Bump the deps group across 1 directory with 11 updates

[dependabot]

Bumps the deps group with 11 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	2.2.7.RELEASE	3.3.3
kr.motd.maven:os-maven-plugin	1.5.0.Final	1.7.1
org.jvnet.wagon-svn:wagon-svn	1.9	1.12
javax.xml.bind:jaxb-api	2.2.3	2.3.1
org.jacoco:jacoco-maven-plugin	0.8.10	0.8.12
org.sonatype.plugins:nexus-staging-maven-plugin	1.6.8	1.7.0
org.apache.maven.plugins:maven-gpg-plugin	1.6	3.2.5
com.google.guava:guava	29.0-jre	33.3.0-jre
org.springdoc:springdoc-openapi-ui	1.2.33	1.8.0
org.apache.maven.plugins:maven-enforcer-plugin	3.0.0-M3	3.5.0
com.github.tomakehurst:wiremock	2.26.0	2.27.2

Updates org.springframework.boot:spring-boot-starter-parent from 2.2.7.RELEASE to 3.3.3

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v3.3.3

⭐ New Features

• Add TWENTY_THREE to JavaVersion enum #41716

🐞 Bug Fixes

• Extending DefaultErrorAttributes and overriding getErrorAttributes() gets called twice #41995
• When using WebFlux, server.error.include-binding-errors=ALWAYS no longer has an effect when the BindingResult exception is the cause of a ResponseStatusException #41987
• PropertiesLauncher does not respect classpath.idx when adding jars in BOOT-INF/lib to the classpath #41970
• Web extension for SBOM endpoint isn't available under /cloudfoundryapplication #41890
• Launcher's ClassLoader is no longer parallel capable #41873
• spring-boot-testcontainers causes unwanted container initialization during AOT processing #41859
• ReactiveElasticsearchRepositoriesAutoConfiguration should back off when Reactor is not on the classpath #41678
• mvn spring-boot:build-image fails when 'classifier' is set to non-default value #41661
• Spring Boot Maven plugin AOT cannot handle Maven modules with module-info.java #41647
• Docker publishRegistry in Maven plugin configuration is validated when publish option is false #41641
• Using Gradle's new file permission API is implemented in a way that prevents removal of the old API #41607
• Some @ControllerEndpoint and @RestControllerEndpoint infrastructure remains undeprecated #41596
• Constructor binding of EnumMap fails due to missing key type #41563

📔 Documentation

• Improve documented logging property descriptions and default values #41989
• Explain that enabling virtual threads disables traditional thread pools #41976
• Harmonize code sample for MyUserHandler in reference documentation #41949
• Document when environment variable property mapping applies #41945
• Javadoc of slice test annotations should describe more accurately which components are considered #41935
• Fix duplicate words #41920
• Document the need to explicitly reset mock servers when using mock server customizers directly #41849
• Correct grammar in 'Running your Application with Maven' #41840
• Document more clearly that username and password are not used when spring.data.redis.url is set #41748
• Pulsar configuration does not have default value for several entries in the metadata #41683
• management.otlp.metrics.export.aggregation-temporality does not have a default value in the metadata #41676
• management.newrelic.metrics.export.client-provider-type does not have a default value in the metadata #41670
• server.error.include-path does not have a default value in the metadata #41667
• The effect upon Actuator of defining your own SecurityFilterChain is documented inconsistently #41638
• "Use Spring Data repositories" How-to incorrectly refers to Repository annotations #41628
• "Use Spring Data repositories" How-to incorrectly refers to Repository annotations #41627
• Update link to documentation for log4j-spring-boot #41622
• Fix link to Flyway reference documentation #41593
• Document configuration property binding's support for using @Name to customize a property name #41585
• Add hint for new dependencies required for Flyway #41574
• Document that spring-boot:repackage should not be run from the command-line #22317

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.3 #41782
• Upgrade to Awaitility 4.2.2 #41707

... (truncated)

Commits

• 27f852a Release v3.3.3
• f0d2503 Merge branch '3.2.x' into 3.3.x
• 1822b2f Include spring-boot-starter-parent in Integration tests repository
• d4e1aed Merge branch '3.2.x' into 3.3.x
• 0b24ee8 Improve loading of jar entry certificates
• 29e4607 Merge branch '3.2.x' into 3.3.x
• 112cfc8 Remove processed annotations plugin declaration
• 05b73ce Call getErrorAttributes() only once
• d974686 Upgrade to apachepulsar/pulsar 3.2.4
• 459d899 Add release type attribute for Antora documentation generation
• Additional commits viewable in compare view

Updates kr.motd.maven:os-maven-plugin from 1.5.0.Final to 1.7.1

Release notes

Sourced from kr.motd.maven:os-maven-plugin's releases.

os-maven-plugin-1.7.1

• Added detection of more RISC-V architectures. #61 #62 #66 (Thanks to @​zinovya and @​luhenry)
  • riscv32 is detected as riscv for backward compatibility with 1.7.0.
  • riscv64 is detected as riscv64.
• Added detection of Elbrus 2000 architecture. #57 (Thanks to @​antonbashir)
• Added detection of LoongArch64 architecture. #63 #64 (Thanks to @​zhangwenlong8911 and @​xiangzhai)
• Fixed the detection logic so that it detects more MacOS variants. #58 #67 (Thanks to @​aalmiray)

os-maven-plugin-1.7.0

• Added a new property os.detected.arch.bitness #36 #41 (Thanks to @​jflecomte and @​bmarwell)
• Added detection of RISC-V architecture, riscv #51 #53 (Thanks to @​advancedwebdeveloper)
• Added an abstraction layer for System property and file system access #47 #48 (Thanks to @​voidzcy)
• Added thread safety information to Maven plugin metadata so that Maven doesn't warn about thread safety anymore #42 #44 (Thanks to @​seime and @​mortenlocka)

os-maven-plugin-1.6.2

• Added detection of z/OS operating system #39 #40 (Thanks to @​ind1go)

os-maven-plugin-1.6.1

• Added m2e life cycle mapping metadata so os-maven-plugin works better with Eclipse m2e. #37 (Thanks, @​sergei-ivanov)

os-maven-plugin-1.6.0

• Added support for MIPS and MIPSEL 32/64-bit architecture
  • mips_32 - if the value is one of: mips, mips32
  • mips_64 - if the value is mips64
  • mipsel_32 - if the value is one of: mipsel, mips32el
  • mipsel_64 - if the value is mips64el
• Added support for PPCLE 32-bit architecture
  • ppcle_32 - if the value is one of: ppcle, ppc32le
• Added support for IA64N and IA64W architecture
  • itanium_32 - if the value is ia64n
  • itanium_64 - if the value is one of: ia64, ia64w (new), itanium64
• Fixed classpath conflicts due to outdated Guava version in transitive dependencies (#29)
• Fixed incorrect prerequisite (#21)
• Overall code clean-up and dependency updates

Commits

• 9913130 [maven-release-plugin] prepare release os-maven-plugin-1.7.1
• 211db49 Override the default Maven repository when testing against old Maven versions
• 88bae1e Detect more osx variants (#67)
• cebc3e8 Add support for LoongArch64 architecture (#63)
• 4df5494 Add riscv32 and riscv64 support (#62)
• 6bd9cfa Support for E2K (Elbrus 2000) architecture (#57)
• 6d81345 Update README.md
• 52e547c Update the version in README.md
• ad10438 [maven-release-plugin] prepare for next development iteration
• 4a74c82 [maven-release-plugin] prepare release os-maven-plugin-1.7.0
• Additional commits viewable in compare view

Updates org.jvnet.wagon-svn:wagon-svn from 1.9 to 1.12

Updates javax.xml.bind:jaxb-api from 2.2.3 to 2.3.1

Commits

• See full diff in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.12

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.12

New Features

• JaCoCo now officially supports Java 22 (GitHub #1596).
• Experimental support for Java 23 class files (GitHub #1553).

Fixed bugs

• Branches added by the Kotlin compiler for functions with default arguments and having more than 32 parameters are filtered out during generation of report (GitHub #1556).
• Branch added by the Kotlin compiler version 1.5.0 and above for reading from lateinit property is filtered out during generation of report (GitHub #1568).

Non-functional Changes

• JaCoCo now depends on ASM 9.7 (GitHub #1600).

0.8.11

New Features

• JaCoCo now officially supports Java 21 (GitHub #1520).
• Experimental support for Java 22 class files (GitHub #1479).
• Part of bytecode generated by the Java compilers for exhaustive switch expressions is filtered out during generation of report (GitHub #1472).
• Part of bytecode generated by the Java compilers for record patterns is filtered out during generation of report (GitHub #1473).

Fixed bugs

• Instrumentation should not cause VerifyError when the last local variable of method parameters is overridden in the method body to store a value of type long or double (GitHub #893).
• Restore exec file compatibility with versions from 0.7.5 to 0.8.8 in case of class files with zero line numbers (GitHub #1492).

Non-functional Changes

• jacoco-maven-plugin now requires at least Java 8 (GitHub #1466, #1468).
• JaCoCo build now requires at least Maven 3.5.4 (GitHub #1467).
• Maven 3.9.2 should not produce warnings for jacoco-maven-plugin (GitHub #1468).
• JaCoCo build now requires JDK 17 (GitHub #1482).
• JaCoCo now depends on ASM 9.6 (GitHub #1518).

Commits

• dbfb6f2 Prepare release 0.8.12
• a50585b Upgrade maven-plugin-plugin to 3.6.4 (#1604)
• fd63cc5 Configure labels that Dependabot assigns to PRs (#1603)
• 03a5333 Add configuration for Dependabot to simplify updates of ASM (#1601)
• 40ff9fb Upgrade ASM to 9.7 (#1600)
• 9077178 Happy birthday Java 22! (#1596)
• 7edd1b5 Bump actions/setup-java from 4.1.0 to 4.2.1 (#1594)
• e50b547 Upgrade ECJ to 3.37.0 (#1590)
• a1144d0 Upgrade maven-site-plugin to 3.12.1 (#1586)
• 04b0141 Bump actions/setup-java from 4.0.0 to 4.1.0 (#1587)
• Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.8 to 1.7.0

Updates org.apache.maven.plugins:maven-gpg-plugin from 1.6 to 3.2.5

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.5

Release Notes - Maven GPG Plugin - Version 3.2.5

---

• [MGPG-134] - Update maven-invoker (#110) @​cstamas
• [MGPG-130] - Update sigstore extension to ".sigstore.json" (#109) @​loosebazooka
• [MGPG-128] - Parent POM 42, prerequisite 3.6.3 (#100) @​cstamas

📦 Dependency updates

• Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to 1.18.2 (#105) @​dependabot
• Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2.10.0 (#107) @​dependabot
• Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108) @​dependabot
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0 (#103) @​dependabot
• Bump bouncycastleVersion from 1.78 to 1.78.1 (#98) @​dependabot

3.2.4

Release Notes - Maven GPG Plugin - Version 3.2.4

... (truncated)

Commits

• 737d4ee [maven-release-plugin] prepare release maven-gpg-plugin-3.2.5
• 7747063 [MGPG-134] Update maven-invoker (#110)
• 3df5f83 [MGPG-133] Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.17.0 to ...
• 58a2069 [MGPG-132] Bump com.kohlschutter.junixsocket:junixsocket-core from 2.9.1 to 2...
• e911b43 [MGPG-131] Bump org.apache.maven.plugins:maven-plugins from 42 to 43 (#108)
• d2b60d3 [MGPG-130] Update sigstore extension for exclusion (#109)
• 091f388 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.1 to 3.7.0
• 899f410 [MGPG-128] Parent POM 42, prerequisite 3.6.3 (#100)
• f0be6f3 [MGPG-127] Bump bouncycastleVersion from 1.78 to 1.78.1 (#98)
• 7dd5166 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.google.guava:guava from 29.0-jre to 33.3.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.3.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.3.0-jre</version>
  <!-- or, for Android: -->
  <version>33.3.0-android</version>
</dependency>

Jar files

• 33.3.0-jre.jar
• 33.3.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 33.3.0-jre
• 33.3.0-android

JDiff

• 33.3.0-jre vs. 33.2.1-jre
• 33.3.0-android vs. 33.2.1-android
• 33.3.0-android vs. 33.3.0-jre

Changelog

• base: Removed @Beta from the Duration overload of Suppliers.memoizeWithExpiration. (76fca99db95ce9c8e55bb9c37fd0e44ef0451a80)
• cache: Added CacheBuilder Duration overloads to guava-android. (a5f9bcafd6)
• collect: Removed @Beta from the guava-android Collector APIs. (c86c09dc3d)
• collect: Added ImmutableMultimap.builderWithExpectedKeys and ImmutableMultimap.Builder.expectedValuesPerKey. (c3d5b17dc2)
• graph: Improved Graphs.hasCycle to avoid causing StackOverflowError for long paths. (63734b9dfc)
• net: Added text/markdown to MediaType. (2466a099ae)
• net: Deprecated HttpHeaders constant for Sec-Ch-UA-Form-Factor in favor of Sec-Ch-UA-Form-Factors to follow the latest spec. (b310b7e1ee)
• testing: Changed some test libraries to throw AssertionError (instead of the more specific AssertionFailedError) in some cases. (fdfbed1985)

33.2.1

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.2.1-jre</version>
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates org.springdoc:springdoc-openapi-ui from 1.2.33 to 1.8.0

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.0.0-M3 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.5.0

🚀 New features and improvements

• [MENFORCER-497] - Require Maven 3.6.3+ (#317) @​slawekjaranowski
• [MENFORCER-494] - Allow banning dynamic versions in whole tree (#294) @​JimmyAx
• [MENFORCER-500] - New rule to enforce that Maven coordinates match given (#309) @​kwin

🐛 Bug Fixes

• [MENFORCER-503] - Pass context to ProfileActivator - fix NPE in Maven 3.9.7 (#315) @​slawekjaranowski

📦 Dependency updates

• [MENFORCER-501] - Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#311) @​dependabot
• [MENFORCER-501] - Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#312) @​dependabot
• [MENFORCER-504] - Bump org.apache.maven:maven-parent from 41 to 42 (#314) @​dependabot
• [MENFORCER-501] - Bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#298) @​dependabot
• [MENFORCER-501] - Bump commons-codec:commons-codec from 1.16.0 to 1.16.1 (#305) @​dependabot
• [MENFORCER-501] - Bump commons-io:commons-io from 2.13.0 to 2.16.0 (#310) @​dependabot
• Bump org.apache.commons:commons-compress from 1.21 to 1.26.0 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#307) @​dependabot
• Bump apache/maven-gh-actions-shared from 3 to 4 (#308) @​dependabot
• [MENFORCER-498] - Update parent pom to 41 (#306) @​slachiewicz
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#303) @​dependabot
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 (#301) @​dependabot
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0 (#295) @​dependabot
• Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#296) @​dependabot
• [MENFORCER-492] - Bump plexus-utils from 3.5.1 to 4.0.0 and plexus-xml 3.0.0 (#291) @​slawekjaranowski
• Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#292) @​dependabot

👻 Maintenance

• [MENFORCER-490] - Remove unused dependency (#316) @​elharo
• Bump org.apache.commons:commons-compress from 1.21 to 1.26.0 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#307) @​dependabot
• Bump org.assertj:assertj-core from 3.25.1 to 3.25.3 (#304) @​dependabot
• [MENFORCER-498] - Update parent pom to 41 (#306) @​slachiewicz
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 (#303) @​dependabot
• Bump org.xerial.snappy:snappy-java from 1.1.10.1 to 1.1.10.4 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#292) @​dependabot
• Oxford comma, fill to file, and tighten language (#290) @​elharo
• [MENFORCER-490] - Declare enforcer-rules dependencies (#289) @​elharo
• [MENFORCER-490] - fully declare maven-enforcer-plugin dependencies (#288) @​elharo

3.4.1

🐛 Bug Fixes

• [MENFORCER-491] - Fix plugin documentation generation (#286) @​slawekjaranowski

👻 Maintenance

... (truncated)

Commits

• 21b31b5 [maven-release-plugin] prepare release enforcer-3.5.0
• e6cd6e9 Remove unused dependency (#316)
• 29d1c0d [MENFORCER-497] Require Maven 3.6.3+
• 80e6626 [MENFORCER-503] Pass context to ProfileActivator - fix NPE in Maven 3.9.7
• 5c7d0bc [MENFORCER-494] Allow banning dynamic versions in whole tree (#294)
• e687c46 [MENFORCER-501] Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#311)
• 6665083 [MENFORCER-501] Bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#312)
• 3eb6343 Bump project version to 3.5.0-SNAPSHOT
• 1cf5c5f [MENFORCER-504] Bump org.apache.maven:maven-parent from 41 to 42 (#314)
• a24b557 Manage ignore artifacts for dependabot in PR
• Additional commits viewable in compare view

Updates com.github.tomakehurst:wiremock from 2.26.0 to 2.27.2

Commits

• 56d7a08 Added memoization to match results during request -> stub near miss calculation
• b9a3865 Bumped patch version
• 278ab58 Fixed #1375 - removed memoization of string value pattern matches, as this is...
• 1b48c42 Fixed #1346 - raised default Jetty stop timeout to prevent unbounded thread c...
• 2b50872 Bumped patch version
• e2809eb Moved the writable key store source (used when browser proxying HTTPS) to the...
• d597aaf Upgraded to Jetty 9.4.30 and Conscrypt 2.2.1 (not the most recent, but the ne...
• 129d00b Fixed #994 - added the ability to set the keystore type and trust store type ...
• 6ded3d6 Fixed #807 - added a distinction in configuration between keystore password a...
• 500ebec Added support for saving keystore files and switched the Jetty94 browser prox...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #30.