Bump the dependencies group across 1 directory with 63 updates

[dependabot]

Bumps the dependencies group with 63 updates in the / directory:

Package	From	To
org.apache.logging.log4j:log4j-api	2.24.3	2.25.4
org.apache.logging.log4j:log4j-api-test	2.24.3	2.25.4
org.apache.logging.log4j:log4j-iostreams	2.24.3	2.25.4
org.apache.logging.log4j:log4j-jpl	2.24.3	2.25.4
org.apache.logging.log4j:log4j-slf4j2-impl	2.24.3	2.25.4
org.apache.logging.log4j:log4j-slf4j-impl	2.24.3	2.25.4
org.apache.logging.log4j:log4j-to-jul	2.24.3	2.25.4
org.apache.logging.log4j:log4j-to-slf4j	2.24.3	2.25.4
org.apache.commons:commons-csv	1.14.0	1.14.1
commons-logging:commons-logging	1.3.5	1.3.6
ch.qos.logback:logback-core	1.5.18	1.5.32
org.apache.groovy:groovy-bom	4.0.27	5.0.5
tools.jackson:jackson-bom	3.0.0	3.1.2
org.junit:junit-bom	5.13.4	6.0.3
org.junit.jupiter:junit-jupiter-engine	5.13.4	6.0.3
org.mockito:mockito-bom	5.18.0	5.23.0
org.assertj:assertj-core	3.27.3	3.27.7
net.bytebuddy:byte-buddy	1.17.6	1.18.8
commons-codec:commons-codec	1.18.0	1.22.0
org.apache.commons:commons-dbcp2	2.13.0	2.14.0
commons-io:commons-io	2.20.0	2.22.0
org.apache.commons:commons-lang3	3.17.0	3.20.0
org.apache.commons:commons-pool2	2.12.1	2.13.1
com.google.guava:guava	33.4.8-jre	33.6.0-jre
com.google.guava:guava-testlib	33.4.8-jre	33.6.0-jre
com.h2database:h2	2.3.232	2.4.240
com.google.code.java-allocation-instrumenter:java-allocation-instrumenter	3.3.4	3.3.5
org.jctools:jctools-core	4.0.5	4.0.6
org.jmdns:jmdns	3.6.1	3.6.3
net.java.dev.jna:jna	5.17.0	5.18.1
net.javacrumbs.json-unit:json-unit	4.1.1	5.1.1
com.vlkan.log4j2:log4j2-logstash-layout	0.18	1.0.5
org.apache.maven:maven-core	3.9.10	3.9.15
org.apache.maven:maven-model	3.9.10	3.9.15
org.openjdk.nashorn:nashorn-core	15.6	15.7
org.eclipse.platform:org.eclipse.osgi	3.23.100	3.24.100
org.codehaus.plexus:plexus-utils	3.6.0	3.6.1
org.xmlunit:xmlunit-core	2.10.3	2.11.0
org.xmlunit:xmlunit-matchers	2.10.3	2.11.0
biz.aQute.bnd:biz.aQute.bnd.annotation	7.1.0	7.2.3
com.github.spotbugs:spotbugs-annotations	4.9.3	4.9.8
io.fabric8:docker-maven-plugin	0.46.0	0.48.1
org.tukaani:xz	1.10	1.12
com.github.luben:zstd-jni	1.5.7-4	1.5.7-8
org.apache.commons:commons-compress	1.27.1	1.28.0
com.google.code.gson:gson	2.13.1	2.14.0
org.wiremock:wiremock	3.13.1	3.13.2
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.21.3
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.20.0	2.21.3
org.javassist:javassist	3.30.2-GA	3.31.0-GA
co.elastic.clients:elasticsearch-java	9.2.0	9.3.4
org.elasticsearch.client:elasticsearch-rest-client	9.2.0	9.3.4
co.elastic.logging:log4j2-ecs-layout	1.7.0	1.8.0
org.mongodb:bson	5.5.1	5.7.0
org.mongodb:mongodb-driver-core	5.5.1	5.7.0
org.mongodb:mongodb-driver-sync	5.5.1	5.7.0
ch.qos.logback:logback-classic	1.5.18	1.5.32
org.springframework:spring-framework-bom	6.2.9	7.0.7
org.springframework:spring-core	6.2.9	7.0.7
org.springframework.boot:spring-boot-autoconfigure	3.5.3	4.0.6
org.springframework.boot:spring-boot-starter-test	3.5.3	4.0.6
org.springframework.boot:spring-boot-starter-log4j2	3.5.3	4.0.6
org.springframework.cloud:spring-cloud-context	4.3.0	5.0.1

Updates org.apache.logging.log4j:log4j-api from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-api-test from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-iostreams from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-jpl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-slf4j2-impl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-slf4j-impl from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-to-jul from 2.24.3 to 2.25.4

Updates org.apache.logging.log4j:log4j-to-slf4j from 2.24.3 to 2.25.4

Updates org.apache.commons:commons-csv from 1.14.0 to 1.14.1

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV 1.14.1 Release Notes

The Apache Commons CSV team is pleased to announce the release of Apache Commons CSV 1.14.1.

This document contains the release notes for the 1.14.1 version of Apache Commons CSV. Commons CSV reads and writes files in Comma Separated Value (CSV) format variations.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version include:

Fixed Bugs

• CSV-318: CSVPrinter.printRecord(Stream) hangs if given a parallel stream. Thanks to Joseph Shraibman, Gary Gregory.
• CSV-318: CSVPrinter now uses an internal lock instead of synchronized methods. Thanks to Joseph Shraibman, Gary Gregory.

•       org.apache.commons.csv.CSVPrinter.printRecords(ResultSet) now writes one record at a time using a lock. Thanks to Gary Gregory.
  

Changes

•       Bump org.apache.commons:commons-parent from 81 to 85 [#542](https://github.com/apache/commons-csv/issues/542). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.18.0 to 2.20.0. Thanks to Gary Gregory.
  

•       Bump com.opencsv:opencsv from 5.10 to 5.11.2 [#545](https://github.com/apache/commons-csv/issues/545), [#551](https://github.com/apache/commons-csv/issues/551), [#553](https://github.com/apache/commons-csv/issues/553). Thanks to Gary Gregory, Dependabot.
  

•       Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 [#556](https://github.com/apache/commons-csv/issues/556). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-codec:commons-codec from 1.18.0 to 1.19.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CSV website:

https://commons.apache.org/proper/commons-csv/

Download page: https://commons.apache.org/proper/commons-csv/download_csv.cgi

Have fun! -Apache Commons CSV team

---

Commits

• e14ef86 Ignore macOS file
• d8724bf Prepare for the release candidate 1.14.1 RC1
• b76971c Prepare for the next release candidate
• b66814e Merge pull request #557 from apache/dependabot/github_actions/github/codeql-a...
• 9c95e92 Bump github/codeql-action from 3.29.2 to 3.29.4
• 1fb3716 Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
• 7b72c50 Merge some string literals
• 9658373 Update the GitHub pull request template for AI
• 67192a9 Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 59164c8 Bump com.opencsv:opencsv from 5.11.1 to 5.11.2 #553
• Additional commits viewable in compare view

Updates commons-logging:commons-logging from 1.3.5 to 1.3.6

Changelog

Sourced from commons-logging:commons-logging's changelog.

Apache Commons Logging 1.3.6 Release Notes

The Apache Commons Logging team is pleased to announce the release of Apache Commons Logging 1.3.6.

Apache Commons Logging is a thin adapter allowing configurable bridging to other, well-known logging systems.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version

Fixed Bugs

•           Fix running spotbugs:check: Unable to parse configuration of mojo. Thanks to Gary Gregory.
  

•           Update deprecated call in PathableClassLoader.addLogicalLib(String). Thanks to Gary Gregory.
  

•           Fix malformed Javadoc comments. Thanks to Gary Gregory.
  

•           Fix log level in Slf4jLogFactory.error(Object, Throwable) [#416](https://github.com/apache/commons-logging/issues/416). Thanks to Gary Gregory.
  

Changes

•           Bump org.apache.commons:commons-parent from 81 to 97 [#361](https://github.com/apache/commons-logging/issues/361), [#367](https://github.com/apache/commons-logging/issues/367), [#388](https://github.com/apache/commons-logging/issues/388), [#409](https://github.com/apache/commons-logging/issues/409), [#410](https://github.com/apache/commons-logging/issues/410). Thanks to Gary Gregory, Dependabot.
  

•           Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 [#344](https://github.com/apache/commons-logging/issues/344). Thanks to Gary Gregory, Dependabot.
  

•           Bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.13.0 to 1.14.0 [#360](https://github.com/apache/commons-logging/issues/360). Thanks to Gary Gregory, Dependabot.
  

•           Bump log4j2.version from 2.24.3 to 2.25.3 [#371](https://github.com/apache/commons-logging/issues/371), [#412](https://github.com/apache/commons-logging/issues/412). Thanks to Gary Gregory, Dependabot.
  

•           Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.20.0 [#373](https://github.com/apache/commons-logging/issues/373). Thanks to Gary Gregory, Dependabot.
  

•           Bump ch.qos.logback:logback-core from 1.3.14 to 1.3.16 [#411](https://github.com/apache/commons-logging/issues/411).. Thanks to Gary Gregory, Dependabot.
  

Historical list of changes: https://commons.apache.org/proper/commons-logging/changes.html

Download it from https://commons.apache.org/proper/commons-logging/download_logging.cgi

For complete information on Apache Commons Logging, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Logging website:

https://commons.apache.org/proper/commons-logging/

---

Commits

• 141c9ea Prepare for the release candidate 1.3.6 RC1
• 05cbf46 Prepare for release
• 3ea5f4d Prepare for the next release candidate
• d8e5e80 Simplify
• 694754e Simpler description.
• 97e7660 Fix log level in Slf4jLogFactory.error(Object, Throwable) #416
• 07452cc fix LogLevel (#416)
• c8c20de Bump github/codeql-action from 4.32.4 to 4.32.5
• b879d3e Bump org.apache.commons:commons-parent from 96 to 97.
• 5b2e759 Add security page.
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-core from 1.5.18 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.27

2026-01-30 Release of logback version 1.5.27

• Updated license to Eclipse Public License version 2.0 from version 1.0, retaining the GPL 2.1 dual-license.

• Fixed missing MDC data transmitted by SocketAppender reported in issues/1010 by Lars Vogel.

... (truncated)

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates org.apache.groovy:groovy-bom from 4.0.27 to 5.0.5

Commits

• See full diff in compare view

Updates tools.jackson:jackson-bom from 3.0.0 to 3.1.2

Commits

• 0ae1c2a [maven-release-plugin] prepare release jackson-bom-3.1.2
• 3c171eb Prep for 3.1.2 release
• 8046ced Post-release dep version bump
• ea00ca4 [maven-release-plugin] prepare for next development iteration
• 0628060 [maven-release-plugin] prepare release jackson-bom-3.1.1
• 22b8aee Prep for 3.1.1 release
• 2d305e6 Add JDK 25 in CI
• da85336 Merge pull request #123 from FasterXML/tatu/3.1/122-switch-to-junit6
• 7ec5e0e Fix #122: switch 3.x (starting with 3.1.1) to use JUnit 6
• ef09770 Update oss-parent dep
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.mockito:mockito-bom from 5.18.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-bom's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

---

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

• 2026-03-11 - 6 commit(s) by Brice Dutheil, Joshua Selbo, Philippe Kernevez
• Replace mockito-android mock maker implementation with dexmaker-mockito-inline [(#3792)](mockito/mockito#3792)
• Fix StackOverflowError with AbstractList after using mockSingleton [(#3790)](mockito/mockito#3790)
• Mark parameters of Mockito.when @Nullable [(#3503)](mockito/mockito#3503)

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)

... (truncated)

Commits

• a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
• f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
• aa2298a fix: make spotless happy
• a6729d6 chore: update BDDMockito with jspecify annotation
• bb83c92 chore: move jspecify as a compile only dependency
• 47a4695 chore: add jspecify with minimal change. Fixes #3503
• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.17.6 to 1.18.8

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

1. April 2026: version 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

8. October 2025: version 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

17. August 2025: version 1.17.7

... (truncated)

Commits

• b71379a [publish] Releasing Byte Buddy 1.18.8
• 31cce02 [release] Release new version.
• a30791f Add nullability annotations.
• b9ed5b9 Avoid that type initializer extension adjusts exception handlers by prependin...
• 7d35c66 Fix test.
• 9b46909 Support reproducible builds.
• 9a1e34e Use GitHub HTTP URL as Maven scm url (#1887)
• 2b8cadd Flip release order to attempt making Maven release a different "latest" version.
• bf02559 Move to jdk5 versions.
• ad0abe4 Update checksums.
• Additional commits viewable in compare view

Updates commons-codec:commons-codec from 1.18.0 to 1.22.0

Changelog

Sourced from commons-codec:commons-codec's changelog.

Apache Commons Codec 1.22.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.22.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

New features

• CODEC-326: Add Base58 support. Thanks to Inkeet, Gary Gregory, Wolff Bock von Wuelfingen.

•         Add BaseNCodecInputStream.AbstracBuilder.setByteArray(byte[]). Thanks to Gary Gregory.
  

• CODEC-335: Add GitIdentifiers to compute Git blob and tree object identifiers. Thanks to Piotr P. Karwasz, Gary Gregory.

Fixed Bugs

• CODEC-249: Fix Incorrect transform of CH digraph according Metaphone basic rules #423. Thanks to Shalu Jha, Andrey, Gary Gregory.
• CODEC-317: ColognePhonetic can create duplicate consecutive codes in some cases. Thanks to DRUser123, Shalu Jha, Gary Gregory.

•         Add boundary tests for BinaryCodec.fromAscii partial-bit inputs [#425](https://github.com/apache/commons-codec/issues/425). Thanks to fancying, Gary Gregory.
  

• CODEC-336: Base64.Builder.setUrlSafe(boolean) Javadoc incorrectly states null is accepted for primitive boolean parameter. Thanks to Partha Paul, Gary Gregory.

Changes

•         Bump org.apache.commons:commons-parent from 96 to 98. Thanks to Gary Gregory.
  

For complete information on Apache Commons Codec, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Codec website:

https://commons.apache.org/proper/commons-codec/

Download page: https://commons.apache.org/proper/commons-codec/download_codec.cgi

---

Apache Commons Codec 1.21.0 Release Notes

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.21.0.

The Apache Commons Codec component contains encoders and decoders for formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a

... (truncated)

Commits

• 81a6295 Prepare for the release candidate 1.22.0 RC1
• 73104b0 Prepare for the next release candidate
• 8e36214 In-line single use test local variables
• 9bd67e7 Use vararg syntax
• 25e52b0 Use vararg syntax