chore(deps): bump the minor-patch group with 8 updates

[dependabot]

Bumps the minor-patch group with 8 updates:

Package	From	To
com.tngtech.archunit:archunit-junit5	1.4.1	1.4.2
org.mockito:mockito-core	5.17.0	5.23.0
org.slf4j:slf4j-nop	2.0.17	2.0.18
org.pitest:pitest-maven	1.25.3	1.25.4
org.apache.maven.plugins:maven-site-plugin	3.21.0	3.22.0
com.github.spotbugs:spotbugs-maven-plugin	4.9.8.3	4.10.2.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6
org.jacoco:jacoco-maven-plugin	0.8.14	0.8.15

Updates com.tngtech.archunit:archunit-junit5 from 1.4.1 to 1.4.2

Release notes

Sourced from com.tngtech.archunit:archunit-junit5's releases.

ArchUnit 1.4.2

Enhancements

Core

• DescribedPredicate#negate() returns a DescribedPredicate (#1484)
• New JavaCodeUnit.Predicates.anyParameterThat and JavaCodeUnit.Predicates.allParameters (#1498; thanks to @​mkhl 👏)
• Support Java 26 / class file major version 70 (#1544)

Commits

• e45aaa2 prepare release 1.4.2
• c07193c set version to 1.4.2-SNAPSHOT
• ac9b896 migrate from (meanwhile shut down) OSSRH to Central Publisher Portal using th...
• b72fcaf Bump actions/github-script from 8 to 9
• fc1881d Bump addressable from 2.8.7 to 2.9.0 in /docs
• dee39bb Bump activesupport from 7.1.3.4 to 7.2.3.1 in /docs
• b097007 Bump gradle/actions from 5 to 6
• 4d7cfe9 Bump json from 2.18.1 to 2.19.2 in /docs
• 90dc773 Bump nokogiri from 1.18.9 to 1.19.1 in /docs
• 7a88298 Bump faraday from 2.10.1 to 2.14.1 in /docs
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.17.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

---

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

• 2026-03-11 - 6 commit(s) by Brice Dutheil, Joshua Selbo, Philippe Kernevez
• Replace mockito-android mock maker implementation with dexmaker-mockito-inline [(#3792)](mockito/mockito#3792)
• Fix StackOverflowError with AbstractList after using mockSingleton [(#3790)](mockito/mockito#3790)
• Mark parameters of Mockito.when @Nullable [(#3503)](mockito/mockito#3503)

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)

... (truncated)

Commits

• a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
• f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
• aa2298a fix: make spotless happy
• a6729d6 chore: update BDDMockito with jspecify annotation
• bb83c92 chore: move jspecify as a compile only dependency
• 47a4695 chore: add jspecify with minimal change. Fixes #3503
• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-nop from 2.0.17 to 2.0.18

Updates org.pitest:pitest-maven from 1.25.3 to 1.25.4

Release notes

Sourced from org.pitest:pitest-maven's releases.

1.25.4

• #1468 Support for configurable decimal precision (thanks @​see-quick)

Commits

• 5595375 Merge pull request #1468 from see-quick/support-configurable-decimal-precision
• 180da11 update readme for 1.25.3
• 72a9621 also fix CSS overlap and precision not propagating to package-level totals
• 938120a Add support for configurable decimal precision
• See full diff in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.21.0 to 3.22.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.22.0

🚀 New features and improvements

• Upgrade to Doxia 2.1.0 (#1269) @​kwin
• Upgrade to Doxia Site Tools 2.1.0 (1b3cff6) @​kwin
• Add blocking "auto-refresh" goal (#1267) @​kwin
• Allow to give alternative source directories (1b3cff6) @​kwin
• Throw UOE for unsupported MultiPageSinkFactory.createSink(...) overloads (a27b283) @​kwin

📝 Documentation updates

• Several site improvements (#1272) @​kwin
• Convert Site source from APT to Markdown (#1265) @​kwin

👻 Maintenance

• Fix GitHub CI configuration on new master (#1257) @​slawekjaranowski
• remove missing module (#1258) @​hboutemy
• [MSITE-977] - Remove broken links (#211) (#1256) @​hboutemy
• chore: Migrate Junit3/4 to Junit5 (#1243) @​slawekjaranowski
• Allow to manually execute release drafter (#236) @​slawekjaranowski
• Enable GitHub Issues (Maven 3) (#234) @​Bukama
• Drop additional configuration for requirementsHistories (#221) @​slawekjaranowski
• Convert to Guice injection (#218) @​elharo
• [MSITE-986] Refresh download page (12c8a9d0) @​yuhaowin
• Rename "Goals" to "Plugin Documentation" (f489a1e) @​Bukama

📦 Dependency updates

• Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /src/it/projects/MSITE-497/apps/app (#1263) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#1268) @dependabot[bot]
• Backport Update to parent 47 to 3.x branch (#1235) (#1237) @​Bukama
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1225) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.5 to 3.6.6 (#1212) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1207) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.4 (#1203) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1204) @dependabot[bot]
• Bump jettyVersion from 9.4.56.v20240826 to 9.4.58.v20250814 (#1194) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1193) @dependabot[bot]

Commits

• f9f7cc6 [maven-release-plugin] prepare release maven-site-plugin-3.22.0
• f7b57ea Bump org.codehaus.plexus:plexus-interactivity-api from 1.3 to 1.5.1
• 282aa04 Several site improvements (#1272)
• 55ebd9f Upgrade to Doxia 2.1.0
• 93ecbb6 Improve goal description
• 106d259 Improve error messages
• a7511e9 Fix additional PR comments
• c3c1c0f Rename from "hot-reload" to "auto-refresh"
• 5fb1504 Add blocking "hot-reload" goal
• 2d9a489 Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1271)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.3 to 4.10.2.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.10.2.0

• Support spotbugs 4.10.2

What's Changed

• Update ci.yaml by @​hazendaz in spotbugs/spotbugs-maven-plugin#1429
• Update spotbugs.version to v4.10.2 by @​renovate[bot] in spotbugs/spotbugs-maven-plugin#1425

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.5...spotbugs-maven-plugin-4.10.2.0

Spotbugs Maven Plugin 4.9.8.5

What's Changed

• Update README.md by @​hazendaz in spotbugs/spotbugs-maven-plugin#1426
• [fix] Toolchain used wrong flag name 'executable' instead of 'jvm' by @​hazendaz in spotbugs/spotbugs-maven-plugin#1428

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.4...spotbugs-maven-plugin-4.9.8.5

Spotbugs Maven Plugin 4.9.8.4

• build support for maven 4 with maven 4 plugins
• spotbugs extensions jars now moved to target/spotbugs instead of root
• new spotbugs-aggregate mojo for multi module
• support maven toolchains
• block gui when environment is headless
• all spotbug extensions as regular dependencies
• learn to map spotbug extensions to their source project documentation
• in auxiliary class path exclude java.* packages
• improve code coverage

note: This release was done on older spotbugs (not the new 4.10.1) on purpose to keep these changes separate from that of spotbugs. The spotbugs 4.10.1 support release will be available in a day or two and users can otherwise override the core module as there are no changes to be done internally.

Commits

• 2d39b75 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.10.2.0
• 6c300e6 [pom] Bump internal spotbugs to 4.9.8.5
• 250d685 Merge pull request #1425 from spotbugs/renovate/spotbugs.version
• 12f6fb3 Merge pull request #1429 from spotbugs/hazendaz-patch-1
• aaf0a09 Update ci.yaml
• 8b5dff4 Merge branch 'master' into renovate/spotbugs.version
• c83698d Update pom.xml
• b8788fd [maven-release-plugin] prepare for next development iteration
• f758cb5 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.5
• cec6af5 Update pom.xml
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

• JaCoCo now officially supports Java 26 (GitHub #2076).
• Experimental support for Java 27 class files (GitHub #2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

Commits

• 6c5260a Prepare release v0.8.15
• 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
• ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
• 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
• 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
• 85b8ddf Upgrade ASM to 9.10.1 (#2134)
• 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
• 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
• 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
• 3e18f17 Require at least JDK 21 for build (#2128)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Please check on sonarcloud https://sonarcloud.io/project/pull_requests_list?id=io.github.mivek%3AmetarParser that the PR does not add any issue.