Bump the build-dependencies group with 8 updates

[dependabot]

Bumps the build-dependencies group with 8 updates:

Package	From	To
org.springframework:spring-expression	6.2.8	6.2.9
com.fasterxml.jackson.core:jackson-databind	2.19.1	2.19.2
com.fasterxml.jackson.core:jackson-annotations	2.19.1	2.19.2
org.apache.maven.plugins:maven-enforcer-plugin	3.6.0	3.6.1
org.apache.maven.enforcer:enforcer-api	3.6.0	3.6.1
com.diffplug.spotless:spotless-maven-plugin	2.45.0	2.46.1
org.moditect:moditect-maven-plugin	1.2.2.Final	1.3.0.Final
com.gradle:develocity-maven-extension	2.0.1	2.1

Updates org.springframework:spring-expression from 6.2.8 to 6.2.9

Release notes

Sourced from org.springframework:spring-expression's releases.

v6.2.9

⭐ New Features

• OncePerRequestFilter cannot be CGLib-proxied #35198
• Consistently catch InaccessibleObjectException next to IllegalAccessException #35190
• Introduce Date-to-Instant and Instant-to-Date converters #35175
• Consistent nullability and exception declarations in AbstractMessagingTemplate hierarchy #35159
• Register runtime hints for Instant-to-Timestamp conversion #35156
• Improve handling of ResponseEntity<?> in Spring MVC #35153
• Support @CacheConfig("myCacheName") declarations for simplified configuration #35152
• Declare messageSelector parameters in JmsOperations as @Nullable #35151
• Add getter for OverflowStrategy in ConcurrentWebSocketSessionDecorator #35132
• Use preset Content-Type for streaming and reactive responses in Spring MVC #35130
• Leniently tolerate null @Aspect bean #35074
• DataAccessResourceFailureException thrown when transaction times out on PostgreSQL #35073
• MethodInvokingFactoryBean fails to invoke publicly exported methods overridden by internal classes when using JPMS #34028

🐞 Bug Fixes

• Restore preference for interface (most abstract) method in getPubliclyAccessibleMethodIfPossible #35189
• Make targetBeanName field in AbstractBeanFactoryBasedTargetSource protected to avoid exceptions in logging and toString() #35172
• Fix inconsistencies in StaticListableBeanFactory #35119
• Support StreamingHttpOutputMessage in RestClient #35102
• When building DELETE requests, the request body is not used in JdkClientHttpRequest.buildRequest #35068
• AOT-generated bean registration file contains "too many constants" when building with many beans #35044
• Prevent cache pollution by storing only the factories #34732
• WebFlux decodes wildcard content-types as form-data/multipart #34660
• AOT-generated CGLib proxies do not contain method overrides #34642
• 500 response for ResourceHttpRequestHandler when requested range is not satisfied #34490

📔 Documentation

• Document how to register runtime hints for convention-based conversion #35178
• Link to @ContextConfiguration Javadoc from reference manual #35088

🔨 Dependency Upgrades

• Upgrade to JUnit 5.13.3 #35103
• Upgrade to Micrometer 1.14.9 #35202
• Upgrade to Reactor 2024.0.8 #35201

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Meijuh, @​RazorNd, @​chenggwang, @​izeye, @​mjd507, @​ngocnhan-tran1996, and @​philwebb

Commits

• 09a5ca3 Release v6.2.9
• a4ec25d Upgrade to MockK 1.13.17
• 0fc043f Upgrade to Netty 4.1.123, Selenium 4.34, XMLUnit 2.10.3
• 5473260 Backport nullability refinements for Micrometer
• 12a6098 Upgrade to Reactor 2024.0.8 and Micrometer 1.14.9
• f86034b Drop final declaration from doFilter entry point (for CGLIB proxying)
• 2180783 Upgrade to Jetty 12.0.23, Netty 4.1.122, Gson 2.13.1, Caffeine 3.2.1
• 2434bb1 Polishing
• 4063cb5 Publish releases using Central Portal
• 4277682 Catch InaccessibleObjectException next to IllegalAccessException
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.19.1 to 2.19.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.19.1 to 2.19.2

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

Commits

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

Updates org.apache.maven.enforcer:enforcer-api from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.enforcer:enforcer-api's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

Commits

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.45.0 to 2.46.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.46.1

Fixed

• spotless:install-git-pre-push-hook didn't work on windows, now fixed. (#2562)

Maven Plugin v2.46.0

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• spotless:install-git-pre-push-hook goal, which installs a Git pre-push hook to run spotless:check and spotless:apply. (#2553)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

Changes

• BREAKING Bump the required Java to 17. (#2375, #2540)
• Bump JGit from 6.10.1 to 7.3.0 (#2257)
  • Adds support for worktrees (fixes #1765)
• Bump default google-java-format version to latest 1.24.0 -> 1.28.0. (#2345)
• Bump default ktlint version to latest 1.5.0 -> 1.7.1. (#2555)

[3.3.1] - 2025-07-21

Fixed

• GitPrePushHookInstaller didn't work on windows, now fixed. (#2562)

[3.3.0] - 2025-07-20

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

[3.2.0] - 2025-07-07

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

[3.1.2] - 2025-05-27

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

... (truncated)

Commits

• 0572107 Published maven/2.46.1
• 9e11c9d Published gradle/7.2.1
• 314418c Published lib/3.3.1
• 5e9df11 Windows Compatibility Fix for Git Pre-push Hook (#2562)
• 24ca3bc We should run CI for PRs against release also.
• 222085b Update changelogs.
• 776f7d1 execute pre-push hook
• b8e80bc tests fix
• 1042742 spotlessApply
• 4cf8137 git pre push hook windows fix
• Additional commits viewable in compare view

Updates org.moditect:moditect-maven-plugin from 1.2.2.Final to 1.3.0.Final

Release notes

Sourced from org.moditect:moditect-maven-plugin's releases.

1.3.0.Final

Changelog

🚀 Features

• 4e56341 Use maven-archiver to parse ouputTimestamp
• f9bd055 Reduce code duplication in AddModuleInfoTest

🐛 Fixes

• 634740e Generate multi-release directory JAR entries

🛠 Build

• 5cdd34c Update plugins from parent
• 68618b5 Update changelog configuration
• 0999060 Update release configuration

⚙️ Dependencies

• 2d60d8f Update jcommander to 2.0
• 00abb5b Update build-helper-maven-plugin to 3.6.1
• ab40c70 Update maven-shade-plugin to 3.6.0
• 0fed58f Update maven-plugin-plugin to 3.15.1
• 9e22a5e Update slf4j-api to 2.0.17
• 6c0ded3 Update assertj to 3.27.3
• d21270f Update guava to 33.4.8-jre
• ac7582f Update checker-qual to 3.49.5
• 51e2582 Update javaparser to 3.27.0

---

• 0053e2b Releasing version 1.3.0.Final
• 0de5521 Releasing version 1.3.0
• 8a34717 Use maven-archiver to parse ouputTimestamp
• 8e5fbdb Generate multi-release directory JAR entries
• 2bd52fe Reduce code duplication in AddModuleInfoTest
• 0725a88 Next version 1.3.0-SNAPSHOT
• 1909942 Releasing version 1.2.2.Final

Contributors

We'd like to thank the following people for their contributions:

• Andres Almiray (@​aalmiray)
• Fridrich Štrba (@​fridrich)
• Marcono1234 (@​Marcono1234)

Commits

• 0053e2b Releasing version 1.3.0.Final
• 4c86fb8 Merge pull request #264 from aalmiray/main
• 5cdd34c build: Update plugins from parent
• 68618b5 build: Update changelog configuration
• 2d60d8f deps: Update jcommander to 2.0
• 00abb5b deps: Update build-helper-maven-plugin to 3.6.1
• ab40c70 deps: Update maven-shade-plugin to 3.6.0
• 0fed58f deps: Update maven-plugin-plugin to 3.15.1
• 9e22a5e deps: Update slf4j-api to 2.0.17
• 6c0ded3 deps: Update assertj to 3.27.3
• Additional commits viewable in compare view

Updates org.apache.maven.enforcer:enforcer-api from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.enforcer:enforcer-api's releases.

3.6.1

🚀 New features and improvements

• Improve performance of transitive dependency checks (#904) @​harrisric

🐛 Bug Fixes

• Fix NPE when a classifier part is specified in bannedDependencies (#905) @​harrisric

📝 Documentation updates

• Move contributing information into README (#911) @​slawekjaranowski
• Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @​elharo

👻 Maintenance

• Remove unused javax.annotations dependency (#899) @​elharo
• Remove unused methods (#900) @​elharo
• Remove the from parameter names (#901) @​elharo
• Fix a grab bag of typos and minor grammar errors (#897) @​elharo
• remove unneeded contains check as add already does that (#896) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910) @dependabot[bot]

Commits

• 9b9b705 [maven-release-plugin] prepare release enforcer-3.6.1
• 469f45c Move contributing information into README - fix cla link
• fec424a Move contributing information into README
• 3abe11d Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#910)
• d58be76 Improve performance of transitive dependency checks (#904)
• 1f7ac3c null analysis (#907)
• 3bfbff8 Fix some typos
• 8da0311 Remove unused javax.annotations dependency (#899)
• 06bcf29 Remove unused methods (#900)
• b25c800 Fix NPE when a classifier part is specified but an artifact classifier is nul...
• Additional commits viewable in compare view

Updates com.gradle:develocity-maven-extension from 2.0.1 to 2.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions