fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.sonarqube	7.0.1.6134 → 7.2.3.7755
ch.qos.logback:logback-classic (source, changelog)	1.5.26 → 1.5.32
org.mockito:mockito-core	5.20.0 → 5.23.0
org.junit.jupiter:junit-jupiter (source)	6.0.0 → 6.0.3
org.sonarsource.sslr:sslr-testing-harness	1.24.0.633 → 1.25.1.3886
org.sonarsource.sslr:sslr-core	1.24.0.633 → 1.25.1.3886
org.sonarsource.sonarlint.core:sonarlint-rpc-impl (source)	10.34.1.83453 → 10.47.0.84936
org.sonarsource.sonarlint.core:sonarlint-rpc-java-client (source)	10.34.1.83453 → 10.47.0.84936
org.sonarsource.sonarlint.core:sonarlint-core (source)	10.34.1.83453 → 10.47.0.84936
org.sonarsource.sonarqube:sonar-ws (source)	26.2.0.118776 → 26.3.0.120487
org.sonarsource.sonarqube:sonar-testing-harness (source)	26.2.0.118776 → 26.3.0.120487
org.sonarsource.sonarqube:sonar-plugin-api-impl (source)	26.2.0.118776 → 26.3.0.120487
org.sonarsource.analyzer-commons:sonar-regex-parsing (source)	2.18.0.3393 → 2.21.0.4626
org.sonarsource.analyzer-commons:sonar-analyzer-test-commons (source)	2.18.0.3393 → 2.21.0.4626
org.sonarsource.analyzer-commons:sonar-analyzer-commons (source)	2.18.0.3393 → 2.21.0.4626

---

Release Notes

mockito/mockito (org.mockito:mockito-core)

v5.23.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.23.0

• 2026-03-11 - 6 commit(s) by Brice Dutheil, Joshua Selbo, Philippe Kernevez
• Replace mockito-android mock maker implementation with dexmaker-mockito-inline (#​3792)
• Fix StackOverflowError with AbstractList after using mockSingleton (#​3790)
• Mark parameters of Mockito.when @Nullable (#​3503)

v5.22.0

Compare Source

v5.21.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#​3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#​3767)
• Bump actions/checkout from 5 to 6 (#​3765)
• Adds output of matchers to potential mismatch; Fixes #​2468 (#​3760)
• Forbid mocking WeakReference with inline mock maker (#​3759)
• StackOverflowError when mocking WeakReference (#​3758)
• Bump actions/upload-artifact from 4 to 5 (#​3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 (#​3755)
• Support primitives in GenericArrayReturnType. (#​3753)
• ClassNotFoundException when stubbing array of primitive type on Android (#​3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 (#​3744)
• Bump gradle/actions from 4 to 5 (#​3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 (#​3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 (#​3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 (#​3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#​3733)
• Bump errorprone from 2.41.0 to 2.42.0 (#​3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction (#​3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues (#​3727)
• automatically detect class to mock (#​2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers (#​2468)

SonarSource/sslr (org.sonarsource.sslr:sslr-testing-harness)

v1.25.1.3886

Compare Source

1.25.1.3886

v1.25.0.3878

1.25.0.3878

SonarSource/sonarqube (org.sonarsource.sonarqube:sonar-ws)

v26.3.0.120487

Compare Source

v26.2.0.119303

See details in the community announcement, and more in the release notes.

SonarSource/sonar-analyzer-commons (org.sonarsource.analyzer-commons:sonar-regex-parsing)

v2.21.0.4626

Compare Source

Rotations of binary signing keys

v2.20.0.4607

Compare Source

Release notes - Sonar Analyzer Commons - 2.20

Task

ACOMMONS-36 Prepare next development iteration

Improvement

ACOMMONS-40 Improve internal xml parser to support long attributes

v2.19.0.3575

Compare Source

What's Changed

• Prepare next development iteration by @​Godin in #​369
• BUILD-8875: Migrate to standardized GitHub runner names by @​SonarTech in #​368
• ACOMMONS-34 Expose Standards OWASP LLM Top 10 2025, OWASP Top 10 2025, ASVS 5.0, STIG ASD_V6, MASVS 2 metadata by @​nicolas-gauthier-sonarsource in #​370
• ACOMMONS-35 Remove commons-lang dependency by @​nicolas-gauthier-sonarsource in #​371

New Contributors

• @​SonarTech made their first contribution in #​368
• @​nicolas-gauthier-sonarsource made their first contribution in #​370

Full Changelog: SonarSource/sonar-analyzer-commons@2.18.0.3393...2.19.0.3575

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" in timezone CET, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonar-review-alpha]

Routine automated dependency bump — all updates are non-major. The SSLR parser bump (1.24 → 1.25.1) is worth noting as a core AST dependency, but the passing quality gate (with full test suite) gives confidence there are no regressions.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

[sonar-review-alpha]

Conclusion: Straightforward dependency bump PR with a clean API adaptation for the sonarlint-core 10.47 breaking change. The migration from positional boolean FeatureFlagsDto to named BackendCapability enum values is correct — all previously-true flags are present, previously-false ones are correctly absent from the EnumSet.

🗣️ Give feedback

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.