• 38c0d27b8 - feat: Update LambdaDsl.newJsonArray to allow setting the number of examples (Ronald Holshausen, Wed Dec 4 10:59:23 2024 +1100)
• 19c663c8c - chore: The pact-jvm-server main spec was not configured correctly (Ronald Holshausen, Wed Dec 4 10:24:23 2024 +1100)
• 147a2a661 - fix: LambdaDslJsonArray has no datetime function #1839 (Ronald Holshausen, Wed Dec 4 10:23:10 2024 +1100)
• c7911705b - chore: Update readme (Ronald Holshausen, Wed Dec 4 09:59:01 2024 +1100)
• 7229244f6 - Merge pull request #1837 from cburgmer/patch-1 (Ronald Holshausen, Fri Nov 15 10:03:21 2024 +1100)
• e95461a6a - Fix path to Clojure example (Christoph Burgmer, Thu Nov 14 14:21:10 2024 +0100)
• 9f6b209e2 - chore: Add a test + update docs on JUnit 4 report dir default #1836 (Ronald Holshausen, Thu Nov 14 15:58:48 2024 +1100)
• 3e501f58e - chore: Add a test for pact-jvm-server (Ronald Holshausen, Tue Oct 29 17:40:28 2024 +1100)
• 85c92365e - Update README.md (Ronald Holshausen, Tue Oct 29 11:32:02 2024 +1100)
• 5c41e17fc - bump version to 4.6.16 (Ronald Holshausen, Tue Oct 29 10:38:07 2024 +1100)

Commits

• See full diff in compare view

Updates org.aspectj:aspectjrt from 1.9.22.1 to 1.9.24

Release notes

Sourced from org.aspectj:aspectjrt's releases.

1.9.24

Java 24

AspectjJ 1.9.24 release notes

1.9.23

Java 23

AspectjJ 1.9.23 release notes

Commits

• See full diff in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 930fb15 prepare release 1.5.20
• 0b4432a provide an alternative to Janino based conditional configuration processing -...
• 258558f provide an alternative to Janino based conditional configuration processing -...
• ee77a70 provide an alternative to Janino based conditional configuration processing -...
• 5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
• 728803f fix typo
• aa5eeb1 start work on version 1.5.20-SNAPSHOT
• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 930fb15 prepare release 1.5.20
• 0b4432a provide an alternative to Janino based conditional configuration processing -...
• 258558f provide an alternative to Janino based conditional configuration processing -...
• ee77a70 provide an alternative to Janino based conditional configuration processing -...
• 5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
• 728803f fix typo
• aa5eeb1 start work on version 1.5.20-SNAPSHOT
• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.20

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.19

2025-09-30 Release of logback version 1.5.19

• Disallow "new" operator in the condition attribute of <if> elements. This fixes an ACE vulnerability recorded as CVE-2025-11226.

• At initialization time, slightly better reporting about watched configuration files.

• Softer message regarding usage of ConsoleAppender and its potential impact on performance.

• In ViewStatusMessagesServlet, restrict processing of "Clear" button to POST method. This change was proposed by Ralf Wiebicke who also provided the relevant PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e572d4f87f06674788eb3ca7148e8d1dffc615fa associated with the tag v_1.5.19. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 930fb15 prepare release 1.5.20
• 0b4432a provide an alternative to Janino based conditional configuration processing -...
• 258558f provide an alternative to Janino based conditional configuration processing -...
• ee77a70 provide an alternative to Janino based conditional configuration processing -...
• 5ca7ce8 provide an alternative to Janino based conditional configuration processing -...
• 728803f fix typo
• aa5eeb1 start work on version 1.5.20-SNAPSHOT
• e572d4f skip deployment of blackbox and example modules, published as version 1.5.9
• 4adae8b add plugin for Maven Central deployment
• ee70cf4 prepare release 1.5.19
• Additional commits viewable in compare view

Updates jakarta.validation:jakarta.validation-api from 3.1.0 to 3.1.1

Release notes

Sourced from jakarta.validation:jakarta.validation-api's releases.

3.1.1

What's Changed

• Add Jakarta Validation 3.1 XSDs by @​marko-bekhta in jakartaee/validation#221

New Contributors

• @​marko-bekhta made their first contribution in jakartaee/validation#221

Full Changelog: jakartaee/validation@3.1.0...3.1.1

Commits

• a188798 Prepare a 3.1.1 service release
• d93abee Include the xsd files in the api jar
• 1b6f29f Add Jakarta Validation 3.1 XSDs (#221)
• See full diff in compare view

Updates com.github.spotbugs:spotbugs from 4.8.6 to 4.9.8

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

4.9.8

SpotBugs 4.9.8

CHANGELOG

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.8-javadoc.jar	06fb742e3170087983c5855d7d8d846d7cdab9badfdf4b3564b424deb1dc0b28
spotbugs-4.9.8-sources.jar	cbee8358dd239e81fdcf37c32d1e6bedf148d25638b0c8d1b687d97c3061ecd9
spotbugs-4.9.8.tgz	2eb8e0f2b223c22ffa2ce0c1cf1be4127dde19d240b8f7ce69a5fd3ad5c36ff3
spotbugs-4.9.8.zip	e13d476403cf69074f415e35ebcc2f865f7a1ea444c1e659516bc0260e74dfa5
spotbugs-annotations-4.9.8-javadoc.jar	aecf15bb27a4d067e9b5a1c85b5d3aeefc5026a66e93040995804662e285d679
spotbugs-annotations-4.9.8-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
spotbugs-ant-4.9.8-javadoc.jar	025b2fb90e089dab1875068397736003bbf9e66bcac287ecb9e512dd0d387748
spotbugs-ant-4.9.8-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	4469bc080afe7cd2290a20bf63e28392b80abcc7c7ace33c8f55da52a17c7ca5
test-harness-4.9.8-javadoc.jar	81677f77441af941613c99a4f04b3cb2f6b1950be589afdec03905d8e2917824
test-harness-4.9.8-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.8.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.8-javadoc.jar	e3e64a5fd96be16eec8b832e87da703e5eae910b3abd7bda9ff81a10363e5c7f
test-harness-core-4.9.8-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.9.8.jar	4e439df3b499660d91a659d7c523fcdc4945c932dfc7fee68e796193f9dff6bb
test-harness-jupiter-4.9.8-javadoc.jar	ae8ddee06796757be0526af1adf5969fbc149c0cf83542e6641405e69a044496
test-harness-jupiter-4.9.8-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.9.8.jar	9e1bc39da08c6c80091f34f1fd92ec092109d0cdfd8009910bc22772df06eea7

4.9.7

SpotBugs 4.9.7

CHANGELOG

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.8 - 2025-10-18

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

4.9.7 - 2025-10-14

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

• Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

... (truncated)

Commits

• c1fa7f2 release v4.9.8
• 023f8dd fix(deps): update dependency org.apache.groovy:groovy-all to v5.0.2 (#3782)
• 423f1d1 Unconditional while loops no raising IL_INFINITE_LOOP (#3537)
• 9125bee Fix priority adjustment code
• 183da6c fix(deps): update dependency org.springframework:spring-core to v6.2.12 (#3779)
• a499f2e chore(deps): update dependency com.diffplug.gradle:goomph to v4.4.1 (#3776)
• b339bc1 Unconditionally initialize PriorityAdjuster for AbstractBugReporter
• 96891fe chore(deps): update plugin com.github.spotbugs to v6.4.3 (#3773)
• a3667d7 chore(docs): Updated supported versions
• 333a96a prepare for next release
• Additional commits viewable in compare view

Updates org.pitest:pitest-junit5-plugin from 1.2.1 to 1.2.3

Release notes

Sourced from org.pitest:pitest-junit5-plugin's releases.

1.2.2

What's Changed

• #109 Set junit-platform-launcher to provided scope

The pitest maven and gradle plugins now automatically resolve the correct version of platform launcher at runtime. The built against version of platform-launcher was however being included as a transitive dependency sometimes causing a conflict at runtime, particularly with 1.12.0.

Commits

• e05e0f1 Merge pull request #111 from pitest/bug/quarkus_3_22_x
• f9cf268 update for central publishing
• c4b2642 support quarkus 3.22.x
• 00210df remove duplication
• 8e14b9d Merge pull request #99 from Wolf2323/emptyGroups
• 9010488 Merge branch 'master' into emptyGroups
• 1b6cf24 bump version numbers
• a67b85c update for 1.2.2
• 3f50ef2 Merge pull request #109 from pitest/bug/junit_platform
• 3316987 set junit-platform-launcher to provided scope
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski

... (truncated)

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4

[dependabot]

Assignees

The following users could not be added as assignees: steveclewer. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.