[release-v1.21][maven]: Bump the patch group across 1 directory with 12 updates

[dependabot]

Bumps the patch group with 12 updates in the /data-plane directory:

Package	From	To
io.quarkus:quarkus-bom	3.28.0	3.28.5
io.vertx:vertx-opentelemetry	4.5.16	4.5.25
io.vertx:vertx-junit5	4.5.16	4.5.25
ch.qos.logback:logback-core	1.5.18	1.5.32
ch.qos.logback:logback-classic	1.5.18	1.5.32
software.amazon.msk:aws-msk-iam-auth	2.3.2	2.3.5
org.assertj:assertj-core	3.27.3	3.27.7
org.scala-lang:scala-reflect	2.13.14	2.13.18
org.apache.maven.plugins:maven-surefire-plugin	3.5.3	3.5.4
org.apache.maven.plugins:maven-enforcer-plugin	3.6.1	3.6.2
org.jacoco:jacoco-maven-plugin	0.8.12	0.8.14
org.apache.maven.plugins:maven-shade-plugin	3.6.0	3.6.1

Updates io.quarkus:quarkus-bom from 3.28.0 to 3.28.5

Release notes

Sourced from io.quarkus:quarkus-bom's releases.

3.28.5

Complete changelog

• #49504 - continuous-testing=disabled causes NPE and does not disable continuous testing mode
• #50568 - SmallRye Process: stderr warning: docker; testing in container
• #50571 - WorkspaceLoader fails if a Maven module tag references a pom file instead of a directory
• #50576 - Fix bootstrap when module is pointing to POM file directly
• #50578 - Reproducible order of enties in app/<project-name>.jar
• #50596 - Contribute files to the app jar in a deterministic order
• #50597 - container-image-docker-common: swallow stderr on success
• #50608 - Bump Microsoft SQL Server JDBC driver to 13.2.1
• #50646 - Improve handling of quarkus.test.continuous-testing=false
• #50653 - Opens java.lang as it's required for Java 24+

3.28.4

Complete changelog

• #49225 - OIDC redirect fails to properly append OAuth parameters when original URL contains query parameters
• #50321 - @RequestParam required true
• #50400 - Modify @RequestParam presence handling
• #50427 - DEV UI workspace shows a log file on Windows rather than Java file and hierarchy visualisation is broken
• #50476 - Rename leftovers of GlobalDevServicesConfig
• #50490 - Fix DEV UI workspace directory worktree and item selection on Windows
• #50491 - Correctly restore query params when OIDC does not drop redirect params
• #50503 - Add a clarification about OAuth2 protected resource metadata route address
• #50515 - Move Hibernate ORM/Reactive configuration reference to the bottom of the guides
• #50517 - Assistant: Remove unused exception method
• #50520 - Minor update to rest-client.adoc
• #50528 - Project creation with extension not from platform fails with 3.28.3
• #50531 - Update logging configuration property from .enable to .enabled in application properties
• #50541 - Bump the hibernate group with 8 updates
• #50554 - Ignore quarkus-core in non-platform extension catalogs
• #50556 - Quarkus augmentation weakens file permissions
• #50557 - Avoid using COPY_ATTRIBUTES when copying the jars of fast jar
• #50560 - UnsupportedOperationException with HTTP Response Code 204
• #50569 - Don't fail in Quarkus REST Servlet when trying to remove an HTTP header

3.28.3

Complete changelog

• #29817 - quarkus cli fail hard on bad settings.xml
• #49733 - quarkus.thread-pool.shutdown-interrupt is not respected
• #50126 - HQL Console improvements
• #50306 - Unrecognized configuration key "quarkus.gradle-worker.no-process"
• #50317 - VertxOutputStream: Cannot reserve 65536 bytes of direct buffer memory (allocated: 760195093, limit: 760217600)
• #50318 - Avoid importing BOMs managing extensions managed by BOMs with higher preferences
• #50335 - Change quarkus.gradle-worker.* to gradle.quarkus.gradle-worker.*

... (truncated)

Commits

• 7343948 [RELEASE] - Bump version to 3.28.5
• 319b171 Merge pull request #50656 from gsmet/3.28.5-backports-1
• 55e3f83 Opens java.lang as it's required for Java 24+
• 4b3e239 Prevent continuous testing log entry when `quarkus.test.continuous-testing=di...
• b403fdc Prevent NPE when quarkus.test.continuous-testing=false
• 3afb089 Ensure that Liquibase pre-conditions work for MongoDB
• 88e2ca6 Fix podman machine setup command order
• 55137e4 Bump Microsoft SQL Server JDBC driver to 13.2.1
• 21666c5 Removed extra '=' when converting single add opns jvm option (fixes #50610)
• fdd2683 Contribute files to the app jar in a deterministic order
• Additional commits viewable in compare view

Updates io.vertx:vertx-opentelemetry from 4.5.16 to 4.5.25

Commits

• 863bb6a Releasing 4.5.25
• 7c5d292 Bump testcontainers to 2.0.3
• 9b0508b Bump org.assertj:assertj-core in /vertx-opentelemetry (#100)
• e9bb941 Set next snapshot version
• d93310f Releasing 4.5.24
• 1b31ce4 Set next snapshot version
• fc4d51e Releasing 4.5.23
• 95c535b Set next snapshot version
• 1ad03a6 Releasing 4.5.22
• 6a4f58d Set next snapshot version
• Additional commits viewable in compare view

Updates io.vertx:vertx-junit5 from 4.5.16 to 4.5.25

Commits

• e5b0600 Releasing 4.5.25
• 2fa9ace Bump org.assertj:assertj-core from 3.24.2 to 3.27.7 (#154)
• 18c8d33 ScopedObject should implement AutoCloseable (#152)
• cf069f2 Set next snapshot version
• dc720ef Releasing 4.5.24
• 3e1fbdd Set next snapshot version
• 92b2f75 Releasing 4.5.23
• b95c14f Set next snapshot version
• a6216ae Releasing 4.5.22
• ac29b2e Set next snapshot version
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates software.amazon.msk:aws-msk-iam-auth from 2.3.2 to 2.3.5

Release notes

Sourced from software.amazon.msk:aws-msk-iam-auth's releases.

2.3.5

• Upgrade AWS SDK version to address CVE-2025-58056 and CVE-2025-58057
• Updated dependencies to address build issues. It's now recommended to build the package using Gradle 8.0+ and JDK 17+.

2.3.4

• Skip credential providers chain
• Upgrade AWS SDK version

2.3.3

• Upgrade AWS SDK version

Commits

• 07c14fc Merge pull request #226 from aws/release_2.3.5
• 67f19a8 Preparing release 2.3.5
• 6fd7078 update license-check Python version
• 56a08a4 update sourceCompatibility and targetCompatibility to 17
• 9797351 update mockito-inline version
• 0cc14e7 Update client module for Sonatype migration change
• f4b282f Bump software.amazon.awssdk:bom to 2.36.3
• 84bc15a Merge pull request #223 from aws/release_2.3.4
• 0ed7afe Preparing release 2.3.4
• 8c85192 Merge pull request #218 from bdesert/enforced-sts
• Additional commits viewable in compare view

Updates io.vertx:vertx-junit5 from 4.5.16 to 4.5.25

Commits

• e5b0600 Releasing 4.5.25
• 2fa9ace Bump org.assertj:assertj-core from 3.24.2 to 3.27.7 (#154)
• 18c8d33 ScopedObject should implement AutoCloseable (#152)
• cf069f2 Set next snapshot version
• dc720ef Releasing 4.5.24
• 3e1fbdd Set next snapshot version
• 92b2f75 Releasing 4.5.23
• b95c14f Set next snapshot version
• a6216ae Releasing 4.5.22
• ac29b2e Set next snapshot version
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates org.scala-lang:scala-reflect from 2.13.14 to 2.13.18

Release notes

Sourced from org.scala-lang:scala-reflect's releases.

Scala 2.13.18

The Scala team at Akka is pleased to announce Scala 2.13.18.

This release fixes several regressions from 2.13.17. It is compatible with JDKs 8 to 26.

The following are highlights of this release:

Restore traditional behavior when passing a null array to a varargs method in Scala 3

When passing an array as "sequence argument" to a varargs method, method(arg: _*), the array is converted to a Seq.

In Scala 3 (the syntax is method(arg*)), this conversion is done by the ScalaRunTime.wrapXArray methods. These methods were simplified in 2.13.17, which changed the semantics of a method((null: Array[T])*) invocation.

#11165 restores the previous null handling semantics.

Fixes for false positive warnings

• #11162 reverts -Xlint:infer-any to the behavior of 2.13.16. The lint was extended in 2.13.17 to warn whenever Nothing is inferred for a higher-kinded type parameter T[_]. The new warning showed up in many projects: often as a false positive, but even the "true" positive warning was considered unhelpful / spurious in real-world use cases.
• Fix false positive unused warning for private val used in annotation #11149
• Fix false positive -Xlint:universal-methods warning in synthetic code #11159

JDK 26 support

• Compiling on Java 26 is now supported #11179

New @uncheckedOverride annotation

The new @uncheckedOverride annotation is equivalent to the override keyword, except that it allows to override nothing. This is useful when cross-building: a method may override or not, depending on the version of some dependency. #11179

GPG key change

This release is signed with a different GPG key than previous Scala 2 releases. The new key is the same one used by Scala 3. #11158

Other notable changes

• On Java 25+, sbt run now detects main methods that are non-static, non-public or without parameter list #11137
• Regression fix: 2.13.17 was accidentally dropping certain annotations #11173
• Deprecate the -Xmain-class compiler flag #11156

More changes

For the complete 2.13.18 change lists, see all merged PRs and all closed bugs.

Compatibility

As usual for our minor releases, Scala 2.13.18 is binary-compatible with the whole Scala 2.13 series.

... (truncated)

Commits

• 98f40d0 Merge pull request #11180 from SethTisue/scala-3.7.4
• f47ee18 Merge pull request #11181 from lrytz/t13141
• 960905c Don't type check synthetic args in presence of errors
• 5c28ce5 Scala 3.7.4 (was 3.7.3)
• ae6ae4d Merge pull request #11179 from lrytz/merge-212
• e828c8f Merge commit '597789e91a' into merge-212
• c099bae Merge commit '01ad07aaf2' into merge-212
• ef7bf42 Merge commit '516ea3283f' into merge-212
• 786153f Merge commit '42b335a55f' into merge-212
• 597789e Merge pull request #11178 from dragos/dragos/backport-base-type-crash-fix
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
• 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
• 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
• 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
• 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
• fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
• 1e63159 Name the shutdown hook (#3170)
• 76e806a feat: enable prevent branch protection rules (#3168)
• 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
• 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.2

🐛 Bug Fixes

• Use SessionData for cache storage (#930) @​slawekjaranowski

📝 Documentation updates

• Update Version Ranges link in site.xml (#926) @​ctubbsii
• Fix formatting typo in dependencyConvergence.apt.vm (#928) @​ascopes
• Correct support parameters documentation for banned repositories rule (#922) @​Harmelodic

👻 Maintenance

• Fixes #920 - Remove usage of Stack (#921) @​khmarbaise
• feat: enable prevent branch protection rules (#925) @​sebtiem
• Fixes #917 - Remove usage of Hashtable (#918) @​khmarbaise

📦 Dependency updates

• Bump m-invoker-p to 3.9.1 (#935) @​slawekjaranowski
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#933) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#932) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#923) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#919) @dependabot[bot]
• Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 (#915) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#914) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#912) @dependabot[bot]

Commits

• 82ba770 [maven-release-plugin] prepare release enforcer-3.6.2
• 5313c70 Bump m-invoker-p to 3.9.1
• ee5abee Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
• 6c5a152 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
• 89ccb70 Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931)
• 03ed82d Update Version Ranges link in site.xml (#926)
• d282dc4 Fixes #920 - Remove usage of Stack
• 27e1f46 Use SessionData for cache storage (#930)
• a1bac9b Fix formatting typo in dependencyConvergence.apt.vm
• 870a1ed Correct support parameters documentation for banned repositories rule
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

• JaCoCo now officially supports Java 25 (GitHub #1950).
• Experimental support for Java 26 class files (GitHub #1870).
• Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
• Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
• Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
• Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
• Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
• Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
• Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

• Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
• Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

• JaCoCo now depends on ASM 9.9 (GitHub #1965).

0.8.13

New Features

• JaCoCo now officially supports Java 23 and Java 24 (GitHub #1757, #1631, #1867).
• Experimental support for Java 25 class files (GitHub #1807).
• Calcu...

  Description has been truncated

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[creydr]

/ok-to-test

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign twogiants for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment