Bump the java group in /java with 3 updates #1307

dependabot · 2025-09-15T12:12:06Z

Bumps the java group in /java with 3 updates: com.google.protobuf:protobuf-bom, org.apache.maven.plugins:maven-surefire-plugin and org.apache.maven.plugins:maven-shade-plugin.

Updates com.google.protobuf:protobuf-bom from 4.32.0 to 4.32.1

Commits

See full diff in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

Name the shutdown hook (#3170) @cstamas

Implement fail-fast behavior for JUnit Platform provider (#3155) @marcphilipp

Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @marcphilipp

🐛 Bug Fixes

[SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @olamy

👻 Maintenance

feat: enable prevent branch protection rules (#3168) @sparsick

Get rid of plexus-annotations (#3163) @olamy

Remove maven-changes-plugin (#861) @sparsick

Enable GitHub Issues (#831) @Bukama

📦 Dependency updates

Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]

Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]

Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]

Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]

Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

Commits

88513d8 [maven-release-plugin] prepare release surefire-3.5.4
9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
1e63159 Name the shutdown hook (#3170)
76e806a feat: enable prevent branch protection rules (#3168)
0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.1

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#250) @Bukama

👻 Maintenance

Enable prevent branch protection rules (#746) @sparsick

Enable GH issues (#253) @Bukama

Add missing @Override annotations (#246) @elharo

Merge ApacheLicenseResourceTransformer tests (#245) @Goooler

Add test cases for .md supports in the Apache License and Notice transformers (#243) @Goooler

[MSHADE-479] - Make the mojo much less noisy (#233) @elharo

📦 Dependency updates

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#748) @dependabot[bot]

Bump org.hamcrest:hamcrest-core from 2.2 to 3.0 (#235) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#738) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.26.2 to 1.28.0 (#743) @dependabot[bot]

Bump org.xmlunit:xmlunit-legacy from 2.10.0 to 2.10.3 (#745) @dependabot[bot]

Bump ASM 9.8 to support JDK 25 bytecode (#744) @pan3793

Bump commons-io:commons-io from 2.13.0 to 2.14.0 in /src/it/projects/MSHADE-105/shaded-jar (#241) @dependabot[bot]

Commits

9662c98 [maven-release-plugin] prepare for next development iteration
06902bd [maven-release-plugin] prepare release maven-shade-plugin-3.6.1
29e9a9d add .git
844e61a use github
43101f9 [maven-release-plugin] prepare release maven-shade-plugin-3.6.1
2ffb28d use release drafter v4 and dependabot to updade gha as well (#750)
f5b590e Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
eee0319 Bump org.hamcrest:hamcrest-core from 2.2 to 3.0
0d5a7a4 fix upgrade, remove those useless final
6e5f0f3 Bump org.apache.maven.plugins:maven-plugins from 42 to 45
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the java group in /java with 3 updates: [com.google.protobuf:protobuf-bom](https://github.com/protocolbuffers/protobuf), [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) and [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin). Updates `com.google.protobuf:protobuf-bom` from 4.32.0 to 4.32.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4) Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.6.0 to 3.6.1 - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.6.0...v3.6.1) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-bom dependency-version: 4.32.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: java - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: java - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-version: 3.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: java ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added Dependencies Updates a dependency Java Java/JVM language support labels Sep 15, 2025

rodaine approved these changes Sep 17, 2025

View reviewed changes

rodaine merged commit 53aa6a5 into main Sep 17, 2025
8 checks passed

rodaine deleted the dependabot/maven/java/java-bf460e7b15 branch September 17, 2025 13:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the java group in /java with 3 updates #1307

Bump the java group in /java with 3 updates #1307

Uh oh!

dependabot bot commented on behalf of github Sep 15, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the java group in /java with 3 updates #1307

Bump the java group in /java with 3 updates #1307

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 15, 2025

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.6.1

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants