build(deps): bump the all-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the all-dependencies group with 9 updates in the / directory:

Package	From	To
commons-io:commons-io	2.16.1	2.21.0
org.junit:junit-bom	5.10.0	6.0.3
org.mockito:mockito-core	5.7.0	5.22.0
commons-cli:commons-cli	1.8.0	1.11.0
org.slf4j:slf4j-api	2.0.7	2.0.17
ch.qos.logback:logback-classic	1.5.28	1.5.32
io.ktor.plugin	2.3.12	3.4.1
com.github.spotbugs	6.1.3	6.4.8
gradle-wrapper	8.5	9.4.0

Updates commons-io:commons-io from 2.16.1 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.22.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.22.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

This is a feature and maintenance release. Java 8 or later is required.

New features

o Add and use IOUtils.closeQuietlySuppress(Closeable, Throwable) #818. Thanks to Gary Gregory, Piotr P. Karwasz.

Fixed Bugs

o Fix Apache RAT plugin console warnings. Thanks to Gary Gregory. o ByteArraySeekableByteChannel.position(long) and truncate(long) shouldn't throw an IllegalArgumentException for a new positive position that's too large #817. Thanks to Gary Gregory, Piotr P. Karwasz. o Fix malformed Javadoc comments. Thanks to Gary Gregory. o ReadAheadInputStream.close() doesn't always close its filtered input stream. Thanks to Stanislav Fort, Gary Gregory.

Changes

o Bump org.apache.commons:commons-parent from 91 to 96 #816. Thanks to Gary Gregory, Dependabot. o Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 #812. Thanks to Gary Gregory, Dependabot. o Bump commons.bytebuddy.version from 1.17.8 to 1.18.4 #814, #820. Thanks to Gary Gregory, Dependabot. o Bump commons-lang3 from 3.19.0 to 3.20.0. Thanks to Gary Gregory, Dependabot.

Commons IO 2.7 and up requires Java 8 or above. Commons IO 2.6 requires Java 7 or above. Commons IO 2.3 through 2.5 requires Java 6 or above. Commons IO 2.2 requires Java 5 or above. Commons IO 1.4 requires Java 1.3 or above.

Historical list of changes: https://commons.apache.org/proper/commons-io/changes.html

For complete information on Apache Commons IO, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons IO website:

https://commons.apache.org/proper/commons-io/

Download page: https://commons.apache.org/proper/commons-io/download_io.cgi

... (truncated)

Commits

• 54073d3 Prepare for the release candidate 2.21.0 RC1
• f141f09 Prepare for the next release candidate
• adcf135 Add license header
• 0f499d0 Use new oak logo
• 34a961c Use HTTPS in URL
• 9e51118 Use HTTPS in URL
• d715865 Add dependabot email [skip ci]
• 3d6a7e1 Javadoc
• ad875d5 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#810)
• bc01dee Bump github/codeql-action from 4.30.9 to 4.31.2 (#811)
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.10.0 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.mockito:mockito-core from 5.7.0 to 5.22.0

Release notes

Sourced from org.mockito:mockito-core's releases.

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

• 2025-09-20 - 11 commit(s) by Adrian-Kim, Giulio Longfils, Rafael Winterhalter, dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 [(#3730)](mockito/mockito#3730)
• Introducing the Ability to Mock Construction of Generic Types (#2401) [(#3729)](mockito/mockito#3729)
• Bump com.gradle.develocity from 4.1.1 to 4.2 [(#3726)](mockito/mockito#3726)

... (truncated)

Commits

• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• 9e5d449 Add tests for Sets utility class (#3771)
• 8d9a62f Bump actions/upload-artifact from 5 to 6 (#3774)
• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• Additional commits viewable in compare view

Updates org.mockito:mockito-junit-jupiter from 5.7.0 to 5.22.0

Release notes

Sourced from org.mockito:mockito-junit-jupiter's releases.

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

v5.21.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.21.0

• 2025-12-09 - 17 commit(s) by Giulio Longfils, Joshua Selbo, Woongi9, Zylox, dependabot[bot]
• Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 [(#3768)](mockito/mockito#3768)
• Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 [(#3767)](mockito/mockito#3767)
• Bump actions/checkout from 5 to 6 [(#3765)](mockito/mockito#3765)
• Adds output of matchers to potential mismatch; Fixes #2468 [(#3760)](mockito/mockito#3760)
• Forbid mocking WeakReference with inline mock maker [(#3759)](mockito/mockito#3759)
• StackOverflowError when mocking WeakReference [(#3758)](mockito/mockito#3758)
• Bump actions/upload-artifact from 4 to 5 [(#3756)](mockito/mockito#3756)
• Bump graalvm/setup-graalvm from 1.4.1 to 1.4.2 [(#3755)](mockito/mockito#3755)
• Support primitives in GenericArrayReturnType. [(#3753)](mockito/mockito#3753)
• ClassNotFoundException when stubbing array of primitive type on Android [(#3752)](mockito/mockito#3752)
• Bump graalvm/setup-graalvm from 1.4.0 to 1.4.1 [(#3744)](mockito/mockito#3744)
• Bump gradle/actions from 4 to 5 [(#3743)](mockito/mockito#3743)
• Bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1 [(#3738)](mockito/mockito#3738)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.2.1 to 8.0.0 [(#3735)](mockito/mockito#3735)
• Bump graalvm/setup-graalvm from 1.3.7 to 1.4.0 [(#3734)](mockito/mockito#3734)
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 [(#3733)](mockito/mockito#3733)
• Bump errorprone from 2.41.0 to 2.42.0 [(#3732)](mockito/mockito#3732)
• Feat: automatically detect class to mock in mockStatic and mockConstruction [(#3731)](mockito/mockito#3731)
• Return completed futures for unstubbed Future/CompletionStage in ReturnsEmptyValues [(#3727)](mockito/mockito#3727)
• automatically detect class to mock [(#2779)](mockito/mockito#2779)
• Incorrect "has following stubbing(s) with different arguments" message when using Argument Matchers [(#2468)](mockito/mockito#2468)

v5.20.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.20.0

• 2025-09-20 - 11 commit(s) by Adrian-Kim, Giulio Longfils, Rafael Winterhalter, dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 [(#3730)](mockito/mockito#3730)
• Introducing the Ability to Mock Construction of Generic Types (#2401) [(#3729)](mockito/mockito#3729)
• Bump com.gradle.develocity from 4.1.1 to 4.2 [(#3726)](mockito/mockito#3726)

... (truncated)

Commits

• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• 9e5d449 Add tests for Sets utility class (#3771)
• 8d9a62f Bump actions/upload-artifact from 5 to 6 (#3774)
• 09d2230 Bump graalvm/setup-graalvm from 1.4.3 to 1.4.4 (#3768)
• df3e0cc Bump graalvm/setup-graalvm from 1.4.2 to 1.4.3 (#3767)
• 04a6e9f Bump actions/checkout from 5 to 6 (#3765)
• 756a3cf Add description of matchers to potential mismatch (#3760)
• Additional commits viewable in compare view

Updates commons-cli:commons-cli from 1.8.0 to 1.11.0

Changelog

Sourced from commons-cli:commons-cli's changelog.

Apache Commons CLI 1.11.0 Release Notes

The Apache Commons CLI team is pleased to announce the release of Apache Commons CLI 1.11.0.

Apache Commons CLI provides a simple API for presenting, processing, and validating a Command Line Interface.

This is a feature and maintenance release. Java 8 or later is required.

New Features

•       Add CommandLine.getOptionCount() to measure option repetition [#396](https://github.com/apache/commons-cli/issues/396). Thanks to David Larochette, Gary Gregory.
  

Fixed Bugs

• CLI-351: Multiple trailing BREAK_CHAR_SET characters cause infinite loop in HelpFormatter. Thanks to Damien Carbonne, Claude Warren, Gary Gregory.
• CLI-351: Fix issue with groups not being reported in help output. #411. Thanks to Damien Carbonne, Claude Warren, Gary Gregory.

Updates

•       Bump org.apache.commons:commons-parent from 85 to 91 [#393](https://github.com/apache/commons-cli/issues/393). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.20.0 to 2.21.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-cli/changes.html

For complete information on Apache Commons CLI, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CLI website:

https://commons.apache.org/proper/commons-cli/

Download page: https://commons.apache.org/proper/commons-cli/download_cli.cgi

Have fun! The Apache Commons Team

---

Apache Commons CLI 1.11.0 Release Notes

The Apache Commons CLI team is pleased to announce the release of Apache Commons CLI 1.11.0.

Apache Commons CLI provides a simple API for presenting, processing, and validating a Command Line Interface.

This is a feature and maintenance release. Java 8 or later is required.

... (truncated)

Commits

• d746133 Prepare for the release candidate 1.11.0 RC1
• 966ddd6 Prepare for the next release candidate
• 234a34d Use ternary to reduce duplication
• ef98fc4 Better test assertions
• a9baf80 No need to create an intermediary array
• 4c46459 Reduce returns
• 7108379 Javadoc
• 7199a70 Use forEachRemaining
• e852acf Reuse constants
• 395346c Better exception message
• Additional commits viewable in compare view

Updates org.slf4j:slf4j-api from 2.0.7 to 2.0.17

Updates ch.qos.logback:logback-classic from 1.5.28 to 1.5.32

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.32

2026-02-16 Release of logback version 1.5.32

• In DefaultProcessor, fixed incorrect check for dependencies contained within a parent model. Previous only the direct children were scanned. This fixes logback-access/issues/34.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e807335a67535b4eacce94e942c0bcb649665d93 associated with the tag v_1.5.32. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.31

2026-02-14 Release of logback version 1.5.31

• Fixed missing META-INF/services directory in logback-classic.jar. This issue rendered logback-classic version 1.5.30 unusable with SLF4J.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 168e42f9f9a18a3ffdf31eb2bfe80a71e33ecd8b associated with the tag v_1.5.31. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.30

2026-02-14 Release of logback version 1.5.30

• In this version, logback-classic.jar was missing the META-INF/services directory, making it unusable with SLF4J. Version 1.5.31 (released later on the same day) fixes this issue.

• Fix scanning issue when an included file becomes available at a later time. This problem was reported in issues/1021 by Sergey Nazarov.

• Standardized code for version checking across modules.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 44164f10ca3fb44ce0e68519f13564b87e3aca61 associated with the tag v_1.5.30. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.29

2026-02-09 Release of logback version 1.5.29

• In response to issues/1017, appender names and appender references are once again subject to variable substitution, reverting the change introduced in version 1.5.28.

Commits

• e807335 prepare release 1.5.32
• dc35d55 fix logback-access/issues/34 by checking if dependency is a sub-model of the ...
• 8e32278 added simple test for appender definitiob via file inclusion
• 834dbed start work on 1.5.32-SNAPSHOT
• 168e42f add test to check that Logback SLF4J provider can be activated
• ed45362 prepare release 1.5.31
• 609dae7 fix missing META-INF directory
• 7739739 start work on 1.5.31-SNAPSHOT
• 44164f1 prepare release 1.5.30
• 9874f06 test for top-file as a resource, introduced new module logback-classic-misc
• Additional commits viewable in compare view

Updates io.ktor.plugin from 2.3.12 to 3.4.1

Updates com.github.spotbugs from 6.1.3 to 6.4.8

Updates gradle-wrapper from 8.5 to 9.4.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.