Bump the maven-build-plugins group across 1 directory with 3 updates

[dependabot]

Bumps the maven-build-plugins group with 3 updates in the / directory: org.apache.maven.plugins:maven-surefire-plugin, org.owasp:dependency-check-maven and org.jacoco:jacoco-maven-plugin.

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.0 to 12.1.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.1 (2025-04-05)

• fix: resolve NVD data Parse error com.fasterxml.jackson.core.JsonParseException: Unexpected character (']' (code 93))
  • bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
• fix: update links for repository move from jeremylong to the dependency-check organization (#7373)
• fix: resolve NPE when processing CVE-2025-2682 (#7558)
• fix: prevent rogue base suppression files (#7544)
• fix: #6819 handle invalid toml file (#7548)
• fix: Use unscored severity only in absence of any CVSS baseScore (#7530)
• fix: protect against exotic version number of yarn (#7525)
• fix: Ignore require-bundle MANIFEST.MF entry for evidence (#7523)
• fix: avoid error on yarn berry audit when no vulnerability found (#7501)
• fix: improve null checks in Downloader (#7493)
• fix: improve null checks resolves dependency-check/dependency-check-gradle#441
• fix: Avoid FPs when Composer product name has php (#7486)
• fix: cli not honoring window paths correctly (#7470)
• fix: Also apply muteNoisyLoggers to UpdateMojo (#7469)
• fix: Make HC5 Downloader honor the connection- and readTimeout settings that the old URLConnectionFactory based downloads observed (#7437)
• docs: sync the supported Maven version with the one stated in the system requirement section (#7570)
• docs: update proxy config documentation (#7550)
• docs: Remove copyright as requested by the Apache foundation
• docs: drop redundant text in the Internet Access Required section (#7521)
• docs: correct gradle documentation (#7511)

See the full listing of changes

Commits

• 67cccfb build: prepare release v12.1.1
• d7f876d docs: release 12.1.1
• f7e3d05 build(deps): bump open-vulnerability-client from 7.3.1 to 7.3.2 (#7577)
• 20c62ec build(deps-dev): bump io.netty:netty-codec-http from 4.1.119.Final to 4.2.0.F...
• c0a8a52 build(deps-dev): bump io.netty:netty-codec-http
• 35b7a16 docs: sync the supported Maven version with the one stated in the system requ...
• 511710f build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13 (#7571)
• b231423 build(deps): bump golang from 1.24.1-alpine to 1.24.2-alpine (#7568)
• 1491689 build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 t...
• 288458c build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 t...
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.12 to 0.8.13

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.13

New Features

• JaCoCo now officially supports Java 23 and Java 24 (GitHub #1757, #1631, #1867).
• Experimental support for Java 25 class files (GitHub #1807).
• Calculation of line coverage for Kotlin inline functions (GitHub #1670).
• Calculation of line coverage for Kotlin inline functions with reified type parameter (GitHub #1670, #1700).
• Calculation of coverage for Kotlin JvmSynthetic functions (GitHub #1700).
• Part of bytecode generated by the Kotlin Compose compiler plugin is filtered out during generation of report (GitHub #1616).
• Part of bytecode generated by the Kotlin compiler for inline value classes is filtered out during generation of report (GitHub #1475).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas without suspension points is filtered out during generation of report (GitHub #1283).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable enum subject is filtered out during generation of report (GitHub #1774).
• Part of bytecode generated by the Kotlin compiler for when expressions and statements with nullable String subject is filtered out during generation of report (GitHub #1769).
• Part of bytecode generated by the Kotlin compiler for chains of safe call operators is filtered out during generation of report (GitHub #1810, #1818).
• Method getEntries generated by the Kotlin compiler for enum classes is filtered out during generation of report (GitHub #1625).
• Methods generated by the Kotlin compiler for constructors and functions with JvmOverloads annotation are filtered out (GitHub #1768).

Fixed bugs

• Fixed interpretation of Kotlin SMAP (GitHub #1525).
• File extensions are preserved in HTML report in case of clashes of normalized file names (GitHub #1660).

Non-functional Changes

• JaCoCo build now uses Maven Wrapper and requires at least Maven 3.9.9 (GitHub #1708, #1707, #1681).
• JaCoCo now depends on ASM 9.8 (GitHub #1862).
• More context information when IllegalArgumentException occurs during reading of zip file (GitHub #1833).

Commits

• 78d5eff Prepare release 0.8.13
• e579092 Happy birthday Java 24! (#1867)
• 17d31aa Upgrade ASM to 9.8 (#1863)
• ee07ecb Upgrade Kotlin to 2.1.20 (#1860)
• f0dcc6b Bump actions/upload-artifact from 4.6.1 to 4.6.2 (#1861)
• 99707c3 Upgrade spotless-maven-plugin to 2.44.3 (#1851)
• 21f6a99 Upgrade maven-deploy-plugin to 3.1.4 (#1854)
• c7da68b Upgrade maven-install-plugin to 3.1.4 (#1853)
• 80ebc77 Upgrade maven-clean-plugin to 3.4.1 (#1850)
• 0bb8bd5 Bump actions/upload-artifact from 4.6.0 to 4.6.1 (#1852)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[infeo]

@dependabot squash & merge