Bump the prod-deps group with 9 updates

[dependabot]

Bumps the prod-deps group with 9 updates:

Package	From	To
org.slf4j:slf4j-api	1.7.36	2.0.11
ch.qos.logback:logback-classic	1.4.11	1.4.14
info.picocli:picocli	4.6.3	4.7.5
org.eclipse.jgit:org.eclipse.jgit	6.3.0.202209071007-r	6.8.0.202311291450-r
info.picocli:picocli-codegen	4.2.0	4.7.5
org.apache.maven.plugins:maven-surefire-plugin	2.22.2	3.2.5
org.apache.maven.plugins:maven-shade-plugin	3.5.0	3.5.1
org.apache.maven.plugins:maven-jar-plugin	3.2.2	3.3.0
org.apache.maven.plugins:maven-compiler-plugin	3.10.1	3.12.1

Updates org.slf4j:slf4j-api from 1.7.36 to 2.0.11

Updates ch.qos.logback:logback-classic from 1.4.11 to 1.4.14

Commits

• 407f935 prepare release 1.4.14
• 7018a36 fix missing deseialization filter init call, enable commented out test case
• 8a746eb start work on 1.4.14-SNAPSHOT
• 7ee000a prepare release 1.4.13
• 867bf58 remove superflus system.out call
• 88abf59 prepare release 1.4.12
• 2cd8cab cater for array size marked with -1
• 9c782b4 prevent DOS attacks using on malicious serialized input
• f6d690d further support for Virtual threads, issues 737
• 9a1fc44 add support for Virtual threads
• Additional commits viewable in compare view

Updates info.picocli:picocli from 4.6.3 to 4.7.5

Release notes

Sourced from info.picocli:picocli's releases.

Picocli 4.7.5

Picocli 4.7.5

The picocli community is pleased to announce picocli 4.7.5.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-forth public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

• New and noteworthy
• Fixed issues
• Deprecations
• Potential breaking changes

New and Noteworthy

Fixed issues

• #2083#2084 Enhancement: Java 22 update: improve logic for detecting if the output stream is connected to a terminal. Thanks to Liam Miller-Cushon for the pull request.
• #2087 Enhancement: Mask parameters in trace log when echo=false for interactive options and positional parameters. Thanks to szzsolt for raising this.
• #2060 Bugfix: Fix positional parameters bug with late-resolved arity variable. Thanks to daisukeoto for raising this.
• #2074#2075 Bugfix: Don't generate auto-complete for hidden attributes in picocli.shell.jline3.PicoCommand. Thanks to clebertsuconic for the pull request.
• #2059 Bugfix: ArgGroup with exclusive=false and multiplicity=1 should require at least one option; fix regression and refine solution introduced in #1848#2030. Thanks to Utkarsh Mittal for raising this.
• #2080 DOC: Improve GraalVM documentation: add graalvm-native-image-plugin. Thanks to Bhavik Patel for the pull request.
• #2045 DOC: Commit html files with LF line-endings. Thanks to Fridrich Strba for the pull request.

Deprecations

No features were deprecated in this release.

Potential breaking changes

This release has no breaking changes.

Picocli 4.7.4

Picocli 4.7.4

The picocli community is pleased to announce picocli 4.7.4.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-third public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

... (truncated)

Changelog

Sourced from info.picocli:picocli's changelog.

Picocli 4.7.5

The picocli community is pleased to announce picocli 4.7.5.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-forth public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

• New and noteworthy
• Fixed issues
• Deprecations
• Potential breaking changes

New and Noteworthy

Fixed issues

• #2083#2084 Enhancement: Java 22 update: improve logic for detecting if the output stream is connected to a terminal. Thanks to Liam Miller-Cushon for the pull request.
• #2087 Enhancement: Mask parameters in trace log when echo=false for interactive options and positional parameters. Thanks to szzsolt for raising this.
• #2060 Bugfix: Fix positional parameters bug with late-resolved arity variable. Thanks to daisukeoto for raising this.
• #2074#2075 Bugfix: Don't generate auto-complete for hidden attributes in picocli.shell.jline3.PicoCommand. Thanks to clebertsuconic for the pull request.
• #2059 Bugfix: ArgGroup with exclusive=false and multiplicity=1 should require at least one option; fix regression and refine solution introduced in #1848#2030. Thanks to Utkarsh Mittal for raising this.
• #2080 DOC: Improve GraalVM documentation: add graalvm-native-image-plugin. Thanks to Bhavik Patel for the pull request.
• #2045 DOC: Commit html files with LF line-endings. Thanks to Fridrich Strba for the pull request.

Deprecations

No features were deprecated in this release.

Potential breaking changes

This release has no breaking changes.

Picocli 4.7.4

The picocli community is pleased to announce picocli 4.7.4.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-third public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

... (truncated)

Commits

• 6336bb4 Release picocli version 4.7.5
• 7c5e128 BUILD (picocli-spring-boot-starter) enable dependabot for Spring 3+ updates
• 211c24d BUILD (picocli-spring-boot-starter) bugfix and better logging
• e83d867 [BUILD][DOC] (picocli-spring-boot-starter) stay up-to-date with recent Spring...
• 96fb7cc BUILD bugfix: target Java 17 in picocli-spring-boot-starter build when possible
• 2f4c35c BUILD target Java 17 in picocli-shell-jline3 build when possible
• 63a2be3 BUILD change log level in dependencies.gradle
• 200fcfb BUILD add logging to dependencies.gradle
• 68d33d4 #2087 Test trace log when echo=false for interactive options
• bb94344 [TEST] refactor duplicate code, simplify
• Additional commits viewable in compare view

Updates org.eclipse.jgit:org.eclipse.jgit from 6.3.0.202209071007-r to 6.8.0.202311291450-r

Updates info.picocli:picocli-codegen from 4.2.0 to 4.7.5

Release notes

Sourced from info.picocli:picocli-codegen's releases.

Picocli 4.7.5

Picocli 4.7.5

The picocli community is pleased to announce picocli 4.7.5.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-forth public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

• New and noteworthy
• Fixed issues
• Deprecations
• Potential breaking changes

New and Noteworthy

Fixed issues

• #2083#2084 Enhancement: Java 22 update: improve logic for detecting if the output stream is connected to a terminal. Thanks to Liam Miller-Cushon for the pull request.
• #2087 Enhancement: Mask parameters in trace log when echo=false for interactive options and positional parameters. Thanks to szzsolt for raising this.
• #2060 Bugfix: Fix positional parameters bug with late-resolved arity variable. Thanks to daisukeoto for raising this.
• #2074#2075 Bugfix: Don't generate auto-complete for hidden attributes in picocli.shell.jline3.PicoCommand. Thanks to clebertsuconic for the pull request.
• #2059 Bugfix: ArgGroup with exclusive=false and multiplicity=1 should require at least one option; fix regression and refine solution introduced in #1848#2030. Thanks to Utkarsh Mittal for raising this.
• #2080 DOC: Improve GraalVM documentation: add graalvm-native-image-plugin. Thanks to Bhavik Patel for the pull request.
• #2045 DOC: Commit html files with LF line-endings. Thanks to Fridrich Strba for the pull request.

Deprecations

No features were deprecated in this release.

Potential breaking changes

This release has no breaking changes.

Picocli 4.7.4

Picocli 4.7.4

The picocli community is pleased to announce picocli 4.7.4.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-third public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

... (truncated)

Changelog

Sourced from info.picocli:picocli-codegen's changelog.

Picocli 4.7.5

The picocli community is pleased to announce picocli 4.7.5.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-forth public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

• New and noteworthy
• Fixed issues
• Deprecations
• Potential breaking changes

New and Noteworthy

Fixed issues

• #2083#2084 Enhancement: Java 22 update: improve logic for detecting if the output stream is connected to a terminal. Thanks to Liam Miller-Cushon for the pull request.
• #2087 Enhancement: Mask parameters in trace log when echo=false for interactive options and positional parameters. Thanks to szzsolt for raising this.
• #2060 Bugfix: Fix positional parameters bug with late-resolved arity variable. Thanks to daisukeoto for raising this.
• #2074#2075 Bugfix: Don't generate auto-complete for hidden attributes in picocli.shell.jline3.PicoCommand. Thanks to clebertsuconic for the pull request.
• #2059 Bugfix: ArgGroup with exclusive=false and multiplicity=1 should require at least one option; fix regression and refine solution introduced in #1848#2030. Thanks to Utkarsh Mittal for raising this.
• #2080 DOC: Improve GraalVM documentation: add graalvm-native-image-plugin. Thanks to Bhavik Patel for the pull request.
• #2045 DOC: Commit html files with LF line-endings. Thanks to Fridrich Strba for the pull request.

Deprecations

No features were deprecated in this release.

Potential breaking changes

This release has no breaking changes.

Picocli 4.7.4

The picocli community is pleased to announce picocli 4.7.4.

This release includes bugfixes and enhancements.

Many thanks to the picocli community for raising these issues and providing the pull requests to address them!

This is the eighty-third public release. Picocli follows semantic versioning. Artifacts in this release are signed by Remko Popma (6601 E5C0 8DCC BB96).

Table of Contents

... (truncated)

Commits

• 6336bb4 Release picocli version 4.7.5
• 7c5e128 BUILD (picocli-spring-boot-starter) enable dependabot for Spring 3+ updates
• 211c24d BUILD (picocli-spring-boot-starter) bugfix and better logging
• e83d867 [BUILD][DOC] (picocli-spring-boot-starter) stay up-to-date with recent Spring...
• 96fb7cc BUILD bugfix: target Java 17 in picocli-spring-boot-starter build when possible
• 2f4c35c BUILD target Java 17 in picocli-shell-jline3 build when possible
• 63a2be3 BUILD change log level in dependencies.gradle
• 200fcfb BUILD add logging to dependencies.gradle
• 68d33d4 #2087 Test trace log when echo=false for interactive options
• bb94344 [TEST] refactor duplicate code, simplify
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 2.22.2 to 3.2.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.2.5

JIRA link

Release Notes - Maven Surefire - Version 3.2.5

---

What's Changed

• Bump org.htmlunit:htmlunit from 3.8.0 to 3.9.0 by @​dependabot in apache/maven-surefire#695
• Bump org.fusesource.jansi:jansi from 2.4.0 to 2.4.1 by @​dependabot in apache/maven-surefire#684
• Bump doxiaVersion from 1.11.1 to 1.12.0 by @​dependabot in apache/maven-surefire#609
• [SUREFIRE-2221] Document minimum supported Java version for Toolchains by @​sbernard31 in apache/maven-surefire#701
• [SUREFIRE-2224] StatelessXmlReporter#getTestProblems() does not properly reflect report schema structure by @​michael-o in apache/maven-surefire#702
• [SUREFIRE-2223] Surefire evaluates parameter jvm before skip by @​michael-o in apache/maven-surefire#703
• Use uppercase convention for enum member names by @​michael-o in apache/maven-surefire#704
• [SUREFIRE-2225] Surefire ITs fail when project directory contains space by @​michael-o in apache/maven-surefire#705
• Run CI tests also with Java 21 by @​slachiewicz in apache/maven-surefire#707
• Bump org.apache.maven.wagon:wagon-http-lightweight from 3.5.1 to 3.5.3 by @​dependabot in apache/maven-surefire#699
• Bump org.htmlunit:htmlunit from 3.8.0 to 3.9.0 in /maven-failsafe-plugin/src/it/jetty-war-test-failing by @​dependabot in apache/maven-surefire#694
• Bump org.htmlunit:htmlunit from 3.8.0 to 3.9.0 in /maven-failsafe-plugin/src/it/jetty-war-test-passing by @​dependabot in apache/maven-surefire#693
• Bump commons-io:commons-io from 2.15.0 to 2.15.1 by @​dependabot in apache/maven-surefire#712
• Bump net.java.dev.javacc:javacc from 7.0.12 to 7.0.13 by @​dependabot in apache/maven-surefire#711
• Bump org.apache.maven.plugins:maven-docck-plugin from 1.1 to 1.2 by @​dependabot in apache/maven-surefire#713
• [SUREFIRE-2231] JaCoCo 0.8.11 fails with old TestNG releases on Java 17+ by @​michael-o in apache/maven-surefire#710
• Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 by @​dependabot in apache/maven-surefire#714
• Bump org.codehaus.plexus:plexus-component-metadata from 2.1.1 to 2.2.0 by @​dependabot in apache/maven-surefire#715

... (truncated)

Commits

• 4b3a271 [maven-release-plugin] prepare release surefire-3.2.5
• eb3f1d9 Bump org.codehaus.plexus:plexus-component-metadata from 2.1.1 to 2.2.0
• 430c406 Bump org.assertj:assertj-core from 3.24.2 to 3.25.1
• 2d92f2d [SUREFIRE-2231] JaCoCo 0.8.11 fails with old TestNG releases on Java 17+
• 3290740 Bump org.apache.maven.plugins:maven-docck-plugin from 1.1 to 1.2
• 25a9776 Bump net.java.dev.javacc:javacc from 7.0.12 to 7.0.13
• 7752f7e Bump commons-io:commons-io from 2.15.0 to 2.15.1
• 8874add Revert "Bump jacocoVersion from 0.8.8 to 0.8.11"
• c0f7755 Fix formatting
• e5f4545 Bump jacocoVersion from 0.8.8 to 0.8.11
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.5.0 to 3.5.1

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.5.1

Release Notes - Maven Shade Plugin - Version 3.5.1

Bug

• [MSHADE-454] - Shade Plugin does not work with JDK 20

Improvement

• [MSHADE-459] - Prepare to build and pass tests with Java 21

Task

• [MSHADE-458] - Refresh download page

Dependency upgrade

• [MSHADE-457] - Upgrade Parent to 40

Commits

• bd4759b [maven-release-plugin] prepare release maven-shade-plugin-3.5.1
• d2a1552 [MSHADE-457] Upgrade Parent to 40
• c2a2e2b [MSHADE-458] Refresh download page
• 64f577b [MSHADE-459] Adjust to test also with Java 21 (#196)
• e56294a [MSHADE-454] Shade Plugin does not work with JDK 20
• 6a400db [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.2.2 to 3.3.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.3.0

🚀 New features and improvements

• [MJAR-278] - Update plugin (requires Maven 3.2.5+) (#19) @​cstamas
• [MJAR-280] - Java 8 minimum (#29) @​olamy

🐛 Bug Fixes

• [MJAR-275] - Fix outputTimestamp not applied to module-info; breaks reproducible builds (#43) @​jorsol

📦 Dependency updates

• [MJAR-290] - Update Plexus Utils to 3.4.2 (#48) @​jorsol
• [MJAR-291] - Upgrade Parent to 37 (#50) @​jorsol
• Bump junit from 4.11 to 4.13.1 in /src/it/MJAR-228 (#39) @​dependabot
• Bump plexus-utils from 3.3.1 to 3.4.2 (#42) @​dependabot
• [MJAR-288] - Upgrade Parent to 36 (#40) @​slawekjaranowski

📝 Documentation updates

• Restore mavenArchiverVersion property used in the site (#51) @​jorsol
• (doc) Updated create-test-jar.apt.vm removing 'and' in Maven site Create Test JAR documentation (#34) @​focbenz

👻 Maintenance

• use shared action v3 (#49) @​olamy
• Code simplifications in AbstractMojo (#47) @​rhowe

Commits

• d68df4b [maven-release-plugin] prepare release maven-jar-plugin-3.3.0
• fb2299a Restore mavenArchiverVersion property used in the site
• 1204127 [MJAR-290] - Update Plexus Utils to 3.4.2
• 5fd2fc9 [MJAR-291] - Upgrade Parent to 37
• 56344da use shared action v3 (#49)
• 4148491 Code simplifications in AbstractMojo (#47)
• 46c017d [MJAR-275] - Fix outputTimestamp not applied to module-info; breaks reproduci...
• c02be20 [MJAR-278] Update plugin (requires Maven 3.2.5+) (#19)
• b6fe3eb Bump junit from 4.11 to 4.13.2 in /src/it/MJAR-228
• 78a28dd Ignore Maven Core updates
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.10.1 to 3.12.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.12.1

🐛 Bug Fixes

• [MCOMPILER-567] - Fail to compile if the generated-sources/annotation… (#218) @​jorsol

📦 Dependency updates

• [MCOMPILER-568] - Bump plexusCompilerVersion from 2.14.1 to 2.14.2 (#220) @​dependabot

3.12.0

🚀 New features and improvements

• [MCOMPILER-562] - Add property maven.compiler.outputDirectory to CompilerMojo (#213) @​jGauravGupta
• [MCOMPILER-381] - Refactor incremental detection (#181) @​jorsol
• [MCOMPILER-542] - Clean JDK patch version in module-info.class (#208) @​jorsol
• [MCOMPILER-558] - compileSourceRoots in testCompile should be writable (#209) @​lorenzsimon
• [MCOMPILER-559] - Warn if overwriting the project's artifact's file to a different value (#211) @​gnodet
• [MCOMPILER-550] - make outputDirectory writable (#202) @​bmarwell
• [MCOMPILER-549] - Improve log message in case of recompilation - fix jenkins build (#203) @​slawekjaranowski
• [MCOMPILER-549] - Improve log message in case of recompilation (#201) @​BrowneMonke
• [MCOMPILER-391] - Use dep mgmt when resolving annotation processors and their deps (#180) @​psiroky
• [MCOMPILER-531] - Prepare for Java 20(-ea) (#184) @​slachiewicz

🐛 Bug Fixes

• [MCOMPILER-333] - Cleanup generated source files (#214) @​jorsol
• [MCOMPILER-544] - don't add items to classpath that are not used for that (#198) @​laeubi
• [MCOMPILER-547] - : Initialize pathElements to empty (#199) @​rovarga

📦 Dependency updates

• [MCOMPILER-564] - Bump plexusCompilerVersion from 2.13.0 to 2.14.1 (#216) @​dependabot
• [MCOMPILER-557] - Upgrade maven-plugin parent to 41 - fix build (#210) @​slawekjaranowski
• [MCOMPILER-554] - Update plexus-java to 1.2.0 (#207) @​jorsol
• [MCOMPILER-551] - Upgrade Parent to 40 (#205) @​slawekjaranowski
• [MCOMPILER-541] - update maven-shared-utils to 3.4.2 (#195) @​elharo
• Bump apache/maven-gh-actions-shared from 2 to 3 (#182) @​dependabot
• Bump maven-invoker-plugin from 3.4.0 to 3.5.0 (#179) @​dependabot

👻 Maintenance

• [MCOMPILER-565] - Allow project build by Maven 4 (#217) @​slawekjaranowski
• [MCOMPILER-552] - Refresh download page (#204) @​slawekjaranowski
• Remove references to old Maven versions. (#194) @​elharo
• (doc) Drop unused and vulnerable dependency to log4j (#190) @​slachiewicz
• [MNG-6829] - Replace StringUtils#isEmpty(String) & #isNotEmpty(String) (#189) @​timtebeek
• Update plexus-utils to 3.0.24 - in its (#183) @​slachiewicz

... (truncated)

Commits

• 736da68 [maven-release-plugin] prepare release maven-compiler-plugin-3.12.1
• ef93f3d [MCOMPILER-568] Bump plexusCompilerVersion from 2.14.1 to 2.14.2 (#220)
• eb7840c [MCOMPILER-567] - Fail to compile if the "generated-sources/annotations" does...
• 2a7a73b [maven-release-plugin] prepare for next development iteration
• c08b0fd [maven-release-plugin] prepare release maven-compiler-plugin-3.12.0
• a1c5b13 [MCOMPILER-565] Allow project build by Maven 4
• 4855773 Bump plexusCompilerVersion from 2.13.0 to 2.14.1
• 1d05342 [MCOMPILER-562] Add property maven.compiler.outputDirectory to CompilerMojo (...
• ea74978 [MCOMPILER-381] - Refactor incremental detection (#181)
• fd37f09 [MCOMPILER-333] Cleanup generated source files (#214)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[slarse]

@dependabot ignore org.eclipse.jgit:org.eclipse.jgit minor version

[dependabot]

OK, I won't notify you about version 6.8.x of org.eclipse.jgit:org.eclipse.jgit again, unless you unignore it.

[dependabot]

Superseded by #485.