Bump the dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
com.amazonaws.secretsmanager:aws-secretsmanager-caching-java	2.0.0	2.1.0
software.amazon.awssdk:secretsmanager	2.34.2	2.40.3
com.fasterxml.jackson.core:jackson-databind	2.20.0	2.20.1
com.github.spotbugs:spotbugs-annotations	4.9.6	4.9.8
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
com.github.spotbugs:spotbugs-maven-plugin	4.9.6.0	4.9.8.2
org.jacoco:jacoco-maven-plugin	0.8.13	0.8.14

Updates com.amazonaws.secretsmanager:aws-secretsmanager-caching-java from 2.0.0 to 2.1.0

Release notes

Sourced from com.amazonaws.secretsmanager:aws-secretsmanager-caching-java's releases.

2.1.0

What's Changed

• Group minor dependency updates by @​simonmarty in aws/aws-secretsmanager-caching-java#118
• Group test dependencies by @​simonmarty in aws/aws-secretsmanager-caching-java#125
• Update dependencies and plugins by @​simonmarty in aws/aws-secretsmanager-caching-java#117
• Bump codecov/codecov-action from 3.1.1 to 5.4.0 by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#151
• Bump github/codeql-action from 2 to 3 by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#120
• Bump actions/checkout from 3 to 4 by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#103
• Bump the dev-dependencies group across 1 directory with 2 updates by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#149
• Decreasing default sleep time for refreshNow() calls, sleep time now … by @​crus-umich in aws/aws-secretsmanager-caching-java#160
• Central Portal Migration by @​crus-umich in aws/aws-secretsmanager-caching-java#161
• Use Codecov token by @​simonmarty in aws/aws-secretsmanager-caching-java#164
• Bump actions/setup-java from 4 to 5 by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#166
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in aws/aws-secretsmanager-caching-java#165
• fix: use OIDC for Codecov by @​ThirdEyeSqueegee in aws/aws-secretsmanager-caching-java#167
• Update to 2.1.0 by @​simonmarty in aws/aws-secretsmanager-caching-java#173

New Contributors

• @​crus-umich made their first contribution in aws/aws-secretsmanager-caching-java#160
• @​ThirdEyeSqueegee made their first contribution in aws/aws-secretsmanager-caching-java#167

Full Changelog: aws/aws-secretsmanager-caching-java@2.0.0...2.1.0

Commits

• da07f3f Update to 2.1.0 (#173)
• db8a853 fix: use OIDC for Codecov (#167)
• b85d5e2 Bump actions/checkout from 4 to 5 (#165)
• f96ed11 Bump actions/setup-java from 4 to 5 (#166)
• bd10a5a Use Codecov token (#164)
• 498b441 Central Portal Migration (#161)
• 47861e2 Decreasing default sleep time for refreshNow() calls, sleep time now … (#160)
• 6a1e61d Bump the dev-dependencies group across 1 directory with 2 updates (#149)
• b1b6dc6 Bump actions/checkout from 3 to 4 (#103)
• b6534e3 Bump github/codeql-action from 2 to 3 (#120)
• Additional commits viewable in compare view

Updates software.amazon.awssdk:secretsmanager from 2.34.2 to 2.40.3

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.9.6 to 4.9.8

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.9.8

SpotBugs 4.9.8

CHANGELOG

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.8-javadoc.jar	06fb742e3170087983c5855d7d8d846d7cdab9badfdf4b3564b424deb1dc0b28
spotbugs-4.9.8-sources.jar	cbee8358dd239e81fdcf37c32d1e6bedf148d25638b0c8d1b687d97c3061ecd9
spotbugs-4.9.8.tgz	2eb8e0f2b223c22ffa2ce0c1cf1be4127dde19d240b8f7ce69a5fd3ad5c36ff3
spotbugs-4.9.8.zip	e13d476403cf69074f415e35ebcc2f865f7a1ea444c1e659516bc0260e74dfa5
spotbugs-annotations-4.9.8-javadoc.jar	aecf15bb27a4d067e9b5a1c85b5d3aeefc5026a66e93040995804662e285d679
spotbugs-annotations-4.9.8-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
spotbugs-ant-4.9.8-javadoc.jar	025b2fb90e089dab1875068397736003bbf9e66bcac287ecb9e512dd0d387748
spotbugs-ant-4.9.8-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	4469bc080afe7cd2290a20bf63e28392b80abcc7c7ace33c8f55da52a17c7ca5
test-harness-4.9.8-javadoc.jar	81677f77441af941613c99a4f04b3cb2f6b1950be589afdec03905d8e2917824
test-harness-4.9.8-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.8.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.8-javadoc.jar	e3e64a5fd96be16eec8b832e87da703e5eae910b3abd7bda9ff81a10363e5c7f
test-harness-core-4.9.8-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.9.8.jar	4e439df3b499660d91a659d7c523fcdc4945c932dfc7fee68e796193f9dff6bb
test-harness-jupiter-4.9.8-javadoc.jar	ae8ddee06796757be0526af1adf5969fbc149c0cf83542e6641405e69a044496
test-harness-jupiter-4.9.8-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.9.8.jar	9e1bc39da08c6c80091f34f1fd92ec092109d0cdfd8009910bc22772df06eea7

4.9.7

SpotBugs 4.9.7

CHANGELOG

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.8 - 2025-10-18

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

4.9.7 - 2025-10-14

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

• Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

Commits

• c1fa7f2 release v4.9.8
• 023f8dd fix(deps): update dependency org.apache.groovy:groovy-all to v5.0.2 (#3782)
• 423f1d1 Unconditional while loops no raising IL_INFINITE_LOOP (#3537)
• 9125bee Fix priority adjustment code
• 183da6c fix(deps): update dependency org.springframework:spring-core to v6.2.12 (#3779)
• a499f2e chore(deps): update dependency com.diffplug.gradle:goomph to v4.4.1 (#3776)
• b339bc1 Unconditionally initialize PriorityAdjuster for AbstractBugReporter
• 96891fe chore(deps): update plugin com.github.spotbugs to v6.4.3 (#3773)
• a3667d7 chore(docs): Updated supported versions
• 333a96a prepare for next release
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.6.0 to 4.9.8.2

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.8.2

• Fixed generate site reports to include all site variations, thanks to @​bradleylarrick
• Add support for source jar/zip, thanks to @​cortlepp

Spotbugs Maven Plugin 4.9.8.1

Bug fix with SpotbugsInfo.EOF error (was meant to be SpotbugsInfo.EOL).

Spotbugs Maven Plugin 4.9.8.0

Bug fix release supporting spotbugs 4.9.8.

Spotbugs Maven Plugin 4.9.7.0

• Supports 4.9.7 of spotbugs
• Build updates
• Fixes spotbugs/spotbugs-maven-plugin#1215

Commits

• a03feda [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.2
• 1c8063d [gha] Update actions
• f59d628 Merge pull request #1265 from spotbugs/renovate/actions-checkout-6.x
• 1c232fb chore(deps): update actions/checkout action to v6
• 436be13 Merge pull request #1263 from spotbugs/renovate/actions-checkout-digest
• 0708203 Merge pull request #1264 from spotbugs/renovate/github-codeql-action-digest
• fcd2d1b chore(deps): update github/codeql-action digest to e12f017
• 7c54b5b chore(deps): update actions/checkout digest to 93cb6ef
• 79d724e Merge pull request #1262 from spotbugs/renovate/lang3.version
• b9bbed3 fix(deps): update dependency org.apache.commons:commons-lang3 to v3.20.0
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

• JaCoCo now officially supports Java 25 (GitHub #1950).
• Experimental support for Java 26 class files (GitHub #1870).
• Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).
• Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).
• Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).
• Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).
• Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).
• Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).
• Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).
• Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

• Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).
• Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

• JaCoCo now depends on ASM 9.9 (GitHub #1965).

Commits

• 2eb2483 Prepare release v0.8.14
• de76181 KotlinSerializableFilter should filter more methods (#1971)
• 89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
• 0981128 Migrate release staging to the Central Publisher Portal (#1968)
• d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
• 5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
• c2fe5cc Upgrade ASM to 9.9 (#1965)
• b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
• c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
• faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.24%. Comparing base (36d50e2) to head (56ff0e8).

Additional details and impacted files

@@            Coverage Diff            @@
##                 v2     #307   +/-   ##
=========================================
  Coverage     82.24%   82.24%           
  Complexity      143      143           
=========================================
  Files            12       12           
  Lines           366      366           
  Branches         45       45           
=========================================
  Hits            301      301           
  Misses           58       58           
  Partials          7        7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dependabot]

Sorry, only users with push access can use that command.