Bump the maven group with 14 updates

[dependabot]

Bumps the maven group with 14 updates:

Package	From	To
com.google.errorprone:error_prone_core	2.27.0	2.28.0
org.apache.maven.plugins:maven-enforcer-plugin	3.4.1	3.5.0
org.apache.maven.plugins:maven-javadoc-plugin	3.6.3	3.7.0
com.github.siom79.japicmp:japicmp-maven-plugin	0.21.1	0.21.2
com.google.errorprone:error_prone_annotations	2.27.0	2.28.0
com.google.guava:guava-testlib	33.1.0-jre	33.2.1-jre
com.guardsquare:proguard-base	7.4.2	7.5.0
com.guardsquare:proguard-core	9.1.3	9.1.4
org.graalvm.buildtools:native-maven-plugin	0.10.1	0.10.2
org.apache.maven.plugins:maven-shade-plugin	3.5.3	3.6.0
org.codehaus.mojo:exec-maven-plugin	3.2.0	3.3.0
com.fasterxml.jackson.core:jackson-databind	2.17.0	2.17.1
com.google.protobuf:protobuf-java	4.26.1	4.27.0
com.google.guava:guava	33.1.0-jre	33.2.1-jre

Updates com.google.errorprone:error_prone_core from 2.27.0 to 2.28.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.28.0

Error Prone nows supports the latest JDK 23 EA builds (#4412, #4415).

Closed issues:

• Improved errors for invalid check severities (#4306).
• Fix a crash with nested instanceof patterns (#4349).
• Fix a crash in JUnitIncompatibleType (#4377).
• In ObjectEqualsForPrimitives, don't suggest replacing equal with == for floating-point values (#4392).

New checks:

• DeeplyNested discourages very deeply nested code that can cause StackOverflowErrors during compilation.
• GuiceNestedCombine discourages nesting of Modules.combine(), which is unnecessary.
• PatternMatchingInstanceof migrates code to use pattern matching for instanceof
• SunApi discourages use of internal proprietary JDK APIs which may be removed from future releases.

Full Changelog: google/error-prone@v2.27.1...v2.28.0

Error Prone 2.27.1

This release contains all of the changes in 2.27.0, plus a bug fix to ClassInitializationDeadlock (google/error-prone#4378)

Full Changelog: google/error-prone@v2.27.0...v2.27.1

Commits

• c71fd4e Release Error Prone 2.28.0
• 32997f7 Bugfix assignment switch analysis in StatementSwitchToExpressionSwitch: if an...
• 2dde254 Update references to javadoc APIs after the introduction of Markdown doc comm...
• 5fef6e0 Yet another JUnitIncompatibleType crash fix.
• c2df1b6 Refactor comment handling in tokenization to use a new ErrorProneComment clas...
• 3fff610 Update hamcrest to v2.2
• 6f265dd Add a disabled regression test for an UnusedVariable bug
• 5eded87 Add an Error Prone check that reimplements javac sunapi warnings
• 9e0fbf7 Prepare for a change to the return type of JCCompilationUnit#getImports in ...
• 13be411 Handle null != CONST_CASE in YodaCondition
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.5.0

🚀 New features and improvements

• [MENFORCER-497] - Require Maven 3.6.3+ (#317) @​slawekjaranowski
• [MENFORCER-494] - Allow banning dynamic versions in whole tree (#294) @​JimmyAx
• [MENFORCER-500] - New rule to enforce that Maven coordinates match given (#309) @​kwin

🐛 Bug Fixes

• [MENFORCER-503] - Pass context to ProfileActivator - fix NPE in Maven 3.9.7 (#315) @​slawekjaranowski

📦 Dependency updates

• [MENFORCER-501] - Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#311) @​dependabot
• [MENFORCER-501] - Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#312) @​dependabot
• [MENFORCER-504] - Bump org.apache.maven:maven-parent from 41 to 42 (#314) @​dependabot
• [MENFORCER-501] - Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#298) @​dependabot
• [MENFORCER-501] - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (#305) @​dependabot
• [MENFORCER-501] - Bump commons-io:commons-io from 2.13.0 to 2.16.0 (#310) @​dependabot
• Bump org.apache.commons:commons-compress from 1.21 to 1.26.0 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#307) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#308) @​dependabot
• [MENFORCER-498] - Update parent pom to 41 (#306) @​slachiewicz
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#303) @​dependabot
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 (#301) @​dependabot
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0 (#295) @​dependabot
• Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#296) @​dependabot
• [MENFORCER-492] - Bump plexus-utils from 3.5.1 to 4.0.0 and plexus-xml 3.0.0 (#291) @​slawekjaranowski
• Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#292) @​dependabot

👻 Maintenance

• [MENFORCER-490] - Remove unused dependency (#316) @​elharo
• Bump org.apache.commons:commons-compress from 1.21 to 1.26.0 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#307) @​dependabot
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.3 (#304) @​dependabot
• [MENFORCER-498] - Update parent pom to 41 (#306) @​slachiewicz
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#303) @​dependabot
• Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#292) @​dependabot
• Oxford comma, fill to file, and tighten language (#290) @​elharo
• [MENFORCER-490] - Declare enforcer-rules dependencies (#289) @​elharo
• [MENFORCER-490] - fully declare maven-enforcer-plugin dependencies (#288) @​elharo

Commits

• 21b31b5 [maven-release-plugin] prepare release enforcer-3.5.0
• e6cd6e9 Remove unused dependency (#316)
• 29d1c0d [MENFORCER-497] Require Maven 3.6.3+
• 80e6626 [MENFORCER-503] Pass context to ProfileActivator - fix NPE in Maven 3.9.7
• 5c7d0bc [MENFORCER-494] Allow banning dynamic versions in whole tree (#294)
• e687c46 [MENFORCER-501] Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#311)
• 6665083 [MENFORCER-501] Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#312)
• 3eb6343 Bump project version to 3.5.0-SNAPSHOT
• 1cf5c5f [MENFORCER-504] Bump org.apache.maven:maven-parent from 41 to 42 (#314)
• a24b557 Manage ignore artifacts for dependabot in PR
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0

Commits

• 2c28b8d [maven-release-plugin] prepare release maven-javadoc-plugin-3.7.0
• 5530d68 [MJAVADOC-793] java.lang.NullPointerException: Cannot invoke "String.length()...
• 08cf68e Revert "Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2"
• 6446822 Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
• 49c93ad Bump org.assertj:assertj-core from 3.25.3 to 3.26.0
• 4e72048 [MJAVADOC-795] Upgrade to Parent 42 and Maven 3.6.3
• b55dd96 Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2
• 77ad410 Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
• c21568a Bump commons-io:commons-io from 2.16.0 to 2.16.1
• ded56a9 Exclude JDK 8 - temurin, adopt-openj9 on macos
• Additional commits viewable in compare view

Updates com.github.siom79.japicmp:japicmp-maven-plugin from 0.21.1 to 0.21.2

Commits

• 1d75ed7 [maven-release-plugin] prepare release japicmp-base-0.21.2
• 317f263 Merge pull request #397 from Billlynch/master
• 7a23595 remove formatting noise
• ac02dc8 refactor
• 8a10b71 fix: check changes in return types
• 68727ed [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates com.google.errorprone:error_prone_annotations from 2.27.0 to 2.28.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.28.0

Error Prone nows supports the latest JDK 23 EA builds (#4412, #4415).

Closed issues:

• Improved errors for invalid check severities (#4306).
• Fix a crash with nested instanceof patterns (#4349).
• Fix a crash in JUnitIncompatibleType (#4377).
• In ObjectEqualsForPrimitives, don't suggest replacing equal with == for floating-point values (#4392).

New checks:

• DeeplyNested discourages very deeply nested code that can cause StackOverflowErrors during compilation.
• GuiceNestedCombine discourages nesting of Modules.combine(), which is unnecessary.
• PatternMatchingInstanceof migrates code to use pattern matching for instanceof
• SunApi discourages use of internal proprietary JDK APIs which may be removed from future releases.

Full Changelog: google/error-prone@v2.27.1...v2.28.0

Error Prone 2.27.1

This release contains all of the changes in 2.27.0, plus a bug fix to ClassInitializationDeadlock (google/error-prone#4378)

Full Changelog: google/error-prone@v2.27.0...v2.27.1

Commits

• c71fd4e Release Error Prone 2.28.0
• 32997f7 Bugfix assignment switch analysis in StatementSwitchToExpressionSwitch: if an...
• 2dde254 Update references to javadoc APIs after the introduction of Markdown doc comm...
• 5fef6e0 Yet another JUnitIncompatibleType crash fix.
• c2df1b6 Refactor comment handling in tokenization to use a new ErrorProneComment clas...
• 3fff610 Update hamcrest to v2.2
• 6f265dd Add a disabled regression test for an UnusedVariable bug
• 5eded87 Add an Error Prone check that reimplements javac sunapi warnings
• 9e0fbf7 Prepare for a change to the return type of JCCompilationUnit#getImports in ...
• 13be411 Handle null != CONST_CASE in YodaCondition
• Additional commits viewable in compare view

Updates com.google.guava:guava-testlib from 33.1.0-jre to 33.2.1-jre

Release notes

Sourced from com.google.guava:guava-testlib's releases.

33.2.1

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.2.1-jre</version>
  <!-- or, for Android: -->
  <version>33.2.1-android</version>
</dependency>

Jar files

• 33.2.1-jre.jar
• 33.2.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.2.1-jre
• 33.2.1-android

JDiff

• 33.2.1-jre vs. 33.2.0-jre
• 33.2.1-android vs. 33.2.0-android
• 33.2.1-android vs. 33.2.1-jre

Changelog

• net: Changed InetAddress-String conversion methods to preserve the IPv6 scope ID if present. The scope ID can be necessary for IPv6-capable devices with multiple network interfaces. However, preserving it can also lead to problems for callers that rely on the returned values not to include the scope ID:
  • Callers might compensate for the old behavior of the methods by appending the scope ID to a returned string themselves. If so, you can update your code to stop doing so at the same time as you upgrade Guava. Of, if your code might run against multiple versions of Guava, you can check whether Guava has included a scope ID before you add one yourself.
  • Callers might pass the returned string to another system that does not understand scope IDs. If so, you can strip the scope ID off, whether by truncating the string form at a % character (leaving behind any trailing ] character in the case of forUriString) or by replacing the returned InetAddress with a new instance constructed by calling InetAddress.getByAddress(addr).
  • java.net.InetAddress validates any provided scope ID against the interfaces available on the machine. As a result, methods in InetAddresses may now fail if the scope ID fails validation.
    • Notable cases in which this may happen include:
      • if the code runs in an Android app without networking permission
      • if code passes InetAddress instances or strings across devices
    • If this is not the behavior that you want, then you can strip off the scope ID from the input string before passing it to Guava, as discussed above. (3f61870ac6)

33.2.0

Android users: Please test recent Guava versions

If you know of Guava Android users who have not yet upgraded to at least release 33.0.0, please encourage them to upgrade, preferably to today's release, 33.2.0. These releases have begun adding Java 8+ APIs to guava-android. While we don't anticipate problems, we do anticipate that any unexpected problems could force a disruptive rollback. To minimize any disruption, we'd like to catch any such problems early.

Please let us know of any problems you encounter.

Maven

... (truncated)

Commits

• See full diff in compare view

Updates com.guardsquare:proguard-base from 7.4.2 to 7.5.0

Release notes

Sourced from com.guardsquare:proguard-base's releases.

7.5

Kotlin support

• Add support for Kotlin 2.0. (#376)

Java support

• Add support for Java 22. (#387)

Bugfixes

• Prevent unwanted name collision leading to missing methods in Kotlin DefaultImpls classes.
• Prevent ParseException when consumer rules contain -maximumremovedandroidloglevel rules.

Commits

• af475c6 Update usage.md (#407)
• 8d7ddf8 Update foojay resolver plugin
• f5f2f06 Add .kotlin from Kotlin 2.0.0 in .gitignore (#406)
• aa43b9d Update versions for 7.5 (#404)
• 0d9ceb7 fix lint violations in ConfigurationParserTest
• 1d28c11 Synchronize keep flags on getter/setter/backing field for kotlin properties
• b85b2cb Bump version to 7.5.0-beta01 and add release note
• 0c95982 integrate kotlin 2 support
• 38de2e4 Update releasenotes.md
• 76b2921 Update ProGuardCORE version (#398)
• Additional commits viewable in compare view

Updates com.guardsquare:proguard-core from 9.1.3 to 9.1.4

Release notes

Sourced from com.guardsquare:proguard-core's releases.

9.1.4

Version 9.1.4

Improved

• Add support for dynamic dispatch in ExecutorInvocationUnit. This makes it possible to execute methods based on statically observed types of objects, not only based on the type of the used variables.

API changes

• Remove ExecutorMatcher and change the Executor interface so that it declares supported methods by MethodSignature wildcards instead.
• Add @Nullable annotations to MethodSignature.

Kotlin support

• Update Kotlin dependency to 2.0.0 final release version.

Bugfixes

• Prevent potential NullPointerException when Kotlin property metadata isVar flag does not correctly indicate the presence of a setter.

Commits

• bd3ba7f Update releasenotes.md
• 2202ae3 Update Kotlin dependency to final 2.0 version
• 56ca6bb Support dynamic dispatch in Executors
• 95688bc Use ProGuardCore exceptions
• 1d70f6d Stop tests from cluttering /tmp with temporary files
• 43a3b96 Change MaxStackSizeComputer logger.error to ProguardCoreException
• 3332750 Update releasenotes.md
• 2eb09b8 Use a null check instead of isVar to check if property has a getter
• ebb9de4 Audit uses of the error level logs
• 8965861 Refactor ClassInitializer to use InvalidReferenceVisitors
• Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 0.10.1 to 0.10.2

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.10.2

What's Changed

• Bump repo version to 0.10.2-SNAPSHOT by @​dnestoro in graalvm/native-build-tools#578
• Update Getting Started with Maven Plugin doc. by @​olyagpl in graalvm/native-build-tools#577
• Update Default Target Directory for MetadataCopy Task by @​dnestoro in graalvm/native-build-tools#580
• Delete old stale args file by @​n0tl3ss in graalvm/native-build-tools#589
• fix class path directroy analyzer by @​n0tl3ss in graalvm/native-build-tools#590
• Add a parameter to be able to skip build native for pom type modules, leave it as false per default for backward compat by @​olamy in graalvm/native-build-tools#593
• Update Reachability Metadata repository version by @​dnestoro in graalvm/native-build-tools#594

New Contributors

• @​n0tl3ss made their first contribution in graalvm/native-build-tools#589
• @​olamy made their first contribution in graalvm/native-build-tools#593

Full Changelog: graalvm/native-build-tools@0.10.1...0.10.2

Commits

• de7f1df Bump repo version to 0.10.2
• c47f2dc Merge pull request #594 from graalvm/dnestoro/UpdateMetadataVersion
• 892da4f Update Reachability Metadata repository version
• 9f8dbd0 Add a parameter to be able to skip build native for pom type modules, leave i...
• d4b5ce3 fix class path directroy analyzer (#590)
• 08d4a02 Merge pull request #589 from n0tl3ss/stale-files
• ca05132 code review fixes
• ca35e20 trigger build
• 5ffff01 write-args-file task should delete old stale args file before generating a ne...
• 6db59ba Merge pull request #580 from dnestoro/dnestoro/SetProperDefaultMetadataCopyDir
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.5.3 to 3.6.0

Commits

• 9a572e2 [maven-release-plugin] prepare release maven-shade-plugin-3.6.0
• ade2e35 [MSHADE-428] Prevent null value in array of transformers (#229)
• b573b8c [MSHADE-478] Extra JARs feature (#228)
• 199ffae Drop the cruft (#225)
• 912a81d Bump maven-gh-actions-shared to v4
• 80e4420 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.3.0

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.3.0

🚀 New features and improvements

• Add option to include runtime and provided (#61) @​rehevkor5

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 80 to 82 (#429) @​dependabot
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#424) @​dependabot
• Bump asm.version from 9.6 to 9.7 (#422) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#420) @​dependabot

Commits

• 366da2f [maven-release-plugin] prepare release 3.3.0
• 416c83a Bump org.codehaus.mojo:mojo-parent from 80 to 82 (#429)
• 8d3327f Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1
• 662ab09 Bump asm.version from 9.6 to 9.7
• ec97f4d Add "provided" classpathScope (runtime+provided)
• d18ed80 Bump apache/maven-gh-actions-shared from 3 to 4
• f19bde1 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.17.0 to 2.17.1

Commits

• See full diff in compare view

Updates com.google.protobuf:protobuf-java from 4.26.1 to 4.27.0

Commits

• See full diff in compare view

Updates com.google.guava:guava from 33.1.0-jre to 33.2.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.2.1

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.2.1-jre</version>
  <!-- or, for Android: -->
  <version>33.2.1-android</version>
</dependency>

Jar files

• 33.2.1-jre.jar
• 33.2.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.2.1-jre
• 33.2.1-android

JDiff

• 33.2.1-jre vs. 33.2.0-jre
• 33.2.1-android vs. 33.2.0-android
• 33.2.1-android vs. 33.2.1-jre

Changelog

• net: Changed InetAddress-String conversion methods to preserve the IPv6 scope ID if present. The scope ID can be necessary for IPv6-capable devices with multiple network interfaces. However, preserving it can also lead to problems for callers that rely on the returned values not to include the scope ID:
  • Callers might compensate for the old behavior of the methods by appending the scope ID to a returned string themselves. If so, you can update your code to stop doing so at the same time as you upgrade Guava. Of, if your code might run against multiple versions of Guava, you can check whether Guava has included a scope ID before you add one yourself.
  • Callers might pass the returned string to another system that does not understand scope IDs. If so, you can strip the scope ID off, whether by truncating the string form at a % character (leaving behind any trailing ] character in the case of forUriString) or by replacing the returned InetAddress with a new instance constructed by calling InetAddress.getByAddress(addr).
  • java.net.InetAddress validates any provided scope ID against the interfaces available on the machine. As a result, methods in InetAddresses may now fail if the scope ID fails validation.
    • Notable cases in which this may happen include:
      • if the code runs in an Android app without networking permission
      • if code passes InetAddress instances or strings across devices
    • If this is not the behavior that you want, then you can strip off the scope ID from the input string before passing it to Guava, as discussed above. (3f61870ac6)

33.2.0

Android users: Please test recent Guava versions

If you know of Guava Android users who have not yet upgraded to at least release 33.0.0, please encourage them to upgrade, preferably to today's release, 33.2.0. These releases have begun adding Java 8+ APIs to guava-android. While we don't anticipate problems, we do anticipate that any unexpected problems could force a disruptive rollback. To minimize any disruption, we'd like to catch any such problems early.

Please let us know of any problems you encounter.

Maven

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions