Bump dependency net.sourceforge.pmd:pmd-javascript to v7.23.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
net.sourceforge.pmd:pmd-javascript (source)	7.22.0 → 7.23.0

---

Release Notes

pmd/pmd (net.sourceforge.pmd:pmd-javascript)

v7.23.0: PMD 7.23.0 (27-March-2026)

27-March-2026 - 7.23.0

The PMD team is pleased to announce PMD 7.23.0.

This is a minor release.

Table Of Contents

• 🐛️ Fixed Issues
• ✨️ Merged pull requests
• 📦️ Dependency updates
• 📈️ Stats

🐛️ Fixed Issues

• core
  • #​6503: [core] Links in HTML report are broken
• java-errorprone
  • #​6502: [java] CloseResource: False positive for allowedResourceMethodPatterns entries when using unqualified method calls
• java-security
  • #​6531: [java] InsecureCryptoIv: False negative with fixed IVs from array initializers

✨️ Merged pull requests

• #​6467: [ci] Use typos gh-action - Andreas Dangel (@​adangel)
• #​6488: [doc] Update security.md for CVE-2026-28338 - Andreas Dangel (@​adangel)
• #​6489: [doc] CPD: document --report-file parameter - Andreas Dangel (@​adangel)
• #​6504: [core] Fix #​6503: Don't escape externalInfoUrl in reports - Andreas Dangel (@​adangel)
• #​6505: [java] Fix #​6502: CloseResource should consider unqualified method calls - Andreas Dangel (@​adangel)
• #​6545: [java] Fix #​6531: False negative in InsecureCryptoIv with array initializers - Zbynek Konecny (@​zbynek)

📦️ Dependency updates

• #​6476: Bump PMD from 7.21.0 to 7.22.0
• #​6479: chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0
• #​6480: chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0
• #​6481: chore(deps): bump com.puppycrawl.tools:checkstyle from 13.2.0 to 13.3.0
• #​6482: chore(deps): bump org.mockito:mockito-core from 5.21.0 to 5.22.0
• #​6483: chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7
• #​6484: chore(deps): bump org.yaml:snakeyaml from 2.5 to 2.6
• #​6485: chore(deps): bump org.checkerframework:checker-qual from 3.53.1 to 3.54.0
• #​6486: chore(deps-dev): bump net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7
• #​6487: chore(deps): bump com.google.protobuf:protobuf-java from 4.33.5 to 4.34.0
• #​6490: chore: Update gems, remove github-pages
• #​6498: chore(deps): bump ruby/setup-ruby from 1.288.0 to 1.290.0
• #​6499: chore(deps-dev): bump commons-logging:commons-logging from 1.3.5 to 1.3.6
• #​6500: chore(deps-dev): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2
• #​6501: chore(deps): bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0
• #​6506: chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0
• #​6507: chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1
• #​6508: chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.2
• #​6509: chore(deps): bump ruby/setup-ruby from 1.290.0 to 1.295.0
• #​6511: chore(deps): bump org.mockito:mockito-core from 5.22.0 to 5.23.0
• #​6514: chore: bump maven from 3.9.12 to 3.9.14
• #​6516: chore: bump json from 2.19.0 to 2.19.2
• #​6548: chore(deps): bump actions/cache from 5.0.3 to 5.0.4
• #​6549: chore(deps): bump com.google.protobuf:protobuf-java from 4.34.0 to 4.34.1
• #​6551: chore: use ruby4

📈️ Stats

• 38 commits
• 9 closed tickets & PRs
• Days since last release: 27

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

☀️   Quality Monitor

Tests

     Unit Tests: ✅ successful — 87 passed, 2 skipped
   ⛔   Architecture Tests: ✅ successful — 17 passed, 2 skipped

Coverage for New Code

   〰️   Line Coverage: 100.00% — perfect 🎉
   ➰   Branch Coverage: 100.00% — perfect 🎉
     Mutation Coverage: 100.00% — perfect 🎉
   💪   Test Strength: 100.00% — perfect 🎉

Coverage for Whole Project

   〰️   Line Coverage: 91.57% — 65 missed lines
   ➰   Branch Coverage: 90.45% — 21 missed branches
     Mutation Coverage: 91.61% — 26 survived mutations
   💪   Test Strength: 94.67% — 16 survived mutations in tested code

Style

     CheckStyle: No warnings
     PMD: No warnings
   ☕   Java Compiler: No warnings

Bugs

     SpotBugs: No bugs
   🐛   Error Prone: No bugs

API Problems

   🚫   Revapi: No warnings

Vulnerabilities

   🛡️   OWASP Dependency Check: No vulnerabilities

Software Metrics

   🌀   Cyclomatic Complexity: 384 (total)
   💭   Cognitive Complexity: 174 (total)
   ➿   N-Path Complexity: 348 (total)
   📏   Lines of Code: 4410 (total)
   📝   Non Commenting Source Statements: 1274 (total)
   🔗   Class Cohesion: 71.43% (maximum)
   ⚖️   Weight of Class: 100.00% (maximum)

🚦 Quality Gates

Overall Status: ✅ SUCCESS

✅ Passed Gates

• ✅ Overall Tests Success Rate: 100.00 >= 100.00
• ✅ Line Coverage in New Code: 100.00 >= 90.00
• ✅ Branch Coverage in New Code: 100.00 >= 90.00
• ✅ Mutation Coverage in New Code: 100.00 >= 90.00
• ✅ Potential Bugs in Whole Project: 0.00 <= 0.00
• ✅ Style Violation in Whole Project: 0.00 <= 0.00

---

Created by Quality Monitor v4.7.1 (#236fd54). More details are shown in the GitHub Checks Result.