Bump the plugins group across 1 directory with 7 updates

[dependabot]

Bumps the plugins group with 7 updates in the / directory:

Package	From	To
com.puppycrawl.tools:checkstyle	12.3.0	13.5.0
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.6
org.apache.maven.plugins:maven-surefire-report-plugin	3.5.4	3.5.6
org.codehaus.mojo:properties-maven-plugin	1.2.1	1.3.0
org.jacoco:jacoco-maven-plugin	0.8.14	0.8.15
org.owasp:dependency-check-maven	12.1.9	12.2.2

Updates com.puppycrawl.tools:checkstyle from 12.3.0 to 13.5.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.5.0

Checkstyle 13.5.0 - https://checkstyle.org/releasenotes.html#Release_13.5.0

New:

#19496 - AvoidStarImport: new property maxAllowedStarImports to allow atmost one star import in a file. #14782 - LITERAL_DEFAULT token support in RightCurlyCheck. #15484 - New Check UnusedTryResourceShouldBeUnnamed.

Bug fixes:

#17697 - Google style: Disallow comments enclosed in boxes. #19641 - Add checks for OpenJDK Style §3.10 - Variable Declarations. #19640 - Add checks for OpenJDK Style §4.1 - Package Names. #18227 - Extend TextBlockGoogleStyleFormatting to check indentation of each line in the blocks. #19770 - JavadocTypeCheck incorrectly matches record component @param tags using prefix instead of exact match. #17052 - Add support for flexible constructor bodies (JEP 513) targeted for JDK25. #17464 - RequireThis false positive inside annotation definition. #19623 - Add checks for OpenJDK Style §3.3 - Import statements. #17203 - PatternVariableAssignment check false negative when pattern variable extends beyond the statement of introduction. #19716 - False Negative: SimplifyBooleanExpression does not report with paranthesized boolean literals in ternary operators. #19617 - Add checks for OpenJDK Style §2 - Java Source Files. #17253 - Google-style: Illegal to break the line before or after the lambda arrow. #19149 - update MissingJavadocTypeCheck to use AST of javadoc. #2629 - IndentationCheck: incorrect validation for class definition. #5685 - Indentation: false positive for try child on the same line. #11822 - RequireThisCheck giving multiple violation for classes nested in lambdas. #19622 - Add checks for OpenJDK Style §3.2 - Package declaration.

... (truncated)

Commits

• 110e63e [maven-release-plugin] prepare release checkstyle-13.5.0
• 47d9268 doc: release notes for 13.5.0
• 2ae101f Issue #19793: Anchor IndentationCheck regex in google_checks.xml SuppressWith...
• fb3c9e9 Issue #19827: Complete removal of chapter numbers
• e2b0411 Issue #18435: Fix xdocs Examples AST Consistency Test - nowhitespacebefore
• 096df1d Issue #19764: Move violation comment out of Javadoc
• 4d69a3f Issue #19993: Regexp check for unnecessary // ok comments is configured under...
• 035297e dependency: bump org.pitest:pitest-maven from 1.25.2 to 1.25.3
• 6b82789 supplemental: Fixes Overloaded Methods Order
• d9306da Issue #18435: Fix xdocs Examples AST Consistency Test - linelength
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.4 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.codehaus.mojo:properties-maven-plugin from 1.2.1 to 1.3.0

Release notes

Sourced from org.codehaus.mojo:properties-maven-plugin's releases.

1.3.0

🚀 New features and improvements

• Feature Request: add yml properties manager (#134) @​mattmeye
• Include/exclude project properties (#126) @​reda-alaoui

👻 Maintenance

• Use Sisu plugin (#140) @​slachiewicz

🔧 Build

• Bump release-drafter/release-drafter from 5 to 6 (#120) @dependabot[bot]

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#156) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#154) @dependabot[bot]
• Bump org.yaml:snakeyaml from 2.4 to 2.5 (#153) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#152) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#149) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 87 to 91 (#148) @dependabot[bot]
• Require Maven 3.6.3 (#139) @​slachiewicz
• Bump org.yaml:snakeyaml from 2.3 to 2.4 (#138) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 86 to 87 (#137) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#132) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#133) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 84 to 85 (#131) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 80 to 84 (#130) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 78 to 80 (#122) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#125) @dependabot[bot]
• Bump apache/maven-gh-actions-shared from 3 to 4 (#124) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#119) @dependabot[bot]

Commits

• 91a2ade [maven-release-plugin] prepare release properties-maven-plugin-1.3.0
• bf56d32 Bump org.codehaus.mojo:mojo-parent from 94 to 95
• 80e20be Bump org.codehaus.mojo:mojo-parent from 93 to 94
• e8ae7a5 Bump org.yaml:snakeyaml from 2.4 to 2.5
• bb39c3d Bump org.codehaus.mojo:mojo-parent from 92 to 93
• b41267b Bump org.codehaus.mojo:mojo-parent from 91 to 92
• bb548c5 Bump org.codehaus.mojo:mojo-parent from 87 to 91
• 3ffa9cb Use Sisu plugin
• 7adbe3b Require Maven 3.6.3
• 407342f Bump org.yaml:snakeyaml from 2.3 to 2.4
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

• JaCoCo now officially supports Java 26 (GitHub #2076).
• Experimental support for Java 27 class files (GitHub #2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

Commits

• 6c5260a Prepare release v0.8.15
• 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
• ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
• 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
• 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
• 85b8ddf Upgrade ASM to 9.10.1 (#2134)
• 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
• 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
• 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
• 3e18f17 Require at least JDK 21 for build (#2128)
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.9 to 12.2.2

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.2

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.2.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.2 (2026-05-03)

NOTE: The database schema was updated to fix #8466 - if using an external database the update scripts must be run!

• feat: improve Sonatype Guide / OSS Index cache handling and insufficient credits error reporting (#8451)
• feat: support and prefer githubID vuln identifiers from RetireJS (#8419)
• fix(db): widen reference URL column to handle long Mozilla CVE URLs (#8467)
• fix: add corepack to docker image (#8386)
• fix: bump open-vulnerability-clients to resolve NVD timestamp parsing errors (#8427)
• fix: de-duplicate and sort both includedBy and projectReferences in reports (#8440)
• fix: migrate default OSS Index API URL to Sonatype Guide; supporting optional username (#8404)
• docs: correct missing documentation for Gradle plugin (#8431)
• docs: tweak docs site structure; documenting missing analyzers (#8462)
• chore: remove spurious bundle-audit log line when there are no errors (#8454)
• chore: tidy CHANGELOG formatting (#8414)
• chore(fp): remove duplicate log4j FP suppressions (#8468)
• build(deps): bump apache.ant.version from 1.10.16 to 1.10.17 (#8416)
• build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 (#8465)
• build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#8420)
• build(deps): bump com.mysql:mysql-connector-j from 9.6.0 to 9.7.0 (#8445)
• build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#8453)
• build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 (#8448)
• build(deps): bump httpcomponents.client.version from 5.6 to 5.6.1 (#8432)
• build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 (#8464)
• build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 (#8452)
• build(deps): bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#8437)
• build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 (#8463)
• build(deps): bump the actions-deps group with 8 updates (#8472)

See the full listing of changes

Version 12.2.1 (2026-04-11)

• fix(core): correct xml schema validation handling without needing external access (#8272)
• fix(deps): upgrade slf4j and logback (#8306)
• fix(test): disable pnpm analyzer during test (#8305)
• fix: Correct published/hosted suppressions namespace header and indent (#8258)
• fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
• fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
• fix: #8140 fix version resolution
• fix: #8140 hint azure_identity_library_for_.net
• fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
• fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
• fix: evidence source in Retire JS analyzer (#8303)
• fix: exclude deprecations from Yarn Berry audit results (#8380)
• fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
• fix: improve configuration consistency (casing) (#8355)
• fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
• fix: raw type warning in ProcessReader (#8324)
• fix: suppress false positives for zabbix-utils #8087 (#8218)

... (truncated)

Commits

• b51290f build: prepare release v12.2.2
• 70070a9 docs: release 12.2.2
• 47aa0c7 fix: widen reference URL column to handle long Mozilla CVE URLs (#8467)
• 1de40c0 build(deps): bump the actions-deps group with 8 updates (#8472)
• 74678b0 build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 (#8...
• 3f83d80 build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 (#8463)
• 04387c3 build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#8453)
• 11e1771 build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to...
• e850545 chore(fp): remove duplicate log4j FP suppressions (#8468)
• 9acbb33 feat: improve Sonatype Guide / OSS Index cache handling and insufficient cred...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.4 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.