Bump the maven-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the maven-dependencies group with 5 updates in the / directory:

Package	From	To
com.google.protobuf:protobuf-bom	4.34.1	4.35.0
org.apache.maven.plugins:maven-dependency-plugin	3.10.0	3.11.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6
org.apache.maven.plugins:maven-enforcer-plugin	3.6.2	3.6.3
org.jacoco:jacoco-maven-plugin	0.8.14	0.8.15

Updates com.google.protobuf:protobuf-bom from 4.34.1 to 4.35.0

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.11.0

🚀 New features and improvements

• Add dependency:add and dependency:remove goals (#1599) @​brunoborges
• Added ability to provide arbitrary dependencies to properties mojo (#1561) @​treilhes

🐛 Bug Fixes

• Fix artifact relocation support (#1633) @​slawekjaranowski
• fix: fix addParentPoms=true causes repositories to be ignored. (#1585) @​k-wall
• Fix false positive in analyze-exclusions with transitive dependency exclusion (#1628) @​slawekjaranowski
• Make AbstractAnalyzeMojo.filterArtifactsByScope() null-safe (#1622) @​elharo
• Prevent NPE in BuildClasspathMojo.appendArtifactPath() when an artifact has no resolved file (#1623) @​elharo
• Log unpacking at debug level (#1624) @​elharo
• Resolve plugins declared in pluginManagement for resolve-plugins and go-offline (#1603) @​slawekjaranowski
• Fix analyze-exclusions crashes if there is no dependencyManagement element (#1597) @​JackPGreen

👻 Maintenance

• Enable ITs for dependency:remove and use mock dependencies (#1613) @​slawekjaranowski
• More meaningful assertions (#1611) @​elharo
• Cure various typos IntelliJ complains about (#1612) @​elharo
• Remove unused jansi dependency (#1606) @​slawekjaranowski
• Enable ITs for dependecy:add and use mock dependencies (#1610) @​slawekjaranowski
• Cleaner exception handling (#1566) @​elharo

📦 Dependency updates

• Manage ASM version 9.10 to support JDK 27 (#1632) @​slawekjaranowski
• Bump eu.maveniverse.maven.domtrip:domtrip-core from 1.5.0 to 1.5.1 (#1631) @dependabot[bot]
• Bump eu.maveniverse.maven.domtrip:domtrip-maven from 1.5.0 to 1.5.1 (#1630) @dependabot[bot]
• Bump mavenVersion from 3.9.15 to 3.9.16 (#1626) @dependabot[bot]
• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.17.0 to 1.17.1 (#1627) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /src/it/projects/remove-dependency/basic (#1607) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1605) @dependabot[bot]
• Bump mavenVersion from 3.9.14 to 3.9.15 (#1601) @dependabot[bot]
• Bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#1602) @dependabot[bot]
• Bump org.apache.maven.doxia:doxia-sink-api from 2.0.0 to 2.1.0 (#1595) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#1596) @dependabot[bot]
• Bump mavenVersion from 3.9.12 to 3.9.14 (#1594) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#1589) @dependabot[bot]

Commits

• c186d05 [maven-release-plugin] prepare release maven-dependency-plugin-3.11.0
• 3712611 Fix artifact relocation support
• e873e0e Manage ASM version 9.10 to support JDK 27
• 70b5356 fix: fix addParentPoms=true causes repositories to be ignored. (#1585)
• 51d8939 Fix false positive in analyze-exclusions with transitive dependency exclusion...
• 02b865b Bump eu.maveniverse.maven.domtrip:domtrip-core from 1.5.0 to 1.5.1
• 04f4de1 Bump eu.maveniverse.maven.domtrip:domtrip-maven from 1.5.0 to 1.5.1
• 2812490 Bump mavenVersion from 3.9.15 to 3.9.16
• ce117da Bump org.apache.maven.shared:maven-dependency-analyzer
• aea7a64 Prevent NPE (#1622)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

• Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @​hvoynov
• Add enforceBytecodeVersion rule based on mojohaus (#968) @​cstamas
• Improve formatting of deprecated API warning (#951) @​mthmulders

🐛 Bug Fixes

• Fix handling of Java versions like 21.0.10.0.1 (#967) @​parttimenerd
• Add null checks for modelId in PluginWrapper (#974) @​cpfeiffer

📝 Documentation updates

• Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @​rpkrajewski

👻 Maintenance

• PlexusStringUtils Refaster recipes (#943) @​slachiewicz
• JUnit Jupiter migration from JUnit 4.x (#941) @​slachiewicz

📦 Dependency updates

• Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /maven-enforcer-plugin/src/it/projects/MENFORCER-434 (#970) @dependabot[bot]
• Deps: Parent POM 48 and align deps (#979) @​cstamas
• Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975) @dependabot[bot]
• Bump mavenVersion from 3.9.14 to 3.9.15 (#973) @dependabot[bot]
• Bump mavenVersion from 3.9.13 to 3.9.14 (#965) @dependabot[bot]
• Bump mavenVersion from 3.9.12 to 3.9.13 (#964) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#963) @dependabot[bot]
• Update log4j in test to avoid CVE (#961) @​Bukama
• Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 (#962) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#960) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#959) @dependabot[bot]
• Bump org.apache.maven:maven-parent from 46 to 47 (#958) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#957) @dependabot[bot]
• Update to 46 including fixes (#955) @​Bukama
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.5.0 (#956) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#948) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#947) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#946) @dependabot[bot]
• Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#945) @dependabot[bot]

Commits

• c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
• ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
• 0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
• 8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
• fd4b148 Add fix for 21.0.10.0.1 issue (#967)
• f32d597 Deps: Parent POM 48 and align deps (#979)
• df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
• 2da7a68 Add null checks for modelId in PluginWrapper
• 91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
• b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

• JaCoCo now officially supports Java 26 (GitHub #2076).
• Experimental support for Java 27 class files (GitHub #2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

Commits

• 6c5260a Prepare release v0.8.15
• 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
• ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
• 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
• 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
• 85b8ddf Upgrade ASM to 9.10.1 (#2134)
• 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
• 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
• 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
• 3e18f17 Require at least JDK 21 for build (#2128)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[smcvb]

Looks good to me 👍