chore(deps): bump the other-dependencies group across 1 directory with 11 updates

[dependabot]

Bumps the other-dependencies group with 11 updates in the / directory:

Package	From	To
com.fasterxml.jackson:jackson-bom	2.20.1	2.21.0
ch.qos.logback:logback-classic	1.5.23	1.5.26
org.codehaus.plexus:plexus-xml	4.1.0	4.1.1
io.swagger.core.v3:swagger-models	2.2.41	2.2.42
io.swagger.core.v3:swagger-core	2.2.41	2.2.42
org.junit:junit-bom	6.0.1	6.0.2
org.sonatype.central:central-publishing-maven-plugin	0.9.0	0.10.0
com.github.javaparser:javaparser-core	3.27.1	3.28.0
org.assertj:assertj-core	3.27.6	3.27.7
org.openapitools.openapidiff:openapi-diff-core	2.1.6	2.1.7
org.codehaus.plexus:plexus-archiver	4.10.4	4.11.0

Updates com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0

Commits

• 901b398 [maven-release-plugin] prepare release jackson-bom-2.21.0
• 86a4b9f ...
• 6b5de3a Prep for 2.21 release
• 3001d78 Merge pull request #116 from FasterXML/tatu/2.21/115-fix-cyclonedx-backport-i...
• 9370292 makeAggregateBom -> makeBom
• 3e4db58 Backport #115 in 2.x for 2.21
• 0ce4467 Merge branch '2.20' into 2.x
• 0dc79f5 ...
• 6a3d76b Merge branch '2.20' into 2.x
• 1d52817 Post-release dep version bump
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.23 to 1.5.26

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.26

2026-01-25 Release of logback version 1.5.26

• InsertFromJNDIModelHandler was accessing javax.naming package forcing the inclusion of the optional java.naming module. This problem was raised in issues/1003 by Marius Hanl who also provided the relevant PR.

• In applications using shadow/fat/shade jars, module or package information could be lost. Thus, in the absence of version information, logback-classic would warn about version mismatches. Logback components now ship with properties files containing version information that survive shadow/fat/shade jars. This issue was reporteed in issues/1002 by Christoph Gritschenberger.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 33deb54506bbfaf1ff151f26f3a5f86936011619 associated with the tag v_1.5.26. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.25

2026-01-17 Release of logback version 1.5.25

• When processing configuration files, logback-core will now only instantiate components compatible with the class expected by the encapsulating class. This fixes an ACE vulnerability recorded as CVE-2026-1225.

• In configuration files, referencing a single undeclared appender would cause all referenced appenders to be skipped. This issue was discovered in issues/997.

• Added VersionUtil class to logback-core. This utility class checks for version compatibility issues and alerts the user if need be.

• Added EpochConverter to output milliseconds/seconds since epoch. This enhancement was requested by Duncan Jauncey in issues/1000 who also provided the relevant implementation PR.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit f426e0002800cfb507f393fcacffe0761a425220 associated with the tag v_1.5.25. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.24

2026-01-06 Release of logback version 1.5.24

• Added ExpressionPropertyCondition a PropertyCondition that can evaluate boolean expressions similar to Java. See the relevant documentation for further details.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 62bc5fc245dd3a52f3dd45e232733f4cefb4806d associated with the tag v_1.5.24. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• 33deb54 prepare release 1.5.26
• d38a3e2 refactoring based on usage in logback-access
• 4368333 move VersionUtil.getCoreVersionBySelfDeclaredProperties to CoreVersionUtil
• 8bd5660 modify VersionCheckTest to use logback-core 1.5.25
• 7a8f0b6 version information is self declared by modules.
• 00d272f Do not use javax.naming namespace in the catch block, so that Logback can be ...
• 420d67c mention country only, add missing 2016-03-29
• 033aba4 fix javadoc errors
• 6d52744 start work on 1.5.26-SNAPSHOT
• f426e00 prepare release of 1.5.25
• Additional commits viewable in compare view

Updates org.codehaus.plexus:plexus-xml from 4.1.0 to 4.1.1

Release notes

Sourced from org.codehaus.plexus:plexus-xml's releases.

4.1.1

• Fix polynomial regular expression vulnerability in XML encoding detection (#68) @copilot-swe-agent[bot]
• Declare license info in POM (#62) @​Goooler

👻 Maintenance

• JUnit Jupiter best practices (#72) @​slachiewicz

📦 Dependency updates

• Bump org.codehaus.plexus:plexus from 24 to 25 (#77) @dependabot[bot]
• Bump org.apache.maven:maven-xml from 4.0.0-rc-4 to 4.0.0-rc-5 (#74) @dependabot[bot]
• Bump org.codehaus.plexus:plexus from 23 to 24 (#69) @dependabot[bot]
• Bump org.codehaus.plexus:plexus from 22 to 23 (#66) @dependabot[bot]
• Bump org.apache.maven:maven-xml from 4.0.0-rc-3 to 4.0.0-rc-4 (#65) @dependabot[bot]
• Bump org.codehaus.plexus:plexus from 21 to 22 (#63) @dependabot[bot]
• Bump org.codehaus.plexus:plexus from 20 to 21 (#61) @dependabot[bot]

Commits

• 8169130 [maven-release-plugin] prepare release plexus-xml-4.1.1
• 311f1d2 Bump org.codehaus.plexus:plexus from 24 to 25
• a51782f Bump org.apache.maven:maven-xml from 4.0.0-rc-4 to 4.0.0-rc-5
• bc07169 JUnit Jupiter best practices
• 9a87e5c Fix polynomial regular expression vulnerability in XML encoding detection (#68)
• 303c1a2 Bump org.codehaus.plexus:plexus from 23 to 24
• 2294db6 Bump org.codehaus.plexus:plexus from 22 to 23
• c6b2c7a Bump org.apache.maven:maven-xml from 4.0.0-rc-3 to 4.0.0-rc-4
• bad0a2b Declare license info in POM
• 9434226 Bump org.codehaus.plexus:plexus from 21 to 22
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-models from 2.2.41 to 2.2.42

Updates io.swagger.core.v3:swagger-core from 2.2.41 to 2.2.42

Release notes

Sourced from io.swagger.core.v3:swagger-core's releases.

Swagger-core 2.2.42 released!

• fix: apply minItems/minLength from @NotEmpty/@​NotBlank regardless of requiredMode (#5033)
• chore: update logback-core dependency (#5029)

Commits

• 07935ca prepare release 2.2.42 (#5038)
• 1dafa44 fix: apply minItems/minLength from @NotEmpty/@​NotBlank regardless of required...
• b313104 chore: update logback-core dependency
• b518848 bump snapshot 2.2.42-SNAPSHOT (#5023)
• See full diff in compare view

Updates io.swagger.core.v3:swagger-core from 2.2.41 to 2.2.42

Release notes

Sourced from io.swagger.core.v3:swagger-core's releases.

Swagger-core 2.2.42 released!

• fix: apply minItems/minLength from @NotEmpty/@​NotBlank regardless of requiredMode (#5033)
• chore: update logback-core dependency (#5029)

Commits

• 07935ca prepare release 2.2.42 (#5038)
• 1dafa44 fix: apply minItems/minLength from @NotEmpty/@​NotBlank regardless of required...
• b313104 chore: update logback-core dependency
• b518848 bump snapshot 2.2.42-SNAPSHOT (#5023)
• See full diff in compare view

Updates org.junit:junit-bom from 6.0.1 to 6.0.2

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

Commits

• c5c5de5 Release 6.0.2
• 98b6f78 Add missing checkout step
• 732dc27 Finalize 6.0.2 release notes
• 6a25736 Finalize 5.14.2 release notes
• 33e66bf Move release notes for #5238 entry to 6.1.0-M2
• 11f0f82 Update copyright headers
• 6ce1265 Consistently add license header to all java source files
• 4d454ee Update dependency @​antora/lunr-extension to v1.0.0-alpha.12
• faf4a58 Use --since feature of Javadoc
• 5cc8b05 Mark new recommended APIs as "maintained" rather than "experimental"
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.9.0 to 0.10.0

Commits

• See full diff in compare view

Updates com.github.javaparser:javaparser-core from 3.27.1 to 3.28.0

Release notes

Sourced from com.github.javaparser:javaparser-core's releases.

javaparser-parent-3.28.0

Added

• [JEP 512] Add support for compact source files (PR #4940 by @​johannescoetzee)
• [JEP 513] Add support for flexible constructor bodies (PR #4919 by @​johannescoetzee)
• [JEP 511] Module Import Declarations (PR #4910 by @​johannescoetzee)
• [JEP 467] Add support for MarkdownComments (PR #4899 by @​johannescoetzee)
• Refactor comment hierarchy in preparation for MarkdownComments (PR #4885 by @​johannescoetzee)
• Add support for match-all patterns (PR #4867 by @​johannescoetzee)

Changed

• Improves issue 4188 resolution (PR #4934 by @​jlerbsc)
• Add support for Java 23 and Java 24 (PR #4901 by @​rpx99)
• Improved the code by removing code duplication from the method used to obtain methods declared in a class/interface/enumeration (PR #4883 by @​jlerbsc)

Fixed

• Fix: issue 4890 Method call resolution fails for variadic reference-type parameters with primitive arguments (PR #4943 by @​jlerbsc)
• Fix: issue 4941 Type variables are not correctly mapped when inheriting between generic interfaces (PR #4942 by @​jlerbsc)
• Fix: issue 4188 UnsolvedSymbolException resolving MethocCallExpr using MethodReferenceExpr (PR #4931 by @​jlerbsc)
• Fix grammar ambiguities causing crashes when using assert and module as names (PR #4929 by @​johannescoetzee)
• Fix: issue #3916 Method 'valueOf' cannot be resolved in context MyEnum.One.valueOf("") (PR #4916 by @​jlerbsc)
• Adds the ability to use the word 'assert' prior to Java version 1.4 (PR #4915 by @​jlerbsc)
• Fix: Simplify code and possibly improve the resolution of extended interfaces when using qualified names (PR #4882 by @​jlerbsc)
• test: improve SourceRoot coverage and apply spotless formatting #4795 (PR #4881 by @​Joyce-5)
• Fix #4864: Correct toString() output in ReflectionRecordDeclaration (PR #4879 by @​ChenduanZhang)
• Include source file path in failed ParseResult when parsing via SourceRoot #4786 (PR #4874 by @​JIN-RUI-LIU)
• Fixes unchecked warnings when calling Mockito.mock(Class) (PR #4413 by @​matthieu-vergne)

Developer Changes

• fix(deps): update byte-buddy.version to v1.18.2 (PR #4906 by @​renovate[bot])
• chore(deps): update actions/checkout action to v6 (PR #4900 by @​renovate[bot])
• chore(deps): update actions/checkout action to v5.0.1 (PR #4892 by @​renovate[bot])
• fix(deps): update dependency net.bytebuddy:byte-buddy-agent to v1.18.1 (PR #4889 by @​renovate[bot])
• fix(deps): update dependency org.checkerframework:checker-qual to v3.52.0 (PR #4886 by @​renovate[bot])

Uncategorised

• Add UnaryExpr, BinaryExpr, and some record/enum tests to improve overall test coverage (PR #4930 by @​johannescoetzee)

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​rpx99
• @​JIN-RUI-LIU
• @​Joyce-5
• @​johannescoetzee

... (truncated)

Changelog

Sourced from com.github.javaparser:javaparser-core's changelog.

Version 3.28.0

issues resolved

Added

• [JEP 512] Add support for compact source files (PR #4940 by @​johannescoetzee)
• [JEP 513] Add support for flexible constructor bodies (PR #4919 by @​johannescoetzee)
• [JEP 511] Module Import Declarations (PR #4910 by @​johannescoetzee)
• [JEP 467] Add support for MarkdownComments (PR #4899 by @​johannescoetzee)
• Refactor comment hierarchy in preparation for MarkdownComments (PR #4885 by @​johannescoetzee)
• Add support for match-all patterns (PR #4867 by @​johannescoetzee)

Changed

• Improves issue 4188 resolution (PR #4934 by @​jlerbsc)
• Add support for Java 23 and Java 24 (PR #4901 by @​rpx99)
• Improved the code by removing code duplication from the method used to obtain methods declared in a class/interface/enumeration (PR #4883 by @​jlerbsc)

Fixed

• Fix: issue 4890 Method call resolution fails for variadic reference-type parameters with primitive arguments (PR #4943 by @​jlerbsc)
• Fix: issue 4941 Type variables are not correctly mapped when inheriting between generic interfaces (PR #4942 by @​jlerbsc)
• Fix: issue 4188 UnsolvedSymbolException resolving MethocCallExpr using MethodReferenceExpr (PR #4931 by @​jlerbsc)
• Fix grammar ambiguities causing crashes when using assert and module as names (PR #4929 by @​johannescoetzee)
• Fix: issue #3916 Method 'valueOf' cannot be resolved in context MyEnum.One.valueOf("") (PR #4916 by @​jlerbsc)
• Adds the ability to use the word 'assert' prior to Java version 1.4 (PR #4915 by @​jlerbsc)
• Fix: Simplify code and possibly improve the resolution of extended interfaces when using qualified names (PR #4882 by @​jlerbsc)
• test: improve SourceRoot coverage and apply spotless formatting #4795 (PR #4881 by @​Joyce-5)
• Fix #4864: Correct toString() output in ReflectionRecordDeclaration (PR #4879 by @​ChenduanZhang)
• Include source file path in failed ParseResult when parsing via SourceRoot #4786 (PR #4874 by @​JIN-RUI-LIU)
• Fixes unchecked warnings when calling Mockito.mock(Class) (PR #4413 by @​matthieu-vergne)

Developer Changes

• fix(deps): update byte-buddy.version to v1.18.2 (PR #4906 by @​renovate[bot])
• chore(deps): update actions/checkout action to v6 (PR #4900 by @​renovate[bot])
• chore(deps): update actions/checkout action to v5.0.1 (PR #4892 by @​renovate[bot])
• fix(deps): update dependency net.bytebuddy:byte-buddy-agent to v1.18.1 (PR #4889 by @​renovate[bot])
• fix(deps): update dependency org.checkerframework:checker-qual to v3.52.0 (PR #4886 by @​renovate[bot])

Uncategorised

• Add UnaryExpr, BinaryExpr, and some record/enum tests to improve overall test coverage (PR #4930 by @​johannescoetzee)

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​rpx99

... (truncated)

Commits

• 0a42555 [maven-release-plugin] prepare release javaparser-parent-3.28.0
• 3211070 update readme
• acd6fc1 Update changelog
• 65b4cbc [JEP 512] Add support for compact source files
• 4fd7325 Merge branch 'master' into johannes/compact-classes
• a45797e chore(deps): update dependency org.sonatype.central:central-publishing-maven-...
• 4527bed fix(deps): update dependency org.checkerframework:checker-qual to v3.53.0 (#4...
• 7de2cc3 Merge branch 'master' into johannes/compact-classes
• 1312fd2 fix(deps): update dependency org.junit:junit-bom to v5.14.2 (#4945)
• b811a9c Remove unnecessary resolution attempts in modules when solving symbols as values
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates org.openapitools.openapidiff:openapi-diff-core from 2.1.6 to 2.1.7

Release notes

Sourced from org.openapitools.openapidiff:openapi-diff-core's releases.

2.1.7

What's Changed

• Fix NullPointerException in HtmlRender when schema is null by @​Copilot in OpenAPITools/openapi-diff#869
• Fix NullPointerException in MarkdownRender when schema is null by @​Copilot in OpenAPITools/openapi-diff#871
• build(deps): bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 by @​dependabot[bot] in OpenAPITools/openapi-diff#867
• build(deps): bump org.apache.commons:commons-configuration2 from 2.12.0 to 2.13.0 by @​dependabot[bot] in OpenAPITools/openapi-diff#866
• Feature: Allow changed operation IDs to be flagged as incompatible by @​issy in OpenAPITools/openapi-diff#880
• Feature: Add rendering support for operation ID diff by @​issy in OpenAPITools/openapi-diff#881

New Contributors

• @​Copilot made their first contribution in OpenAPITools/openapi-diff#869
• @​issy made their first contribution in OpenAPITools/openapi-diff#880

Full Changelog: OpenAPITools/openapi-diff@2.1.6...2.1.7

Commits

• edae257 Prepare release 2.1.7
• 36ffa53 Apply code formatting
• ec81dc3 Feature: Add rendering support for operation ID diff (#881)
• ad55b24 Feature: Allow changed operation IDs to be flagged as incompatible (#880)
• ca2c426 build(deps): bump org.apache.commons:commons-configuration2 (#866)
• 6fb05ea build(deps): bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#867)
• 82cca56 Fix NullPointerException in MarkdownRender when schema is null (#871)
• f928125 Fix NullPointerException in HtmlRender when schema is null (#869)
• 51b35ed Bump version to 2.1.7-SNAPSHOT
• See full diff in compare view

Updates org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0

Release notes

Sourced from org.codehaus.plexus:plexus-archiver's releases.

4.11.0

📦 Dependency updates

• Replace Airlift Snappy with Apache Commons Compress #413 @​slachiewicz
• Removal of dependency to AirCompressor that contains vulnerabilities #411
• Bump org.codehaus.plexus:plexus from 24 to 25 #412
• Bump org.tukaani:xz from 1.10 to 1.11 #410

Commits

• bb8ea26 [maven-release-plugin] prepare release plexus-archiver-4.11.0
• ffa5935 Replace Airlift Snappy with Apache Commons Compress
• 08a9335 Bump org.codehaus.plexus:plexus from 24 to 25
• e925df9 Bump org.tukaani:xz from 1.10 to 1.11
• acfafa7 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud