Bump the maven-dependencies group with 6 updates

[dependabot]

Bumps the maven-dependencies group with 6 updates:

Package	From	To
org.mockito:mockito-core	5.5.0	5.6.0
com.google.guava:guava	32.1.2-jre	32.1.3-jre
org.codehaus.mojo:versions-maven-plugin	2.9.0	2.16.1
org.apache.maven.plugins:maven-surefire-plugin	3.1.2	3.2.1
org.owasp:dependency-check-maven	8.4.0	8.4.2
org.jacoco:jacoco-maven-plugin	0.8.10	0.8.11

Updates org.mockito:mockito-core from 5.5.0 to 5.6.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.6.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.6.0

• 2023-10-06 - 22 commit(s) by Andreas Turban, Stefan M, StevenCurran, Yevhen Lazhyntsev, dependabot[bot]
• Use spdx identifier for license name [(#3134)](mockito/mockito#3134)
• Fixes #1382 Jupiter Captor annotation support [(#3133)](mockito/mockito#3133)
• Bump com.gradle.enterprise from 3.15 to 3.15.1 [(#3132)](mockito/mockito#3132)
• Bump com.google.googlejavaformat:google-java-format from 1.18.0 to 1.18.1 [(#3131)](mockito/mockito#3131)
• Make MockUtil.getMockMaker() public Mockito API [(#3129)](mockito/mockito#3129)
• Make MockUtil.getMockMaker() public or public Mockito API [(#3128)](mockito/mockito#3128)
• Bump com.google.googlejavaformat:google-java-format from 1.17.0 to 1.18.0 [(#3126)](mockito/mockito#3126)
• Bump com.diffplug.spotless from 6.21.0 to 6.22.0 [(#3125)](mockito/mockito#3125)
• Bump versions.errorprone from 2.21.1 to 2.22.0 [(#3122)](mockito/mockito#3122)
• Bump versions.bytebuddy from 1.14.7 to 1.14.8 [(#3117)](mockito/mockito#3117)
• Bump com.gradle.enterprise from 3.14.1 to 3.15 [(#3115)](mockito/mockito#3115)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.18.400 to 3.18.500 [(#3113)](mockito/mockito#3113)
• Bump com.github.ben-manes.versions from 0.47.0 to 0.48.0 [(#3110)](mockito/mockito#3110)
• Bump actions/checkout from 3 to 4 [(#3108)](mockito/mockito#3108)
• Bump com.diffplug.spotless from 6.20.0 to 6.21.0 [(#3106)](mockito/mockito#3106)
• Bump versions.bytebuddy from 1.14.6 to 1.14.7 [(#3105)](mockito/mockito#3105)
• Update Javadoc for ArgumentCaptor [(#3103)](mockito/mockito#3103)
• Bump org.jetbrains.kotlin:kotlin-gradle-plugin from 1.9.0 to 1.9.10 [(#3102)](mockito/mockito#3102)
• Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.0 to 1.9.10 [(#3101)](mockito/mockito#3101)
• Bump org.codehaus.groovy:groovy from 3.0.18 to 3.0.19 [(#3100)](mockito/mockito#3100)
• Resolve more Gradle Tasks lazily [(#3099)](mockito/mockito#3099)
• Added JavaFlightRecorder options for Tests [(#3098)](mockito/mockito#3098)
• Default mock of Optional.isEmpty() returns true for RETURN_DEEP_STUBS [(#3097)](mockito/mockito#3097)
• Default mock of Optional is not empty when using RETURN_DEEP_STUBS [(#2865)](mockito/mockito#2865)
• Support @​Captor injection in JUnit 5 method parameters [(#1382)](mockito/mockito#1382)

Commits

• 6f4eb02 Add parameter support for @Captor with JUnit Jupiter (#3133)
• fb48e09 Make MockUtil.getMockMaker() public Mockito API (#3129)
• 597e902 Use spdx identifier for license name (#3134)
• 2dd0f08 Bump com.google.googlejavaformat:google-java-format (#3131)
• 1c02bd7 Bump com.gradle.enterprise from 3.15 to 3.15.1 (#3132)
• edc6243 Bump com.google.googlejavaformat:google-java-format (#3126)
• 6d093b4 Bump com.diffplug.spotless from 6.21.0 to 6.22.0 (#3125)
• 5d946b4 Bump versions.errorprone from 2.21.1 to 2.22.0 (#3122)
• 20e878f Bump versions.bytebuddy from 1.14.7 to 1.14.8 (#3117)
• bf3f9e9 Bump com.gradle.enterprise from 3.14.1 to 3.15 (#3115)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 32.1.2-jre to 32.1.3-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.1.3

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.3-jre</version>
  <!-- or, for Android: -->
  <version>32.1.3-android</version>
</dependency>

Jar files

• 32.1.3-jre.jar
• 32.1.3-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 32.1.3-jre
• 32.1.3-android

JDiff

• 32.1.3-jre vs. 32.1.2-jre
• 32.1.3-android vs. 32.1.2-android
• 32.1.3-android vs. 32.1.3-jre

Changelog

• Changed Gradle Metadata to include dependency versions directly. This may address "Could not find some-dependency" errors that some users have reported (which might be a result of users' excluding guava-parent). (c6d35cf1a5)
• collect: Changed Multisets.unmodifiableMultiset(set).removeIf(predicate) to throw an exception always, even if nothing matches predicate. (61dbccfda3)
• graph: Fixed the behavior of Graph/ValueGraph views for a node when that node is removed from the graph. (950799691c)
• io: Fixed Files.createTempDir and FileBackedOutputStream under Windows services, a rare use case. (The fix actually covers only Java 9+ because Java 8 would require an additional approach. Let us know if you need support under Java 8.) (f87f68cd3e)
• net: Made MediaType.parse allow and skip over whitespace around the / and = separator tokens in addition to the ; separator, for which it was already being allowed. (2786f83291)
• util.concurrent: Tweaked Futures.getChecked constructor-selection behavior: The method continues to prefer to call constructors with a String parameter, but now it breaks ties based on whether the constructor has a Throwable parameter. Beyond that, the choice of constructor remains undefined. (For this and other reasons, we discourage the use of getChecked.) (59cfb2267a)

Commits

• See full diff in compare view

Updates org.codehaus.mojo:versions-maven-plugin from 2.9.0 to 2.16.1

Release notes

Sourced from org.codehaus.mojo:versions-maven-plugin's releases.

2.16.1

Changes

🐛 Bug Fixes

• Resolves #978 - use-releases does not update parent (#1007) @​ajarmoniuk
• Correct message if the latest version of parent is used for update-parent (#1000) @​slawekjaranowski
• Resolves #995: Minimum version required for Versions Maven Plugin should is not the minimum version for the project (#996) @​ajarmoniuk
• Resolves #990: Check prerequisites if required enforcer Maven version is empty (#994) @​ajarmoniuk
• Fix links for XSD in report models (#992) @​slawekjaranowski
• Use versions of dummy artifacts in IT assertions (#988) @​slawekjaranowski
• Resolves #973: NPE if actual version is null for a dependency (#974) @​ajarmoniuk

📦 Dependency updates

• Bump org.springframework:spring-framework-bom from 3.2.17.RELEASE to 4.3.30.RELEASE in /versions-maven-plugin/src/it/it-property-updates-report-002-slow (#999) @​dependabot
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#993) @​dependabot
• Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (#989) @​dependabot
• Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#987) @​dependabot
• Bump mojo-parent from 75 to 76 (#986) @​dependabot
• Bump commons-codec from 1.15 to 1.16.0 (#977) @​dependabot
• Bump commons-io from 2.12.0 to 2.13.0 (#972) @​dependabot

👻 Maintenance

• Cleanup pluginManagement from mock artifacts (#1008) @​slawekjaranowski
• #1001: added a test case for the issue (#1003) @​ajarmoniuk

2.16.0

Changes

🚀 New features and improvements

• Use update policy DAILY instead of NEVER for remote repositories (#957) @​slawekjaranowski
• Issue #74: Add display-extension-updates (#908) @​ajarmoniuk

🐛 Bug Fixes

• Resolves: display-dependency-updates only shows updates from the most major allowed segment (#966) @​ajarmoniuk
• Resolves #931: Fixing problems with encoding in UseDepVersion and PomHelper (#932) @​ajarmoniuk
• Resolves #916: Partially reverted #799. (#924) @​ajarmoniuk
• Resolves #954: Excluded plexus-container-default (#955) @​ajarmoniuk
• Resolves #951: DefaultArtifactVersion::getVersion can be null (#952) @​ajarmoniuk
• BoundArtifactVersion.toString() to work with NumericVersionComparator (#930) @​ajarmoniuk
• Issue #925: Protect against an NPE if a dependency version is defined in dependencyManagement (#926) @​ajarmoniuk

📦 Dependency updates

• Bump mojo-parent from 74 to 75 (#970) @​dependabot
• Bump commons-io from 2.11.0 to 2.12.0 (#958) @​dependabot

... (truncated)

Commits

• a7e6cdb [maven-release-plugin] prepare release 2.16.1
• d24a89c Cleanup pluginManagement from mock artifacts
• 1d03956 Resolves #978
• 15d7a17 #1001: added a test case
• 0b0fdf8 Correct message if the latest version of parent is used for update-parent
• 220c4ef Resolves #995: Minimum version required for Versions Maven Plugin should is n...
• 1cfdb54 Resolves #990: Check prerequisites if required enforcer Maven version is empty
• 938ebdf Bump org.springframework:spring-framework-bom
• 6cd759c Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0
• 018856c Fix links for XSD in report models
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.1

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.2.1

🚀 New features and improvements

• [SUREFIRE-1124] - Support forkNumber in environment variables (#664) @​swismer
• [SUREFIRE-2177] - Use junit-bom instead of single JUnit 5 versions (#663) @​scordio
• [SUREFIRE-2179] - Support adding additional Maven dependencies to the test runtime classpath (#667) @​kwin
• [SUREFIRE-2178] - clarify classpathDependencyExcludes (#666) @​kwin
• [SUREFIRE-2182] - Log starter implementation on DEBUG level (#665) @​kwin

🐛 Bug Fixes

• [SUREFIRE-2190] - Fix module dependencies for compile only dependencies (#668) @​hgschmie

📝 Documentation updates

• Fix TestNG web site URL (#671) @​sabi0

👻 Maintenance

• Fix TestNG web site URL (#671) @​sabi0
• [MNG-6847] - Use diamond operator (#669) @​timtebeek

Commits

• df9f657 [maven-release-plugin] prepare release surefire-3.2.1
• 0910b75 Fix formatting
• 97c84a1 [maven-release-plugin] prepare for next development iteration
• ad0639f [maven-release-plugin] prepare release surefire-3.2.0
• edfb965 [SUREFIRE-2196] maven-surefire-report-plugin:failsafe-report-only failed: Unm...
• 0a5dba8 [SUREFIRE-2188] Upgrade to Parent 40
• 5a09438 [SUREFIRE-2202] NullPointerException if super class meets specific condition
• 176937d Simplify temp dir creation
• 9b79bda [SUREFIRE-1124] Support forkNumber in environment variables
• 2966964 Fix TestNG web site URL
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 8.4.0 to 8.4.2

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 8.4.2

• fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1

• fix: upgrade to JCS3 (#5114)
• fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
• fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
• fix: Do not filter out evidences added by hints (#5900)
• fix: fixes FP #5925 (#5927)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 8.4.2 (2023-10-22)

• fix: correct log configuration in cli (#6002)

See the full listing of changes.

Version 8.4.1 (2023-10-21)

Fixed

• fix: upgrade to JCS3 (#5114)
• fix: Support ~= version specifier in requirements.txt and pipfile (#5902)
• fix: Version of dependency no longer ignored when CPE product has a 'java' suffix in a product name (#5901)
• fix: Do not filter out evidences added by hints (#5900)
• fix: fixes FP #5925 (#5927)

See the full listing of changes.

Commits

• c15b3b9 build: prepare release v8.4.2
• dbdb84d docs: release 8.4.2
• 74f5156 fix: dependabot config
• 1162b3e fix: correct log configuration in cli (#6002)
• e105540 chore: Release 8.4.1 (#6000)
• 5cc8df0 build: prepare for next development iteration
• 61377ad build: prepare release v8.4.1
• e2649a6 docs: prepare release
• 778185b build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#5994)
• 81bd778 build(deps): bump se.bjurr.violations:violations-lib from 1.156.6 to 1.156.7 ...
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.11

New Features

• JaCoCo now officially supports Java 21 (GitHub #1520).
• Experimental support for Java 22 class files (GitHub #1479).
• Part of bytecode generated by the Java compilers for exhaustive switch expressions is filtered out during generation of report (GitHub #1472).
• Part of bytecode generated by the Java compilers for record patterns is filtered out during generation of report (GitHub #1473).

Fixed bugs

• Instrumentation should not cause VerifyError when the last local variable of method parameters is overridden in the method body to store a value of type long or double (GitHub #893).
• Restore exec file compatibility with versions from 0.7.5 to 0.8.8 in case of class files with zero line numbers (GitHub #1492).

Non-functional Changes

• jacoco-maven-plugin now requires at least Java 8 (GitHub #1466, #1468).
• JaCoCo build now requires at least Maven 3.5.4 (GitHub #1467).
• Maven 3.9.2 should not produce warnings for jacoco-maven-plugin (GitHub #1468).
• JaCoCo build now requires JDK 17 (GitHub #1482).
• JaCoCo now depends on ASM 9.6 (GitHub #1518).

Commits

• f33756c Prepare release 0.8.11
• 0670530 Upgrade animal-sniffer-maven-plugin to 1.23
• 206e5be Restore exec file compatibility after upgrade of ASM to version 9.5 (#1492)
• 36fc079 Update documentation: JDK version 21 is officially supported (#1520)
• 7162917 Add validation tests for boolean expressions (#1505)
• 4bc9267 Fix link to Bytecode Outline Plug-In (#1519)
• ded62fc Upgrade ASM to 9.6 (#1518)
• 6798260 Fix links to ASM website (#1515)
• 4ba332f Fix misleading outdated javadoc (#1513)
• 7ca0f0f Opcodes.RET should be processed by visitVarInsn instead of visitInsn (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[overheadhunter]

@dependabot squash and merge