Bump the java-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the java-dependencies group with 11 updates in the / directory:

Package	From	To
com.google.code.gson:gson	2.10.1	2.11.0
com.google.guava:guava	33.2.0-jre	33.2.1-jre
org.apache.maven.plugins:maven-clean-plugin	3.3.2	3.4.0
org.apache.maven.plugins:maven-surefire-plugin	3.2.5	3.3.1
org.apache.maven.plugins:maven-jar-plugin	3.4.1	3.4.2
org.apache.maven.plugins:maven-project-info-reports-plugin	3.5.0	3.6.2
org.apache.maven.plugins:maven-javadoc-plugin	3.6.3	3.8.0
org.sonatype.plugins:nexus-staging-maven-plugin	1.6.13	1.7.0
com.fasterxml.jackson.core:jackson-databind	2.17.1	2.17.2
com.fasterxml.jackson.core:jackson-annotations	2.17.1	2.17.2
org.apache.maven.plugins:maven-dependency-plugin	3.6.1	3.7.1

Updates com.google.code.gson:gson from 2.10.1 to 2.11.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.11.0

Most important changes

• Added default ProGuard / R8 rules (@​Marcono1234, #2397, #2420; @​sgjesse, #2448; @​sfreilich)
  If you are using ProGuard or R8 (for example for Android projects) you might not need any special Gson configuration anymore if your classes have a no-args constructor and use @SerializedName for their fields.
• On Android, Gson now requires API level 21 or newer
• Added new Strictness API (@​marten-voorberg & fellow students, #2437)
  Some of Gson's API is still lenient by default, but you can now use the newly added methods GsonBuilder#setStrictness, JsonReader#setStrictness and JsonWriter#setStrictness with Strictness.STRICT to override this behavior and to instead strictly adhere to the JSON specification when parsing.
• New FormattingStyle class to allow configuring line breaks in JSON output (@​mihnita, #2231)
  Can be set using GsonBuilder#setFormattingStyle and JsonWriter#setFormattingStyle.
• TypeToken can no longer capture type variables by default (@​Marcono1234, #2376)
  This was previously a common source of issues. The newly thrown exception refers to a Troubleshooting Guide article which explains this in more detail and provides suggestions for updating affected code.
• Added serialization support for anonymous and local classes with a custom adapter (@​Marcono1234, #2498)
  This affects for example List implementations returned by libraries such as Guava which are implemented as anonymous class, which were previously serialized as null. Anonymous and local classes without custom adapter will still be serialized as null.
• Added dependency on com.google.errorprone:error_prone_annotations
  Your project can use Maven or Gradle dependency exclusions to remove the transitive error_prone_annotations dependency from Gson. Or if you are manually maintaining dependencies as JARs in your project you can omit error_prone_annotations. And it should still work correctly.
  But Gson itself does declare it as a required dependency, and if you don't perform any custom configuration, then Maven or Gradle will by default try to download and use it.
• Many exception messages now refer to the Troubleshooting Guide (@​Marcono1234, #2357)
  Feedback regarding the Troubleshooting Guide is appreciated!
• Officially documented that JVM languages other than Java might not be fully supported, see the README.
• Guarantee that JsonElement#toString produces JSON output (@​Marcono1234, #2659)

Other changes

Bug fixes

• Fixed incorrect JsonPrimitive#equals results for large BigInteger values (@​MaicolAntali, #2311)
• Fixed incorrect JsonPrimitive#equals results for large BigDecimal values (@​MaicolAntali, #2364)
• Fixed JsonReader throwing NumberFormatException instead of MalformedJsonException for malformed Unicode escape sequences (@​MaicolAntali, #2337)
• Fixed TypeToken#getParameterized returning bogus ParameterizedType for non-generic types (@​Marcono1234, #2447)
• Fixed Java Record adapter not working for GraalVM Native Image (@​eamonnmcmanus, #2465)
• Fixed JsonWriter#name not throwing exception when no JSON object is currently being written (@​shivam-sehgal, #2475; @​Marcono1234, #2476)
• Fixed Gson#getDelegateAdapter not working properly for @JsonAdapter (@​Marcono1234, #2435)
  Note that null is now not allowed as skipPast value anymore, which was previously allowed but undocumented.
• Fixed GsonBuilder not rejecting type adapters for Object and JsonElement, whose default adapters cannot be overridden (@​sachinp97; #2479)
• Fixed no limits being enforced when deserializing BigDecimal and BigInteger (@​Marcono1234, #2510)
  The new limits prevent potential performance problems when user code uses the deserialized numbers. Gson itself was and is not affected by these performance problems. The limits should be high enough to not cause issues for most use cases, but feedback is appreciated.
• Fixed GsonBuilder#setDateFormat not rejecting invalid date formats (@​Carpe-Wang, #2538)
• Fixed GsonBuilder#setDateFormat not rejecting invalid date styles (@​Marcono1234, #2545)
• Fixed GsonBuilder#setDateFormat ignoring partial DEFAULT style (@​Marcono1234, #2556)
• Fixed TypeToken#isAssignableFrom throwing AssertionError in some cases (@​Marcono1234, #2544)
• Fixed date adapters not restoring time zone after parsing (@​Carpe-Wang, #2549)
• Fixed TypeToken#equals erroneously returning false for equal generic type parameters in some cases (@​d-william, #2599)
• Fixed incorrect inherited URLs in pom.xml (@​Marcono1234, #2351)

Performance improvements

• Slightly reduce memory usage for reflection-based adapter (@​sembseth, #2325; @​Marcono1234, #2440)
• Improved parsing speed of ToNumberPolicy#LONG_OR_DOUBLE (@​ctasada, #2674)

... (truncated)

Commits

• 828a97b [maven-release-plugin] prepare release gson-parent-2.11.0
• 93bc0f2 Skip signing graal-native-test module. (#2675)
• b153ca1 [maven-release-plugin] rollback the release of gson-parent-2.11.0
• 0e3d2aa [maven-release-plugin] prepare for next development iteration
• 545b802 [maven-release-plugin] prepare release gson-parent-2.11.0
• 8bfdbb4 Guarantee that JsonElement.toString() produces JSON (#2659)
• 9008b09 Extend Troubleshooting Guide with some ProGuard / R8 information (#2656)
• 05652c3 Document that other JVM languages are not fully supported (#2666)
• 454a491 Improved Long-Double Number Policy (#2674)
• 570d911 Bump the github-actions group with 4 updates (#2671)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.2.0-jre to 33.2.1-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.2.1

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.2.1-jre</version>
  <!-- or, for Android: -->
  <version>33.2.1-android</version>
</dependency>

Jar files

• 33.2.1-jre.jar
• 33.2.1-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.2.1-jre
• 33.2.1-android

JDiff

• 33.2.1-jre vs. 33.2.0-jre
• 33.2.1-android vs. 33.2.0-android
• 33.2.1-android vs. 33.2.1-jre

Changelog

• net: Changed InetAddress-String conversion methods to preserve the IPv6 scope ID if present. The scope ID can be necessary for IPv6-capable devices with multiple network interfaces. However, preserving it can also lead to problems for callers that rely on the returned values not to include the scope ID:
  • Callers might compensate for the old behavior of the methods by appending the scope ID to a returned string themselves. If so, you can update your code to stop doing so at the same time as you upgrade Guava. Of, if your code might run against multiple versions of Guava, you can check whether Guava has included a scope ID before you add one yourself.
  • Callers might pass the returned string to another system that does not understand scope IDs. If so, you can strip the scope ID off, whether by truncating the string form at a % character (leaving behind any trailing ] character in the case of forUriString) or by replacing the returned InetAddress with a new instance constructed by calling InetAddress.getByAddress(addr).
  • java.net.InetAddress validates any provided scope ID against the interfaces available on the machine. As a result, methods in InetAddresses may now fail if the scope ID fails validation.
    • Notable cases in which this may happen include:
      • if the code runs in an Android app without networking permission
      • if code passes InetAddress instances or strings across devices
    • If this is not the behavior that you want, then you can strip off the scope ID from the input string before passing it to Guava, as discussed above. (3f61870ac6)

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-clean-plugin from 3.3.2 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-clean-plugin's releases.

3.4.0

What's Changed

• Bump apache/maven-gh-actions-shared from 3 to 4 by @​dependabot in apache/maven-clean-plugin#38
• [MCLEAN-116] Use default Log interface by @​Bukama in apache/maven-clean-plugin#37
• [MCLEAN-118] Require Maven 3.6.3 by @​slawekjaranowski in apache/maven-clean-plugin#39
• [MCLEAN-106] Switch to junit 5 by @​gnodet in apache/maven-clean-plugin#27
• [MCLEAN-119] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 by @​dependabot in apache/maven-clean-plugin#44
• Build with Maven 4 by @​slawekjaranowski in apache/maven-clean-plugin#45
• [MCLEAN-120] Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 by @​dependabot in apache/maven-clean-plugin#40
• [MCLEAN-121] Bump com.google.inject:guice from 4.2.0 to 4.2.3 by @​dependabot in apache/maven-clean-plugin#41
• [MCLEAN-122] Cleanup declared dependencies, simplify unit test by @​slawekjaranowski in apache/maven-clean-plugin#46

New Contributors

• @​Bukama made their first contribution in apache/maven-clean-plugin#37

Full Changelog: apache/maven-clean-plugin@maven-clean-plugin-3.3.2...maven-clean-plugin-3.4.0

Commits

• 5774dbc [maven-release-plugin] prepare release maven-clean-plugin-3.4.0
• 0da13b2 [MCLEAN-122] Cleanup declared dependencies, simplify unit test
• 567be96 [MCLEAN-121] Bump com.google.inject:guice from 4.2.0 to 4.2.3 (#41)
• ae4efa0 [MCLEAN-120] Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 (#40)
• a09a379 Build with Maven 4
• f0aedd5 [MCLEAN-119] Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#44)
• d3b2800 [MCLEAN-106] Switch to junit 5 (#27)
• 7c1593f [MCLEAN-118] Require Maven 3.6.3
• 1e87ea3 Fixed CleanMojoTest.java
• c21ec13 Loggerinterface Basic
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.1

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.3.0

Release Notes - Maven Surefire - Version 3.3.0

What's Changed

• Bump org.htmlunit:htmlunit from 3.9.0 to 3.10.0 by @​dependabot in apache/maven-surefire#717

... (truncated)

Commits

• 7e45620 [maven-release-plugin] prepare release surefire-3.3.1
• 561b4ca [SUREFIRE-2250] Surefire Test Report Schema properties element is not consist...
• 6aaea8a [SUREFIRE-1360] Ability to disable properties for successfully passed tests
• c17b92b Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.23 to 1.24
• 748d9dc Fix typos
• f8092e9 Improve time units
• c670335 [SUREFIRE-1934] Ability to disable system-out/system-err for successfully pas...
• bce1b39 Improve docs of linkXRef
• 3c49ebd Bump org.htmlunit:htmlunit from 4.2.0 to 4.3.0
• 6ff0f83 [SUREFIRE-2242] Plain test report does not include names of the skipped tests
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.4.2

🐛 Bug Fixes

• [MJAR-310] - fixed toolchain version detection when toolchain paths contain white spaces (#86) @​jansohn

👻 Maintenance

• Build with Maven 4 (#88) @​slawekjaranowski

Commits

• 95007e8 [maven-release-plugin] prepare release maven-jar-plugin-3.4.2
• 99584ce Build with Maven 4
• e9c98a4 [MJAR-310] fixed toolchain version detection when toolchain paths contain whi...
• a5554bb [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven.plugins:maven-project-info-reports-plugin from 3.5.0 to 3.6.2

Commits

• a917abe [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.6.2
• 67ecd33 [MPIR-466] ModulesReport/IndexReport do not pass a complete building request ...
• 73658c3 Remove outdated invoker conditions
• ad42de0 [maven-release-plugin] prepare for next development iteration
• 21d3653 [maven-release-plugin] prepare release maven-project-info-reports-plugin-3.6.1
• b707915 [MPIR-462] IT for MRJAR issue with dependencies goal
• 3fd654a [MPIR-463] Remove workaround to count the number of root content entries in J...
• 790b646 [MPIR-464] Upgrade to Maven Shared JAR 3.1.1
• 740536d Lift restriction on mojo renames
• 3e8276f Make spotless happy
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.8.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.7.0

• [MJAVADOC-795] - Upgrade to Parent 42 and Maven 3.6.3 (#281) @​michael-o
• [MJAVADOC-682] - Reactor builds fail when multiple modules with same gr… (#253) @​michael-o
• directory, not folder (#252) @​michael-o
• [MJAVADOC-782] - Align read-only parameters naming with other plugins (#251) @​michael-o
• [MJAVADOC-781] - Upgrade plugins and components (in ITs) (#250) @​michael-o
• [MJAVADOC-780] - add missing plugin configuration (#249) @​hboutemy

📦 Dependency updates

• Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0 (#283) @​dependabot
• Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#282) @​dependabot
• Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#271) @​dependabot
• Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 (#277) @​dependabot
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#276) @​dependabot
• [MJAVADOC-789] - Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3 (#268) @​dependabot
• [MJAVADOC-788] - Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#273) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#270) @​dependabot
• Bump com.thoughtworks.qdox:qdox from 2.0.3 to 2.1.0 (#266) @​dependabot
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.3 (#269) @​dependabot
• Bump org.codehaus.plexus:plexus-interactivity-api from 1.1 to 1.2 (#258) @​dependabot
• Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.1 (#263) @​dependabot
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 (#260) @​dependabot
• Bump org.codehaus.plexus:plexus-io from 3.4.1 to 3.4.2 (#262) @​dependabot
• Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.1 (#256) @​dependabot
• Bump org.codehaus.plexus:plexus-io from 3.4.1 to 3.4.2 (#257) @​dependabot
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 (#254) @​dependabot

📝 Documentation updates

• Fix addStylesheets Javadoc (#261) @​scordio

👻 Maintenance

• Bump org.springframework:spring-context from 4.3.29.RELEASE to 5.2.21.RELEASE in /src/it/projects/MJAVADOC-434_fixcompile (#280) @​dependabot
• Exclude JDK 8 - temurin, adopt-openj9 on macos (#279) @​slawekjaranowski

🔧 Build

• Fix build (#264) @​slawekjaranowski

Commits

• 621cba6 [maven-release-plugin] prepare release maven-javadoc-plugin-3.8.0
• eab964c [MJAVADOC-603] javadoc:fix failure on JDK10: java.lang.ClassNotFoundException...
• 0a26a7e Update since tags
• 08205b1 Add compile step for MJAVADOC-365 IT
• 4c8ca8e [MJAVADOC-804] Remove temporary directories created by tests
• 91369fa [MJAVADOC-775] Option 'taglets/taglet/tagletpath' ignored when pointing to a JAR
• be2fa20 [MJAVADOC-783] Invalid path when using TagletArtifact and TagletPath
• 3eb47c5 [MJAVADOC-791] maven-javadoc-plugin not working correctly together with maven...
• d3afd39 [MJAVADOC-803] Add default parameter to force root locale
• 4904e08 [MJAVADOC-802] Set default value of defaultAuthor parameter in fix goals to $...
• Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.17.1 to 2.17.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.17.1 to 2.17.2

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.7.1

🐛 Bug Fixes

• [MDEP-943] - Fix appendOutput option (#414) @​slawekjaranowski

📦 Dependency updates

• [MDEP-944] - Bump org.apache.maven.shared:maven-common-artifact-filters from 3.3.2 to 3.4.0 (#413) @​dependabot

👻 Maintenance

• [MDEP-945] - Fix documentation about get goal (#415) @​slawekjaranowski
• [MDEP-940] - Use Resolver API instead of m-a-t for resolving artifacts (#410) @​slawekjaranowski

3.7.0

• [MDEP-941] - Deprecate dependency:sources in favor of dependency:resolv… (#411) @​michael-o
• [MDEP-838] - "Artifact has not been packaged yet" error message is not … (#412) @​michael-o
• [MDEP-939] - Lock down classifier in dependency:sources goal (#409) @​michael-o
• Revert "Fix sources goal for multimodule projects" (#408) @​michael-o
• [MDEP-923] - Move methods in place where are used (#407) @​slawekjaranowski
• MDEP-938] Correct invalid property name and add deprecated old one (#404) @​hazendaz
• [MDEP-835] - Add optional dependency for tree IT (#403) @​slawekjaranowski
• Add missing dependency (#401) @​michael-o

🚀 New features and improvements

• [MDEP-799] - tree: add optional output type json (#391) @​LogFlames
• [MDEP-928] - Allow excluding classes from dependency:analyze (#393) @​slawekjaranowski
• [MDEP-924] - Get rid of maven-artifact-transfer from list-classes goal (#382) @​slawekjaranowski
• [MDEP-925] - Require Maven 3.6.3 (#381) @​slawekjaranowski
• [MDEP-922] - dependency:analyze-exclusions - should report issue only in current project (#378) @​slawekjaranowski
• [MDEP-917] - dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder (#374) @​slawekjaranowski
• [MDEP-317] - add mojo to analyze invalid exclusions (#362) @​vbreivik
• [MDEP-894] - Use @Component only - fix tests (#360) @​michael-o

🐛 Bug Fixes

• [MDEP-914] - Fix link in collect goal description (#380) @​slawekjaranowski
• [MDEP-895] - dependency:sources fails for multi-module project (#349) @​jmle
• [MDEP-771] - Remove broken 404 link (#344) @​elharo

📦 Dependency updates

• [MDEP-936] - Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (#397) @​dependabot
• [MDEP-920] - Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#395) @​dependabot
• [MDEP-929] - Bump org.apache.maven.shared:maven-dependency-analyzer from 1.14.0 to 1.14.1 (#394) @​dependabot
• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.0 (#392) @​dependabot
• [MDEP-921] - Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 (#376) @​dependabot

... (truncated)

Commits

• e8c1a62 [maven-release-plugin] prepare release maven-dependency-plugin-3.7.1
• d656b03 [MDEP-945] Fix documentation about get goal
• 82a9d60 [MDEP-940] Use Resolver API instead of m-a-t for resolving artifacts
• 8e1f1b5 [MDEP-943] Fix appendOutput option
• e06630c Bump org.apache.maven.shared:maven-common-artifact-filters
• a11d253 [maven-release-plugin] prepare for next development iteration
• f975bcb [maven-release-plugin] prepare release maven-dependency-plugin-3.7.0
• dbdda0c [MDEP-941] Deprecate dependency:sources in favor of dependency:resolve-sources
• f090b5e [MDEP-838] "Artifact has not been packaged yet" error message is not very hel...
• 9902456 [MDEP-669] Optimize the documentation of <outputProperty> of build-classpath ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions