Bump the maven-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the maven-dependencies group with 5 updates in the / directory:

Package	From	To
com.google.protobuf:protobuf-bom	4.33.0	4.33.1
org.junit:junit-bom	5.14.0	5.14.1
io.projectreactor:reactor-test	3.7.12	3.8.0
org.apache.maven.plugins:maven-jar-plugin	3.4.2	3.5.0
org.apache.maven.plugins:maven-release-plugin	3.1.1	3.2.0

Updates com.google.protobuf:protobuf-bom from 4.33.0 to 4.33.1

Commits

• See full diff in compare view

Updates org.junit:junit-bom from 5.14.0 to 5.14.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.1 = Platform 1.14.1 + Jupiter 5.14.1 + Vintage 5.14.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.0...r5.14.1

Commits

• c7cde2d Release 5.14.1
• f9fd438 Remove "Latest Releases" section
• eae19b2 Finalize 5.14.1 release notes
• da25e47 Fix broken links in documentation
• 386bbf3 Fix since info for JRE.JAVA_26
• 09a1609 Update since info for backported changes
• 2ab3370 Improve documentation for TestInstantiationAwareExtension
• 0b9617e Fix support for package-private test methods (#5100)
• d43c3ca Restore JDK 8 compatibility
• 9c0c755 Validate that there are enough arguments to inject @Parameter fields
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.7.12 to 3.8.0

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.8.0

Reactor Core 3.8.0 is part of 2025.0.0 Release Train.

3.8.0 Highlights

Enhanced Null Safety using JSpecify

🦺 Reactor Core 3.8.0 introduces JSpecify annotations for comprehensive null safety, replacing the legacy JSR 305-based annotations with a modern, properly specified standard that prevents NullPointerExceptions through build-time checks. This upgrade provides enhanced IDE support, seamless Kotlin integration with automatic translation to Kotlin's null safety system, and more precise nullability declarations including support for arrays, varargs, and generic types — making Reactor APIs safer and more developer-friendly across the entire ecosystem.

⚠️ Nullability annotations from reactor.util.annotation have been deprecated in favour of JSpecify annotations.

📖 Check the refreshed reference documentation section on Null Safety.

⚠️ Note for Kotlin users: While this change is backwards compatible in the Java ecosystem and does not dictate a new generation of Reactor Core, we do appreciate it can appear as breaking changes for Kotlin codebases. The benefits are well defined nullness of the Reactor API and reduction of the ceremony that was required prior to the introduction of JSpecify annotations.

Repeat Spec

Repeat functionality from Reactor Addons has been ported to Reactor Core under the RepeatSpec class and can be used in conjunction with the Flux#repeatWhen() and Mono#repeatWhen() operators. Make sure to check out the Javadoc.

Reactor Core Micrometer version aligned with Reactor Core version

The reactor-core-micrometer library, which is part of the reactor-core repository is always released together with reactor-core, hence we decided to align their versions starting from 3.8.0 (the previous line was 1.2.x corresponding with 3.7.x of reactor-core).

What's Changed

⚠️ Update considerations and deprecations

• Introduce JSpecify for nullability annotations by @​chemicL in reactor/reactor-core#4091

✨ New features and improvements

• Bump byteBuddy from 1.17.7 to 1.17.8 by @​dependabot[bot] in reactor/reactor-core#4113
• Bump io.projectreactor.tools:blockhound from 1.0.14.RELEASE to 1.0.15.RELEASE by @​dependabot[bot] in reactor/reactor-core#4120
• Bump Micrometer to 1.16.0 by @​chemicL in fedfdd2549fe1190ec5e1b14a13ddf24a1f1b75f
• Bump Context Propagation to 1.2.0 by @​chemicL in fedfdd2549fe1190ec5e1b14a13ddf24a1f1b75f
• Repeat specification for use with repeatWhen operator by @​kwondh5217 in reactor/reactor-core#4027 and refinement by @​chemicL in b313f5781b919a30bd8b7316438610fbe02b38b7
• Add Hooks#isAutomaticContextPropagationEnabled by @​sdeleuze in reactor/reactor-core#4090
• Adjust reactor.util.Logger vararg nullability by @​chemicL in reactor/reactor-core#4098
• Adjust Mono methods: fromCallable and fromSupplier nullability by @​chemicL in reactor/reactor-core#4116
• Address NullAway warnings and refine StepVerifier nullability by @​chemicL in reactor/reactor-core#4126
• Nullaway jspecify mode fixes by @​chemicL in reactor/reactor-core#4127
• Refine StepVerifier nullability reflecting non-null Publisher values by @​chemicL in reactor/reactor-core#4132
• Unify reactor-core-micrometer version with reactor-core by @​chemicL in reactor/reactor-core#4136

🐞 Bug fixes

• Fix RetryBackoffSpec multiplier handling of fractional values by @​chemicL in reactor/reactor-core#4048
• Adjust Flux#map mapper to disallow null return values by @​chemicL in reactor/reactor-core#4103

📖 Documentation

• [docs] Add Null Safety documentation by @​chemicL in reactor/reactor-core#4137
• Add more description on tap operator by @​ttddyy in reactor/reactor-core#4009
• fix doc title displayed as untitled by @​dev-jonghoonpark in reactor/reactor-core#4008

New Contributors

... (truncated)

Commits

• fedfdd2 [release] Prepare and release 3.8.0
• fe9d705 [docs] Add Null Safety documentation (#4137)
• 56c2a33 Merge-ignore release 3.7.13 into 3.8.0
• 4ab91b1 [release] Next development version 3.7.14-SNAPSHOT
• dbbb82f [release] Prepare and release 3.7.13
• f96f1d4 Unify reactor-core-micrometer version with reactor-core (#4136)
• 68c5e2c Merge #4129 into 3.8.0
• f4a8e99 Bump ruby/setup-ruby from 1.263.0 to 1.267.0 in /.github/workflows (#4129)
• c7c3b4e Merge #4120 into 3.8.0
• 135bcb1 Bump io.projectreactor.tools:blockhound from 1.0.14.RELEASE to 1.0.15.RELEASE...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.5.0

🚀 New features and improvements

• Add new "attach" configuration parameter (3.x port of #482) (#483) @​hgschmie
• add Java-Version to MANIFEST.MF (#465) @​hboutemy

🐛 Bug Fixes

• Fix detecting java version for toolchains and JDK 1.8 (#500) @​slawekjaranowski
• Ignore stderr when parsing javac version from toolchain (#471) @​jaredstehler

👻 Maintenance

• Update site descriptor to 2.0.0 (#501) @​slawekjaranowski
• chore: remove junit3 references (#494) @​slawekjaranowski
• Migrate component injection to JSR-330 (#492) @​slawekjaranowski
• Add PR Automation to 3.x (#132) @​slawekjaranowski
• Improve release-drafter configuration (#128) @​slawekjaranowski
• Fix for Maven 4.0.0-rc-3 (#130) @​slawekjaranowski
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#119) @​Bukama

🔧 Build

• Bump m-invoker-p to 3.9.1 for Java 25 (#480) @​hboutemy

📦 Dependency updates

• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#499) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#498) @dependabot[bot]
• Use maven-plugin-testing-harness version 3.4.0 (#491) @​slawekjaranowski
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#488) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#478) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#464) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#452) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.4 (#461) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#456) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]
• Bump org.apache.maven.shared:file-management from 3.1.0 to 3.2.0 (#143) @dependabot[bot]
• Bump mavenVersion from 3.6.3 to 3.9.9 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#140) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#114) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#109) @dependabot[bot]

Commits

• 68d00f1 [maven-release-plugin] prepare release maven-jar-plugin-3.5.0
• 357b9bf Update site descriptor to 2.0.0
• 340249c Fix detecting java version for toolchains and JDK 1.8
• 06a6245 chore: remove junit3 references
• d302b2c Bump commons-io:commons-io from 2.20.0 to 2.21.0
• 6081bdb Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• ef8ed4c Migrate component injection to JSR-330
• 704a35c Ignore stderr when parsing javac version from toolchain (#471)
• 0beb969 Use maven-plugin-testing-harness version 3.4.0
• c2624c8 Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#488)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.2.0

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.2.0

🚀 New features and improvements

• Add "serverId" and "privateKey" SCM parameters (#1385) @​kwin
• Support complex CI-Friendly expressions (#1382) @​kwin
• [MRELEASE-1160] - Consider releaseDescriptor's pushChanges for ScmRepositoryConfigurator.getConfiguredRepository() (#237) @​kwin
• [MRELEASE-1054] - Support for excluding submodules changes. (#196) @​wuwen5

🐛 Bug Fixes

• [MRELEASE-1154] - Never fail for unresolvable version expressions (#230) @​kwin
• [MRELEASE-1153] - Revert parts of MRELEASE-1109 (8dfcb47996320af5e6f0b2d50eac209… (#224) @​michael-o

📝 Documentation updates

• Convert APT to Markdown (#1405) @​kwin
• (doc) Add FAQ entry for using custom deploy plugin (#1388) @​Marcono1234
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#238) @​Bukama

👻 Maintenance

• PlexusFileUtils Refaster recipes (#1403) @​slachiewicz
• PlexusStringUtils Refaster recipes (#1404) @​slachiewicz
• Update site descriptor to 2.0.0 (#1399) @​slawekjaranowski
• feat: enable prevent branch protection rules (#1387) @​sebtiem
• Github Issues (#241) @​Bukama
• Convert to Guice constructor injection (#236) @​elharo

📦 Dependency updates

• Bump parent from 42 to 45 (#1396) @​slawekjaranowski
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#1392) @dependabot[bot]
• Bump scmVersion from 2.1.0 to 2.2.1 (#1393) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.3 to 2.10.4 (#1389) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1386) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#1378) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.4 (#239) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#240) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.1 to 2.10.3 (#1377) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.0 to 2.10.1 (#242) @dependabot[bot]
• Bump org.hamcrest:hamcrest-core from 2.2 to 3.0 (#227) @dependabot[bot]
• Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#226) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.17.0 (#231) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.15.0 (#225) @dependabot[bot]

Commits

• 167c489 [maven-release-plugin] prepare release maven-release-3.2.0
• 0ab10be Improve javadoc for parameter "pushChanges"
• f06aaa2 Add links to Javadocs for SCM authentication
• bf44cbe Site: Convert APT to Markdown
• 71db7e5 Move to match target converter format MARKDOWN with doxia-converter
• 46a6026 PlexusFileUtils Refaster recipes (#1403)
• b3d49dc PlexusStringUtils Refaster recipes (#1404)
• ce76e9f Update site descriptor to 2.0.0
• 0ef78fd Bump parent from 42 to 45
• dfe917c Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#1392)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[smcvb]

@dependabot rebase

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

[smcvb]

@dependabot rebase

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[smcvb]

Looks good to me 👍