build(deps): bump dev.metaschema.oscal:liboscal-java from 6.0.0 to 7.1.0

[dependabot]

Bumps dev.metaschema.oscal:liboscal-java from 6.0.0 to 7.1.0.

Release notes

Sourced from dev.metaschema.oscal:liboscal-java's releases.

v7.1.0

✨ Highlights

This release updates the core framework to metaschema-java 3.0.0.M3 and fixes CI/CD issues with scheduled builds and security scanning.

metaschema-java 3.0.0.M3

Updated the core Metaschema framework dependency to 3.0.0.M3, which brings several significant features and fixes (#253):

• Unmodeled content support (<any/>) — Assemblies can now capture unmodeled XML elements and JSON/YAML properties during deserialization and write them back with full fidelity, with corresponding code generation support.
• Date/time formatting functions — Implements fn:format-dateTime, fn:format-date, fn:format-time, and fn:format-integer per XPath Functions 3.1 with full picture string parsing.
• JSON Schema json-value-key fix — Resolves a bug where fields using static <json-value-key> labels produced invalid nested JSON Schema, which was blocking the OSCAL build system migration from XSLT to oscal-cli.

Scheduled Build and Guide CSS Fixes

Added required workflow permissions that were preventing nightly scheduled builds from starting, and inlined custom CSS in site configuration to fix broken styles in guides subdirectory pages. (#251)

Trivy Security Scan Fix

Excluded the maven2/ artifact repository checkout from Trivy security scanning. This transient directory is used only during deployment, and its dependencies (e.g., fast-xml-parser) were triggering false CVE findings (CVE-2026-25128) that should be scanned in the maven2 repository instead. (#252)

🐛 Bug Fixes

• Resolve scheduled build startup failure and missing CSS in guides (#251) by @​david-waltermire

🔧 Build & CI Improvements

• Exclude maven2 artifact repo checkout from Trivy scan (#252) by @​david-waltermire

Other Changes

• Update to metaschema-java 3.0.0-SNAPSHOT (#250) by @​david-waltermire
• Update metaschema-java to 3.0.0.M3 (#253) by @​david-waltermire

Java Libraries

• org.assertj:assertj-core: 3.27.6 → 3.27.7 (#245)

Maven Plugins

• org.codehaus.mojo:templating-maven-plugin: 3.0.0 → 3.1.0 (#241)

GitHub Actions

• actions/checkout: 6.0.1 → 6.0.2 (#243)
• actions/setup-java: 5.1.0 → 5.2.0 (#242)
• github/codeql-action: 4.31.9 → 4.32.2 (#249)

... (truncated)

Commits

• 062dbba [maven-release-plugin] prepare release v7.1.0
• 918bea0 build: update metaschema-java to 3.0.0.M3 (#253)
• 23d0a52 build: exclude maven2 artifact repo checkout from Trivy scan (#252)
• 3503379 fix: resolve scheduled build startup failure and missing CSS in guides (#251)
• 0bba7fa Bump org.codehaus.mojo:templating-maven-plugin from 3.0.0 to 3.1.0 (#241)
• 8142ee3 Bump actions/setup-java from 5.1.0 to 5.2.0 (#242)
• 118b844 Bump actions/checkout from 6.0.1 to 6.0.2 (#243)
• 3deed88 Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#245)
• 60321be Bump github/codeql-action from 4.31.9 to 4.32.2 (#249)
• b38503c chore: update to metaschema-java 3.0.0-SNAPSHOT and ignore Claude temp files ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Terraform Plan

• fmt: failure
• validate: success
• plan: success

Show plan

Acquiring state lock. This may take a few moments...
random_password.db_password: Refreshing state... [id=none]
random_password.jwt_secret: Refreshing state... [id=none]
random_id.db_name_suffix: Refreshing state... [id=ncGEfQ]
google_monitoring_dashboard.cs_pipeline: Refreshing state... [id=projects/989204813608/dashboards/54f9967c-d38c-43e1-a909-f59e41081ce4]
module.analytics_pubsub[0].google_pubsub_topic.events: Refreshing state... [id=projects/oscal-hub/topics/otel-events-prod]
google_project_service.apis["artifactregistry.googleapis.com"]: Refreshing state... [id=oscal-hub/artifactregistry.googleapis.com]
module.analytics_pubsub[0].google_pubsub_topic.events_dlq: Refreshing state... [id=projects/oscal-hub/topics/otel-events-dlq-prod]
google_project_service.apis["cloudbuild.googleapis.com"]: Refreshing state... [id=oscal-hub/cloudbuild.googleapis.com]
module.analytics_pubsub[0].data.google_project.current: Reading...
google_project_service.apis["vpcaccess.googleapis.com"]: Refreshing state... [id=oscal-hub/vpcaccess.googleapis.com]
module.dimsync.google_service_account.dimsync: Refreshing state... [id=projects/oscal-hub/serviceAccounts/dimsync-prod@oscal-hub.iam.gserviceaccount.com]
google_project_service.apis["cloudtrace.googleapis.com"]: Refreshing state... [id=oscal-hub/cloudtrace.googleapis.com]
google_project_service.apis["bigquery.googleapis.com"]: Refreshing state... [id=oscal-hub/bigquery.googleapis.com]
google_project_service.apis["storage.googleapis.com"]: Refreshing state... [id=oscal-hub/storage.googleapis.com]
google_project_service.apis["secretmanager.googleapis.com"]: Refreshing state... [id=oscal-hub/secretmanager.googleapis.com]
module.analytics_bigquery.google_bigquery_dataset.analytics: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod]
google_project_service.apis["sql-component.googleapis.com"]: Refreshing state... [id=oscal-hub/sql-component.googleapis.com]
module.analytics_pubsub[0].data.google_project.current: Read complete after 0s [id=projects/oscal-hub]
google_project_service.apis["cloudscheduler.googleapis.com"]: Refreshing state... [id=oscal-hub/cloudscheduler.googleapis.com]
google_project_service.apis["cloudresourcemanager.googleapis.com"]: Refreshing state... [id=oscal-hub/cloudresourcemanager.googleapis.com]
google_project_service.apis["run.googleapis.com"]: Refreshing state... [id=oscal-hub/run.googleapis.com]
google_project_service.apis["cloudkms.googleapis.com"]: Refreshing state... [id=oscal-hub/cloudkms.googleapis.com]
google_project_service.apis["pubsub.googleapis.com"]: Refreshing state... [id=oscal-hub/pubsub.googleapis.com]
google_project_service.apis["sqladmin.googleapis.com"]: Refreshing state... [id=oscal-hub/sqladmin.googleapis.com]
google_project_service.apis["servicenetworking.googleapis.com"]: Refreshing state... [id=oscal-hub/servicenetworking.googleapis.com]
google_project_service.apis["monitoring.googleapis.com"]: Refreshing state... [id=oscal-hub/monitoring.googleapis.com]
google_logging_project_sink.oscal_events: Refreshing state... [id=projects/oscal-hub/sinks/oscal-events-prod]
google_project_service.apis["compute.googleapis.com"]: Refreshing state... [id=oscal-hub/compute.googleapis.com]
google_monitoring_dashboard.ops: Refreshing state... [id=projects/989204813608/dashboards/be31b22d-dea7-49d8-a568-079b87445a6a]
google_monitoring_notification_channel.email[0]: Refreshing state... [id=projects/oscal-hub/notificationChannels/9647640884532379542]
module.dimsync.google_project_iam_member.dimsync_job_user: Refreshing state... [id=oscal-hub/roles/bigquery.jobUser/serviceAccount:dimsync-prod@oscal-hub.iam.gserviceaccount.com]
module.dimsync.google_project_iam_member.dimsync_sql_client: Refreshing state... [id=oscal-hub/roles/cloudsql.client/serviceAccount:dimsync-prod@oscal-hub.iam.gserviceaccount.com]
module.analytics_pubsub[0].google_project_iam_member.pubsub_to_bq_metadata: Refreshing state... [id=oscal-hub/roles/bigquery.metadataViewer/serviceAccount:service-989204813608@gcp-sa-pubsub.iam.gserviceaccount.com]
module.analytics_pubsub[0].google_project_iam_member.pubsub_to_bq: Refreshing state... [id=oscal-hub/roles/bigquery.dataEditor/serviceAccount:service-989204813608@gcp-sa-pubsub.iam.gserviceaccount.com]
module.analytics_bigquery.google_bigquery_table.vw_events_enriched: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/vw_events_enriched]
module.analytics_bigquery.google_bigquery_table.vw_daily_active_orgs: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/vw_daily_active_orgs]
module.analytics_bigquery.google_bigquery_table.orgs: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/orgs]
module.analytics_bigquery.google_bigquery_table.vw_feature_popularity: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/vw_feature_popularity]
module.analytics_bigquery.google_bigquery_table.events: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/events]
module.analytics_bigquery.google_bigquery_table.users: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/users]
google_bigquery_table.vw_events: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/tables/vw_events]
google_bigquery_dataset_iam_member.events_sink_writer: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/roles/bigquery.dataEditor/serviceAccount:service-989204813608@gcp-sa-logging.iam.gserviceaccount.com]
google_monitoring_alert_policy.run_cpu_high: Refreshing state... [id=projects/oscal-hub/alertPolicies/11969646277962194902]
google_monitoring_alert_policy.p99_latency: Refreshing state... [id=projects/oscal-hub/alertPolicies/3666069356665811891]
module.dimsync.google_bigquery_dataset_iam_member.dimsync_editor: Refreshing state... [id=projects/oscal-hub/datasets/analytics_prod/roles/bigquery.dataEditor/serviceAccount:dimsync-prod@oscal-hub.iam.gserviceaccount.com]
google_monitoring_alert_policy.sql_connection_saturation: Refreshing state... [id=projects/oscal-hub/alertPolicies/12026442270214563461]
google_monitoring_alert_policy.high_5xx_rate: Refreshing state... [id=projects/oscal-hub/alertPolicies/9936227830985567836]
module.analytics_pubsub[0].google_pubsub_subscription.events_to_bq: Refreshing state... [id=projects/oscal-hub/subscriptions/otel-events-bq-prod]
module.otel_collector[0].google_service_account.collector: Refreshing state... [id=projects/oscal-hub/serviceAccounts/otel-collector-prod@oscal-hub.iam.gserviceaccount.com]
module.storage.google_storage_bucket.library_bucket: Refreshing state... [id=oscal-tools-library-prod-us-central1]
module.storage.google_storage_bucket.build_bucket: Refreshing state... [id=oscal-tools-build-prod-us-central1]
module.database.google_sql_database_instance.postgres: Refreshing state... [id=oscal-db-prod-9dc1847d]
module.otel_collector[0].google_project_iam_member.metric_writer: Refreshing state... [id=oscal-hub/roles/monitoring.metricWriter/serviceAccount:otel-collector-prod@oscal-hub.iam.gserviceaccount.com]
module.otel_collector[0].google_project_iam_member.trace_agent: Refreshing state... [id=oscal-hub/roles/cloudtrace.agent/serviceAccount:otel-collector-prod@oscal-hub.iam.gserviceaccount.com]
module.otel_collector[0].google_project_iam_member.log_writer: Refreshing state... [id=oscal-hub/roles/logging.logWriter/serviceAccount:otel-collector-prod@oscal-hub.iam.gserviceaccount.com]
module.otel_collector[0].google_pubsub_topic_iam_member.publisher[0]: Refreshing state... [id=projects/oscal-hub/topics/otel-events-prod/roles/pubsub.publisher/serviceAccount:otel-collector-prod@oscal-hub.iam.gserviceaccount.com]
module.otel_collector[0].google_cloud_run_v2_service.collector: Refreshing state... [id=projects/oscal-hub/locations/us-central1/services/otel-collector-prod]
module.database.google_sql_user.user: Refreshing state... [id=oscal_user//oscal-db-prod-9dc1847d]
module.database.google_sql_database.database: Refreshing state... [id=projects/oscal-hub/instances/oscal-db-prod-9dc1847d/databases/oscal_production]
module.dimsync.google_cloud_run_v2_job.dimsync: Refreshing state... [id=projects/oscal-hub/locations/us-central1/jobs/dimsync-prod]
module.otel_collector[0].google_cloud_run_service_iam_member.all_users_invoker: Refreshing state... [id=v1/projects/oscal-hub/locations/us-central1/services/otel-collector-prod/roles/run.invoker/allUsers]
module.dimsync.google_cloud_run_v2_job_iam_member.scheduler_invoker: Refreshing state... [id=projects/oscal-hub/locations/us-central1/jobs/dimsync-prod/roles/run.invoker/serviceAccount:dimsync-prod@oscal-hub.iam.gserviceaccount.com]
module.dimsync.google_cloud_scheduler_job.dimsync_hourly: Refreshing state... [id=projects/oscal-hub/locations/us-central1/jobs/dimsync-prod-hourly]
module.oscal_app.google_service_account.service_account: Refreshing state... [id=projects/oscal-hub/serviceAccounts/oscal-tools-sa-prod@oscal-hub.iam.gserviceaccount.com]
module.otel_collector[0].google_cloud_run_service_iam_member.api_invoker: Refreshing state... [id=v1/projects/oscal-hub/locations/us-central1/services/otel-collector-prod/roles/run.invoker/serviceAccount:oscal-tools-sa-prod@oscal-hub.iam.gserviceaccount.com]
module.oscal_app.google_cloud_run_v2_service.service: Refreshing state... [id=projects/oscal-hub/locations/us-central1/services/oscal-tools-prod]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.dimsync.google_cloud_run_v2_job.dimsync will be updated in-place
  ~ resource "google_cloud_run_v2_job" "dimsync" {
        id                       = "projects/oscal-hub/locations/us-central1/jobs/dimsync-prod"
        name                     = "dimsync-prod"
        # (25 unchanged attributes hidden)

      ~ template {
            # (4 unchanged attributes hidden)

          ~ template {
                # (5 unchanged attributes hidden)

              ~ containers {
                  ~ image       = "us-central1-docker.pkg.dev/oscal-hub/oscal-tools/oscal-tools:4dc2ed7ebcc293045ed4d40343a1eaeea60fa062" -> "us-central1-docker.pkg.dev/oscal-hub/oscal-tools/oscal-tools:da11428c96b24f7cd04ddb8f43923dd33305db42"
                    name        = null
                    # (3 unchanged attributes hidden)

                    # (7 unchanged blocks hidden)
                }
            }
        }
    }

  # module.oscal_app.google_cloud_run_v2_service.service will be updated in-place
  ~ resource "google_cloud_run_v2_service" "service" {
        id                      = "projects/oscal-hub/locations/us-central1/services/oscal-tools-prod"
        name                    = "oscal-tools-prod"
        # (30 unchanged attributes hidden)

      ~ template {
            # (9 unchanged attributes hidden)

          ~ containers {
              ~ image       = "us-central1-docker.pkg.dev/oscal-hub/oscal-tools/oscal-tools:4dc2ed7ebcc293045ed4d40343a1eaeea60fa062" -> "us-central1-docker.pkg.dev/oscal-hub/oscal-tools/oscal-tools:da11428c96b24f7cd04ddb8f43923dd33305db42"
                name        = null
                # (4 unchanged attributes hidden)

                # (30 unchanged blocks hidden)
            }

            # (2 unchanged blocks hidden)
        }

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"