build(deps): bump the low-risk group across 1 directory with 11 updates

[dependabot]

Bumps the low-risk group with 8 updates in the /java directory:

Package	From	To
com.ensono.stacks.modules:stacks-modules-parent	3.0.111	3.0.139
org.springframework.cloud:spring-cloud-dependencies	2025.0.0	2025.1.1
au.com.dius.pact:consumer	4.6.17	4.6.19
com.amazonaws:aws-java-sdk-s3	1.12.788	1.12.797
org.pitest:pitest-junit5-plugin	1.2.1	1.2.3
au.com.dius.pact.provider:maven	4.6.17	4.6.19
org.owasp:dependency-check-maven	12.1.9	12.2.0
org.codehaus.mojo:exec-maven-plugin	3.5.1	3.6.3

Updates com.ensono.stacks.modules:stacks-modules-parent from 3.0.111 to 3.0.139

Commits

• 96527a1 chore(deps): bump the low-risk group with 9 updates (#346)
• 0a32778 chore(deps): bump the low-risk group with 4 updates (#345)
• 711bcb3 fix: update assertj-core to 3.27.7 (3.27.9 does not exist) (#344)
• 32b6854 chore(deps): bump the low-risk group with 6 updates (#341)
• 88d3377 Move to Maven Central SNAPSHOT Deployments (#340)
• 63064c1 chore(deps): bump the low-risk group with 7 updates (#338)
• 6b41e33 chore(deps): bump the low-risk group across 1 directory with 9 updates (#337)
• See full diff in compare view

Updates org.springframework.cloud:spring-cloud-dependencies from 2025.0.0 to 2025.1.1

Release notes

Sourced from org.springframework.cloud:spring-cloud-dependencies's releases.

v2025.1.1

What's Changed

• Bump antora from 3.2.0-alpha.10 to 3.2.0-alpha.11 in /docs by @​dependabot[bot] in spring-cloud/spring-cloud-release#447
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#454
• Bump org.springframework.cloud:spring-cloud-contract-dependencies from 5.0.1-SNAPSHOT to 5.0.2-SNAPSHOT by @​dependabot[bot] in spring-cloud/spring-cloud-release#453
• Bump actions/cache from 4 to 5 by @​dependabot[bot] in spring-cloud/spring-cloud-release#456
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#461
• Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12 by @​dependabot[bot] in spring-cloud/spring-cloud-release#460

Full Changelog: spring-cloud/spring-cloud-release@v2025.1.0...v2025.1.1

Commits

• dbb12bf Update SNAPSHOT to 2025.1.1
• edc8bcb Bumping versions
• a9f4183 Use Spring Boot 4.0.2-SNAPSHOT
• da7ad03 Merge pull request #460 from spring-cloud/dependabot/maven/org.apache.maven-m...
• 49b10e6 Merge pull request #461 from spring-cloud/dependabot/maven/main/org.apache.ma...
• 59782be Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 89c8dd1 Bump org.apache.maven:maven-model from 3.9.11 to 3.9.12
• 96a5fb0 Merge pull request #456 from spring-cloud/dependabot/github_actions/main/acti...
• 5d22a1d Bump actions/cache from 4 to 5
• ec45c6d Bumping versions
• Additional commits viewable in compare view

Updates au.com.dius.pact:consumer from 4.6.17 to 4.6.19

Release notes

Sourced from au.com.dius.pact:consumer's releases.

4.6.19

Maintenance Release

• ce88f2729 - Move custom-mimetypes.xml directly to classpath (Carolyn Biggar)
• afb1cff55 - [broken build] Change expected supertype for application/json to text/javascript (Carolyn Biggar)
• 12029d5dd - [broken build] Upgrade tika-core 2.9.4 > 3.2.3 (Carolyn Biggar)
• 076c6cc60 - Update Kotlin version for 4.7.x in README

4.6.18

Maintenance Release

• 8a1e8b0a4 - chore: fix port conflict in test
• 8c22c525e - chore: Update release process to use jreleaser
• 57c5bda6f - fix: add Lambda DSL methods that are the same as the old DSL arrayEachLike #1877
• 012242246 - chore: Update provider dependencies
• ab81b32ba - chore: Update core dependencies
• f3b1d6e5a - chore: Update consumer dependencies
• 87cc6c0ce - chore: Update main dependency versions
• 8696796fe - chore: Update Gradle to 7.6.6
• 897aaea3c - Reference Quarkus in service providers section (Holly Cummins)
• c50f6271d - chore(deps): bump actions/setup-java from 3 to 5
• 4670fa8f4 - Correct Java versions in developer-facing content (Holly Cummins)
• aa17dca65 - Update classgraph to work around compatibility issue (Holly Cummins)
• 286861e97 - chore(CI): update to actions/cache@v4
• 64a931298 - chore: Update plugin driver to 0.5.2
• 7a924a007 - fix: Ensure provider state is injected when verifying synchronous message pacts (Ruud Welling)

Changelog

Sourced from au.com.dius.pact:consumer's changelog.

4.6.19 - Maintenance Release

• 84e70f187 - Merge pull request #1880 from pact-foundation/dependabot/github_actions/actions/checkout-6 (Ronald Holshausen, Mon Dec 15 10:21:53 2025 +1100)
• 59816cf78 - Merge pull request #1887 from csbiggar/upgrade-tika-for-issue-1885 (Ronald Holshausen, Mon Dec 15 10:21:13 2025 +1100)
• ce88f2729 - Move custom-mimetypes.xml directly to classpath (Carolyn Biggar, Sat Dec 13 00:35:03 2025 +0000)
• afb1cff55 - [broken build] Change expected supertype for application/json to text/javascript (Carolyn Biggar, Sat Dec 13 00:29:35 2025 +0000)
• 12029d5dd - [broken build] Upgrade tika-core 2.9.4 > 3.2.3 (Carolyn Biggar, Sat Dec 13 00:25:11 2025 +0000)
• 076c6cc60 - Update Kotlin version for 4.7.x in README (Ronald Holshausen, Wed Dec 10 11:47:06 2025 +1100)
• 7cfade7eb - chore(deps): bump actions/checkout from 2 to 6 (dependabot[bot], Mon Nov 24 16:53:18 2025 +0000)
• 0c727fe86 - chore: Correct release script (Ronald Holshausen, Tue Nov 11 11:28:59 2025 +1100)
• 64044d17e - bump version to 4.6.19 (Ronald Holshausen, Tue Nov 11 11:28:27 2025 +1100)

4.6.18 - Maintenance Release

• 8a1e8b0a4 - chore: fix port conflict in test (Ronald Holshausen, Tue Nov 11 10:39:20 2025 +1100)
• 8c22c525e - chore: Update release process to use jreleaser (Ronald Holshausen, Tue Nov 11 10:30:48 2025 +1100)
• 57c5bda6f - fix: add Lambda DSL methods that are the same as the old DSL arrayEachLike #1877 (Ronald Holshausen, Mon Nov 10 15:30:04 2025 +1100)
• 012242246 - chore: Update provider dependencies (Ronald Holshausen, Mon Nov 10 14:35:19 2025 +1100)
• ab81b32ba - chore: Update core dependencies (Ronald Holshausen, Mon Nov 10 11:20:36 2025 +1100)
• f3b1d6e5a - chore: Update consumer dependencies (Ronald Holshausen, Mon Nov 10 11:06:01 2025 +1100)
• 87cc6c0ce - chore: Update main dependency versions (Ronald Holshausen, Mon Nov 10 10:45:18 2025 +1100)
• 8696796fe - chore: Update Gradle to 7.6.6 (Ronald Holshausen, Mon Nov 10 10:19:21 2025 +1100)
• 3f60ce0e0 - Merge pull request #1875 from holly-cummins/reference-quarkus-in-docs (Ronald Holshausen, Fri Aug 29 09:06:32 2025 +1000)
• 897aaea3c - Reference Quarkus in service providers section (Holly Cummins, Thu Aug 28 19:30:51 2025 +0100)
• c4abfaaf8 - Merge pull request #1872 from pact-foundation/dependabot/github_actions/actions/setup-java-5 (Ronald Holshausen, Thu Aug 28 10:10:55 2025 +1000)
• 8a3e56648 - Merge pull request #1873 from holly-cummins/update-classgraph (Ronald Holshausen, Thu Aug 28 10:10:20 2025 +1000)
• c50f6271d - chore(deps): bump actions/setup-java from 3 to 5 (dependabot[bot], Wed Aug 27 23:37:55 2025 +0000)
• f663217ad - Merge pull request #1874 from holly-cummins/improve-java-version-clarity (Ronald Holshausen, Thu Aug 28 09:34:44 2025 +1000)
• 4670fa8f4 - Correct Java versions in developer-facing content (Holly Cummins, Wed Aug 27 16:35:52 2025 +0100)
• aa17dca65 - Update classgraph to work around compatibility issue (Holly Cummins, Wed Aug 27 16:19:14 2025 +0100)
• 286861e97 - chore(CI): update to actions/cache@v4 (Ronald Holshausen, Thu May 29 13:59:06 2025 +1000)
• 64a931298 - chore: Update plugin driver to 0.5.2 (Ronald Holshausen, Thu May 29 11:00:58 2025 +1000)
• 15da5a605 - Update README.md (Ronald Holshausen, Fri May 23 10:10:59 2025 +1000)
• 7d49354be - Merge pull request #1858 from WellingR/sync-message-pact-provider-state (Ronald Holshausen, Mon Mar 17 10:03:08 2025 +1100)
• 7a924a007 - fix: Ensure provider state is injected when verifying synchronous message pacts (Ruud Welling, Sun Mar 16 18:44:41 2025 +0100)
• 90e0f919d - bump version to 4.6.18 (Ronald Holshausen, Fri Feb 14 11:52:44 2025 +1100)

Commits

• See full diff in compare view

Updates com.amazonaws:aws-java-sdk-s3 from 1.12.788 to 1.12.797

Changelog

Sourced from com.amazonaws:aws-java-sdk-s3's changelog.

1.12.797 2025-12-29

AWS SDK for Java

• Deprecations

  • Updated the warning message for v1 end-of-support

1.12.796 2025-12-18

AWS Kinesis Video

• Features

  • Upgrade Netty to 4.1.130-Final

1.12.795 2025-12-10

Amazon CloudWatch

• Features

  • This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language.

Amazon S3

• Bugfixes

  • Fix error when using S3 with Dualstack and custom regions.

1.12.794 2025-11-24

AWS SDK for Java

• Features

  • Update region metadata.

1.12.793 2025-10-28

AWS SDK for Java

• Features

  • Add ap-southeast-6 region

1.12.792 2025-10-02

Amazon DynamoDB

• Bugfixes

  • Prevent overriding client endpoint with dual-stack regional endpoint

Amazon S3

• Bugfixes

  • Add additional validations for multipart download operations of S3 client
  • Add additional validations for multipart upload operations of S3 client.

1.12.791 2025-09-05

AWS Kinesis Video

• Features

  • Update Netty to 4.1.126.Final

1.12.789 2025-09-03

AWS Kinesis Video

• Features

  • Update Netty to 4.1.124.Final.

AWS SDK for Java

... (truncated)

Commits

• 57ed2e4 AWS SDK for Java 1.12.797
• e8fa479 Update GitHub version number to 1.12.797-SNAPSHOT
• 9990f1b AWS SDK for Java 1.12.796
• f438f8b Update GitHub version number to 1.12.796-SNAPSHOT
• 52c0637 AWS SDK for Java 1.12.795
• ccb8e0e Update GitHub version number to 1.12.795-SNAPSHOT
• 12c4273 AWS SDK for Java 1.12.794
• fdb0fd2 Update GitHub version number to 1.12.794-SNAPSHOT
• 1f7d429 AWS SDK for Java 1.12.793
• e71f1e8 Update GitHub version number to 1.12.793-SNAPSHOT
• Additional commits viewable in compare view

Updates com.puppycrawl.tools:checkstyle from 12.3.0 to 12.3.1

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-12.3.1

Checkstyle 12.3.1 - https://checkstyle.org/releasenotes.html#Release_12.3.1

Bug fixes:

#17265 - Duplicate violations in WhitespaceAfter and WhitespaceAround in google config #17778 - Add support to properly follow Rule 7.1.1 General Form in Google Style Guide Implementation #18381 - NullPointerException in TextBlockGoogleStyleFormatting with text blocks in annotations #17727 - Need default config in google_checks.xml to forbid lowercase Javadoc beginnings

Commits

• b1e9d8e [maven-release-plugin] prepare release checkstyle-12.3.1
• ba4a81f doc: release notes for 12.3.1
• 9550a20 Issue #17449: Add XDocs example for FinalLocalVariableCheck validateUnnamedVa...
• 0dd8729 dependency: bump nl.jqno.equalsverifier:equalsverifier
• e861655 dependency: bump pmd.version from 7.19.0 to 7.20.0
• 26139c0 Issue #18023: Resolve Pitest Sup - filters - SupressionCommentFilter
• cf7bd8a Issue #18028: Resolve Pitest Supressions - api - abstractcheck
• 7476d1c Issue #17746: Made implementation for finding end of description not depend o...
• bfa6fd2 Issue #17265: Remove duplicate violations in WhitespaceAfter and WhitespaceAr...
• b2263ef Issue #18028: Resolve Pitest Supressions - api - abstractfileset
• Additional commits viewable in compare view

Updates org.pitest:pitest-junit5-plugin from 1.2.1 to 1.2.3

Release notes

Sourced from org.pitest:pitest-junit5-plugin's releases.

1.2.2

What's Changed

• #109 Set junit-platform-launcher to provided scope

The pitest maven and gradle plugins now automatically resolve the correct version of platform launcher at runtime. The built against version of platform-launcher was however being included as a transitive dependency sometimes causing a conflict at runtime, particularly with 1.12.0.

Commits

• e05e0f1 Merge pull request #111 from pitest/bug/quarkus_3_22_x
• f9cf268 update for central publishing
• c4b2642 support quarkus 3.22.x
• 00210df remove duplication
• 8e14b9d Merge pull request #99 from Wolf2323/emptyGroups
• 9010488 Merge branch 'master' into emptyGroups
• 1b6cf24 bump version numbers
• a67b85c update for 1.2.2
• 3f50ef2 Merge pull request #109 from pitest/bug/junit_platform
• 3316987 set junit-platform-launcher to provided scope
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.8 to 3.5.10

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.5.10

🐞 Bug Fixes

• Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #48836
• When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #48835
• Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #48810
• DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #48702
• Application JAR created by extract command is not reproductible #48664
• AOT processing of tests should not be disabled when 'skipTests' is set #48661
• Fix zero-length byte buffer in InspectedContent #48649

📔 Documentation

• Update documentation for Buildpack's AOT Cache support #48768
• Document support for configuring arguments passed to Docker Compose #48657
• Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #48634
• Fix grammar and typos in the reference guide #48596

🔨 Dependency Upgrades

• Upgrade to Classmate 1.7.3 #48775
• Upgrade to Hibernate 6.6.41.Final #48881
• Upgrade to HttpClient5 5.5.2 #48777
• Upgrade to Logback 1.5.25 #48882
• Upgrade to Micrometer 1.15.8 #48705
• Upgrade to Micrometer Tracing 1.5.8 #48706
• Upgrade to Pooled JMS 3.1.9 #48779
• Upgrade to Postgresql 42.7.9 #48883
• Upgrade to R2DBC MSSQL 1.0.4.RELEASE #48847
• Upgrade to Reactor Bom 2024.0.14 #48707
• Upgrade to REST Assured 5.5.7 #48884
• Upgrade to Spring AMQP 3.2.9 #48909
• Upgrade to Spring Data Bom 2025.0.8 #48708
• Upgrade to Spring Integration 6.5.6 #48921
• Upgrade to Spring Kafka 3.3.12 #48709
• Upgrade to Spring Pulsar 1.2.14 #48710
• Upgrade to Undertow 2.3.22.Final #48848
• Upgrade to WebJars Locator Lite 1.1.3 #48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

v3.5.9

🐞 Bug Fixes

• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #48486
• Profiles retained during AOT processing are not configured in a native image #48475

... (truncated)

Commits

• 1b4e78f Release v3.5.10
• 650236d Remove breaking and unnecessary Undertow TLS with RSA test
• 877d59b Upgrade to Spring Kafka 3.3.12
• ce650b1 Upgrade to Spring Integration 6.5.6
• 30b5b73 Upgrade to Develocity Conventions 0.0.25
• 413ec6c Upgrade to Spring Pulsar 1.2.14
• 3f86432 Upgrade to Spring AMQP 3.2.9
• 2fa3aaa Merge pull request #48902 from dependabot[bot]
• 37e0cbc Polish "Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1"
• ad51def Bump jfrog/setup-jfrog-cli from 4.8.1 to 4.9.1
• Additional commits viewable in compare view

Updates au.com.dius.pact.provider:maven from 4.6.17 to 4.6.19

Release notes

Sourced from au.com.dius.pact.provider:maven's releases.

4.6.19

Maintenance Release

• ce88f2729 - Move custom-mimetypes.xml directly to classpath (Carolyn Biggar)
• afb1cff55 - [broken build] Change expected supertype for application/json to text/javascript (Carolyn Biggar)
• 12029d5dd - [broken build] Upgrade tika-core 2.9.4 > 3.2.3 (Carolyn Biggar)
• 076c6cc60 - Update Kotlin version for 4.7.x in README

4.6.18

Maintenance Release

• 8a1e8b0a4 - chore: fix port conflict in test
• 8c22c525e - chore: Update release process to use jreleaser
• 57c5bda6f - fix: add Lambda DSL methods that are the same as the old DSL arrayEachLike #1877
• 012242246 - chore: Update provider dependencies
• ab81b32ba - chore: Update core dependencies
• f3b1d6e5a - chore: Update consumer dependencies
• 87cc6c0ce - chore: Update main dependency versions
• 8696796fe - chore: Update Gradle to 7.6.6
• 897aaea3c - Reference Quarkus in service providers section (Holly Cummins)
• c50f6271d - chore(deps): bump actions/setup-java from 3 to 5
• 4670fa8f4 - Correct Java versions in developer-facing content (Holly Cummins)
• aa17dca65 - Update classgraph to work around compatibility issue (Holly Cummins)
• 286861e97 - chore(CI): update to actions/cache@v4
• 64a931298 - chore: Update plugin driver to 0.5.2
• 7a924a007 - fix: Ensure provider state is injected when verifying synchronous message pacts (Ruud Welling)

Changelog

Sourced from au.com.dius.pact.provider:maven's changelog.

4.6.19 - Maintenance Release

• 84e70f187 - Merge pull request #1880 from pact-foundation/dependabot/github_actions/actions/checkout-6 (Ronald Holshausen, Mon Dec 15 10:21:53 2025 +1100)
• 59816cf78 - Merge pull request #1887 from csbiggar/upgrade-tika-for-issue-1885 (Ronald Holshausen, Mon Dec 15 10:21:13 2025 +1100)
• ce88f2729 - Move custom-mimetypes.xml directly to classpath (Carolyn Biggar, Sat Dec 13 00:35:03 2025 +0000)
• afb1cff55 - [broken build] Change expected supertype for application/json to text/javascript (Carolyn Biggar, Sat Dec 13 00:29:35 2025 +0000)
• 12029d5dd - [broken build] Upgrade tika-core 2.9.4 > 3.2.3 (Carolyn Biggar, Sat Dec 13 00:25:11 2025 +0000)
• 076c6cc60 - Update Kotlin version for 4.7.x in README (Ronald Holshausen, Wed Dec 10 11:47:06 2025 +1100)
• 7cfade7eb - chore(deps): bump actions/checkout from 2 to 6 (dependabot[bot], Mon Nov 24 16:53:18 2025 +0000)
• 0c727fe86 - chore: Correct release script (Ronald Holshausen, Tue Nov 11 11:28:59 2025 +1100)
• 64044d17e - bump version to 4.6.19 (Ronald Holshausen, Tue Nov 11 11:28:27 2025 +1100)

4.6.18 - Maintenance Release

• 8a1e8b0a4 - chore: fix port conflict in test (Ronald Holshausen, Tue Nov 11 10:39:20 2025 +1100)
• 8c22c525e - chore: Update release process to use jreleaser (Ronald Holshausen, Tue Nov 11 10:30:48 2025 +1100)
• 57c5bda6f - fix: add Lambda DSL methods that are the same as the old DSL arrayEachLike #1877 (Ronald Holshausen, Mon Nov 10 15:30:04 2025 +1100)
• 012242246 - chore: Update provider dependencies (Ronald Holshausen, Mon Nov 10 14:35:19 2025 +1100)
• ab81b32ba - chore: Update core dependencies (Ronald Holshausen, Mon Nov 10 11:20:36 2025 +1100)
• f3b1d6e5a - chore: Update consumer dependencies (Ronald Holshausen, Mon Nov 10 11:06:01 2025 +1100)
• 87cc6c0ce - chore: Update main dependency versions (Ronald Holshausen, Mon Nov 10 10:45:18 2025 +1100)
• 8696796fe - chore: Update Gradle to 7.6.6 (Ronald Holshausen, Mon Nov 10 10:19:21 2025 +1100)
• 3f60ce0e0 - Merge pull request #1875 from holly-cummins/reference-quarkus-in-docs (Ronald Holshausen, Fri Aug 29 09:06:32 2025 +1000)
• 897aaea3c - Reference Quarkus in service providers section (Holly Cummins, Thu Aug 28 19:30:51 2025 +0100)
• c4abfaaf8 - Merge pull request #1872 from pact-foundation/dependabot/github_actions/actions/setup-java-5 (Ronald Holshausen, Thu Aug 28 10:10:55 2025 +1000)
• 8a3e56648 - Merge pull request #1873 from holly-cummins/update-classgraph (Ronald Holshausen, Thu Aug 28 10:10:20 2025 +1000)
• c50f6271d - chore(deps): bump actions/setup-java from 3 to 5 (dependabot[bot], Wed Aug 27 23:37:55 2025 +0000)
• f663217ad - Merge pull request #1874 from holly-cummins/improve-java-version-clarity (Ronald Holshausen, Thu Aug 28 09:34:44 2025 +1000)
• 4670fa8f4 - Correct Java versions in developer-facing content (Holly Cummins, Wed Aug 27 16:35:52 2025 +0100)
• aa17dca65 - Update classgraph to work around compatibility issue (Holly Cummins, Wed Aug 27 16:19:14 2025 +0100)
• 286861e97 - chore(CI): update to actions/cache@v4 (Ronald Holshausen, Thu May 29 13:59:06 2025 +1000)
• 64a931298 - chore: Update plugin driver to 0.5.2 (Ronald Holshausen, Thu May 29 11:00:58 2025 +1000)
• 15da5a605 - Update README.md (Ronald Holshausen, Fri May 23 10:10:59 2025 +1000)
• 7d49354be - Merge pull request #1858 from WellingR/sync-message-pact-provider-state (Ronald Holshausen, Mon Mar 17 10:03:08 2025 +1100)
• 7a924a007 - fix: Ensure provider state is injected when verifying synchronous message pacts (Ruud Welling, Sun Mar 16 18:44:41 2025 +0100)
• 90e0f919d - bump version to 4.6.18 (Ronald Holshausen, Fri Feb 14 11:52:44 2025 +1100)

Commits

• See full diff in compare view

Updates org.pitest:pitest-maven from 1.22.0 to 1.22.1

Release notes

Sourced from org.pitest:pitest-maven's releases.

1.22.1

• #1445 pin dependencies in github actions
• #1449 bump asm to 9.9.
• #1452 Filter equivalent mutations to null final field assignments

Commits

• e195484 Merge pull request #1452 from hcoles/feature/null_final_fields
• 8b1781b do not mutate null assignments to final fields
• 5ec1570 failing test
• edc45e6 Merge pull request #1450 from hcoles/dependabot/maven/samples/org.assertj-ass...
• 991e4fc Merge pull request #1451 from hcoles/dependabot/maven/org.assertj-assertj-cor...
• f3a3657 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
• 0296b34 Bump org.assertj:assertj-core from 3.14.0 to 3.27.7 in /samples
• bfdeffe Merge pull request #1449 from hcoles/feature/bump_asm_9_9_1
• 92e8fe0 bump asm to 9.9.1
• 8092404 Merge pull request #1445 from mlachenmayr-celonis/feat/pin-github-actions
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.9 to 12.2.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.0 (2026-01-09)

• feat: package and utilize generated suppression file (#8116)

• feat: override pnpm audit registry parameter (#8158)

• feat: support multiple cvssBelow thresholds per version (#2563) (#8024)

• feat: usage telemetry via scarf (#8066)

• feat: add new suppression xsd allowing grouping of suppressions (#7957)

• fix(ant): resolve relative paths against basedir (#8202)

• fix: add hint for Elastic APM Java agent CPE mapping (#8200)

• fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#8205)

• fix(ant): resolve paths relative to basedir for suppression and output

• fix: correct XML/JSON report CVSS field & HTML report URL mappings (#8156)

• fix: log GrokAssembly output when dotnet invocation fails (#8141)

• fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#8117)

• docs: Update & correct README (#8166)

• docs: update suppression schema version (#8136)

• docs: fix typos in some files (#8135)

• chore: remove duplicate suppression rules from base that are in the generated branch (#8138)

• chore: remove suppression rules that were deleted from the generatedSuppression branch (#8119)

• build: transition dependency to org.eclipse.parsson groupId (#8128)

• See the full listing of changes

Commits

• 909229e build: prepare release v12.2.0
• f6f3d76 chore: reset snapshot version and fix site
• 67d0d1a build: Release 12.2.0 (#8216)
• 6f46091 build: prepare for next development iteration
• 9ec772f build: prepare release v12.2.0
• e81b240 docs: prepare release 12.2.0
• 41f1cdf build(deps): bump junit.version from 5.14.1 to 5.14.2 (#8214)
• 26cfd65 build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0...
• f437aa0 fix(ant): resolve relative paths against basedir (#8202)
• 7f63b48 Merge branch 'main' into fix-7918-ant-relative-paths
• Additional commits viewable in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.3

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.3

📝 Documentation updates

• Document thread group isolation limitation in java goal (#503) @copilot-swe-agent[bot]

👻 Maintenance

• JUnit 5 best practices (#505) @​slachiewicz
• Move ExecJavaMojoTest, ExecMojoTest to JUnit 5 (#502) @​slawekjaranowski
• Add support for JEP 512 for for package-private static main method (#499) @​anuragagarwal561994
• Move to JUnit 5 (#501) @​slawekjaranowski

📦 Dependency updates

• Bump asm.version from 9.9 to 9.9.1 (#509) @dependabot[bot]
• Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0 (#508) @dependabot[bot]

3.6.2

🚀 New features and improvements

• Add JPMS ServiceLoader Support with Multi-Release JAR (#500) @​ascheman

📦 Dependency updates

• Bump asm.version from 9.8 to 9.9 (#498) @dependabot[bot]

3.6.1

🐛 Bug Fixes

• Revert change from #480 - plugin dependencies must be resolved from plugin repositories (#496) @​slawekjaranowski

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#495) @dependabot[bot]

3.6.0

🚀 New features and improvements

• [ExecMojo]Add getShebang method to correctly set the command line executable name (#487) @​uchenily
• JEP 512 Support (#484) @​cayhorstmann

🐛 Bug Fixes

• fix inheritIo option (#488) @​dernasherbrezon
• Fix for #479 - Wrong repositories used to collect deps (#480) @​cstamas

... (truncated)

Commits

• fe1fa8c [maven-release-plugin] prepare release 3.6.3
• 5b3feca Bump asm.version from 9.9 to 9.9.1
• efc7faa Bump org.apache.commons:commons-exec from 1.5.0 to 1.6.0
• cdaf267 JUnit 5 best practices (#505)
• f3f5997 Move ExecJavaMojoTest, ExecMojoTest to JUnit 5
• 03b87b5 Document thread group isolation limitation in java goal (#503)
• 7a66c3e Add support for JEP 512 for for package-private static main methods with and ...
• a6d01ef Move to JUnit 5
• 88d5961 [maven-release-plugin] prepare for next development iteration
• 416fdf1 [maven-release-plugin] prepare release 3.6.2
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions