Bump the all-minor-patch group across 1 directory with 5 updates

[dependabot]

Bumps the all-minor-patch group with 5 updates in the / directory:

Package	From	To
com.fasterxml.jackson:jackson-bom	2.19.4	2.21.0
org.assertj:assertj-core	3.27.6	3.27.7
org.junit:junit-bom	5.14.2	5.14.3
org.springframework:spring-core	6.2.15	6.2.16
org.apache.maven.plugins:maven-dependency-plugin	3.9.0	3.10.0

Updates com.fasterxml.jackson:jackson-bom from 2.19.4 to 2.21.0

Commits

• 901b398 [maven-release-plugin] prepare release jackson-bom-2.21.0
• 86a4b9f ...
• 6b5de3a Prep for 2.21 release
• 3001d78 Merge pull request #116 from FasterXML/tatu/2.21/115-fix-cyclonedx-backport-i...
• 9370292 makeAggregateBom -> makeBom
• 3e4db58 Backport #115 in 2.x for 2.21
• 0ce4467 Merge branch '2.20' into 2.x
• 0dc79f5 ...
• 6a3d76b Merge branch '2.20' into 2.x
• 1d52817 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.14.2 to 5.14.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.3 = Platform 1.14.3 + Jupiter 5.14.3 + Vintage 5.14.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.2...r5.14.3

Commits

• 1c14c1b Release 5.14.3
• 698391f Finalize 5.14.3 release notes
• 5655c22 Fix link to milestone
• b4d1f56 Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• 5b6dfef Fix references
• 718ee15 Fail build if xref fragment is invalid
• a809887 Install poppler-utils for pdfinfo
• b568f5a Update API baseline
• 1ebb6bc Add missing checkout step
• 4ca615b Back to snapshots for further development
• See full diff in compare view

Updates org.springframework:spring-core from 6.2.15 to 6.2.16

Release notes

Sourced from org.springframework:spring-core's releases.

v6.2.16

⭐ New Features

• Improve performance of hashcode calculations for request mappings #36297
• Improve performance of HandlerMethod bean lookup #36296
• Improve performance of validation groups determination #36295
• Improve performance of single pattern request mappings #36294
• Optimize NamedParameterUtils#buildValueArray by lazily fetching SqlParameter #36232
• Consistently close streams through try-with-resources in FileCopyUtils #36224
• SqlBinaryValue and SqlCharacterValue should support InputStream content with undetermined length #36220
• DataBufferUtils.write() with NettyDataBuffer on JDK 25 hangs indefinitely #36189
• WebClient (Reactor) attributes on Netty channel do not clear after connection release #36163
• Reintroduce WebLogicJtaTransactionManager in Spring Framework 6.2.x #36152
• DisconnectedClientHelper should detect presence of RestClientException and WebClientException separately #36150
• Add DataAccessException and MessagingException to the excluded outermost exceptions in DisconnectedClientHelper #36135
• Improve user check in TransportHandlingSockJsService #36129

🐞 Bug Fixes

• Avoid lock congestion in ConcurrentReferenceHashMap #36308
• Resolved HttpEntity Controller argument does not reflect mutated HTTP headers #36301
• AbstractMessageConverter does not support wildcards in supported MIME types #36286
• Make LocalEntityManagerFactoryBean#setDataSource work on Hibernate as well as EclipseLink #36272
• Deadlock might occur when calling System.exit on startup (against multiple shutdown hooks) #36268
• Netty4HeadersAdapter.remove returns empty list instead of null for non-existing key #36227
• EclipseLinkConnectionHandle can fail against transaction isolation race condition #36166
• WiretapConnector leaks data buffers when response body not consumed #36051
• UriComponentsBuilder loses the fragment when it consists of only a single character #36035
• SimpleBeanInfoFactory fails to reliably resolve read/write methods in type hierarchies with unresolved generics #36026

📔 Documentation

• Fix links to JUnit User Guide #36218
• Fix LocalContainerEntityManagerFactoryBean#setPersistenceUnitName javadoc #36206
• Update documentation on trailing slash handling where type-level @GetMapping("/base") is combined with method level @GetMapping("/") #36200
• Update documentation on the MediaType used for ProblemDetail #36193
• Replace getErrors() with getBindingResult() in examples #36172
• Upgrade Antora dependencies #36106
• Fix typos and grammar #36023

🔨 Dependency Upgrades

• Bump fast-xml-parser from 4.5.2 to 5.3.4 in /framework-docs #36239
• Upgrade to ASM 9.9.1 and Objenesis 3.5 #36244
• Upgrade to JUnit 5.14.2 #36148
• Upgrade to Micrometer 1.15.9 #36290
• Upgrade to Reactor 2024.0.15 #36289

Commits

• 053d8e2 Release v6.2.16
• 8334388 avoid unnecessary locking in ConcurrentReferenceHashMap's implementation of c...
• 757b713 Use updated message in HttpEntityMethodProcessor
• a065563 Optimize RequestMappingInfo hashcode calculation
• 6162d89 Cache HandlerMethod with resolved bean if singleton
• 5c537db Optimize single PathPattern match
• 849553d Avoid determineValidationGroups not necessary
• 7240a5a Upgrade to Reactor 2024.0.15
• b00c387 Upgrade to Micrometer 1.15.9
• 8396c07 Fix wildcard MIME type support in messaging converters
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

• Introduce graphRoots for dependencyFilter based mojos (#1571) @​rfscholte

🐛 Bug Fixes

• Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins (#1583) @​slawekjaranowski
• Only log dependency classpath when no property/file output is specified (#1551) @​mwalser
• [MDEP-974] - strip ansi codes when writing to a file (#1564) @​elharo

📝 Documentation updates

• Add analyze-only to usage page (#1587) @​slawekjaranowski
• Move doc comment to correct location (#1568) @​elharo
• Focus on most recent version (#1537) @​elharo

👻 Maintenance

• Fix Jenkin bages in README (#1586) @​slawekjaranowski
• Improve dependencies filtering in AbstractAnalyzeMojo (#1579) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1574) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1569) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1563) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1562) @​slawekjaranowski
• Migration to JUnit 5 (#1558) @​slawekjaranowski
• JUnit Jupiter best practices (#1548) @​slachiewicz
• Migrate JUnit3 based Tests to JUnit 5 (#1541) @​sparsick

📦 Dependency updates

• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0 (#1584) @dependabot[bot]
• Bump org.assertj:assertj-core from 2.9.1 to 3.27.7 in /src/it/projects/analyze-testDependencyWithNonTestScope (#1581) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1578) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#1576) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1573) @dependabot[bot]
• Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 (#1572) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1570) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1559) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1552) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#1553) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#1554) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1555) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#1550) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (#1538) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#1539) @dependabot[bot]

Commits

• 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
• 68b5e47 Add analyze-only to usage page
• 09d5860 Fix Jenkin bages in README
• 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
• ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
• 0d88b66 Only log dependency classpath when no property/file output is specified
• 0075e31 Bump org.assertj:assertj-core (#1581)
• 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
• eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
• ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.