Java: Bump checkstyle from 8.40 to 8.41 in /lib/java

[dependabot-preview]

Bumps checkstyle from 8.40 to 8.41.

Release notes

Sourced from checkstyle's releases.

checkstyle-8.41

https://checkstyle.org/releasenotes.html#Release_8.41

Commits

• 4c2ada1 [maven-release-plugin] prepare release checkstyle-8.41
• 3a7ee67 doc: release notes 8.41
• 5051458 Issue #9272: Create parser util class that will host util methods for parser ...
• 9b119f7 minor: remove unused listener from checkstyle ant task
• 752197e Issue #9251: create deterministic order of check execution
• 5aba606 dependency: bump equalsverifier from 3.5.4 to 3.5.5
• 60043f4 Issue #7655: Update doc for ParameterAssignment
• bea36f9 minor: add maven flag to omit download progress
• ac1c673 Issue #9317: Resolve Pitest Issues - RegexpHeader
• 6a0ea99 Issue #9304: Resolve Pitest Issues - HeaderCheck
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[aviary2-wf]

Security Insights

(3) Vulnerable direct dependencies were detected

1 vulns in aiohttp < 3.7.4 via lib/python/requirements_dev_asyncio.txt

1 vulns in org.apache.thrift:libthrift < 0.14.0 via examples/java/pom.xml

1 vulns in org.apache.thrift:libthrift < 0.14.0 via test/integration/java/frugal-integration-test/pom.xml

Action Items

• Review dependencies for available updates
• See this Splunk dashboard for more CVE details
• Review PR for security impact; comment "security review required" if needed or unsure
• Verify aviary.yaml coverage of security relevant code

---

Questions or Comments? Reach out on Slack: #support-infosec.

[dependabot-preview]

This pull request will no longer be automatically closed when a new version is found as this pull request was created by Dependabot Preview and this repo is using a version: 2 config file. You can close this pull request and let Dependabot re-create it the next time it checks for updates.

[charliekump-wf]

@dependabot rebase

[charliekump-wf]

+1

@Workiva/release-management-p ready for merge.

[rmconsole-wf]

+1 from RM