Bump the maven-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the maven-dependencies group with 7 updates in the / directory:

Package	From	To
org.cryptomator:webdav-nio-adapter-servlet	1.2.11	1.2.12
org.cryptomator:integrations-api	1.7.0	1.8.0
org.jetbrains:annotations	26.0.2-1	26.1.0
org.junit.jupiter:junit-jupiter	6.0.2	6.0.3
org.cryptomator:cryptofs	2.9.0	2.10.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5
org.owasp:dependency-check-maven	12.2.0	12.2.1

Updates org.cryptomator:webdav-nio-adapter-servlet from 1.2.11 to 1.2.12

Release notes

Sourced from org.cryptomator:webdav-nio-adapter-servlet's releases.

1.2.12

For a list of all notable changes, see the changelog.

What's Changed

• Prevent logging of request paths in non-debug mode by @​infeo in cryptomator/webdav-nio-adapter-servlet#101
• Bump the maven-build-plugins group with 2 updates by @​dependabot[bot] in cryptomator/webdav-nio-adapter-servlet#99
• Bump the java-test-dependencies group with 2 updates by @​dependabot[bot] in cryptomator/webdav-nio-adapter-servlet#98
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions group by @​dependabot[bot] in cryptomator/webdav-nio-adapter-servlet#100

Full Changelog: cryptomator/webdav-nio-adapter-servlet@1.2.11...1.2.12

Changelog

Sourced from org.cryptomator:webdav-nio-adapter-servlet's changelog.

[1.2.12] - 2026-03-03

Fixed

• Fixed logging requests paths in non-debug mode (#101)

Commits

• b168e91 Merge branch 'release/1.2.12'
• 6d92845 prepare 1.2.12
• be7e939 [skip ci] update changelog
• d8cdbfe Bump actions/upload-artifact in the github-actions group (#100)
• dd6849e Bump the java-test-dependencies group with 2 updates (#98)
• f9f8785 Bump the maven-build-plugins group with 2 updates (#99)
• dfe60e4 Controlled logging of IOExceptions (#101)
• ddd8894 [skip ci] Merge branch 'main' into develop
• See full diff in compare view

Updates org.cryptomator:integrations-api from 1.7.0 to 1.8.0

Release notes

Sourced from org.cryptomator:integrations-api's releases.

1.8.0

For a list of all notable changes, read the changelog.

What's Changed

• bump JDK to 25 by @​overheadhunter in cryptomator/integrations-api#73
• Refactor .github/workflows/build.yml by @​overheadhunter in cryptomator/integrations-api#74
• Bump the maven-build-plugins group with 3 updates by @​dependabot[bot] in cryptomator/integrations-api#70
• Bump the github-actions group with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#71
• Bump the java-test-dependencies group with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#69
• Update Mechanism by @​overheadhunter in cryptomator/integrations-api#72
• Bump the java-production-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#84
• Bump the maven-build-plugins group across 1 directory with 4 updates by @​dependabot[bot] in cryptomator/integrations-api#83
• Bump the java-test-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#80
• Disable plugin loading on illegal/ not set plugin dir by @​infeo in cryptomator/integrations-api#86
• Pin GitHub Actions to commit SHAs by @​mindmonk in cryptomator/integrations-api#87

New Contributors

• @​mindmonk made their first contribution in cryptomator/integrations-api#87

Full Changelog: cryptomator/integrations-api@1.7.0...1.8.0

1.8.0-beta1

For a list of all notable changes, read the changelog.

What's Changed

• bump JDK to 25 by @​overheadhunter in cryptomator/integrations-api#73
• Refactor .github/workflows/build.yml by @​overheadhunter in cryptomator/integrations-api#74
• Bump the maven-build-plugins group with 3 updates by @​dependabot[bot] in cryptomator/integrations-api#70
• Bump the github-actions group with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#71
• Bump the java-test-dependencies group with 2 updates by @​dependabot[bot] in cryptomator/integrations-api#69
• Update Mechanism by @​overheadhunter in cryptomator/integrations-api#72

Full Changelog: cryptomator/integrations-api@1.7.0...1.8.0-beta1

Changelog

Sourced from org.cryptomator:integrations-api's changelog.

1.8.0 - 2026-03-12

Added

• Experimental Update API (#72)

Fixed

• Fixed plugin loading/discovery active even if pluginDir property is not set (#86)

Changed

• [BREAKING] Updated required build JDK to 25 (#73)
• Pin version of GitHub actions in CI (#87)

Commits

• 3cd78f1 Merge branch 'release/1.8.0'
• a38dc82 finalize 1.18.0
• 37169ea Merge branch 'develop' into release/1.8.0
• 7708704 [skip ci] update changelog
• 11b42a1 Merge pull request #87 from mindmonk/feature/pin-ci-actions
• be707fd pin github action version with SHA checksum
• a92cced pin github action version with SHA checksum
• 5d8010b Merge pull request #86 from cryptomator/feature/no-plugin-loading-on-invalid-dir
• 12fb0ef Bump the java-test-dependencies group across 1 directory with 2 updates (#80)
• 1e568a0 Bump the maven-build-plugins group across 1 directory with 4 updates (#83)
• Additional commits viewable in compare view

Updates org.jetbrains:annotations from 26.0.2-1 to 26.1.0

Release notes

Sourced from org.jetbrains:annotations's releases.

26.1.0

• @NotNullByDefault is not experimental anymore.

Changelog

Sourced from org.jetbrains:annotations's changelog.

Version 26.1.0

• @NotNullByDefault is not experimental anymore.

Commits

• 6f588d4 Merge pull request #137 from BartvHelvert/notNullByDefaultExperimental
• 21be50c Version 26.1.0
• 92a187b Remove experimental status from @​NotNullByDefault
• da40a75 Merge pull request #135 from coder-xiaomo/patch-1
• 18554b9 Update Contributor License Agreement link
• 2f91ecd Merge pull request #132 from DmPanov/dmpanov/allworknoplay
• f64f40f Version 26.0.2-1
• See full diff in compare view

Updates org.junit.jupiter:junit-jupiter from 6.0.2 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.cryptomator:cryptofs from 2.9.0 to 2.10.0

Release notes

Sourced from org.cryptomator:cryptofs's releases.

2.10.0

Changelog

For a list of all notable changes, read the changelog.

Maven Coordinates

  <dependency>
    <groupId>org.cryptomator</groupId>
    <artifactId>cryptofs</artifactId>
    <version>2.10.0</version>
  </dependency>

Artifact Checksums

b6074fd71663fc56f6e7a26ff0c65715adef2be7c5837fd8630131ec095918ce  target/cryptofs-2.10.0-javadoc.jar
3a7bdc52fea90b62a8005024dc13b9fd2f96e3d639563ba804bc3a9e113bc4f1  target/cryptofs-2.10.0-sources.jar
79aec0a8d802d7ee88bf5f070be179bbd51486841e9935c1c1298f9014ec6bbd  target/cryptofs-2.10.0.jar

What's Changed

• Make DosFileAttributes immutable by @​infeo in cryptomator/cryptofs#305
• Bump the github-actions group with 2 updates by @​dependabot[bot] in cryptomator/cryptofs#307
• Bump the maven-build-plugins group across 1 directory with 9 updates by @​dependabot[bot] in cryptomator/cryptofs#316
• Bump com.github.ben-manes.caffeine:caffeine from 3.2.0 to 3.2.2 in the java-production-dependencies group across 1 directory by @​dependabot[bot] in cryptomator/cryptofs#318
• Fix: Remove CryptoPaths from API by @​infeo in cryptomator/cryptofs#319
• Bump the java-test-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in cryptomator/cryptofs#317
• Bump github/codeql-action from 3 to 4 in the github-actions group by @​dependabot[bot] in cryptomator/cryptofs#314
• Pin github action version with SHA checksum by @​infeo in cryptomator/cryptofs#320
• Feature: Files-in-Use by @​infeo in cryptomator/cryptofs#312
• Bump the github-actions group across 1 directory with 4 updates by @​dependabot[bot] in cryptomator/cryptofs#327
• Bump com.github.ben-manes.caffeine:caffeine from 3.2.2 to 3.2.3 in the java-production-dependencies group by @​dependabot[bot] in cryptomator/cryptofs#323
• fixed some logging issues by @​infeo in cryptomator/cryptofs#330
• Bump the github-actions group across 1 directory with 7 updates by @​dependabot[bot] in cryptomator/cryptofs#332
• Bump the java-test-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in cryptomator/cryptofs#328
• Bump org.cryptomator:cryptolib from 2.2.1 to 2.2.2 in the java-production-dependencies group by @​dependabot[bot] in cryptomator/cryptofs#333
• Bump the maven-build-plugins group across 1 directory with 6 updates by @​dependabot[bot] in cryptomator/cryptofs#335
• Feature: Block write if file is in use by @​infeo in cryptomator/cryptofs#338
• Bump com.auth0:java-jwt from 4.5.0 to 4.5.1 in the java-production-dependencies group by @​dependabot[bot] in cryptomator/cryptofs#337
• Bump the github-actions group with 3 updates by @​dependabot[bot] in cryptomator/cryptofs#339
• Bump org.mockito:mockito-core from 5.21.0 to 5.22.0 in the java-test-dependencies group by @​dependabot[bot] in cryptomator/cryptofs#340
• add maven wrapper by @​infeo in cryptomator/cryptofs#341
• Rework UseToken test by @​infeo in cryptomator/cryptofs#344
• merge workflows "build" and "publishX" by @​infeo in cryptomator/cryptofs#342
• Bump github/codeql-action from 4.32.4 to 4.32.5 in the github-actions group by @​dependabot[bot] in cryptomator/cryptofs#343

Full Changelog: cryptomator/cryptofs@2.9.0...2.10.0

2.10.0-beta3

... (truncated)

Changelog

Sourced from org.cryptomator:cryptofs's changelog.

2.10.0 - 2026-03-05

Added

• Files-in-Use: Optional feature to indicate for external parties if an encrypted file is currently opened by this filesystem (#312, #338)
• Changelog file

Changed

• Use JDK 25 for build (bf26d6c9cd15a2489126ee0409a8ec9eca59da0c)
• Pin external ci actions (#320)
• Use Maven wrapper (#341)
• Updated dependencies:
  • com.github.ben-manes.caffeine:caffeine from 3.2.0 to 3.2.3 (#323)
  • org.cryptomator:cryptolib from 2.2.1 to 2.2.2
  • com.auth0:java-jwt from 4.5.0 to 4.5.1
• Removed dependencies:
  • com.google.guava:guava

Fixed

• Replacing internal path class CryptoPath with strings in FilesystemEvents (#319)
• Make DOS file attribute class immutable (#305)

Commits

• 488b201 Merge branch 'release/2.10.0'
• ad6ada5 finalize 2.10.0
• a220315 Merge branch 'develop' into release/2.10.0
• ee3011a [skip ci] update changelog
• 89e1fb3 Bump github/codeql-action in the github-actions group (#343)
• bb74d13 Merge pull request #342 from cryptomator/feature/refactor-ci
• c0856f5 fix attestation
• f77ccb7 Merge branch 'develop' into feature/refactor-ci
• df84ca1 Merge pull request #344 from cryptomator/feature/fix-use-token-tests
• 853445a improve move tests
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.2.0 to 12.2.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

• build: improve GHA workflow experience for forks (#8285)
• build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
• chore: avoid use of parent pom and maven properties where unnecessary (#8322)
• chore: bump java development to 25.0 (#8365)
• chore: fix Charset warnings; preferring typed charsets (#8326)
• chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
• chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
• chore: remove unused properties and schemas (#8378)
• docs: define schema locations in XML examples (#8254)
• docs: document external data sources and hostnames (#8219)
• docs: ensure OSS Index URL override is consistently documented (#8338)
• docs: fix minor typo in README (#8246)
• fix(core): correct xml schema validation handling without needing external access (#8272)
• fix(deps): upgrade slf4j and logback (#8306)
• fix(test): disable pnpm analyzer during test (#8305)
• fix: Correct published/hosted suppressions namespace header and indent (#8258)
• fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
• fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
• fix: #8140 fix version resolution
• fix: #8140 hint azure_identity_library_for_.net
• fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
• fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
• fix: evidence source in Retire JS analyzer (#8303)
• fix: exclude deprecations from Yarn Berry audit results (#8380)
• fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
• fix: improve configuration consistency (casing) (#8355)
• fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
• fix: raw type warning in ProcessReader (#8324)
• fix: suppress false positives for zabbix-utils #8087 (#8218)
• fix: update docs (#8405)
• fix: warn if deprecated configs are used (#8366)
• test: Make tests locale independent (#8328)
• test: #8140 reproduce current behavior
• test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Commits

• bda36b8 build: prepare release v12.2.1
• ef83e7b docs: prepare release 12.2.1
• 09af10d fix: update docs (#8405)
• 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
• 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
• ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...
• 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401)
• 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
• 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394)
• 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions