Bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
io.smallrye:jandex-maven-plugin	3.2.7	3.4.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-failsafe-plugin	3.5.2	3.5.3
net.revelc.code.formatter:formatter-maven-plugin	2.25.0	2.27.0
org.apache.maven.plugins:maven-gpg-plugin	3.2.7	3.2.8
com.segment.analytics.java:analytics	3.5.1	3.5.2
org.apache.commons:commons-compress	1.27.1	1.28.0
io.specto:hoverfly-java-junit5	0.20.0	0.20.2

Updates io.smallrye:jandex-maven-plugin from 3.2.7 to 3.4.0

Release notes

Sourced from io.smallrye:jandex-maven-plugin's releases.

3.4.0

• #543 fix type annotations on the outermost annotatable type of a nested type
• #544 Gizmo 2 integration

3.3.2

• #529 fix comment in ClassInfo.simpleName()
• #538 expose the implicit Object bound in the TypeVariable public API
• #540 intern EquivalenceKeys for primitive types and class types of java.*

3.3.1

• #526 ClassInfo#simpleName() behaves inconsistently for nested/top-level classes with a dollar sign in name
• #519 Add IndexView deprecated javadoc notices
• #514 add module-info.class

3.3.0

• #513 release 3.3.0
• #512 Bump actions/create-github-app-token from 1 to 2
• #511 add IndexView.getKnownDirectImplementations() and getAllKnownImplementations()
• #510 add ClassInfo.enclosingClassAlways()
• #509 allow figuring out the enclosing class of a local/anonymous class declared in a static/instance/field initializer
• #508 Bump net.bytebuddy:byte-buddy from 1.17.4 to 1.17.5
• #507 Bump net.bytebuddy:byte-buddy from 1.17.2 to 1.17.4
• #506 Bump org.junit.jupiter:junit-jupiter from 5.12.0 to 5.12.1
• #505 Bump net.bytebuddy:byte-buddy from 1.17.1 to 1.17.2
• #504 Bump version.groovy from 4.0.25 to 4.0.26
• #503 Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0
• #502 Bump org.junit.jupiter:junit-jupiter from 5.11.4 to 5.12.0

Commits

• e179d60 [maven-release-plugin] prepare release 3.4.0
• 99e8ce5 Amendments before release
• 2624416 release 3.4.0
• cf3d9f6 improve Gizmo2 integration
• 065062d add Gizmo 2 integration
• 3c0b2f6 fix type annotations on the outermost annotatable type of a nested type
• fce5c13 Bump version.maven from 3.9.10 to 3.9.11
• 8dfdff2 Bump org.junit.jupiter:junit-jupiter from 5.13.2 to 5.13.3
• 989b2cc Amendments after release
• 81116d2 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates net.revelc.code.formatter:formatter-maven-plugin from 2.25.0 to 2.27.0

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.7 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

• Make empty classifier null (not empty string) (#287) @​cstamas

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @​Bukama
• Describe how to prime a specific GPG key (#128) @​kwin

👻 Maintenance

• Enable GitHub issues (#134) @​Bukama
• Prefer Guice constructor injection (#126) @​elharo

📦 Dependency updates

• Update parent POM to 45 (#284) @​cstamas
• Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]
• Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]

Commits

• 8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
• 7012821 Fix issueManagement, ciManagement system and url
• a9a8c84 Make empty classifier null (not empty string) (#287)
• a8368b0 Add .mvn
• f0e45e0 Update parent POM to 45 (#284)
• cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
• 5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
• 8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
• 54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
• a6a412d Remove old JIRA issue link
• Additional commits viewable in compare view

Updates com.segment.analytics.java:analytics from 3.5.1 to 3.5.2

Changelog

Sourced from com.segment.analytics.java:analytics's changelog.

Version 3.5.2 (May 12, 2025)

• [Chore] Depenency upgrades

Commits

• 924efe1 [maven-release-plugin] prepare release analytics-parent-3.5.2
• 26519bc Updating changelog for 3.5.2 release
• c57a583 Bump com.google.guava:guava from 33.3.1-jre to 33.4.0-jre (#500)
• fca4a60 Bump retrofit to fix CVEe (#504)
• 3b1b290 This commit will update the okhttp version to 4.12.0 in pom.xml. This update ...
• 3e255c7 Bump com.google.guava:guava from 33.3.0-jre to 33.3.1-jre (#496)
• 336bcfd Bump com.google.guava:guava from 33.2.1-jre to 33.3.0-jre (#491)
• 2253257 Change Nonnull & Nullable annotation to jakarta.annotation (#488)
• a7641c5 Bump com.google.guava:guava from 33.2.0-jre to 33.2.1-jre (#483)
• d381d89 Export github issues to jira
• Additional commits viewable in compare view

Updates org.apache.commons:commons-compress from 1.27.1 to 1.28.0

Changelog

Sourced from org.apache.commons:commons-compress's changelog.

Apache Commons Compress 1.28.0 Release Notes

The Apache Commons Compress team is pleased to announce the release of Apache Commons Compress 1.28.0.

Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version

Changes in this version include the following.

New Features

•        Add GzipParameters.getModificationInstant(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.setModificationInstant(Instant). Thanks to Gary Gregory. 
  

•        Add GzipParameters.OS, setOS(OS), getOS(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.toString(). Thanks to Gary Gregory. 
  

• COMPRESS-638: Add GzipParameters.setFileNameCharset(Charset) and getFileNameCharset() to override the default ISO-8859-1 Charset #602. Thanks to vincexjl, Gary Gregory, Piotr P. Karwasz.

•        Add support for gzip extra subfields, see GzipParameters.setExtra(HeaderExtraField) [#604](https://github.com/apache/commons-compress/issues/604). Thanks to ddeschenes-1, Gary Gregory. 
  

•        Add CompressFilterOutputStream and refactor to use. Thanks to Gary Gregory. 
  

•        Add ZipFile.stream(). Thanks to Gary Gregory. 
  

•        GzipCompressorInputStream reads the modification time (MTIME) and stores its value incorrectly multiplied by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        GzipCompressorInputStream writes the modification time (MTIME) the value incorrectly divided by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add optional FHCRC to GZIP header [#627](https://github.com/apache/commons-compress/issues/627). Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder allowing to customize the file name and comment Charsets. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberStart(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberEnd(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add PMD check to default Maven goal. Thanks to Gary Gregory. 
  

•        Add SevenZFile.Builder.setMaxMemoryLimitKiB(int). Thanks to Gary Gregory. 
  

•        Add MemoryLimitException.MemoryLimitException(long, int, Throwable) and deprecate MemoryLimitException.MemoryLimitException(long, int, Exception). Thanks to Gary Gregory. 
  

• COMPRESS-692: Add support for zstd compression in zip archives. Thanks to Mehmet Karaman, Andrey Loskutov, Gary Gregory.

•        Add support for XZ compression in ZIP archives. Thanks to Gary Gregory. 
  

• COMPRESS-695: Add ZipArchiveInputStream.createZstdInputStream(InputStream) to provide a different InputStream implementation for Zstandard (Zstd) #649. Thanks to Gary Gregory.

•        Add org.apache.commons.compress.harmony.pack200.Pack200Exception.Pack200Exception(String, Throwable). Thanks to Gary Gregory. 
  

• COMPRESS-697: Move BitStream.nextBit() method to BitInputStream #663. Thanks to Fredrik Kjellberg, Gary Gregory.

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdCompressorOutputStream.builder/Builder() [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdConstants [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

•        Add org.apache.commons.compress.archivers.ArchiveException.requireNonNull(T, Supplier<String>). Thanks to Gary Gregory, Zaki. 
  

•        Add org.apache.commons.compress.compressors.CompressorException as the root for all custom exceptions ArchiveException and CompressorException. Thanks to Gary Gregory. 
  

... (truncated)

Commits

• 852d9c2 Prepare for the release candidate 1.28.0 RC1
• f5eb9e2 Prepare for the next release candidate
• 36f204c Camel case parameter name
• 4c04e4a Use final
• 6cb7da1 Javadoc
• 563c9d2 Javadoc
• ce73bd8 Javadoc
• a464ae9 Better parameter names
• c0b2b84 Add TODO for next major version
• c76bc97 Use OpenVEX to document that we are not affected by CVE-2025-48924 in
• Additional commits viewable in compare view

Updates io.specto:hoverfly-java-junit5 from 0.20.0 to 0.20.2

Commits

• bb2e50c [Gradle Release Plugin] - pre tag commit: '0.20.2'.
• 63362fa JUnit5 module should compile the base hoverfly module
• 1ec4bb5 Update docs
• 222f599 [Gradle Release Plugin] - new version commit: '0.20.2-SNAPSHOT'.
• 2496b2a [Gradle Release Plugin] - new version commit: '0.20.2-SNAPSHOT'.
• 42e7e70 [Gradle Release Plugin] - pre tag commit: '0.20.1'.
• c4e1dd0 Update README
• ed54635 #316: improve exception handling for validating response body file path
• 818ae2e Bump jinja2 from 3.1.5 to 3.1.6 in /docs
• ac8b62f Remove reference to gitter
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions