chore(deps): bump the all-maven-dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the all-maven-dependencies group with 6 updates in the / directory:

Package	From	To
com.puppycrawl.tools:checkstyle	10.21.4	10.22.0
net.sourceforge.pmd:pmd-core	7.11.0	7.12.0
net.sourceforge.pmd:pmd-java	7.11.0	7.12.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.2	3.5.3
org.apache.maven.plugins:maven-failsafe-plugin	3.5.2	3.5.3
org.sonarsource.scanner.maven:sonar-maven-plugin	5.0.0.4389	5.1.0.4751

Updates com.puppycrawl.tools:checkstyle from 10.21.4 to 10.22.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-10.22.0

Checkstyle 10.22.0 - https://checkstyle.org/releasenotes.html#Release_10.22.0

Breaking backward compatibility:

#9280 - JavadocVariable: new property 'accessModifiers' as substitution of 'scope' and 'excludeScope' #15499 - Change default or IllegalIdentifierName

Bug fixes:

#16641 - FileContents.getJavadocBefore(): Comments should not be skipped if it is not alone in line #16385 - JavadocTagContinuationIndentation Ignore indentation check when HTML tag break line #16628 - use SLL prediction mode for fast javadoc parsing to improve performance #43 - JavadocMethod: Javadoc Not Detected Above Multiline Comments #12817 - Incorrect Indentation errors for expression switches with google_checks.xml #6637 - SuppressWarningsHolder aliasList members don't act like aliases #13043 - Make references optional for link and linkplain tags #16005 - Parse errors if ``@see spans multiple lines #14446 - Parse error when Javadoc contains `@`snippet with code example that uses Java annotation

... (truncated)

Commits

• b20ca3b [maven-release-plugin] prepare release checkstyle-10.22.0
• b5c86f5 doc: release notes for 10.22.0
• 1a6caf2 Issue #14631: Updated INPUT_HTML_TAG_NAME to new AST format
• 82c21d5 Issue #16666: Updated Broken Link - Javadoc OpenJDK 8 Report in website, 404 ...
• 23c3c59 Issue #16641: FileContents.getJavadocBefore should skip block comments only i...
• 9fb5504 Issue #14857: Github generate site fails to generate links with anchors
• e1c89b9 infra: update google-java-format.yml to 1.26.0 formatter
• 06074e5 Issue #14631: Updated LITERAL_INCLUDE in JavadocTokenTypes.java to new AST fo...
• b5c64b2 Issue #11163: Enforce file size for javaParser
• ae8fde4 Issue #14631: Updated TR_TAG_END in JavadocTokenTypes.java to new AST format
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-core from 7.11.0 to 7.12.0

Release notes

Sourced from net.sourceforge.pmd:pmd-core's releases.

PMD 7.12.0 (28-March-2025)

28-March-2025 - 7.12.0

The PMD team is pleased to announce PMD 7.12.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

✨ New Rules

• The new Java rule ImplicitFunctionalInterface reports functional interfaces that were not explicitly declared as such with the annotation @FunctionalInterface. If an interface is accidentally a functional interface, then it should bear a @SuppressWarnings("PMD.ImplicitFunctionalInterface") annotation to make this clear.

🐛 Fixed Issues

• core
  • #5593: [core] Make renderers output files in deterministic order even when multithreaded
• apex
  • #5567: [apex] Provide type information for CastExpression
• apex-design
  • #5616: [apex] ExcessiveParameterList reports entire method instead of signature only
• java
  • #5587: [java] Thread deadlock during PMD analysis in ParseLock.getFinalStatus
• java-bestpractices
  • #2849: [java] New Rule: ImplicitFunctionalInterface
  • #5369: [java] UnusedPrivateMethod false positives with lombok.val
  • #5590: [java] LiteralsFirstInComparisonsRule not applied on constant
  • #5592: [java] UnusedAssignment false positive in record compact constructor
• java-codestyle
  • #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val
  • #5452: [java] PackageCase: Suppression comment has no effect due to finding at wrong position in case of JavaDoc comment
• plsql
  • #4441: [plsql] Parsing exception with XMLQUERY function in SELECT
  • #5521: [plsql] Long parse time and eventually parse error with XMLAGG order by clause

🚨 API Changes

... (truncated)

Commits

• 9dbf50e [release] prepare release pmd_releases/7.12.0
• 3e6298f Prepare pmd release 7.12.0
• fc2b908 [doc] Fix search index (#5618)
• 5500e26 [doc] Update contributors
• 795e33a Fix #5616: [apex] ExcessiveParameterList: Report only method signature (#5617)
• fb16b7e Fix #4441: [plsql] XMLQuery - Support identifier as XQuery_string parameter (...
• cdc2a51 Fix #5452: [java] PackageCase reported on wrong line (#5611)
• c01fb46 [java] PackageCase - add testcase for #5452
• 6d491a8 Fix #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val (#...
• 64a925a [doc] Update release notes (#5600, #5079)
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-java from 7.11.0 to 7.12.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.12.0 (28-March-2025)

28-March-2025 - 7.12.0

The PMD team is pleased to announce PMD 7.12.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

✨ New Rules

• The new Java rule ImplicitFunctionalInterface reports functional interfaces that were not explicitly declared as such with the annotation @FunctionalInterface. If an interface is accidentally a functional interface, then it should bear a @SuppressWarnings("PMD.ImplicitFunctionalInterface") annotation to make this clear.

🐛 Fixed Issues

• core
  • #5593: [core] Make renderers output files in deterministic order even when multithreaded
• apex
  • #5567: [apex] Provide type information for CastExpression
• apex-design
  • #5616: [apex] ExcessiveParameterList reports entire method instead of signature only
• java
  • #5587: [java] Thread deadlock during PMD analysis in ParseLock.getFinalStatus
• java-bestpractices
  • #2849: [java] New Rule: ImplicitFunctionalInterface
  • #5369: [java] UnusedPrivateMethod false positives with lombok.val
  • #5590: [java] LiteralsFirstInComparisonsRule not applied on constant
  • #5592: [java] UnusedAssignment false positive in record compact constructor
• java-codestyle
  • #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val
  • #5452: [java] PackageCase: Suppression comment has no effect due to finding at wrong position in case of JavaDoc comment
• plsql
  • #4441: [plsql] Parsing exception with XMLQUERY function in SELECT
  • #5521: [plsql] Long parse time and eventually parse error with XMLAGG order by clause

🚨 API Changes

... (truncated)

Commits

• 9dbf50e [release] prepare release pmd_releases/7.12.0
• 3e6298f Prepare pmd release 7.12.0
• fc2b908 [doc] Fix search index (#5618)
• 5500e26 [doc] Update contributors
• 795e33a Fix #5616: [apex] ExcessiveParameterList: Report only method signature (#5617)
• fb16b7e Fix #4441: [plsql] XMLQuery - Support identifier as XQuery_string parameter (...
• cdc2a51 Fix #5452: [java] PackageCase reported on wrong line (#5611)
• c01fb46 [java] PackageCase - add testcase for #5452
• 6d491a8 Fix #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val (#...
• 64a925a [doc] Update release notes (#5600, #5079)
• Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-java from 7.11.0 to 7.12.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.12.0 (28-March-2025)

28-March-2025 - 7.12.0

The PMD team is pleased to announce PMD 7.12.0.

This is a minor release.

Table Of Contents

• 🚀 New and noteworthy
  • ✨ New Rules
• 🐛 Fixed Issues
• 🚨 API Changes
  • Deprecations
• ✨ Merged pull requests
• 📦 Dependency updates
• 📈 Stats

🚀 New and noteworthy

✨ New Rules

• The new Java rule ImplicitFunctionalInterface reports functional interfaces that were not explicitly declared as such with the annotation @FunctionalInterface. If an interface is accidentally a functional interface, then it should bear a @SuppressWarnings("PMD.ImplicitFunctionalInterface") annotation to make this clear.

🐛 Fixed Issues

• core
  • #5593: [core] Make renderers output files in deterministic order even when multithreaded
• apex
  • #5567: [apex] Provide type information for CastExpression
• apex-design
  • #5616: [apex] ExcessiveParameterList reports entire method instead of signature only
• java
  • #5587: [java] Thread deadlock during PMD analysis in ParseLock.getFinalStatus
• java-bestpractices
  • #2849: [java] New Rule: ImplicitFunctionalInterface
  • #5369: [java] UnusedPrivateMethod false positives with lombok.val
  • #5590: [java] LiteralsFirstInComparisonsRule not applied on constant
  • #5592: [java] UnusedAssignment false positive in record compact constructor
• java-codestyle
  • #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val
  • #5452: [java] PackageCase: Suppression comment has no effect due to finding at wrong position in case of JavaDoc comment
• plsql
  • #4441: [plsql] Parsing exception with XMLQUERY function in SELECT
  • #5521: [plsql] Long parse time and eventually parse error with XMLAGG order by clause

🚨 API Changes

... (truncated)

Commits

• 9dbf50e [release] prepare release pmd_releases/7.12.0
• 3e6298f Prepare pmd release 7.12.0
• fc2b908 [doc] Fix search index (#5618)
• 5500e26 [doc] Update contributors
• 795e33a Fix #5616: [apex] ExcessiveParameterList: Report only method signature (#5617)
• fb16b7e Fix #4441: [plsql] XMLQuery - Support identifier as XQuery_string parameter (...
• cdc2a51 Fix #5452: [java] PackageCase reported on wrong line (#5611)
• c01fb46 [java] PackageCase - add testcase for #5452
• 6d491a8 Fix #5079: [java] LocalVariableCouldBeFinal false-positive with lombok.val (#...
• 64a925a [doc] Update release notes (#5600, #5079)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.2 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski
• Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @​slawekjaranowski
• Remove dependencies from root pom (#819) @​slawekjaranowski
• move this dependency to dptMngt (#818) @​olamy
• [SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @​jeffjensen
• Add GitHub Automation actions (#812) @​slawekjaranowski
• Convert reports to Guice (#803) @​elharo
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @​Bukama
• Update encoding docs (#802) @​elharo
• Guice injection (#801) @​elharo

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]
• Bump parent to 44 (#817) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

Commits

• 4434650 [maven-release-plugin] prepare release surefire-3.5.3
• 1270950 use github directly
• 59f3a1f release tag name backward compatible
• dfbabe2 assertj-core must be test scope (#826)
• e1f8119 back to 3.5.3-SNAPSHOT
• c497559 [maven-release-plugin] prepare for next development iteration
• 3962112 [maven-release-plugin] prepare release v3.5.3
• 227c134 surefire shared utils version current version (#825)
• 1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
• 906b65a Update site descriptors
• Additional commits viewable in compare view

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 5.0.0.4389 to 5.1.0.4751

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.1.0.4751

Release notes - Sonar Scanner for Maven - 5.1

New Feature

SCANMAVEN-264 Add support for SonarQube Cloud regions

Bug

SCANMAVEN-228 Irrelevant encrypted properties should not be passed to the scanner engine

Task

SCANMAVEN-242 Migrate from single module to a multi-module structure

SCANMAVEN-250 Fix broken links coming from the relocation-pom's parent

SCANMAVEN-254 Update parent pom to version 81.0.0.2300

SCANMAVEN-257 Update headers for 2025

SCANMAVEN-258 Conditionally run tests using sonar.password in ITs

SCANMAVEN-260 Update CODEOWNERS after reorg

SCANMAVEN-261 Validate IT using the latest maven 4 release candidate 2

SCANMAVEN-262 Fix quality flaws: remove unnecessary public modifiers

SCANMAVEN-265 Upgrade sonar-scanner-java-library to latest version

SCANMAVEN-266 Analyze integration tests

SCANMAVEN-269 Prepare next development iteration 5.1

SCANMAVEN-271 Fix readability issues in ProxyTest

SCANMAVEN-272 Increase memory because maven 4.0.0-rc-2 fails with out of memory exception

SCANMAVEN-274 Fix quality flaws

SCANMAVEN-277 remove unused third-party-licenses.sh

SCANMAVEN-278 Fix quality flaws

SCANMAVEN-279 Clean up tech debt in Maven Scanner

SCANMAVEN-282 Update plexus-sec-dispatcher to fix CVE-2017-1000487

SCANMAVEN-284 Migrate releasability check to v2, fix property-dump-plugin to be excluded by releasability check (not released)

... (truncated)

Commits

• e284917 SCANMAVEN-284 Bump releasability workflow version (#294)
• cb6dd58 SCANMAVEN-282 Update plexus-sec-dispatcher from 1.4 (sonatype) to 2.0 (codeha...
• 460e710 SCANMAVEN-280 Log the SonarQube Cloud Region (#291)
• 8e0570b SCANMAVEN-228 Ignore Irrelevant Encrypted Properties (#289)
• 7d5574f SCANMAVEN-279 Clean up old code (#290)
• c472cfd SCANMAVEN-271 Fix readability issues in ProxyTest (#279)
• 0783ad3 SCANMAVEN-264 Add support for SonarQube Cloud regions (#284)
• 8f52888 SCANMAVEN-278 Fix quality flaws (#288)
• 4c796c8 SCANMAVEN-276 ScannerEngineBootstrapper.isSuccessful() should be verified bef...
• a09d151 SCANMAVEN-242 update readme quality gate badge, because project key has chang...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.