Bump the dependencies group with 14 updates

[dependabot]

Bumps the dependencies group with 14 updates:

Package	From	To
org.mockito:mockito-core	5.2.0	5.5.0
org.apache.commons:commons-lang3	3.12.0	3.13.0
com.fasterxml.jackson.core:jackson-databind	2.14.2	2.15.2
com.fasterxml.jackson.core:jackson-annotations	2.14.2	2.15.2
com.fasterxml.jackson.core:jackson-core	2.14.2	2.15.2
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.14.2	2.15.2
org.slf4j:slf4j-api	2.0.6	2.0.9
ch.qos.logback:logback-classic	1.4.6	1.4.11
de.fraunhofer.iosb.ilt:SensorThings-SWE-Common	0.9	0.10
org.apache.maven.plugins:maven-release-plugin	2.5.3	3.0.1
org.owasp:dependency-check-maven	8.1.2	8.4.0
org.jacoco:jacoco-maven-plugin	0.8.8	0.8.10
org.apache.maven.plugins:maven-source-plugin	3.2.1	3.3.0
org.apache.maven.plugins:maven-gpg-plugin	3.0.1	3.1.0

Updates org.mockito:mockito-core from 5.2.0 to 5.5.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.5.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.5.0

• 2023-08-22 - 25 commit(s) by Andreas Turban, Chris Egerton, Róbert Papp, Thach Le, dependabot[bot]
• Bump org.gradle.toolchains.foojay-resolver-convention from 0.6.0 to 0.7.0 [(#3096)](mockito/mockito#3096)
• Excessive locking in TypeCachingBytecodeGenerator#BOOTSTRAP_LOCK [(#3095)](mockito/mockito#3095)
• Bump versions.bytebuddy from 1.14.5 to 1.14.6 [(#3094)](mockito/mockito#3094)
• Fixes 3087 : Add note on backporting to README [(#3090)](mockito/mockito#3090)
• Backporting policy [(#3087)](mockito/mockito#3087)
• Bump versions.errorprone from 2.21.0 to 2.21.1 [(#3083)](mockito/mockito#3083)
• Fixes #3077 : Report unused stubbing exceptions when test filter is no-op [(#3078)](mockito/mockito#3078)
• Unused stubbings are not reported when filters are used [(#3077)](mockito/mockito#3077)
• Bump versions.errorprone from 2.20.0 to 2.21.0 [(#3076)](mockito/mockito#3076)
• Bump com.gradle.enterprise from 3.14 to 3.14.1 [(#3074)](mockito/mockito#3074)
• Bump org.opentest4j:opentest4j from 1.2.0 to 1.3.0 [(#3072)](mockito/mockito#3072)
• Bump versions.junitJupiter from 5.9.3 to 5.10.0 [(#3071)](mockito/mockito#3071)
• Bump org.junit.platform:junit-platform-launcher from 1.9.3 to 1.10.0 [(#3070)](mockito/mockito#3070)
• Bump gradle/wrapper-validation-action from 1.0.6 to 1.1.0 [(#3069)](mockito/mockito#3069)
• Gradle 8.3 compatibility: buildDir -> layout.buildDirectory [(#3068)](mockito/mockito#3068)
• Bump com.gradle.enterprise from 3.13.4 to 3.14 [(#3067)](mockito/mockito#3067)
• Bump com.diffplug.spotless from 6.19.0 to 6.20.0 [(#3066)](mockito/mockito#3066)
• Toolchain for Test task [(#3064)](mockito/mockito#3064)
• Gradle build script improvements [(#3062)](mockito/mockito#3062)
• Fixes #3046 [(#3060)](mockito/mockito#3060)
• Fix Gradle 8.2 deprecation of Conventions in nexus plugin. [(#3056)](mockito/mockito#3056)
• Bump kotlinVersion from 1.8.22 to 1.9.0 [(#3055)](mockito/mockito#3055)
• Bump ru.vyarus.animalsniffer from 1.7.0 to 1.7.1 [(#3054)](mockito/mockito#3054)
• Gradle 8.2: work around fix for release publishing [(#3053)](mockito/mockito#3053)
• Rewire Jacoco for Gradle 8/9 [(#3052)](mockito/mockito#3052)
• Gradle 7.6 to 8.2 (conventions to extensions migration, mostly) [(#3051)](mockito/mockito#3051)
• Bump org.codehaus.groovy:groovy from 3.0.17 to 3.0.18 [(#3049)](mockito/mockito#3049)
• Mockito#reset Condescending Documentation [(#3046)](mockito/mockito#3046)
• Excessive locking in TypeCachingBytecodeGenerator#BOOTSTRAP_LOCK [(#3035)](mockito/mockito#3035)

v5.4.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.4.0

• 2023-06-18 - 22 commit(s) by Alexander von Trostorff, Andriy Redko, Benoit Maggi, Chris Povirk, DerFrZocker, Nicolas Ot, Tim van der Lippe, dependabot[bot], ellaella12
• Bump versions.errorprone from 2.19.1 to 2.20.0 [(#3041)](mockito/mockito#3041)
• Bump org.eclipse.platform:org.eclipse.osgi from 3.18.300 to 3.18.400 [(#3038)](mockito/mockito#3038)
• Bump com.google.auto.service:auto-service from 1.1.0 to 1.1.1 [(#3036)](mockito/mockito#3036)
• Bump com.github.ben-manes.versions from 0.46.0 to 0.47.0 [(#3034)](mockito/mockito#3034)
• Bump kotlinVersion from 1.8.21 to 1.8.22 [(#3033)](mockito/mockito#3033)
• Documentation about MockMakers slightly outdated in some places. Fixes #3031 [(#3032)](mockito/mockito#3032)
• Documentation about MockMakers slightly outdated in some places [(#3031)](mockito/mockito#3031)
• Bump versions.bytebuddy from 1.14.4 to 1.14.5 [(#3025)](mockito/mockito#3025)
• Edit DoAnswerStyleStubbing.isSet() to return true if there are answers [(#3020)](mockito/mockito#3020)
• Bump com.diffplug.spotless from 6.18.0 to 6.19.0 [(#3018)](mockito/mockito#3018)

... (truncated)

Commits

• 741fe81 Use multiple locks in TypeCachingBytecodeGenerator (#3095)
• 076e8ac Bump org.gradle.toolchains.foojay-resolver-convention (#3096)
• cb75cec Bump versions.bytebuddy from 1.14.5 to 1.14.6 (#3094)
• f673545 Add note on backporting policy to README (#3090)
• ece6107 Report unused stubbing exceptions when test filter is no-op (#3078)
• fd16dd1 Bump versions.errorprone from 2.21.0 to 2.21.1 (#3083)
• f5ad9e9 Bump versions.errorprone from 2.20.0 to 2.21.0 (#3076)
• 771425d Bump com.gradle.enterprise from 3.14 to 3.14.1 (#3074)
• 79d77fc Bump org.opentest4j:opentest4j from 1.2.0 to 1.3.0 (#3072)
• cbedebf Bump org.junit.platform:junit-platform-launcher from 1.9.3 to 1.10.0 (#3070)
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0

Updates com.fasterxml.jackson.core:jackson-databind from 2.14.2 to 2.15.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.14.2 to 2.15.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.14.2 to 2.15.2

Commits

• 1fe0290 [maven-release-plugin] prepare release jackson-core-2.15.2
• 30a7ba5 2.15.2 release
• 05a2500 Move test to better package
• 8989acf Update release notes wrt #1019
• 12824dd Allow override of StreamReadContraints default with `overrideDefaultStreamR...
• 8c3ea4f typo in release note (#1034)
• c1f4030 tiny change to README
• f1b0966 ...
• 9786590 add LICENSE back to jar (#1033)
• 381b4fe Update release notes
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.14.2 to 2.15.2

Updates org.slf4j:slf4j-api from 2.0.6 to 2.0.9

Updates ch.qos.logback:logback-classic from 1.4.6 to 1.4.11

Commits

• 4b159c4 prepare release 1.4.11
• 4633df5 revert Configurator interface to match that in version 1.4.8
• 70071fe start work on 1.4.11-SNAPSHOT
• 44e12a9 prepare release 1.4.10
• a1ec27a slight editing of logback-classic/src/main/java/module-info.java
• 0f80b01 remove Rank and RankValue from Configurator. These types have been replaced b...
• 48a7676 revert Configurator interface from logback-core to logback-classic
• c2abb72 remove commented out code
• b4c7117 start work on 1.4.10-SNAPSHOT
• d29732d prepare release 1.4.9
• Additional commits viewable in compare view

Updates de.fraunhofer.iosb.ilt:SensorThings-SWE-Common from 0.9 to 0.10

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 2.5.3 to 3.0.1

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.0.1

🐛 Bug Fixes

• [MRELEASE-1123] - Fix for Maven 4 compatibility (#186) @​slawekjaranowski
• [MRELEASE-1114] - Restore interactive mode for forked process (#189) @​slawekjaranowski
• [MRELEASE-1103] - Wrong file path used for master pw file (#181) @​cstamas
• [MRELEASE-851] - : javaHome argument is now honored in InvokerMavenExecutor (#182) @​prof-schnitzel

📦 Dependency updates

• [MRELEASE-1121] - Bump maven-shared-utils from 3.4.1 to 3.4.2 (#188) @​slawekjaranowski
• [MRELEASE-1121] - Bump maven-shared-utils from 3.3.4 to 3.4.1 (#183) @​dependabot
• Bump hamcrest-core from 1.3 to 2.2 (#180) @​dependabot

👻 Maintenance

• [MRELEASE-1127] - Refresh download page (#191) @​slawekjaranowski
• [MRELEASE-1077] - Add the since tag to the documentation (#190) @​nielsbasjes
• [MNG-6829] - Replace any StringUtils#isEmpty(String) and #isNotEmpty(String) (#185) @​timtebeek
• [MRELEASE-1122] - configure system requirements history (#184) @​hboutemy

3.0.0

• improve dependency declarations (#176) @​elharo
• update links (#175) @​elharo
• use more modern I/O that does not rely on the system encoding (#174) @​elharo
• http --> https (#177) @​elharo
• grammar nits (#178) @​elharo
• Prefer more modern try with resources over IOUtil.close (#179) @​elharo
• Mrelease 1116 (#173) @​michael-o
• [MRELEASE-1115] - Upgrade Parent to 39 (#172) @​michael-o
• [MRELEASE-1078] - Support version policy to read and use SCM tags and commits (#104) @​nielsbasjes
• [MRELEASE-431] - add user documentation for version policies (#169) @​hboutemy
• MRELEASE-1072 reuse original tag for next development version in case (#86) @​kwin
• [MRELEASE-1108] - Upgrade Maven SCM to 2.0.0-M3 (#157) @​michael-o
• [MRELEASE-1094] - Clean up dependencies (#144) @​michael-o
• [MRELEASE-1099] - allow using a shallow clone during release:perform (#139) @​BigMichi1
• [MRELEASE-1100] - Upgrade Maven SCM to 2.0.0-M2 (#143) @​michael-o

🐛 Bug Fixes

• [MRELEASE-1104] - fix stage goal when having both arguments and stagingRepository (#151) @​olamy

📦 Dependency updates

• Bump mrm-maven-plugin from 1.4.1 to 1.5.0 (#171) @​dependabot
• Bump apache/maven-gh-actions-shared from 2 to 3 (#167) @​dependabot
• Bump mrm-maven-plugin from 1.3.0 to 1.4.1 (#142) @​dependabot

... (truncated)

Commits

• 0fae89d [maven-release-plugin] prepare release maven-release-3.0.1
• 95cde3e [MRELEASE-1127] Refresh download page
• 33f0d91 [MRELEASE-1123] Fix for Maven 4 compatibility
• e89d46a [MRELEASE-1077] Add the since tag to the documentation
• 2ffacc8 [MRELEASE-1114] Restore interactive mode for forked process
• e3bf326 [MRELEASE-1121] Bump maven-shared-utils from 3.4.1 to 3.4.2
• 7b9282c [MNG-6829] Replace any StringUtils#isEmpty(String) and #isNotEmpty(String) (#...
• ad666d3 [MRELEASE-1122] configure system requirements history
• 6e152c9 [MRELEASE-1121] Bump maven-shared-utils from 3.3.4 to 3.4.1 (#183)
• 78e2329 Auto-link MRELEASE Jira
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 8.1.2 to 8.4.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 8.4.0

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

Version 8.3.1

Re-release of 8.3.0 as 8.3.1.

v8.3.0

Added

• Add LibmanAnalyzer (#5652)
• Update HTML report Dependencies header based on display settings (#5619)
• Add link to suppressed vulnerabilities header in HTML report (#5620)
• Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

• Fix npm alias present in requires of dependencies (#5703)
• Make Central URL configurable via CLI (#5667)
• Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Version 8.2.1

Fixed

• NullPointerException in MSBuildAnalyzer (#5589)
• SQL Syntax for Oracle (#5590)
• Use https:// URLs in report templates (#5582)

See the full listing of changes.

Version 8.2.0

Added

• Support msbuild Directory.build.props (#5475)
• better display of NPM audit references
• Add CVSS V3 results from NPM Audit results

... (truncated)

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 8.4.0 (2023-08-19)

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

See the full listing of changes.

Version 8.3.1 (2023-06-12)

Re-release of 8.3.0 as 8.3.1.

Version 8.3.0 (2023-06-12)

Added

• Add LibmanAnalyzer (#5652)
• Update HTML report Dependencies header based on display settings (#5619)
• Add link to suppressed vulnerabilities header in HTML report (#5620)
• Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

• Fix npm alias present in requires of dependencies (#5703)
• Make Central URL configurable via CLI (#5667)
• Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Version 8.2.1 (2023-03-23)

Fixed

• NullPointerException in MSBuildAnalyzer (#5589)
• SQL Syntax for Oracle (#5590)
• Use https:// URLs in report templates (#5582)

See the full listing of changes.

Version 8.2.0 (2023-03-22)

... (truncated)

Commits

• cc2db4c build: prepare release v8.4.0
• 17c5081 chore: prepare release (#5891)
• d1e5736 build(deps): bump com.google.guava:guava from 32.0.1-jre to 32.1.2-jre (#5850)
• e685b80 feat: Add support for Nexus v3 to NexusAnalyzer (#5849)
• a29afc4 fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• 49c6591 build(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#5889)
• 0f4553a build(deps): bump actions/setup-node from 3.8.0 to 3.8.1
• 8ee8214 build(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (#5877)
• d71f038 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0 (#5878)
• 5a55c81 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.8 to 0.8.10

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.10

Fixed bugs

• Agent should not require configuration of permissions for SecurityManager outside of its codeBase (GitHub #1425).

0.8.9

New Features

• JaCoCo now officially supports Java 19 and 20 (GitHub #1371, #1386).
• Experimental support for Java 21 class files (GitHub #1386).
• Add parameter to include the current project in the report-aggregate Maven goal (GitHub #1007).
• Component accessors generated by the Java compilers for records are filtered out during generation of report. Contributed by Tesla Zhang (GitHub #1393).

Fixed bugs

• Agent should not open java.lang package to unnamed module of the application class loader (GitHub #1334).

Non-functional Changes

• JaCoCo now depends on ASM 9.5 (GitHub #1299, #1368, #1416).
• JaCoCo build now requires JDK 11 (GitHub #1413).

Commits

• 8ea9668 Prepare release 0.8.10
• 8f1daf9 AgentModule should set ProtectionDomain when defining classes (#1425)
• 31f16d8 Upgrade ECJ to 3.33.0 (#1423)
• 3d58c42 Prepare for next development iteration
• c0ad781 Prepare release 0.8.9
• c561c13 Fix validation test for Java 21 (#1422)
• 461ebf3 Add validation test for JEP 432: Record Patterns (#1415)
• 5f12145 Upgrade ASM to 9.5 (#1416)
• b865890 Agent should not open java.lang package to unnamed module of the applicatio...
• 5bc2fae Upgrade spotless-maven-plugin to 2.35.0 and Eclipse JDT Formatter to 4.27 (#1...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.0

Commits

• 02a9847 [maven-release-plugin] prepare release maven-source-plugin-3.3.0
• f186993 [MSOURCES-135] Cleanup project code
• 021af55 [MSOURCES-134] Refresh download page
• b11a457 Use shared GitHub actions v3
• 7caf2b0 [MSOURCES-133] Upgrade Parent to 39 - ignore git blame
• dee4c10 [MSOURCES-133] Upgrade Parent to 39
• 452111f Add dependabot configuration
• e691ac3 s/MSOURCE/MSOURCES/
• 1ddffd8 Auto-link MSOURCE Jira
• 37ffefe Add pull request template
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.0.1 to 3.1.0

Commits

• 699e2ad [maven-release-plugin] prepare release maven-gpg-plugin-3.1.0
• f314f8e [MGPG-97] use gpgverify plugin to check dependencies signatures
• bad6b57 [MGPG-96] add INFO message
• 0498a82 [MGPG-95] don't GPG-sign .sigstore signatures
• 09b5be9 Auto-link MGPG Jira
• 1e0472f extract FilesCollector
• af9ccfd [MGPG-94] Ignore reformatting
• 5e51734 [MGPG-94] Integration tests - convert and reformat bsh to groovy
• 955ea0e [MGPG-94] Reformat code
• e160f43 [MGPG-94] Bump maven-plugins from 36 to 39
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[hylkevds]

@dependabot rebase

[dependabot]

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[hylkevds]

@dependabot recreate