Bump the build-dependencies group with 9 updates

[dependabot]

Bumps the build-dependencies group with 9 updates:

Package	From	To
net.bytebuddy:byte-buddy	1.17.4	1.17.5
org.jboss.arquillian:arquillian-bom	1.9.3.Final	1.9.4.Final
com.google.guava:guava	33.4.5-jre	33.4.6-jre
com.puppycrawl.tools:checkstyle	10.21.4	10.22.0
org.ow2.asm:asm	9.7.1	9.8
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-surefire-report-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-failsafe-plugin	3.5.2	3.5.3
org.sonarsource.scanner.maven:sonar-maven-plugin	5.0.0.4389	5.1.0.4751

Updates net.bytebuddy:byte-buddy from 1.17.4 to 1.17.5

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.17.5

• Update ASM to version 9.8 to support Java 25 using ASM reader and writer.
• Include AnnotationRemoval visitor for removing or replacing annotations.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

30. March 2025: version 1.17.5

• Update ASM to version 9.8 to support Java 25 using ASM reader and writer.
• Include AnnotationRemoval visitor for removing or replacing annotations.

Commits

• 5bfbb2c [maven-release-plugin] prepare release byte-buddy-1.17.5
• 6d606ca [release] Release new version.
• 82391a6 Add release notes.
• acee964 [release] Update ASM and release new version
• 5274152 Add missing checksums
• 9a910a6 Add checksums and minor fixes.
• 50f39fe Add tests for annotation removal.
• 6e88849 Add annotation removal.
• 11c76cc Add annotation removal.
• 41016d9 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.jboss.arquillian:arquillian-bom from 1.9.3.Final to 1.9.4.Final

Release notes

Sourced from org.jboss.arquillian:arquillian-bom's releases.

1.9.4.Final

What's Changed

• Finish Subversion to Git SCM migration: remove "@​version $Revision: $" since Git does not support automatic keyword substitution by @​rhusar in arquillian/arquillian-core#669
• bugfix: make tests fail when test class fails to load on the server, … by @​lprimak in arquillian/arquillian-core#679
• build(deps): Bump org.junit:junit-bom from 5.10.3 to 5.12.0 by @​dependabot in arquillian/arquillian-core#677
• Avoid file leak in JavaSPIExtensionLoader by @​WolfgangHG in arquillian/arquillian-core#637
• build(deps): Bump fish.payara.distributions:payara from 6.2024.9 to 6.2025.2 by @​dependabot in arquillian/arquillian-core#675
• build(deps): Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 by @​dependabot in arquillian/arquillian-core#667
• build(deps): Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.4.0 to 3.6.0 by @​dependabot in arquillian/arquillian-core#638
• build(deps-dev): Bump org.eclipse.jetty:jetty-server from 9.4.51.v20230217 to 9.4.55.v20240627 in /protocols/servlet by @​dependabot in arquillian/arquillian-core#634
• [661] Add a new event which will handle injecting method parameters. … by @​jamezp in arquillian/arquillian-core#674
• MethodParameterObserver.injectParameters: handle null result of TestEnricher.resolve by @​WolfgangHG in arquillian/arquillian-core#689
• build(deps): Bump org.wildfly.plugins:wildfly-maven-plugin from 5.1.0.Beta2 to 5.1.2.Final by @​dependabot in arquillian/arquillian-core#686

Full Changelog: arquillian/arquillian-core@1.9.3.Final...1.9.4.Final

Commits

• 7ee8f53 [maven-release-plugin] prepare release 1.9.4.Final
• 70208de build(deps): Bump org.wildfly.plugins:wildfly-maven-plugin from 5.1.0.Beta2 t...
• 0c5a3b5 MethodParameterObserver.injectParameters: handle null result of TestEnricher....
• c32d1bb MethodParameterObserver.injectParameters: handle null result of TestEnricher....
• 4653658 build(deps): Bump org.wildfly.plugins:wildfly-maven-plugin
• 13731b2 [661] Add a new event which will handle injecting method parameters. This all...
• c2ad7bf build(deps-dev): Bump org.eclipse.jetty:jetty-server (#634)
• 7602c7a build(deps): Bump org.apache.maven.plugins:maven-checkstyle-plugin (#638)
• ac414c6 build(deps): Bump org.assertj:assertj-core from 3.26.3 to 3.27.3 (#667)
• 746d88d build(deps): Bump fish.payara.distributions:payara (#675)
• Additional commits viewable in compare view

Updates com.google.guava:guava from 33.4.5-jre to 33.4.6-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.6

Guava 33.4.6 fixes two problems that we introduced while modularizing Guava in 33.4.5.

Even if you're not upgrading from Guava 33.4.0 or earlier, still read the release notes for Guava 33.4.1. Those release notes contain information about Guava 33.4.5 and 33.4.6's effect on the module system.

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.6-jre</version>
  <!-- or, for Android: -->
  <version>33.4.6-android</version>
</dependency>

Jar files

• 33.4.6-jre.jar
• 33.4.6-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.4.6-jre
• 33.4.6-android

JDiff

• 33.4.6-jre vs. 33.4.5-jre
• 33.4.6-android vs. 33.4.5-android
• 33.4.6-android vs. 33.4.6-jre

Changelog

• Removed the extra copy of each class from the Guava jar. The extra copies were an accidental addition from the modularization work in Guava 33.4.5. (40485b93ce)
• Fixed annotation-related warnings when using Guava in modular builds. The most common such warning is Cannot find annotation method 'value()' in type 'DoNotMock': .... (7e15ab3566)

Commits

• See full diff in compare view

Updates com.puppycrawl.tools:checkstyle from 10.21.4 to 10.22.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-10.22.0

Checkstyle 10.22.0 - https://checkstyle.org/releasenotes.html#Release_10.22.0

Breaking backward compatibility:

#9280 - JavadocVariable: new property 'accessModifiers' as substitution of 'scope' and 'excludeScope' #15499 - Change default or IllegalIdentifierName

Bug fixes:

#16641 - FileContents.getJavadocBefore(): Comments should not be skipped if it is not alone in line #16385 - JavadocTagContinuationIndentation Ignore indentation check when HTML tag break line #16628 - use SLL prediction mode for fast javadoc parsing to improve performance #43 - JavadocMethod: Javadoc Not Detected Above Multiline Comments #12817 - Incorrect Indentation errors for expression switches with google_checks.xml #6637 - SuppressWarningsHolder aliasList members don't act like aliases #13043 - Make references optional for link and linkplain tags #16005 - Parse errors if ``@see spans multiple lines #14446 - Parse error when Javadoc contains `@`snippet with code example that uses Java annotation

... (truncated)

Commits

• b20ca3b [maven-release-plugin] prepare release checkstyle-10.22.0
• b5c86f5 doc: release notes for 10.22.0
• 1a6caf2 Issue #14631: Updated INPUT_HTML_TAG_NAME to new AST format
• 82c21d5 Issue #16666: Updated Broken Link - Javadoc OpenJDK 8 Report in website, 404 ...
• 23c3c59 Issue #16641: FileContents.getJavadocBefore should skip block comments only i...
• 9fb5504 Issue #14857: Github generate site fails to generate links with anchors
• e1c89b9 infra: update google-java-format.yml to 1.26.0 formatter
• 06074e5 Issue #14631: Updated LITERAL_INCLUDE in JavadocTokenTypes.java to new AST fo...
• b5c64b2 Issue #11163: Enforce file size for javaParser
• ae8fde4 Issue #14631: Updated TR_TAG_END in JavadocTokenTypes.java to new AST format
• Additional commits viewable in compare view

Updates org.ow2.asm:asm from 9.7.1 to 9.8

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 5.0.0.4389 to 5.1.0.4751

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.1.0.4751

Release notes - Sonar Scanner for Maven - 5.1

New Feature

SCANMAVEN-264 Add support for SonarQube Cloud regions

Bug

SCANMAVEN-228 Irrelevant encrypted properties should not be passed to the scanner engine

Task

SCANMAVEN-242 Migrate from single module to a multi-module structure

SCANMAVEN-250 Fix broken links coming from the relocation-pom's parent

SCANMAVEN-254 Update parent pom to version 81.0.0.2300

SCANMAVEN-257 Update headers for 2025

SCANMAVEN-258 Conditionally run tests using sonar.password in ITs

SCANMAVEN-260 Update CODEOWNERS after reorg

SCANMAVEN-261 Validate IT using the latest maven 4 release candidate 2

SCANMAVEN-262 Fix quality flaws: remove unnecessary public modifiers

SCANMAVEN-265 Upgrade sonar-scanner-java-library to latest version

SCANMAVEN-266 Analyze integration tests

SCANMAVEN-269 Prepare next development iteration 5.1

SCANMAVEN-271 Fix readability issues in ProxyTest

SCANMAVEN-272 Increase memory because maven 4.0.0-rc-2 fails with out of memory exception

SCANMAVEN-274 Fix quality flaws

SCANMAVEN-277 remove unused third-party-licenses.sh

SCANMAVEN-278 Fix quality flaws

SCANMAVEN-279 Clean up tech debt in Maven Scanner

SCANMAVEN-282 Update plexus-sec-dispatcher to fix CVE-2017-1000487

SCANMAVEN-284 Migrate releasability check to v2, fix property-dump-plugin to be excluded by releasability check (not released)

... (truncated)

Commits

• e284917 SCANMAVEN-284 Bump releasability workflow version (#294)
• cb6dd58 SCANMAVEN-282 Update plexus-sec-dispatcher from 1.4 (sonatype) to 2.0 (codeha...
• 460e710 SCANMAVEN-280 Log the SonarQube Cloud Region (#291)
• 8e0570b SCANMAVEN-228 Ignore Irrelevant Encrypted Properties (#289)
• 7d5574f SCANMAVEN-279 Clean up old code (#290)
• c472cfd SCANMAVEN-271 Fix readability issues in ProxyTest (#279)
• 0783ad3 SCANMAVEN-264 Add support for SonarQube Cloud regions (#284)
• 8f52888 SCANMAVEN-278 Fix quality flaws (#288)
• 4c796c8 SCANMAVEN-276 ScannerEngineBootstrapper.isSuccessful() should be verified bef...
• a09d151 SCANMAVEN-242 update readme quality gate badge, because project key has chang...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions