Bump the minor-patch group across 1 directory with 10 updates

[dependabot]

Bumps the minor-patch group with 10 updates in the / directory:

Package	From	To
org.junit:junit-bom	6.0.2	6.0.3
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.pitest:pitest-maven	1.22.0	1.22.1
com.diffplug.spotless:spotless-maven-plugin	3.2.0	3.2.1
ch.qos.logback:logback-classic	1.5.26	1.5.32
software.amazon.awssdk:s3	2.41.14	2.41.29
software.amazon.awssdk.crt:aws-crt	0.42.2	0.43.3
com.azure:azure-storage-blob	12.33.0	12.33.2
com.google.cloud:google-cloud-storage	2.62.0	2.63.0
org.wiremock.integrations:wiremock-spring-boot	4.0.9	4.1.0

Updates org.junit:junit-bom from 6.0.2 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.pitest:pitest-maven from 1.22.0 to 1.22.1

Release notes

Sourced from org.pitest:pitest-maven's releases.

1.22.1

• #1445 pin dependencies in github actions
• #1449 bump asm to 9.9.
• #1452 Filter equivalent mutations to null final field assignments

Commits

• e195484 Merge pull request #1452 from hcoles/feature/null_final_fields
• 8b1781b do not mutate null assignments to final fields
• 5ec1570 failing test
• edc45e6 Merge pull request #1450 from hcoles/dependabot/maven/samples/org.assertj-ass...
• 991e4fc Merge pull request #1451 from hcoles/dependabot/maven/org.assertj-assertj-cor...
• f3a3657 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
• 0296b34 Bump org.assertj:assertj-core from 3.14.0 to 3.27.7 in /samples
• bfdeffe Merge pull request #1449 from hcoles/feature/bump_asm_9_9_1
• 92e8fe0 bump asm to 9.9.1
• 8092404 Merge pull request #1445 from mlachenmayr-celonis/feat/pin-github-actions
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.2.0 to 3.2.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.2.1

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.3.0] - 2026-01-27

Added

• Add P2Provisioner interface in lib-extra to enable build-tool-specific caching strategies for Eclipse P2 dependencies, fixing OutOfMemoryError in large multi-project builds. (#2788)

Fixed

• removeSemicolons() should not be applied to multiline strings in groovy #2780 (#2792)

[4.2.0] - 2026-01-22

Added

• Add a expandWildcardImports API for java (#2679)
• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Fixed

• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)
• Git ratchet no longer throws an error with Git worktrees. (#2779)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

[4.1.0] - 2025-11-18

Changes

• Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
• Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
• Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)
• POTENTIALLY BREAKING Removed support for ktlint versions below 1.0. (#2711)

Fixed

• palantirJavaFormat is no longer arbitrarily set to outdated versions on Java 17, latest available version is always used (#2686 fixes #2685)

Added

• Add a forbidModuleImports API for java (#2679)
• new options to customize Flexmark, e.g. to allow YAML front matter (#2616)

[4.0.0] - 2025-09-24

Changes

• BREAKING Bump the required Java to 17. (#2375, #2540)
• BREAKING Renamed RemoveWildcardImportsStep to ForbidWildcardImportsStep. (#2633)
• Bump JGit from 6.10.1 to 7.3.0 (#2257)
  • Adds support for worktrees (fixes #1765)

... (truncated)

Commits

• d0f4c3d Published maven/3.2.1
• 2b7f9de Published gradle/8.2.1
• 78e26e9 Published lib/4.3.0
• 33692c2 [fix] removeSemicolons() should not be applied to multiline strings in groo...
• 90628d8 Update changelog.
• 61864a2 Merge branch 'main' into fix-removeSemicolons
• 4864bc8 Fix Gradle Cache performance issue by supporting cached P2 provisionning via ...
• 075895c docs: Mention P2 caching for gradle plugin caching
• 57214bf feat: Supports P2 in predeclare
• 8aee8ac chore: Adds a GradleProvisioner test
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.26 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates software.amazon.awssdk:s3 from 2.41.14 to 2.41.29

Updates software.amazon.awssdk.crt:aws-crt from 0.42.2 to 0.43.3

Release notes

Sourced from software.amazon.awssdk.crt:aws-crt's releases.

v0.43.3

What's Changed

• Update crt checksums module by @​DmitriyMusatkin in awslabs/aws-crt-java#967

Full Changelog: awslabs/aws-crt-java@v0.43.2...v0.43.3

v0.43.2

What's Changed

• Add support for XXHash algos by @​DmitriyMusatkin in awslabs/aws-crt-java#966

Full Changelog: awslabs/aws-crt-java@v0.43.1...v0.43.2

v0.43.1

What's Changed

• skip when network unavailable by @​TingDaoK in awslabs/aws-crt-java#965

Full Changelog: awslabs/aws-crt-java@v0.43.0...v0.43.1

stream manager

What's Changed

• Update MQTT5 Canary by @​bretambrose in awslabs/aws-crt-java#941
• New unified stream manager & log the header by @​TingDaoK in awslabs/aws-crt-java#509

Full Changelog: awslabs/aws-crt-java@v0.42.2...v0.42.3

Commits

• 5b073f8 Update crt checksums module (#967)
• a49c06c Add support for XXHash algos (#966)
• 754473b skip when network unavailable (#965)
• 6b35e0b New unified stream manager (#509)
• 9ee809c Update MQTT5 Canary (#941)
• See full diff in compare view

Updates com.azure:azure-storage-blob from 12.33.0 to 12.33.2

Release notes

Sourced from com.azure:azure-storage-blob's releases.

com.azure+azure-storage-blob_12.33.2

12.33.2 (2026-02-05)

Bugs Fixed

• Fixed a bug where builders were only using a single credential when multiple credentials were added and credentials were silently overwritten for principle-bound user delegation SAS. All credential changes will now be logged at the info level; invalid combinations of credentials will throw an error.

Other Changes

Dependency Updates

• updated azure-storage-common from 12.32.1 to 12.32.2 in azure-storage-common.

Commits

• 3c77a8b Storage hotfix feb2026 (#47904)
• 0a9477c Prepare patch release 20260129 (#47854)
• 11468a1 Fix empty Dependency Updates section in patch release changelog (#47846)
• dd5c23d Fix race condition causing test flakiness (#47834)
• a4d3916 Update Spring Boot and Spring Cloud versions for the Spring compatibility tes...
• 3bc49f1 Upgrade external dependencies to align with Spring Boot 4.0.2 (#47785)
• 0b282c6 Sync .github/workflows directory with azure-sdk-tools for PR 13552 (#47840)
• 74fc2e7 [azure-ai-voicelive] Add live test (#47808)
• 1b93750 Adding support for the microsoftteamsapp identifier (#47770)
• 3a95021 Exclude CHANGELOG.md from git restore in patch release preparation (#47821)
• Additional commits viewable in compare view

Updates com.google.cloud:google-cloud-storage from 2.62.0 to 2.63.0

Release notes

Sourced from com.google.cloud:google-cloud-storage's releases.

v2.63.0

2.63.0 (2026-02-12)

Features

• Add a DeleteFolderRecursive API definition (87642bd)
• Added a new field ComposeObjectRequest.delete_source_objects field (87642bd)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.66.1 (87642bd)
• Validate blob paths to prevent directory traversal in TransferManager downloads (#3455) (49abf75)

Dependencies

• Update dependency com.google.cloud:sdk-platform-java-config to v3.56.1 (#3484) (3a5deee)
• Update dependency node to v24 (#3368) (ed2ddb7)

v2.62.1

2.62.1 (2026-01-28)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.66.0 (557be35)

Dependencies

• Update dependency com.google.cloud:sdk-platform-java-config to v3.56.0 (#3468) (d2a1a3a)
• Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.60.0 (#3466) (2b860e3)
• Update googleapis/sdk-platform-java action to v2.66.0 (#3469) (bd2f0c6)

Changelog

Sourced from com.google.cloud:google-cloud-storage's changelog.

2.63.0 (2026-02-12)

Features

• Add a DeleteFolderRecursive API definition (87642bd)
• Added a new field ComposeObjectRequest.delete_source_objects field (87642bd)
• Next release from main branch is 2.63.0 (#3486) (412b5fb)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.66.1 (87642bd)
• Validate blob paths to prevent directory traversal in TransferManager downloads (#3455) (49abf75)

Dependencies

• Update dependency com.google.cloud:sdk-platform-java-config to v3.56.1 (#3484) (3a5deee)
• Update dependency node to v24 (#3368) (ed2ddb7)

2.62.1 (2026-01-28)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.66.0 (557be35)

Dependencies

• Update dependency com.google.cloud:sdk-platform-java-config to v3.56.0 (#3468) (d2a1a3a)
• Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.60.0 (#3466) (2b860e3)
• Update googleapis/sdk-platform-java action to v2.66.0 (#3469) (bd2f0c6)

Commits

• 192ec10 chore(main): release 2.63.0 (#3491)
• ea31bf1 chore(main): release 2.62.2-SNAPSHOT (#3477)
• 418457c test(deps): update test libraries (#3370)
• 3343d43 test(deps): update cross product test dependencies (#3426)
• 412b5fb feat: next release from main branch is 2.63.0 (#3486)
• a8a2ae8 chore(deps): update storage release dependencies (#3478)
• 10ec1b6 chore: Ignore tests that are failing due to Public access prevention (#3489)
• ed2ddb7 deps: update dependency node to v24 (#3368)
• 87642bd chore: Update generation configuration at Sat Feb 7 02:50:34 UTC 2026 (#3479)
• 3a5deee deps: update dependency com.google.cloud:sdk-platform-java-config to v3.56.1 ...
• Additional commits viewable in compare view

Updates org.wiremock.integrations:wiremock-spring-boot from 4.0.9 to 4.1.0

Release notes

Sourced from org.wiremock.integrations:wiremock-spring-boot's releases.

4.1.0

🚀 New features and improvements

• feat: optionally turn off dirty context when using static port (refs #189) (#190) @​tomasbjerre

📦 Dependency updates

• chore(deps): updated dependencies (#191) @​tomasbjerre

Commits

• 96f167b chore(deps): dependencies (#191)
• 7815799 feat: optionally turn off dirty context when using static port (refs #189) (#...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions