Bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
org.mockito:mockito-core	5.20.0	5.22.0
org.apache.commons:commons-lang3	3.19.0	3.20.0
de.grundid.opendatalab:geojson-jackson	1.14	3.0
ch.qos.logback:logback-classic	1.5.18	1.5.32
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.apache.maven.plugins:maven-release-plugin	3.1.1	3.3.1
org.owasp:dependency-check-maven	12.1.6	12.2.0
org.jacoco:jacoco-maven-plugin	0.8.13	0.8.14
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0

Updates org.mockito:mockito-core from 5.20.0 to 5.22.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

Commits

• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• 9e5d449 Add tests for Sets utility class (#3771)
• 8d9a62f Bump actions/upload-artifact from 5 to 6 (#3774)
• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0

Updates de.grundid.opendatalab:geojson-jackson from 1.14 to 3.0

Commits

• 9808af9 [maven-release-plugin] prepare release geojson-jackson-3.0 [ci skip]
• f865bf5 inc version to align with jackson
• dc01b79 [maven-release-plugin] prepare for next development iteration
• 1178e49 [maven-release-plugin] prepare release geojson-jackson-1.19 [ci skip]
• 0a07d8f release config update
• fdda76c [maven-release-plugin] prepare for next development iteration
• 8448366 [maven-release-plugin] prepare release geojson-jackson-1.17 [ci skip]
• 6f57a75 [maven-release-plugin] rollback the release of geojson-jackson-1.17
• b844be4 updated deps
• d43b90c [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.3.1

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.3.1

💥 Breaking changes

• Revert inclusion of ci skip in release commit msg (#1445) @​rvesse

🐛 Bug Fixes

• Revert inclusion of ci skip in release commit msg (#1445) @​rvesse

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444) @dependabot[bot]

3.3.0

💥 Breaking changes

• Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @​kwin

🚀 New features and improvements

• Fixed #1426 : Replace archived org.semver:api with custom SemVer implementation (#1430) @​HarshMehta112
• Introduce new SemVer policies (#1424) @​slawekjaranowski
• Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @​kwin

🐛 Bug Fixes

• Check all project parents for SCM information. (#1421) @​slawekjaranowski

👻 Maintenance

• Fix license header in xml files (#1443) @​slawekjaranowski
• Make implementation of new SemVer policies private for project (#1440) @​slawekjaranowski
• Resolve todo that led to pointless asserts (#1442) @​elharo
• Prefer JDK join method (#1434) @​elharo
• Remove old-style plexus annotation (#1432) @​elharo
• Clean up exceptions (#1433) @​elharo
• Replace deprecated classes (#1438) @​elharo
• Simplify code (#1429) @​elharo
• Fix spelling typo (#1431) @​elharo
• Prefer JDK join method (#1428) @​elharo
• Fixed #1410 [DOCS] Update Javadoc return tags in ReleaseDescriptor.java (#1427) @​HarshMehta112
• Remove manual configuration for plugin requirementsHistories (#1425) @​slawekjaranowski
• Correct misleading @​return descriptions in Javadoc (#1413) @​HarshMehta112
• Migrate JUnit 3/4 to JUnit 5 (#1414) @​slawekjaranowski
• Add tag-template to release-drafter configuration (#1415) @​slawekjaranowski
• Fix assertions and cleanups in Mojo Tests (#1412) @​slawekjaranowski
• Fix Javadoc issues per Oracle conventions (#1408) @​elharo
• Migrate JUnit 3/4 to JUnit 5 (#1411) @​slawekjaranowski

... (truncated)

Commits

• 7e8ebac [maven-release-plugin] prepare release maven-release-3.3.1
• f0f28e5 Revert inclusion of ci skip in release commit msg
• 2a82901 Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444)
• c8613d2 [maven-release-plugin] prepare for next development iteration
• 2b8adaa [maven-release-plugin] prepare release maven-release-3.3.0
• 88630f9 Fixed #1426 : Replace archived org.semver:api with custom SemVer implemen...
• 7af8ace Fix license header in xml files
• 8914b84 Make implementation of new SemVer policies private for project
• 7e861f0 Resolve todo that led to pointless asserts (#1442)
• 422f895 Prefer JDK join method (#1434)
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.6 to 12.2.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.9

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.8

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.7

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.0 (2026-01-09)

• feat: package and utilize generated suppression file (#8116)

• feat: override pnpm audit registry parameter (#8158)

• feat: support multiple cvssBelow thresholds per version (#2563) (#8024)

• feat: usage telemetry via scarf (#8066)

• feat: add new suppression xsd allowing grouping of suppressions (#7957)

• fix(ant): resolve relative paths against basedir (#8202)

• fix: add hint for Elastic APM Java agent CPE mapping (#8200)

• fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#8205)

• fix(ant): resolve paths relative to basedir for suppression and output

• fix: correct XML/JSON report CVSS field & HTML report URL mappings (#8156)

• fix: log GrokAssembly output when dotnet invocation fails (#8141)

• fix: correct reliability of Central etc (JCS cache) analyzers on Java 25/Docker by making CLI classpath deterministic (#8117)

• docs: Update & correct README (#8166)

• docs: update suppression schema version (#8136)

• docs: fix typos in some files (#8135)

• chore: remove duplicate suppression rules from base that are in the generated branch (#8138)

• chore: remove suppression rules that were deleted from the generatedSuppression branch (#8119)

• build: transition dependency to org.eclipse.parsson groupId (#8128)

• See the full listing of changes

Version 12.1.9 (2025-11-11)

• fix: correct bundle audit gem in Dockerfile (#8121)
• fix: normalization during comparisons (#8046)
• docs: document multiple configurations for gradle (#8111)
• docs: fix typos in some files (#8106)
• docs: Update SBT plugin link; fix dead report link (#8086)
• chore: Replace deprecated lucene methods (#8079)
• docs: fix #8076 - Error in documentation "Suppressing False Positives" (#8077)
• fix(fp): Improve false positive suppression for matches against golang web_project (#8059)
• fix(fp): Consolidate/update icu4j suppressions for false positives (#8062)
• fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#8063)
• fix(fp): Suppress false positive CPEs for protobuf-java per #7854 (#8064)

See the full listing of changes

Version 12.1.8 (2025-10-13)

• fix: improve VulnerableSoftware comparison (#8031)
• build: fix flaky central test (#8039)
• docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#8036)
• docs: add note about central analyzer for gradle (#8038)

See the full listing of changes

Version 12.1.7 (2025-10-12)

... (truncated)

Commits

• 909229e build: prepare release v12.2.0
• f6f3d76 chore: reset snapshot version and fix site
• 67d0d1a build: Release 12.2.0 (#8216)
• 6f46091 build: prepare for next development iteration
• 9ec772f build: prepare release v12.2.0
• e81b240 docs: prepare release 12.2.0
• 41f1cdf build(deps): bump junit.version from 5.14.1 to 5.14.2 (#8214)
• 26cfd65 build(deps): bump org.sonatype.central:central-publishing-maven-plugin from 0...
• f437aa0 fix(ant): resolve relative paths against basedir (#8202)
• 7f63b48 Merge branch 'main' into fix-7918-ant-relative-paths
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

• JaCoCo now officially supports Java 25 (GitHub #1950).
• Experimental support for Java 26 class files (GitHub #1870).
• Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
• Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
• Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
• Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
• Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
• Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
• Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

• Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
• Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

• JaCoCo now depends on ASM 9.9 (GitHub #1965).

Commits

• 2eb2483 Prepare release v0.8.14
• de76181 KotlinSerializableFilter should filter more methods (#1971)
• 89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
• 0981128 Migrate release staging to the Central Publisher Portal (#1968)
• d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
• 5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
• c2fe5cc Upgrade ASM to 9.9 (#1965)
• b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
• c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
• faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions