chore: bump the production-minor-patch group across 1 directory with 8 updates

[dependabot]

Bumps the production-minor-patch group with 8 updates in the / directory:

Package	From	To
org.slf4j:slf4j-simple	2.0.16	2.0.17
org.owasp:dependency-check-maven	12.1.1	12.1.3
org.junit.jupiter:junit-jupiter-api	5.11.3	5.13.4
org.junit.jupiter:junit-jupiter	5.11.3	5.13.4
org.assertj:assertj-core	3.26.3	3.27.5
org.slf4j:slf4j-api	2.0.16	2.0.17
org.springframework.boot:spring-boot	3.4.4	3.5.6
org.springframework:spring-core	6.2.5	6.2.11

Updates org.slf4j:slf4j-simple from 2.0.16 to 2.0.17

Updates org.owasp:dependency-check-maven from 12.1.1 to 12.1.3

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.3

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.2

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.3 (2025-06-10)

• fix: correct regex matches introduced in 12.1.2 (#7726)
• build(deps): bump org.semver4j:semver4j from 5.7.0 to 5.7.1 (#7718)
• build(deps): bump junit.version from 5.13.0 to 5.13.1 (#7719)

See the full listing of changes

Version 12.1.2 (2025-06-07)

• fix: Allow configuring OSS Index user/pw directly (#7640)
• fix: remove vulnerable transitive dependency - beanutils (#7705)
• fix: Simplify PHP framework suppression for Composer (#7693)
• fix: update CPE pattern to remove FP (#7684)
• fix(cli): Patch generated Windows shell script for JAVACMD installs with spaces (#7653)
• fix: Resolve various WCAG accessibility / css issues in the HTML report (#7629)
• fix: #7510 Display a dedicated message when receiving an HTTP 403 (#7575)
• docs: Make Vulnerability Sources in Related Work clearer (#7691)
• docs: #7610 add a reference to NVD mirroring in getting started documentation (#7611)

See the full listing of changes

Commits

• dfd437e build: prepare release v12.1.3
• 84d3436 docs: release 12.1.3
• f9e6b79 fix: correct regex matches introduced in 12.1.2 (#7726)
• 2b548f8 build(deps): bump org.semver4j:semver4j from 5.7.0 to 5.7.1 (#7718)
• a58584f build(deps): bump junit.version from 5.13.0 to 5.13.1 (#7719)
• 7fdad34 build(deps): bump org.semver4j:semver4j from 5.7.0 to 5.7.1
• cc18626 build: Release 12.1.2 (#7714)
• 7f9b258 build: prepare for next development iteration
• 4744206 build: prepare release v12.1.2
• 624c3ca docs: release 12.1.2
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-api from 5.11.3 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter-api's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

JUnit 5.13.2 = Platform 1.13.2 + Jupiter 5.13.2 + Vintage 5.13.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.1...r5.13.2

JUnit 5.13.1 = Platform 1.13.1 + Jupiter 5.13.1 + Vintage 5.13.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0...r5.13.1

JUnit 5.13.0 = Platform 1.13.0 + Jupiter 5.13.0 + Vintage 5.13.0

See Release Notes.

New Contributors

• @​Oyster-zx made their first contribution in junit-team/junit5#4311
• @​etrandafir93 made their first contribution in junit-team/junit5#4336
• @​hanszt made their first contribution in junit-team/junit5#3377
• @​ngocnhan-tran1996 made their first contribution in junit-team/junit5#4545

Full Changelog: junit-team/junit-framework@r5.12.2...r5.13.0

JUnit 5.13.0-RC1 = Platform 1.13.0-RC1 + Jupiter 5.13.0-RC1 + Vintage 5.13.0-RC1

See Release Notes.

New Contributors

• @​hanszt made their first contribution in junit-team/junit5#3377

Full Changelog: junit-team/junit-framework@r5.13.0-M3...r5.13.0-RC1

JUnit 5.13.0-M3 = Platform 1.13.0-M3 + Jupiter 5.13.0-M3 + Vintage 5.13.0-M3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0-M2...r5.13.0-M3

... (truncated)

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.11.3 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

JUnit 5.13.2 = Platform 1.13.2 + Jupiter 5.13.2 + Vintage 5.13.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.1...r5.13.2

JUnit 5.13.1 = Platform 1.13.1 + Jupiter 5.13.1 + Vintage 5.13.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0...r5.13.1

JUnit 5.13.0 = Platform 1.13.0 + Jupiter 5.13.0 + Vintage 5.13.0

See Release Notes.

New Contributors

• @​Oyster-zx made their first contribution in junit-team/junit5#4311
• @​etrandafir93 made their first contribution in junit-team/junit5#4336
• @​hanszt made their first contribution in junit-team/junit5#3377
• @​ngocnhan-tran1996 made their first contribution in junit-team/junit5#4545

Full Changelog: junit-team/junit-framework@r5.12.2...r5.13.0

JUnit 5.13.0-RC1 = Platform 1.13.0-RC1 + Jupiter 5.13.0-RC1 + Vintage 5.13.0-RC1

See Release Notes.

New Contributors

• @​hanszt made their first contribution in junit-team/junit5#3377

Full Changelog: junit-team/junit-framework@r5.13.0-M3...r5.13.0-RC1

JUnit 5.13.0-M3 = Platform 1.13.0-M3 + Jupiter 5.13.0-M3 + Vintage 5.13.0-M3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0-M2...r5.13.0-M3

... (truncated)

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.11.3 to 5.13.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

JUnit 5.13.2 = Platform 1.13.2 + Jupiter 5.13.2 + Vintage 5.13.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.1...r5.13.2

JUnit 5.13.1 = Platform 1.13.1 + Jupiter 5.13.1 + Vintage 5.13.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0...r5.13.1

JUnit 5.13.0 = Platform 1.13.0 + Jupiter 5.13.0 + Vintage 5.13.0

See Release Notes.

New Contributors

• @​Oyster-zx made their first contribution in junit-team/junit5#4311
• @​etrandafir93 made their first contribution in junit-team/junit5#4336
• @​hanszt made their first contribution in junit-team/junit5#3377
• @​ngocnhan-tran1996 made their first contribution in junit-team/junit5#4545

Full Changelog: junit-team/junit-framework@r5.12.2...r5.13.0

JUnit 5.13.0-RC1 = Platform 1.13.0-RC1 + Jupiter 5.13.0-RC1 + Vintage 5.13.0-RC1

See Release Notes.

New Contributors

• @​hanszt made their first contribution in junit-team/junit5#3377

Full Changelog: junit-team/junit-framework@r5.13.0-M3...r5.13.0-RC1

JUnit 5.13.0-M3 = Platform 1.13.0-M3 + Jupiter 5.13.0-M3 + Vintage 5.13.0-M3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.0-M2...r5.13.0-M3

... (truncated)

Commits

• 8a21048 Release 5.13.4
• 9a38789 Finalize 5.13.4 release notes
• 458325c Log only once per implementation type for CloseableResource types
• 976a110 Protect against potential problems when converting file-based selectors
• e94f728 Allow default package for PackageSource
• b60fecf Fail on classpath resource names that are blank after removing leading /
• 6378c88 Remove java.* packages from Import-Package headers in all jars (#4738)
• 1a360f3 Create initial 5.13.4 release notes from template
• 806fc9a Document #4689 in release notes
• 1653839 Document #4686 in release notes
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.26.3 to 3.27.5

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.17.7 #3947
• Upgrade to JUnit BOM 5.13.4 #3947

Guava

• Upgrade to Guava 33.4.8-jre #3947

v3.27.4

🚫 Deprecated

Core

• Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
• Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
• Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

• Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

• Migrate to the Central Publisher Portal, enable snapshot publishing #3881

Core

• Annotate fail methods with custom @Contract #3882

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​kelunik

v3.27.3

💥 Breaking Changes

... (truncated)

Commits

• dd4cc1d [maven-release-plugin] prepare release assertj-build-3.27.5
• 1d0defc Add missing permission to release workflow
• 844d5d0 Add missing GitHub Actions pinning to CodeQL workflow
• bdd7106 Add CodeQL custom workflow
• a93d7e6 Remove EOL Java 24
• 26ea866 Update production dependencies (#3947)
• c294435 Pin GitHub Actions dependencies, switch to weekly update schedule (#3932)
• 1b4ac27 [maven-release-plugin] prepare for next development iteration
• 7a64cde [maven-release-plugin] prepare release assertj-build-3.27.4
• feb5f6f Annotate fail methods with custom @Contract (#3882)
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.16 to 2.0.17

Updates org.springframework.boot:spring-boot from 3.4.4 to 3.5.6

Release notes

Sourced from org.springframework.boot:spring-boot's releases.

v3.5.6

🐞 Bug Fixes

• Quoted -D arguments break system property resolution on Linux with Spring AOT #47166
• Groovy Templates fails with an NPE when rendering an auto new line #47139
• available() does not behave correctly when reading stored entries from a NestedJarFile #47057
• spring-boot-docker-compose doesn't create service connections when image has registry host but not project #47019
• Flyway Ignore Migration Patterns setting can't be set to an empty string #47013

📔 Documentation

• Default value of server.tomcat.resource.cache-ttl is not documented #47253
• Document Java 25 support #47245
• Fix links to Flyway reference documentation #46988
• Clarify Javadoc of Customizer interfaces about overriding behavior #46942

🔨 Dependency Upgrades

• Upgrade to Ehcache3 3.10.9 #47106
• Upgrade to Elasticsearch Client 8.18.6 #47094
• Upgrade to Gson 2.13.2 #47158
• Upgrade to Hibernate 6.6.29.Final #47216
• Upgrade to HikariCP 6.3.3 #47187
• Upgrade to HttpCore5 5.3.5 #47108
• Upgrade to Infinispan 15.2.6.Final #47109
• Upgrade to Jakarta Activation 2.1.4 #47188
• Upgrade to Jakarta Mail 2.1.4 #47110
• Upgrade to Jaybird 6.0.3 #47111
• Upgrade to Jetty 12.0.27 #47159
• Upgrade to jOOQ 3.19.26 #47160
• Upgrade to Lombok 1.18.40 #47113
• Upgrade to MariaDB 3.5.6 #47189
• Upgrade to Maven Failsafe Plugin 3.5.4 #47190
• Upgrade to Maven Shade Plugin 3.6.1 #47191
• Upgrade to Maven Surefire Plugin 3.5.4 #47192
• Upgrade to Micrometer 1.15.4 #47083
• Upgrade to Micrometer Tracing 1.5.4 #47084
• Upgrade to Netty 4.1.127.Final #47127
• Upgrade to R2DBC MSSQL 1.0.3.RELEASE #47193
• Upgrade to Reactor Bom 2024.0.10 #47085
• Upgrade to Spring AMQP 3.2.7 #47086
• Upgrade to Spring Batch 5.2.3 #47087
• Upgrade to Spring Data Bom 2025.0.4 #47088
• Upgrade to Spring Framework 6.2.11 #47089
• Upgrade to Spring GraphQL 1.4.2 #47090
• Upgrade to Spring Integration 6.5.2 #47091
• Upgrade to Spring Kafka 3.3.10 #47092
• Upgrade to Spring Pulsar 1.2.10 #47093
• Upgrade to Spring Security 6.5.5 #47257
• Upgrade to Tomcat 10.1.46 #47194

... (truncated)

Commits

• 23bcd7b Release v3.5.6
• d96267f Merge branch '3.4.x' into 3.5.x
• 9363f03 Next development version (v3.4.11-SNAPSHOT)
• a465cdb Revert "Upgrade to Jakarta XML Bind 4.0.4"
• 391e745 Merge branch '3.4.x' into 3.5.x
• ad9a7ee Revert "Upgrade to Jakarta XML Bind 4.0.4"
• 66ba918 Document support for Java 25
• 943f0ae Merge branch '3.4.x' into 3.5.x
• 43fee16 Upgrade to Spring Batch 5.2.3
• 11de7d1 Upgrade to Spring Batch 5.2.3
• Additional commits viewable in compare view

Updates org.springframework:spring-core from 6.2.5 to 6.2.11

Release notes

Sourced from org.springframework:spring-core's releases.

v6.2.11

⭐ New Features

• Missing @Nullable on JsonPathAssertions.isEqualTo #35445
• Graceful fallback for non-default NIO.2 FileSystems #35443
• Avoid thread pinning in SseEmitter, ResponseBodyEmitter #35423
• Detect Informix error codes as DuplicateKeyException #35400
• Inconsistent nullability for String value arguments in ResponseCookie from*() factory methods #35377
• Revisit taskTerminationTimeout semantics on SimpleAsyncTaskExecutor/Scheduler #35372
• StandardEvaluationContext.setBeanResolver should allow @Nullable BeanResolver #35371

🐞 Bug Fixes

• "mainThreadPrefix = null " Causing multiple background bean locks to be blocked #35409
• Annotation not found on parameter in overridden method unless method is public #35349
• Annotations on overridden methods not found in type hierarchy with unresolved generics #35342
• Performance degradation when using singleton beans with Provider #35330
• JettyClientHttpConnector buffer leak in Spring Framework 6.2 #35319
• Spring application hangs on shutdown with @Scheduled(cron=…) when custom ScheduledExecutorService bean is defined (Java 19+) #35316

📔 Documentation

• Document potential need to use Mockito.doXxx() to stub a @MockitoSpyBean #35410
• Fix links to Reactive Libraries and RestTemplate #35392
• Fix broken link in WebDriver docs #35374
• Document Web DataBinder support for RouterFunction #35367
• Improve documentation for ApplicationEvents to clarify recommended usage #35335
• Document terms and units in DataSize.parse() #35298
• Refine @Contract Javadoc #35285
• Correct the default value of nestedTransactionAllowed in JpaTransactionManager javadoc #35212

🔨 Dependency Upgrades

• Upgrade to Micrometer 1.14.11 #35455
• Upgrade to Reactor 2024.0.10 #35454

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​Kehrlann, @​acktsap, @​khj68, @​ngocnhan-tran1996, @​scordio, and @​sgflt

v6.2.10

⭐ New Features

• Optimize NIO path resolution in PathEditor #35304
• Make type in ProblemDetail nullable #35294
• Refine UriUtils#decode and StringUtils#uriDecode implementation and documentation #35253
• Provide configurable useCaches option for URLConnection usage in UrlResource (avoiding jar file leak) #35218

... (truncated)

Commits

• 4c13425 Release v6.2.11
• d17601e Upgrade to Undertow 2.3.19, RxJava 3.1.11, Aalto 1.3.3
• 5b38761 Clarify intended nestedTransactionAllowed default in JpaTransactionManager
• 0e3e34b Find annotations on parameters in overridden non-public methods
• 4745c7c Name local variables consistently
• 275fb52 Upgrade to Reactor 2024.0.10 and Micrometer 1.14.11
• 7f9aa39 Polishing
• c788554 Avoid thread pinning in SseEmitter, ResponseBodyEmitter
• 9e8c640 Make JsonPathAssertions#isEqualTo parameter nullable
• ebb8e34 Upgrade to Jetty 12.0.26, Jetty Reactive HttpClient 4.0.11, Netty 4.1.127, Ht...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.