Bump the maven-deps group with 8 updates

[dependabot]

Bumps the maven-deps group with 8 updates:

Package	From	To
com.puppycrawl.tools:checkstyle	13.1.0	13.2.0
org.junit:junit-bom	6.0.2	6.0.3
net.bytebuddy:byte-buddy	1.18.4	1.18.5
net.bytebuddy:byte-buddy-agent	1.18.4	1.18.5
org.apache.maven.plugins:maven-surefire-report-plugin	3.3.1	3.5.4
org.apache.maven.plugins:maven-dependency-plugin	3.9.0	3.10.0
com.squareup.okhttp3:okhttp	4.9.2	5.3.2
org.hamcrest:hamcrest-library	2.2	3.0

Updates com.puppycrawl.tools:checkstyle from 13.1.0 to 13.2.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.2.0

Checkstyle 13.2.0 - https://checkstyle.org/releasenotes.html#Release_13.2.0

New:

#16678 - new Check: NumericalPrefixesInfixesSuffixesCharacterCaseCheck numerical prefixes, infixes, and suffixes should be lowercase, except for "L"

Bug fixes:

#18653 - False-negative: HexLiteralCase does not throw violation on Hex float literals #18486 - False positive: JavadocParagraph reports violation when <`p`> is after tags

Commits

• 4dd3be8 [maven-release-plugin] prepare release checkstyle-13.2.0
• 84fa874 doc: release notes for 13.2.0
• 48dfde0 Issue #18809: removed xdocs section markers
• 8ffb662 Issue #17882: Add STRING_LITERAL token Javadoc with AST example
• d0dcddf Issue #18612: Remove redundant tokens property from CustomImportOrder in goog...
• a6594e0 Issue #18599: Disable InlineMeSuggester as Error Prone annotations are forbid...
• c1f7520 Issue #18843: Indentation Check Handlers should not have reference to check i...
• 6a0b1ed Issue #18856: Split openrewrite-refaster-rules ci job into two jobs
• 66b1f61 Issue #18836: Enable pitest EXPERIMENTAL_MEMBER_VARIABLE and exclude optimiza...
• c7da3ee dependency: Update Google Java Format version to 1.34.0
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 6.0.2 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.18.4 to 1.18.5

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Commits

• e01d09a [maven-release-plugin] prepare release byte-buddy-1.18.5
• 0cef4be [release] Release new version
• c880bab Fix hashcode equals generation.
• 05dc85e Instana attachpid file removal handling (#1884)
• 71448e3 Add ASM URL for copyright note.
• 9689261 Update checksums and internal Byte Buddy.
• 87c1368 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.4 to 1.18.5

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Commits

• e01d09a [maven-release-plugin] prepare release byte-buddy-1.18.5
• 0cef4be [release] Release new version
• c880bab Fix hashcode equals generation.
• 05dc85e Instana attachpid file removal handling (#1884)
• 71448e3 Add ASM URL for copyright note.
• 9689261 Update checksums and internal Byte Buddy.
• 87c1368 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.18.4 to 1.18.5

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Commits

• e01d09a [maven-release-plugin] prepare release byte-buddy-1.18.5
• 0cef4be [release] Release new version
• c880bab Fix hashcode equals generation.
• 05dc85e Instana attachpid file removal handling (#1884)
• 71448e3 Add ASM URL for copyright note.
• 9689261 Update checksums and internal Byte Buddy.
• 87c1368 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.3.1 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-report-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski

... (truncated)

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
• 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
• 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
• 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
• 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
• fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
• 1e63159 Name the shutdown hook (#3170)
• 76e806a feat: enable prevent branch protection rules (#3168)
• 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
• 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

• Introduce graphRoots for dependencyFilter based mojos (#1571) @​rfscholte

🐛 Bug Fixes

• Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins (#1583) @​slawekjaranowski
• Only log dependency classpath when no property/file output is specified (#1551) @​mwalser
• [MDEP-974] - strip ansi codes when writing to a file (#1564) @​elharo

📝 Documentation updates

• Add analyze-only to usage page (#1587) @​slawekjaranowski
• Move doc comment to correct location (#1568) @​elharo
• Focus on most recent version (#1537) @​elharo

👻 Maintenance

• Fix Jenkin bages in README (#1586) @​slawekjaranowski
• Improve dependencies filtering in AbstractAnalyzeMojo (#1579) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1574) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1569) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1563) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1562) @​slawekjaranowski
• Migration to JUnit 5 (#1558) @​slawekjaranowski
• JUnit Jupiter best practices (#1548) @​slachiewicz
• Migrate JUnit3 based Tests to JUnit 5 (#1541) @​sparsick

📦 Dependency updates

• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0 (#1584) @dependabot[bot]
• Bump org.assertj:assertj-core from 2.9.1 to 3.27.7 in /src/it/projects/analyze-testDependencyWithNonTestScope (#1581) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1578) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#1576) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1573) @dependabot[bot]
• Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 (#1572) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1570) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1559) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1552) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#1553) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#1554) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1555) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#1550) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (#1538) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#1539) @dependabot[bot]

Commits

• 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
• 68b5e47 Add analyze-only to usage page
• 09d5860 Fix Jenkin bages in README
• 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
• ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
• 0d88b66 Only log dependency classpath when no property/file output is specified
• 0075e31 Bump org.assertj:assertj-core (#1581)
• 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
• eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
• ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
• Additional commits viewable in compare view

Updates com.squareup.okhttp3:okhttp from 4.9.2 to 5.3.2

Changelog

Sourced from com.squareup.okhttp3:okhttp's changelog.

Version 5.3.2

2025-11-18

• Fix: Don't delay triggering timeouts. In Okio 3.16.0 we introduced a regression that caused timeouts to fire later than they were supposed to.

• Upgrade: [Okio 3.16.4][okio_3_16_4].

Version 5.3.1

2025-11-16

This release is the same as 5.3.0. Okio 3.16.3 didn't have a necessary fix!

• Upgrade: [Okio 3.16.3][okio_3_16_3].

Version 5.3.0

2025-10-30

• New: Add tags to Call, including computable tags. Use this to attach application-specific metadata to a Call in an EventListener or Interceptor. The tag can be read in any other EventListener or Interceptor.

    override fun intercept(chain: Interceptor.Chain): Response {
      chain.call().tag(MyAnalyticsTag::class) {
        MyAnalyticsTag(...)
      }
  return chain.proceed(chain.request())
  
  }

• New: Support request bodies on HTTP/1.1 connection upgrades.

• New: EventListener.plus() makes it easier to observe events in multiple listeners.

• Fix: Don't spam logs with ‘Method isLoggable in android.util.Log not mocked.’ when using OkHttp in Robolectric and Paparazzi tests.

• Upgrade: [Kotlin 2.2.21][kotlin_2_2_21].

• Upgrade: [Okio 3.16.2][okio_3_16_2].

• Upgrade: [ZSTD-KMP 0.4.0][zstd_kmp_0_4_0]. This update fixes a bug that caused APKs to fail [16 KB ELF alignment checks][elf_alignment].

Version 5.2.3

2025-11-18

... (truncated)

Commits

• 75b9c26 Prepare for release 5.3.2.
• ab48e5d Okio 3.16.4 (#9200)
• a9a4638 Prepare next development version.
• ef72228 Prepare for release 5.3.1.
• 6747167 Update com.squareup.okio to v3.16.3 (#9197)
• 0960b47 Prepare for release 5.3.0.
• bfb24eb Support Request Bodies on HTTP1.1 Connection Upgrades (#9159)
• cf4a864 Update Gradle to v9.2.0 (#9171)
• 4e7dbec Update dependency com.puppycrawl.tools:checkstyle to v12.1.1 (#9169)
• 0470853 Add tags to calls, including computable tags (#9168)
• Additional commits viewable in compare view

Updates org.hamcrest:hamcrest-library from 2.2 to 3.0

Release notes

Sourced from org.hamcrest:hamcrest-library's releases.

Hamcrest v3.0

Breaking Changes

• From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

• FileMatchersTest simplification ([PR #389](hamcrest/JavaHamcrest#389))
• License cleanup ([PR #414](hamcrest/JavaHamcrest#414), [PR #415](hamcrest/JavaHamcrest#415), see also #264, #355, #396, and #399)

Hamcrest v3.0-rc1

Breaking Changes

• From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

• FileMatchersTest simplification ([PR #389](hamcrest/JavaHamcrest#389))
• License cleanup ([PR #414](hamcrest/JavaHamcrest#414), [PR #415](hamcrest/JavaHamcrest#415), see also #264, #355, #396, and #399)

Changelog

Sourced from org.hamcrest:hamcrest-library's changelog.

Version 3.0 (1st August 2024)

Breaking Changes

• From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

• FileMatchersTest simplification ([PR #389](hamcrest/JavaHamcrest#389))
• License cleanup ([PR #414](hamcrest/JavaHamcrest#414), [PR #415](hamcrest/JavaHamcrest#415), see also #264, #355, #396,and #399)

Commits

• 68984b8 Version 3.0
• 1adc351 Fix javadoc title
• 4e2b71c Add instructions for releasing to Maven Central
• 3fa841d Revert version to 3.0-SNAPSHOT
• 750dc36 Prepare for version 3.0-rc1
• 1703e95 Fix broken tutorial link in README
• c4578ef Upgrade Gradle 8.8 -> 8.9
• a9923af Remove old, unused build definitions
• cf25e14 Cleanup README, fix broken links
• bc4769e Upgrade to GitHub-native Dependabot (#342)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions