Bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
tools.jackson:jackson-bom	3.1.3	3.1.4
ch.qos.logback:logback-classic	1.5.32	1.5.34
de.fraunhofer.iosb.ilt:Configurable	0.37	0.38
org.eclipse.parsson:parsson	1.1.7	1.1.9
org.junit.jupiter:junit-jupiter	6.0.3	6.1.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6
com.diffplug.spotless:spotless-maven-plugin	3.5.0	3.6.0

Updates tools.jackson:jackson-bom from 3.1.3 to 3.1.4

Commits

• 4085e4d [maven-release-plugin] prepare release jackson-bom-3.1.4
• f8e1a4e Prep for 3.1.4 release
• 47eb6ea Merge branch '2.x' into 3.1
• 902ec69 Update Woodstox/stax2-api (to 7.2.0/4.3.0)
• d5df403 Post-release dep version bump
• 7ed6798 [maven-release-plugin] prepare for next development iteration
• 2570647 Merge branch '2.21' into 2.x
• 9d3a9d5 Post-release dep version bump
• 84bcf7f [maven-release-plugin] prepare for next development iteration
• 374fbd0 [maven-release-plugin] prepare release jackson-bom-2.21.3
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.32 to 1.5.34

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.34

2026-06-01 Release of logback version 1.5.34

• In case certain StackTraceElement values returned by the Throwable.getStackTrace method are null, StackTraceElementProxy substitutes a dummy instance instead of throwing an IllegalArgumentException. This resolves [issues #1040](qos-ch/logback#1040), reported by Naotsugu Kobayashi.

• HardenedObjectInputStream will now throw an InvalidClassException during deserialization attempts of Proxy classes. This change addresses potential deserialization whitelist bypass vulnerability reported by York Shen and registered as CVE-2026-10532.

• A bitwise identical binary of this version can be reproduced by building from source code at commit e62272ac152469aec1ede056c3c7d0d7314e7bfe associated with the tag v_1.5.34. This release was built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.33

2026-05-27 Release of logback version 1.5.33

• PropertiesConfiguratorModelHandler now registers properties file URLs to the ConfigurationWatchList when scan is enabled (via local scan="true" attribute or top-level configuration scan), ensuring changes are detected and reconfiguration occurs. This problem was reported in issues/1034.

• When processing <conversionRule> elements and both class and converterClass attributes are specified, silently use the class attribute without issuing a warning. However, if the attribute values differ, a warning will be issued. This change was requested in issues/1031.

• HardenedModelInputStream will no longer accept to deserialize all classes located under the "java.lang" and "java.util" packages but a limited number of explicitly authorized classes in those packages. This potential deserialization whitelist bypass vulnerability was reported by York Shen and registered as CVE-2026-9828.

• SSL parameters for SSLSocketAppender now enable hostname verification by default. Moreover, the default protocol is now "TLSv1.2". This potential vulnerability was reported by York Shen.

• When printing the status message field, ViewStatusMessagesServletBase now escapes special characters such as "&" as character entities. This potential vulnerability was reported by York Shen.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 124e8b49b55ac34d08743a0646bd463410192647 associated with the tag v_1.5.33. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e62272a prepare release 1.5.34
• 1e9e926 add resolveProxyClassRejectsDynamicProxies unit test
• 2de5cbe added StackTraceElementProxyTest, minor edits to AGENTS.md
• 0e9b927 in case StackTraceElement is null use a substitute, fixing issues/1040
• f7a0654 prevent resolveProxyClass bypass
• 249b81f docs are no longer distributed
• 1c3b26a start work on 1.5.34-SNAPSHOT
• 124e8b4 prepare release 1.5.33
• d8fd6f2 escapeTags in message field when printing status messages
• 95edbeb hostnameVerification default to true in SSLParametersConfiguration, SSL.DEFAU...
• Additional commits viewable in compare view

Updates de.fraunhofer.iosb.ilt:Configurable from 0.37 to 0.38

Changelog

Sourced from de.fraunhofer.iosb.ilt:Configurable's changelog.

Version 0.38

Updates

• [FX] Hide options dropdown in map (class) editor when its empty.
• Updated dependencies.

Commits

• fd42353 Release v0.38
• 1f4410d [FX] Hide options dropdown in map (class) editor when its empty
• 5edf948 Bump the dependencies group across 1 directory with 7 updates (#178)
• e54d5f6 Bump the dependencies group across 1 directory with 2 updates (#173)
• 0b1d067 Bump the dependencies group with 2 updates (#165)
• 5e3654a Bump the dependencies group across 1 directory with 7 updates (#170)
• 26df65e Bump the dependencies group across 1 directory with 2 updates (#164)
• 5d7485b Bumped dependencies
• af77ab1 Prepare for next development iteration
• See full diff in compare view

Updates org.eclipse.parsson:parsson from 1.1.7 to 1.1.9

Release notes

Sourced from org.eclipse.parsson:parsson's releases.

1.1.9

What's Changed

• Publish Central releases automatically by @​jbescos in eclipse-ee4j/parsson#171

Full Changelog: eclipse-ee4j/parsson@1.1.8...1.1.9

1.1.8

What's Changed

• Update deprecated GH actions by @​jbescos in eclipse-ee4j/parsson#136
• Make JsonArrayImpl implement RandomAccess by @​marschall in eclipse-ee4j/parsson#135
• Implement JsonStructureParser.currentEvent() by @​marschall in eclipse-ee4j/parsson#134
• Remove unused method by @​pzygielo in eclipse-ee4j/parsson#137
• Rename parameter to match field by @​pzygielo in eclipse-ee4j/parsson#138
• Implement JsonStructureParser#getValue methods by @​marschall in eclipse-ee4j/parsson#140
• Use assertThrows by @​marschall in eclipse-ee4j/parsson#142
• Fix compilation failes by @​marschall in eclipse-ee4j/parsson#144
• Adding Dependabot for dependency management by @​mswatosh in eclipse-ee4j/parsson#148
• json input size limit by @​jbescos in eclipse-ee4j/parsson#169
• Add Maven Central publishing release profile by @​jbescos in eclipse-ee4j/parsson#170

New Contributors

• @​marschall made their first contribution in eclipse-ee4j/parsson#135
• @​mswatosh made their first contribution in eclipse-ee4j/parsson#148

Full Changelog: eclipse-ee4j/parsson@1.1.7...1.1.8

Commits

• f7204e8 Prepare release org.eclipse.parsson:project:1.1.9
• 2d01f00 Publish Central releases automatically (#171)
• 10920a2 Add Maven Central publishing release profile (#170)
• 134e8d1 json input size limit (#169)
• 0789993 Adding Dependabot for dependency management (#148)
• 216b15d Fix compilation failes (#144)
• 34177db Use assertThrows (#142)
• 9d67960 Implement JsonStructureParser#getValue methods (#140)
• 7c8c244 Rename parameter to match field (#138)
• 4dda2e0 Remove unused method (#137)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 6.0.3 to 6.1.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

• @​JarvisCraft made their first contribution in junit-team/junit-framework#5633
• @​Maran23 made their first contribution in junit-team/junit-framework#5644

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

• @​mariokhoury4 made their first contribution in junit-team/junit-framework#4574
• @​Ogu1208 made their first contribution in junit-team/junit-framework#5145
• @​HyungGeun94 made their first contribution in junit-team/junit-framework#5271
• @​yalishevant made their first contribution in junit-team/junit-framework#5316
• @​JINU-CHANG made their first contribution in junit-team/junit-framework#5290
• @​jaschdoc made their first contribution in junit-team/junit-framework#5427
• @​kawshikbuet17 made their first contribution in junit-team/junit-framework#5561
• @​msridhar made their first contribution in junit-team/junit-framework#5602

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

• @​vy made their first contribution in junit-team/junit-framework#5041
• @​Pankraz76 made their first contribution in junit-team/junit-framework#5006
• @​arukiidou made their first contribution in junit-team/junit-framework#5066
• @​laeubi made their first contribution in junit-team/junit-framework#5092
• @​jihun4452 made their first contribution in junit-team/junit-framework#5088
• @​TWiStErRob made their first contribution in junit-team/junit-framework#5133

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

Commits

• 0dc3af1 Release 6.1.0
• 1d13002 Prepare 6.1.0 release notes
• 072b217 Update plugin spotless to v8.5.0 (#5668)
• 3a53480 Update Gradle to v9.5.1 (#5666)
• 0e18a20 Update zizmorcore/zizmor-action action to v0.5.4 (#5669)
• 0a2634f Update github/codeql-action action to v4.35.5 (#5671)
• 4dbd556 Restructure workflows to have single "status" job (#5670)
• f2194ce Increase timeout to reduce flakiness
• 5c8fdd2 Update dependency org.apache.groovy:groovy to v5.0.6 (#5659)
• 43c6982 Update dependency org.slf4j:slf4j-jdk14 to v2.0.18 (#5667)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.5.0 to 3.6.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.6.0

Added

• Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
• EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

• <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
• spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
• <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
• forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

• Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)

Maven Plugin v3.5.1

Fixed

• <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
• Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Commits

• 71a433c Published maven/3.6.0
• 3a0f101 Published gradle/8.6.0
• 007e9d8 Published lib/4.6.2
• a074d53 Allow setting the local P2 cache dir in the Spotless Gradle plugin (#2944)
• a266fc2 Merge branch 'main' into add-cache-directory-dsl
• e0d466e Fix: sort members treats record declarations as types (#2942)
• 3936b6f Merge branch 'main' into main
• 278765f fix: expandWildcardImports support pom type dependency, fix #2839 (#2935)
• a18ddec Remove maxLineLength from versionCatalog step (#2949)
• b91ad87 Add changelog entries for versionCatalog maxLineLength removal
• Additional commits viewable in compare view

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.