Update Mend: high confidence minor and patch dependency updates

[mend-for-github.zerozr99.workers.dev]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
maven (source)	3.6.3 -> 3.9.11
org.codehaus.mojo:properties-maven-plugin (source)	1.0.0 -> 1.2.1
org.glassfish.jaxb:jaxb-runtime (source)	2.3.3-b02 -> 2.3.9
org.testcontainers:testcontainers (source)	1.16.0 -> 1.21.3
org.reactivestreams:reactive-streams-tck (source)	1.0.3 -> 1.0.4
org.ow2.asm:asm-util (source)	9.1 -> 9.9
org.ow2.asm:asm (source)	9.1 -> 9.9
org.apache.maven.plugins:maven-resources-plugin (source)	3.2.0 -> 3.3.1
com.googlecode.maven-download-plugin:download-maven-plugin	1.3.0 -> 1.13.0
org.hibernate:hibernate-entitymanager (source)	5.3.23.Final -> 5.6.15.Final
net.bytebuddy:byte-buddy	1.11.12 -> 1.17.8
xerces:xercesImpl (source)	2.12.0.SP03 -> 2.12.2
org.apache.velocity:velocity-engine-core (source)	2.3 -> 2.4.1
org.apache.avro:avro (source)	1.7.6 -> 1.12.1
org.jsoup:jsoup (source)	1.14.2 -> 1.21.2
jaxen:jaxen (source)	1.1.6 -> 1.2.0
io.rest-assured:rest-assured (source)	3.0.6 -> 3.3.0
io.reactivex.rxjava3:rxjava	3.0.13 -> 3.1.12
io.grpc:grpc-stub	1.36.1 -> 1.76.0
io.grpc:grpc-protobuf	1.36.1 -> 1.76.0
io.grpc:grpc-context	1.36.1 -> 1.76.0
io.grpc:grpc-api	1.36.1 -> 1.76.0
io.grpc:grpc-core	1.36.1 -> 1.76.0
io.grpc:grpc-okhttp	1.36.1 -> 1.76.0
org.apache.commons:commons-lang3 (source)	3.11 -> 3.19.0
commons-cli:commons-cli (source)	1.4 -> 1.10.0
com.github.tomakehurst:wiremock (source)	2.20.0 -> 2.27.2
com.github.spullara.mustache.java:compiler	0.9.6 -> 0.9.14
com.fasterxml.jackson.core:jackson-core	2.12.3 -> 2.20.1
com.fasterxml.jackson.core:jackson-annotations (source)	2.12.3 -> 2.20
com.beust:jcommander (source)	1.78 -> 1.82
org.jacoco:org.jacoco.ant (source)	0.8.2 -> 0.8.14
org.jacoco:jacoco-maven-plugin (source)	0.8.2 -> 0.8.14
org.asciidoctor:asciidoctor-maven-plugin	1.5.6 -> 1.6.0
org.hibernate.validator:hibernate-validator (source)	7.0.1.Final -> 7.0.5.Final
org.eclipse:yasson (source)	2.0.1 -> 2.0.4
jakarta.websocket:jakarta.websocket-api (source)	2.0.0 -> 2.2.0
org.hsqldb:hsqldb (source)	2.5.0 -> 2.7.4
org.hibernate:hibernate-entitymanager (source)	5.1.14.Final -> 5.6.15.Final

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

apache/maven (maven)

v3.9.11: 3.9.11

Compare Source

🚀 New features and improvements

• Augment version range resolution used repositories (#​2574) @​cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#​2489) @​alzimmermsft
• Move ensure in boundaries of project lock (#​2470) @​cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#​2438) @​elharo
• Update CONTRIBUTING after GitHub issues enabled (#​2449) @​slawekjaranowski
• Enable Github Issues (3.9.x) (#​2414) @​Bukama
• [MNG-8763] - Remove name from site bannerLeft (#​2419) @​slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#​10898) @​slawekjaranowski
• Build the project by JDK 21 as default (#​10896) @​slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#​2452) @​slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#​2540) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#​2500) @​dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#​2491) @​dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#​2432) @​dependabot[bot]

v3.9.10: 3.9.10

Compare Source

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @​cstamhttps://github.com/apache/maven/pull/1656l/1656
• Add missing since by @​cstamhttps://github.com/apache/maven/pull/1682l/1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @​cstamhttps://github.com/apache/maven/pull/1724l/1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @​fmarhttps://github.com/apache/maven/pull/1806l/1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @​dependabhttps://github.com/apache/maven/pull/1666l/1666
• [MNG-8370] Add maven.repo.local.head by @​slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @​dependabhttps://github.com/apache/maven/pull/1991l/1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @​dependabhttps://github.com/apache/maven/pull/2013l/2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @​dependabhttps://github.com/apache/maven/pull/1926l/1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @​dependabhttps://github.com/apache/maven/pull/1699l/1699
• Add PR Automation action by @​slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @​dependabhttps://github.com/apache/maven/pull/2167l/2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @​dependabhttps://github.com/apache/maven/pull/2168l/2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @​dependabhttps://github.com/apache/maven/pull/2163l/2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @​slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
• [MNG-8248] Add enable-native-access to startup scripts by @​slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @​dependabhttps://github.com/apache/maven/pull/2185l/2185
• Use dedicated local repo for ITs on Jenkins by @​slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @​dependabhttps://github.com/apache/maven/pull/2240l/2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @​dependabhttps://github.com/apache/maven/pull/2241l/2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @​dependabhttps://github.com/apache/maven/pull/2258l/2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @​dependabhttps://github.com/apache/maven/pull/2264l/2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @​dependabhttps://github.com/apache/maven/pull/2270l/2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @​dependabhttps://github.com/apache/maven/pull/1665l/1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @​dependabhttps://github.com/apache/maven/pull/2280l/2280
• [MNG-8707] Add methods to remove compile and test source roots by @​gnodhttps://github.com/apache/maven/pull/2275l/2275
• [MNG-8712] dependency version is a requirement, not effective by @​hboutehttps://github.com/apache/maven/pull/2279l/2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @​slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @​slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
• [MNG-8722] Use a single standalone version of asm by @​slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
• [MNG-8716] Bump resolver to 1.9.23 by @​slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @​slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
• [MNG-8711] Fix concurrent cache access by @​slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
• Update README.md by @​slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
• [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @​cstamhttps://github.com/apache/maven/pull/2359l/2359
• [MNG-8728] Build ITs on JDK 21, 24 by @​slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
• [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @​cstamhttps://github.com/apache/maven/pull/2361l/2361
• Bump xmlunitVersion from 2.10.0 to 2.10.1 by @​dependabhttps://github.com/apache/maven/pull/2354l/2354
• [MNG-8396] Backport: add cache layer to the filtered dep graph by @​cstamhttps://github.com/apache/maven/pull/2393l/2393
• [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @​dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

• @​fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

v3.9.9: 3.9.9

Compare Source

Release Notes - Maven - Version 3.9.9

Bug

• [MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
• [MNG-8165] - Maven does not find extensions for -f when current dir is root
• [MNG-8177] - Warning "&#​39;dependencyManagement.dependencies.dependency.systemPath&#​39; for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
• [MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
• [MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
• [MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
• [MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

• [MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

• [MNG-8175] - Resolver 1.9.21
• [MNG-8179] - Upgrade Parent to 43
• [MNG-8193] - Resolver 1.9.22
• [MNG-8198] - (build) Animal Sniffer 1.24
• [MNG-8199] - Hamcrest 3.0

What's Changed

• [MNG-8159] Fix search for topDirectory when using -f / --file by @​gzmhttps://github.com/apache/maven/pull/1589l/1589
• [MNG-7194] Test missing property evaluation by @​pzygiehttps://github.com/apache/maven/pull/1570l/1570
• [3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @​cstamhttps://github.com/apache/maven/pull/1598l/1598
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @​kohlschuetthttps://github.com/apache/maven/pull/1603l/1603
• [MNG-8179] Upgrade Parent to 43 by @​slawekjaranowshttps://github.com/apache/maven/pull/1610l/1610
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @​cstamhttps://github.com/apache/maven/pull/1611l/1611
• [3.9.x][MNG-8193] Update to Resolver 1.9.22 by @​cstamhttps://github.com/apache/maven/pull/1627l/1627
• [MNG-8199] Hamcrest 3.0 by @​cstamhttps://github.com/apache/maven/pull/1631l/1631
• [MNG-8182] Resolved errors were created based on collect exceptions by @​cstamhttps://github.com/apache/maven/pull/1632l/1632
• [MNG-8180] Handle NPE due non-existent tags by @​cstamhttps://github.com/apache/maven/pull/1641l/1641
• [MNG-8180] Back out from failing the build by @​cstamhttps://github.com/apache/maven/pull/1642l/1642
• [MNG-8206] Remove bad plugin.xml from maven-compat by @​cstamhttps://github.com/apache/maven/pull/1646l/1646
• [MNG-8177] Add contextual info for model warnings by @​cstamhttps://github.com/apache/maven/pull/1633l/1633
• [MNG-8188] Profile properties are not interpolated by @​cstamhttps://github.com/apache/maven/pull/1634l/1634
• [MNG-8165] Align mvn.sh script with mvn.cmd by @​cstamhttps://github.com/apache/maven/pull/1647l/1647
• [MNG-8165] Get rid of bashism creeped in by @​cstamhttps://github.com/apache/maven/pull/1653l/1653

New Contributors

• @​gzm55 made their first contributihttps://github.com/apache/maven/pull/1589l/1589
• @​kohlschuetter made their first contributihttps://github.com/apache/maven/pull/1603l/1603

Full Changelog: apache/maven@maven-3.9.8...maven-3.9.9

v3.9.8: 3.9.8

Compare Source

Release Notes - Maven - Version 3.9.8

Bug

• [MNG-7758] - o.e.aether.resolution.ArtifactResolutionException incorrectly examined when multiple repositories are involved
• [MNG-8066] - Maven hangs on self-referencing exceptions
• [MNG-8116] - Plugin configuration can randomly fail in case of method overloading as it doesn&#​39;t take into account implementation attribute
• [MNG-8131] - Property replacement in dependency pom no longer works
• [MNG-8135] - Profile activation based on OS properties is no longer case insensitive
• [MNG-8142] - If JDK profile activator gets "invalid" JDK version for whatever reason, it chokes but does not tell why
• [MNG-8147] - Profile interpolation broke their evaluation in case of duplicate IDs

Improvement

• [MNG-7902] - Sort plugins in validation report
• [MNG-8140] - When a model is discarded (by model builder) for whatever reason, show why it happened
• [MNG-8141] - Model Builder should report if not sure about "fully correct" outcome
• [MNG-8150] - Make SimplexTransferListener handle absent source/target files

Task

• [MNG-8146] - Drop use of commons-lang

Dependency upgrade

• [MNG-8136] - Update to Eclipse Sisu 0.9.0.M3
• [MNG-8143] - Update to commons-cli 1.8.0
• [MNG-8144] - Update to Guava 32.2.1-jre
• [MNG-8154] - Upgrade default plugin bindings

---

What's Changed

• Use Maven Wrapper to build by @​slawekjaranowski in

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box