[deps]: Update maven minor

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
org.sonarsource.scanner.maven:sonar-maven-plugin (source)	5.0.0.4389 -> 5.5.0.6356
org.apache.maven.plugins:maven-gpg-plugin (source)	3.2.7 -> 3.2.8
org.apache.maven.plugins:maven-surefire-plugin (source)	3.5.2 -> 3.5.4
org.apache.maven.plugins:maven-javadoc-plugin (source)	3.11.2 -> 3.12.0
org.apache.maven.plugins:maven-source-plugin (source)	3.3.1 -> 3.4.0
org.apache.maven.plugins:maven-resources-plugin (source)	3.3.1 -> 3.4.0
org.apache.maven.plugins:maven-compiler-plugin (source)	3.13.0 -> 3.14.1
ch.qos.logback:logback-classic (source, changelog)	1.3.15 -> 1.3.16
org.assertj:assertj-core (source)	3.27.2 -> 3.27.6
org.junit.jupiter:junit-jupiter-engine (source)	5.11.4 -> 5.14.1
org.projectlombok:lombok (source)	1.18.36 -> 1.18.42
org.slf4j:slf4j-api (source, changelog)	2.0.16 -> 2.0.17
com.fasterxml.jackson.datatype:jackson-datatype-jdk8	2.18.2 -> 2.20.1
com.fasterxml.jackson.module:jackson-module-parameter-names	2.18.2 -> 2.20.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.18.2 -> 2.20.1
com.fasterxml.jackson.core:jackson-databind (source)	2.18.2 -> 2.20.1
org.apache.httpcomponents.client5:httpclient5 (source)	5.4.3 -> 5.6

---

Release Notes

SonarSource/sonar-scanner-maven (org.sonarsource.scanner.maven:sonar-maven-plugin)

v5.5.0.6356

Compare Source

Release notes - Sonar Scanner for Maven - 5.5

Task

SCANMAVEN-339 Update parent pom to 86.0.0.3040 and scanner-java-library to 3.5.2.1586

v5.4.0.6343

Compare Source

Release notes - Sonar Scanner for Maven - 5.4

Task

SCANMAVEN-323 Split build and SQ scan to speed-up the pipeline

SCANMAVEN-328 Create unified dogfooding GitHub action

SCANMAVEN-329 Prepare next development iteration

SCANMAVEN-331 Add Maven 4.0.0-rc5 to the test suite

SCANMAVEN-337 Update the scanner library to 3.5.1.1568

SCANMAVEN-338 Update parent pom

v5.3.0.6276

Compare Source

Release notes - Sonar Scanner for Maven - 5.3

Bug

SCANMAVEN-283 Mvn 4.0.0-rc-3 breaks scanner because change of API

SCANMAVEN-308 Toolchains are not properly discovered by the scanner with Maven 4

Task

SCANMAVEN-297 Update README.md with copy from Product Marketing

SCANMAVEN-301 PrepareNextIteration.yml: add recent improvements

SCANMAVEN-302 Update GH release and releasability actions

SCANMAVEN-303 Delete mend_scan_task

SCANMAVEN-305 Migrate Cirrus build to Github actions

SCANMAVEN-307 Migrate QA from Cirrus to Github action

SCANMAVEN-309 Prevent injection in PrepareNextIteration GHA

SCANMAVEN-310 Exclude test projects from SCA

SCANMAVEN-311 Upgrade dependencies

SCANMAVEN-314 Fix ProxyTest on GitHub actions

SCANMAVEN-315 Rework QA: split invoker-based ITs and Orchestrator-based e2e

SCANMAVEN-325 Update license header from SonarSource SA to SonarSource Sàrl

SCANMAVEN-326 Delete Cirrus CI config

SCANMAVEN-327 Use explicit build number

v5.2.0.4988

Compare Source

Release notes - Sonar Scanner for Maven - 5.2

New Feature

SCANMAVEN-296 Include github actions folder in the scan

Task

SCANMAVEN-286 Update Slack notification in .github/workflows/slack_notify.yml

SCANMAVEN-287 Bump orchestrator to version 5.5 or greater

SCANMAVEN-294 Update sonar-scanner-java-library to 3.4.0.514

SCANMAVEN-298 Populate name in pom.xml

SCANMAVEN-299 Exclude tests from publication.

v5.1.0.4751

Compare Source

Release notes - Sonar Scanner for Maven - 5.1

New Feature

SCANMAVEN-264 Add support for SonarQube Cloud regions

Bug

SCANMAVEN-228 Irrelevant encrypted properties should not be passed to the scanner engine

Task

SCANMAVEN-242 Migrate from single module to a multi-module structure

SCANMAVEN-250 Fix broken links coming from the relocation-pom's parent

SCANMAVEN-254 Update parent pom to version 81.0.0.2300

SCANMAVEN-257 Update headers for 2025

SCANMAVEN-258 Conditionally run tests using sonar.password in ITs

SCANMAVEN-260 Update CODEOWNERS after reorg

SCANMAVEN-261 Validate IT using the latest maven 4 release candidate 2

SCANMAVEN-262 Fix quality flaws: remove unnecessary public modifiers

SCANMAVEN-265 Upgrade sonar-scanner-java-library to latest version

SCANMAVEN-266 Analyze integration tests

SCANMAVEN-269 Prepare next development iteration 5.1

SCANMAVEN-271 Fix readability issues in ProxyTest

SCANMAVEN-272 Increase memory because maven 4.0.0-rc-2 fails with out of memory exception

SCANMAVEN-274 Fix quality flaws

SCANMAVEN-277 remove unused third-party-licenses.sh

SCANMAVEN-278 Fix quality flaws

SCANMAVEN-279 Clean up tech debt in Maven Scanner

SCANMAVEN-282 Update plexus-sec-dispatcher to fix CVE-2017-1000487

SCANMAVEN-284 Migrate releasability check to v2, fix property-dump-plugin to be excluded by releasability check (not released)

Improvement

SCANMAVEN-256 Remove (now redundant) server type logging

SCANMAVEN-276 ScannerEngineBootstrapper.isSuccessful() should be verified before calling getEngineFacade()

SCANMAVEN-280 Log the SonarQube Cloud Region

projectlombok/lombok (org.projectlombok:lombok)

v1.18.42

Compare Source

v1.18.40

Compare Source

v1.18.38

Compare Source

apache/httpcomponents-client (org.apache.httpcomponents.client5:httpclient5)

v5.6

This is the first ALPHA release in the 5.6 release series. It adds several features
such as transport content decompression and content compression for the async transport,
support for Unix sockets, experimental support for SCRAM-SHA-256 authentication scheme,
and Micrometer/OTel observations & metrics.

Commons Compress, Brotli codec, and ZStd codec are optional dependencies and get
wired into the execution pipeline only if present on the classpath.

Notable changes and features included in the 5.6 series:

• Unix domain socket support.

• Support for pluggable content codecs via Commons-Compress in the classic transport.
  (optional).

• Support for transparent content decompression and content compression with deflate,
  gzip, zstd (optional), and brotli (optional) codecs in the async transport.

• Micrometer/OTel observations & metrics (optinal).

• Off-lock connection disposal by the classic pooling connection manager. Experimental.

• SCRAM-SHA-256 authentication scheme (RFC 7804). Experimental.

• Request Priority support (RFC 9218). Experimental.

Compatibility notes:

• As of this version, HttpClient uses BUILTIN HostnameVerificationPolicy by default, delegating
  host verification to JSSE security manager. One must explicitly configure the TLS strategy
  to continue using the hostname verifier shipped with HttpClient.

• Five-second TCP keep-alive is now enabled by default.

v5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5
APIs and adds several experimental features and improvements, such as request multiplexing
over a shared HTTP/2 connection and the Classic API facade acting as a compatibility
bridge between classic I/O client services and the asynchronous message transport used
internally.

Notable changes and features included in the 5.5 series:

• Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

• The connection pool implementation acts as a caching facade in front of a standard
  managed connection pool and shares already leased connections to multiplex message
  exchanges over active HTTP/2 connections. Experimental.

• Extended Auth API and improved authentication protocol logic to support mutual
  authentication.

• The Classic API facade now acts as a compatibility bridge between the classic I/O client
  services (based on the standard InputStream / OutputStream model) and the asynchronous
  message transport used internally. This is experimental.

• HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

• As of this release, HttpClient does not automatically execute redirects if the original
  request manually added headers that are considered sensitive.

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.