Improved: Bump minor versions of dependencies

| Package | From | To |
| --- | --- | --- |
| com.gradle.develocity | `3.18.2` | `3.19.2` |
| com.gradle.common-custom-user-data-gradle-plugin | `2.0.2` | `2.4.0` |
|
[com.github.ben-manes.caffeine:caffeine](https://github.com/ben-manes/caffeine)
| `3.1.8` | `3.2.3` | |
[com.google.guava:guava](https://github.com/google/guava) | `33.3.1-jre`
| `33.5.0-jre` | |
[com.google.zxing:core](https://github.com/zxing/zxing) | `3.5.3` |
`3.5.4` | |
[com.googlecode.ez-vcard:ez-vcard](https://github.com/mangstadt/ez-vcard)
| `0.12.1` | `0.12.2` | |
[com.googlecode.libphonenumber:libphonenumber](https://github.com/google/libphonenumber)
| `8.13.52` | `8.13.55` | | com.github.librepdf:openpdf | `1.3.43` |
`1.4.2` | |
[commons-cli:commons-cli](https://github.com/apache/commons-cli) |
`1.5.0` | `1.11.0` | |
[commons-net:commons-net](https://github.com/apache/commons-net) |
`3.11.1` | `3.13.0` | |
[commons-validator:commons-validator](https://github.com/apache/commons-validator)
| `1.9.0` | `1.10.1` | |
[net.lingala.zip4j:zip4j](https://github.com/srikanth-lingala/zip4j) |
`2.11.5` | `2.11.6` | | org.apache.commons:commons-collections4 | `4.4`
| `4.5.0` | |
[org.apache.commons:commons-csv](https://github.com/apache/commons-csv)
| `1.12.0` | `1.14.1` | | org.apache.commons:commons-dbcp2 | `2.13.0` |
`2.14.0` | | org.apache.commons:commons-text | `1.12.0` | `1.14.1` | |
org.apache.logging.log4j:log4j-api | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-core | `2.24.2` | `2.25.3` | |
org.apache.poi:poi | `5.3.0` | `5.5.1` |
| org.apache.pdfbox:pdfbox | `3.0.5` | `3.0.7` |
| org.apache.pdfbox:pdfbox-io | `3.0.5` | `3.0.7` | |
org.apache.shiro:shiro-crypto-cipher | `2.0.2` | `2.1.0` | |
[org.apache.sshd:sshd-core](https://github.com/apache/mina-sshd) |
`2.14.0` | `2.17.1` | |
[org.apache.sshd:sshd-sftp](https://github.com/apache/mina-sshd) |
`2.14.0` | `2.17.1` | |
[org.apache.tika:tika-core](https://github.com/apache/tika) | `3.2.3` |
`3.3.0` | |
[org.apache.tika:tika-parsers](https://github.com/apache/tika) | `3.2.3`
| `3.3.0` | | org.apache.tika:tika-parser-pdf-module | `3.2.3` | `3.3.0`
| | org.apache.cxf:cxf-rt-frontend-jaxrs | `4.1.3` | `4.2.0` | |
org.apache.tomcat:tomcat-catalina-ha | `10.1.52` | `10.1.53` | |
org.apache.tomcat:tomcat-jasper | `10.1.52` | `10.1.53` | |
org.apache.xmlgraphics:batik-anim | `1.18` | `1.19` | |
org.apache.xmlgraphics:batik-util | `1.18` | `1.19` | |
org.apache.xmlgraphics:batik-bridge | `1.18` | `1.19` | |
[org.clojure:clojure](https://github.com/clojure/clojure) | `1.12.0` |
`1.12.4` | |
[org.apache.groovy:groovy-all](https://github.com/apache/groovy) |
`5.0.0-alpha-11` | `5.0.4` | |
[org.owasp.esapi:esapi](https://github.com/ESAPI/esapi-java-legacy) |
`2.6.0.0` | `2.7.0.0` | |
[org.springframework:spring-test](https://github.com/spring-projects/spring-framework)
| `6.1.16` | `6.2.17` | |
[com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson)
| `2.18.2` | `2.21.2` | |
[com.auth0:java-jwt](https://github.com/auth0/java-jwt) | `4.4.0` |
`4.5.1` | | [com.auth0:jwks-rsa](https://github.com/auth0/jwks-rsa-java)
| `0.22.2` | `0.23.0` | |
[com.google.re2j:re2j](https://github.com/google/re2j) | `1.7` | `1.8` |
|
[org.mustangproject:library](https://github.com/ZUGFeRD/mustangproject)
| `2.8.0` | `2.22.0` | |
[org.mockito:mockito-core](https://github.com/mockito/mockito) |
`5.14.2` | `5.23.0` | |
[org.jmockit:jmockit](https://github.com/jmockit/jmockit1) | `1.49` |
`1.50` | | org.apache.derby:derby | `10.16.1.1` | `10.17.1.0` | |
org.apache.derby:derbytools | `10.16.1.1` | `10.17.1.0` | |
org.apache.logging.log4j:log4j-1.2-api | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-jul | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-slf4j-impl | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-web | `2.24.2` | `2.25.3` | |
org.apache.logging.log4j:log4j-jcl | `2.24.2` | `2.25.3` | |
[org.codenarc:CodeNarc](https://github.com/CodeNarc/CodeNarc) |
`3.6.0-groovy-4.0` | `3.7.0-groovy-4.0` | |
org.apache.james:apache-mime4j-core | `0.8.10` | `0.8.13` | |
[org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) |
`1.78` | `1.83` | |
[org.testng:testng](https://github.com/testng-team/testng) | `7.7.0` |
`7.12.0` | | [gradle-wrapper](https://github.com/gradle/gradle) | `8.8`
| `8.14.4` |

Updates `com.gradle.develocity` from 3.18.2 to 3.19.2

Updates `com.gradle.common-custom-user-data-gradle-plugin` from 2.0.2 to
2.4.0

Updates `com.github.ben-manes.caffeine:caffeine` from 3.1.8 to 3.2.3
- [Release notes](https://github.com/ben-manes/caffeine/releases)
- [Commits](ben-manes/caffeine@v3.1.8...v3.2.3)

Updates `com.google.guava:guava` from 33.3.1-jre to 33.5.0-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `com.google.zxing:core` from 3.5.3 to 3.5.4
- [Release notes](https://github.com/zxing/zxing/releases)
- [Changelog](https://github.com/zxing/zxing/blob/master/CHANGES)
- [Commits](zxing/zxing@zxing-3.5.3...zxing-3.5.4)

Updates `com.googlecode.ez-vcard:ez-vcard` from 0.12.1 to 0.12.2
- [Commits](mangstadt/ez-vcard@0.12.1...0.12.2)

Updates `com.googlecode.libphonenumber:libphonenumber` from 8.13.52 to
8.13.55
- [Release notes](https://github.com/google/libphonenumber/releases)
-
[Changelog](https://github.com/google/libphonenumber/blob/master/release_notes.txt)
- [Commits](google/libphonenumber@v8.13.52...v8.13.55)

Updates `com.github.librepdf:openpdf` from 1.3.43 to 1.4.2

Updates `commons-cli:commons-cli` from 1.5.0 to 1.11.0
-
[Changelog](https://github.com/apache/commons-cli/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-cli@commons-cli-1.5.0...rel/commons-cli-1.11.0)

Updates `commons-net:commons-net` from 3.11.1 to 3.13.0
-
[Changelog](https://github.com/apache/commons-net/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-net@rel/commons-net-3.11.1...rel/commons-net-3.13.0)

Updates `commons-validator:commons-validator` from 1.9.0 to 1.10.1
-
[Changelog](https://github.com/apache/commons-validator/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-validator@rel/commons-validator-1.9.0...rel/commons-validator-1.10.1)

Updates `net.lingala.zip4j:zip4j` from 2.11.5 to 2.11.6
- [Release notes](https://github.com/srikanth-lingala/zip4j/releases)
- [Commits](srikanth-lingala/zip4j@v2.11.5...v2.11.6)

Updates `org.activiti:activiti-juel-jakarta` from 8.1.0 to 8.8.0

Updates `org.apache.commons:commons-collections4` from 4.4 to 4.5.0

Updates `org.apache.commons:commons-csv` from 1.12.0 to 1.14.1
-
[Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt)
-
[Commits](apache/commons-csv@rel/commons-csv-1.12.0...rel/commons-csv-1.14.1)

Updates `org.apache.commons:commons-dbcp2` from 2.13.0 to 2.14.0

Updates `org.apache.commons:commons-imaging` from 1.0-alpha3 to
1.0.0-alpha6

Updates `org.apache.commons:commons-text` from 1.12.0 to 1.14.1

Updates `org.apache.logging.log4j:log4j-api` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-core` from 2.24.2 to 2.25.3

Updates `org.apache.poi:poi` from 5.3.0 to 5.5.1

Updates `org.apache.pdfbox:pdfbox` from 3.0.5 to 3.0.7

Updates `org.apache.pdfbox:pdfbox-io` from 3.0.5 to 3.0.7

Updates `org.apache.shiro:shiro-crypto-cipher` from 2.0.2 to 2.1.0

Updates `org.apache.sshd:sshd-core` from 2.14.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
-
[Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/mina-sshd@sshd-2.14.0...sshd-2.17.1)

Updates `org.apache.sshd:sshd-sftp` from 2.14.0 to 2.17.1
- [Release notes](https://github.com/apache/mina-sshd/releases)
-
[Changelog](https://github.com/apache/mina-sshd/blob/master/CHANGES.md)
- [Commits](apache/mina-sshd@sshd-2.14.0...sshd-2.17.1)

Updates `org.apache.tika:tika-core` from 3.2.3 to 3.3.0
- [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt)
- [Commits](apache/tika@3.2.3...3.3.0)

Updates `org.apache.tika:tika-parsers` from 3.2.3 to 3.3.0
- [Changelog](https://github.com/apache/tika/blob/main/CHANGES.txt)
- [Commits](apache/tika@3.2.3...3.3.0)

Updates `org.apache.tika:tika-parser-pdf-module` from 3.2.3 to 3.3.0

Updates `org.apache.cxf:cxf-rt-frontend-jaxrs` from 4.1.3 to 4.2.0

Updates `org.apache.tomcat:tomcat-catalina-ha` from 10.1.52 to 10.1.53

Updates `org.apache.tomcat:tomcat-jasper` from 10.1.52 to 10.1.53

Updates `org.apache.xmlgraphics:batik-anim` from 1.18 to 1.19

Updates `org.apache.xmlgraphics:batik-util` from 1.18 to 1.19

Updates `org.apache.xmlgraphics:batik-bridge` from 1.18 to 1.19

Updates `org.clojure:clojure` from 1.12.0 to 1.12.4
- [Changelog](https://github.com/clojure/clojure/blob/master/changes.md)
- [Commits](clojure/clojure@clojure-1.12.0...clojure-1.12.4)

Updates `org.apache.groovy:groovy-all` from 5.0.0-alpha-11 to 5.0.4
- [Commits](https://github.com/apache/groovy/commits)

Updates `org.owasp.esapi:esapi` from 2.6.0.0 to 2.7.0.0
- [Release notes](https://github.com/ESAPI/esapi-java-legacy/releases)
- [Commits](ESAPI/esapi-java-legacy@esapi-2.6.0.0...esapi-2.7.0.0)

Updates `org.springframework:spring-test` from 6.1.16 to 6.2.17
- [Release
notes](https://github.com/spring-projects/spring-framework/releases)
- [Commits](spring-projects/spring-framework@v6.1.16...v6.2.17)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.2 to
2.21.2
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.auth0:java-jwt` from 4.4.0 to 4.5.1
- [Release notes](https://github.com/auth0/java-jwt/releases)
-
[Changelog](https://github.com/auth0/java-jwt/blob/master/CHANGELOG.md)
- [Commits](auth0/java-jwt@4.4.0...4.5.1)

Updates `com.auth0:jwks-rsa` from 0.22.2 to 0.23.0
- [Release notes](https://github.com/auth0/jwks-rsa-java/releases)
-
[Changelog](https://github.com/auth0/jwks-rsa-java/blob/master/CHANGELOG.md)
- [Commits](auth0/jwks-rsa-java@0.22.2...0.23.0)

Updates `com.google.re2j:re2j` from 1.7 to 1.8
- [Release notes](https://github.com/google/re2j/releases)
- [Commits](google/re2j@re2j-1.7...re2j-1.8)

Updates `org.mustangproject:library` from 2.8.0 to 2.22.0
- [Release notes](https://github.com/ZUGFeRD/mustangproject/releases)
-
[Changelog](https://github.com/ZUGFeRD/mustangproject/blob/master/History.md)
- [Commits](ZUGFeRD/mustangproject@core-2.8.0...core-2.22.0)

Updates `org.mockito:mockito-core` from 5.14.2 to 5.23.0
- [Release notes](https://github.com/mockito/mockito/releases)
- [Commits](mockito/mockito@v5.14.2...v5.23.0)

Updates `org.jmockit:jmockit` from 1.49 to 1.50
- [Commits](https://github.com/jmockit/jmockit1/commits)

Updates `org.apache.logging.log4j:log4j-1.2-api` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-jul` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-slf4j-impl` from 2.24.2 to
2.25.3

Updates `org.apache.logging.log4j:log4j-web` from 2.24.2 to 2.25.3

Updates `org.apache.logging.log4j:log4j-jcl` from 2.24.2 to 2.25.3

Updates `org.codenarc:CodeNarc` from 3.6.0-groovy-4.0 to
3.7.0-groovy-4.0
- [Release notes](https://github.com/CodeNarc/CodeNarc/releases)
-
[Changelog](https://github.com/CodeNarc/CodeNarc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/CodeNarc/CodeNarc/commits)

Updates `org.apache.james:apache-mime4j-core` from 0.8.10 to 0.8.13

Updates `org.bouncycastle:bcprov-jdk18on` from 1.78 to 1.83
-
[Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.testng:testng` from 7.7.0 to 7.12.0
- [Release notes](https://github.com/testng-team/testng/releases)
-
[Changelog](https://github.com/testng-team/testng/blob/master/CHANGES.txt)
- [Commits](testng-team/testng@7.7.0...7.12.0)

Updates `gradle-wrapper` from 8.8 to 8.14.4
- [Release notes](https://github.com/gradle/gradle/releases)
- [Commits](gradle/gradle@v8.8.0...v8.14.4)

---
updated-dependencies:
- dependency-name: com.gradle.develocity dependency-version: 3.19.2
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.gradle.common-custom-user-data-gradle-plugin
dependency-version: 2.4.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.github.ben-manes.caffeine:caffeine
dependency-version: 3.2.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.google.guava:guava dependency-version: 33.5.0-jre
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.google.zxing:core dependency-version: 3.5.4
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: com.googlecode.ez-vcard:ez-vcard dependency-version:
0.12.2 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: com.googlecode.libphonenumber:libphonenumber
dependency-version: 8.13.55 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: com.github.librepdf:openpdf dependency-version: 1.4.2
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-cli:commons-cli dependency-version: 1.11.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-net:commons-net dependency-version: 3.13.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: commons-validator:commons-validator
dependency-version: 1.10.1 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: net.lingala.zip4j:zip4j dependency-version: 2.11.6
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.activiti:activiti-juel-jakarta
dependency-version: 8.8.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.commons:commons-collections4
dependency-version: 4.5.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.commons:commons-csv dependency-version:
1.14.1 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-dbcp2 dependency-version:
2.14.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-imaging
dependency-version: 1.0.0-alpha6 dependency-type: direct:production
dependency-group: all-dependencies
- dependency-name: org.apache.commons:commons-text dependency-version:
1.14.1 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-api
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-core
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.poi:poi dependency-version: 5.5.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.pdfbox:pdfbox dependency-version: 3.0.7
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.pdfbox:pdfbox-io dependency-version: 3.0.7
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.shiro:shiro-crypto-cipher
dependency-version: 2.1.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.sshd:sshd-core dependency-version: 2.17.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.sshd:sshd-sftp dependency-version: 2.17.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-core dependency-version: 3.3.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parsers dependency-version:
3.3.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.tika:tika-parser-pdf-module
dependency-version: 3.3.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.cxf:cxf-rt-frontend-jaxrs
dependency-version: 4.2.0 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.tomcat:tomcat-catalina-ha
dependency-version: 10.1.53 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: org.apache.tomcat:tomcat-jasper dependency-version:
10.1.53 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-anim dependency-version:
'1.19' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-util dependency-version:
'1.19' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.xmlgraphics:batik-bridge
dependency-version: '1.19' dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.clojure:clojure dependency-version: 1.12.4
dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.apache.groovy:groovy-all dependency-version:
5.0.4 dependency-type: direct:production update-type:
version-update:semver-patch dependency-group: all-dependencies
- dependency-name: org.owasp.esapi:esapi dependency-version: 2.7.0.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.springframework:spring-test dependency-version:
6.2.17 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.fasterxml.jackson.core:jackson-databind
dependency-version: 2.21.2 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: com.auth0:java-jwt dependency-version: 4.5.1
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.auth0:jwks-rsa dependency-version: 0.23.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: com.google.re2j:re2j dependency-version: '1.8'
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.mustangproject:library dependency-version: 2.22.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.mockito:mockito-core dependency-version: 5.23.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.jmockit:jmockit dependency-version: '1.50'
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.derby:derby dependency-version: 10.17.1.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.derby:derbytools dependency-version:
10.17.1.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-1.2-api
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jul
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-slf4j-impl
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-web
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.apache.logging.log4j:log4j-jcl
dependency-version: 2.25.3 dependency-type: direct:production
update-type: version-update:semver-minor dependency-group:
all-dependencies
- dependency-name: org.codenarc:CodeNarc dependency-version:
3.7.0-groovy-4.0 dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.apache.james:apache-mime4j-core
dependency-version: 0.8.13 dependency-type: direct:production
update-type: version-update:semver-patch dependency-group:
all-dependencies
- dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version:
'1.83' dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: org.testng:testng dependency-version: 7.12.0
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies
- dependency-name: gradle-wrapper dependency-version: 8.14.4
dependency-type: direct:production update-type:
version-update:semver-minor dependency-group: all-dependencies ...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: jacopoc

dependencies.gradle

@@ -18,76 +18,76 @@
  */
 dependencies {
     implementation 'com.drewnoakes:metadata-extractor:2.19.0'
-    implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
-    implementation 'com.google.guava:guava:33.3.1-jre'
-    implementation 'com.google.zxing:core:3.5.3'
+    implementation 'com.github.ben-manes.caffeine:caffeine:3.2.3'
+    implementation 'com.google.guava:guava:33.5.0-jre'
+    implementation 'com.google.zxing:core:3.5.4'
     implementation 'com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru:1.4.2'
-    implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.1'
+    implementation 'com.googlecode.ez-vcard:ez-vcard:0.12.2'
     implementation 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:20240325.1'
-    implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.52'
+    implementation 'com.googlecode.libphonenumber:libphonenumber:8.13.55'
     implementation 'com.ibm.icu:icu4j:76.1'
-    implementation 'com.github.librepdf:openpdf:1.3.43' // This is the last version with com.lowagie.text that is used (only) by PdfSurveyServices class.
+    implementation 'com.github.librepdf:openpdf:1.4.2' // This is the last version with com.lowagie.text that is used (only) by PdfSurveyServices class.
     implementation 'com.sun.mail:javax.mail:1.6.2'
     implementation 'com.rometools:rome:2.1.0'
     implementation 'com.thoughtworks.xstream:xstream:1.4.21'
-    implementation 'commons-cli:commons-cli:1.5.0' // with 1.6.0, 2 tests of OfbizStartupUnitTests don't pass
-    implementation 'commons-net:commons-net:3.11.1'
-    implementation 'commons-validator:commons-validator:1.9.0'
+    implementation 'commons-cli:commons-cli:1.11.0'
+    implementation 'commons-net:commons-net:3.13.0'
+    implementation 'commons-validator:commons-validator:1.10.1'
     implementation 'javax.transaction:javax.transaction-api:1.3'
     implementation 'net.fortuna.ical4j:ical4j:1.0-rc4-atlassian-12'
-    implementation 'net.lingala.zip4j:zip4j:2.11.5'
+    implementation 'net.lingala.zip4j:zip4j:2.11.6'
     implementation 'org.activiti:activiti-juel-jakarta:8.1.0'
     implementation 'org.apache.ant:ant-junit:1.10.15'
-    implementation 'org.apache.commons:commons-collections4:4.4'
-    implementation 'org.apache.commons:commons-csv:1.12.0'
-    implementation 'org.apache.commons:commons-dbcp2:2.13.0'
+    implementation 'org.apache.commons:commons-collections4:4.5.0'
+    implementation 'org.apache.commons:commons-csv:1.14.1'
+    implementation 'org.apache.commons:commons-dbcp2:2.14.0'
     implementation 'org.apache.commons:commons-fileupload2-jakarta:2.0.0-M1'
     implementation 'org.apache.commons:commons-imaging:1.0-alpha3' // Alpha but OK, "Imaging was working and was used by a number of projects in production even before reaching its initial release as an Apache Commons component." Since 1.0.0-alpha4 (note the use of semver) the API has changed. Better wait an "official release" to rewrite OFBiz code...
-    implementation 'org.apache.commons:commons-text:1.12.0'
+    implementation 'org.apache.commons:commons-text:1.15.0'
     implementation 'org.apache.geronimo.components:geronimo-transaction:3.1.5' // 4.0.0 does not compile
     implementation 'org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1'
     implementation 'org.apache.httpcomponents:httpclient-cache:4.5.14'
-    implementation 'org.apache.logging.log4j:log4j-api:2.24.2' // the API of log4j 2
-    implementation 'org.apache.logging.log4j:log4j-core:2.24.2' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
-    implementation 'org.apache.poi:poi:5.3.0'
-    implementation 'org.apache.pdfbox:pdfbox:3.0.5'
-    implementation 'org.apache.pdfbox:pdfbox-io:3.0.5'
+    implementation 'org.apache.logging.log4j:log4j-api:2.25.3' // the API of log4j 2
+    implementation 'org.apache.logging.log4j:log4j-core:2.25.3' // Somehow needed by Buildbot to compile OFBizDynamicThresholdFilter.java
+    implementation 'org.apache.poi:poi:5.5.1'
+    implementation 'org.apache.pdfbox:pdfbox:3.0.7'
+    implementation 'org.apache.pdfbox:pdfbox-io:3.0.7'
     implementation 'org.apache.shiro:shiro-core:1.13.0' // Got "Exception in thread "main" java.lang.UnsupportedOperationException: Cannot create a hash with the given algorithm: argon2" with 2.0.2 in integration tests
-    implementation 'org.apache.shiro:shiro-crypto-cipher:2.0.2'
-    implementation 'org.apache.sshd:sshd-core:2.14.0'
-    implementation 'org.apache.sshd:sshd-sftp:2.14.0'
-    implementation 'org.apache.tika:tika-core:3.2.3'
-    implementation 'org.apache.tika:tika-parsers:3.2.3'
-    implementation 'org.apache.tika:tika-parser-pdf-module:3.2.3'
-    implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:4.1.3'
-    implementation 'org.apache.tomcat:tomcat-catalina-ha:10.1.52' // Remember to change the version number (10 now) in javadoc block if needed.
-    implementation 'org.apache.tomcat:tomcat-jasper:10.1.52'
+    implementation 'org.apache.shiro:shiro-crypto-cipher:2.1.0'
+    implementation 'org.apache.sshd:sshd-core:2.17.1'
+    implementation 'org.apache.sshd:sshd-sftp:2.17.1'
+    implementation 'org.apache.tika:tika-core:3.3.0'
+    implementation 'org.apache.tika:tika-parsers:3.3.0'
+    implementation 'org.apache.tika:tika-parser-pdf-module:3.3.0'
+    implementation 'org.apache.cxf:cxf-rt-frontend-jaxrs:4.2.0'
+    implementation 'org.apache.tomcat:tomcat-catalina-ha:10.1.53' // Remember to change the version number (10 now) in javadoc block if needed.
+    implementation 'org.apache.tomcat:tomcat-jasper:10.1.53'
     implementation 'org.apache.axis2:axis2-kernel:1.8.2'
-    implementation 'org.apache.xmlgraphics:batik-anim:1.18'
-    implementation 'org.apache.xmlgraphics:batik-util:1.18'
-    implementation 'org.apache.xmlgraphics:batik-bridge:1.18'
-    implementation 'org.apache.xmlgraphics:fop:2.11' // NOTE: since 2.4 dependencies are messed up. See https://github.com/moqui/moqui-fop/blob/master/build.gradle
-    implementation 'org.clojure:clojure:1.12.0'
-    implementation 'org.apache.groovy:groovy-all:5.0.0-alpha-11'
+    implementation 'org.apache.xmlgraphics:batik-anim:1.19'
+    implementation 'org.apache.xmlgraphics:batik-util:1.19'
+    implementation 'org.apache.xmlgraphics:batik-bridge:1.19'
+    implementation 'org.apache.xmlgraphics:fop:2.11'
+    implementation 'org.clojure:clojure:1.12.4'
+    implementation 'org.apache.groovy:groovy-all:5.0.4'
     implementation 'org.freemarker:freemarker:2.3.34' // Remember to change the version number in FreeMarkerWorker class when upgrading. See OFBIZ-10019 if >= 2.4
-    implementation 'org.owasp.esapi:esapi:2.6.0.0'
-    implementation 'org.springframework:spring-test:6.1.16'
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2'
+    implementation 'org.owasp.esapi:esapi:2.7.0.0'
+    implementation 'org.springframework:spring-test:6.2.17'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.21.2'
     implementation 'oro:oro:2.0.8'
     implementation 'wsdl4j:wsdl4j:1.6.3'
-    implementation 'com.auth0:java-jwt:4.4.0'
-    implementation 'com.auth0:jwks-rsa:0.22.2'
+    implementation 'com.auth0:java-jwt:4.5.1'
+    implementation 'com.auth0:jwks-rsa:0.23.0'
     implementation 'org.jdom:jdom2:2.0.6.1'
-    implementation 'com.google.re2j:re2j:1.7'
+    implementation 'com.google.re2j:re2j:1.8'
     implementation 'xerces:xercesImpl:2.12.2'
-    implementation('org.mustangproject:library:2.8.0') { // 2.10.0 did not work, cf. OFBIZ-12920 (https://github.com/apache/ofbiz-framework/pull/712#issuecomment-1968960963)
+    implementation('org.mustangproject:library:2.22.0') {
       exclude group: 'pull-parser', module: 'pull-parser'
       exclude group: 'xpp3', module: 'xpp3'
     }
 
     testImplementation 'org.hamcrest:hamcrest-library:2.2' // Enable junit4 to not depend on hamcrest-1.3
-    testImplementation 'org.mockito:mockito-core:5.14.2'
-    testImplementation 'org.jmockit:jmockit:1.49'
+    testImplementation 'org.mockito:mockito-core:5.23.0'
+    testImplementation 'org.jmockit:jmockit:1.50'
     testImplementation 'com.pholser:junit-quickcheck-generators:1.0'
 
     runtimeOnly 'javax.xml.soap:javax.xml.soap-api:1.4.0'
@@ -99,24 +99,24 @@ dependencies {
     runtimeOnly 'org.apache.derby:derby:10.16.1.1' // 10.17.x.x requires Java 21
     runtimeOnly 'org.apache.derby:derbytools:10.16.1.1' // 10.17.x.x requires Java 21
     runtimeOnly 'org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec:2.1'
-    runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.24.2' // for external jars using the old log4j1.2: routes logging to log4j 2
-    runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.24.2' // for external jars using the java.util.logging: routes logging to log4j 2
-    runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.24.2' // for external jars using slf4j: routes logging to log4j 2
-    runtimeOnly 'org.apache.logging.log4j:log4j-web:2.24.2' //???
-    runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.24.2' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
+    runtimeOnly 'org.apache.logging.log4j:log4j-1.2-api:2.25.3' // for external jars using the old log4j1.2: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-jul:2.25.3' // for external jars using the java.util.logging: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-slf4j-impl:2.25.3' // for external jars using slf4j: routes logging to log4j 2
+    runtimeOnly 'org.apache.logging.log4j:log4j-web:2.25.3' //???
+    runtimeOnly 'org.apache.logging.log4j:log4j-jcl:2.25.3' // need to constrain to version to avoid classpath conflict (ReflectionUtil)
 
     // specify last codenarc version for java 17 compliance
-    codenarc('org.codenarc:CodeNarc:3.6.0-groovy-4.0')
+    codenarc('org.codenarc:CodeNarc:3.7.0-groovy-4.0')
 
     // use constraints to update transitive dependencies
     constraints {
-        implementation('org.apache.james:apache-mime4j-core:0.8.10') {
+        implementation('org.apache.james:apache-mime4j-core:0.8.13') {
             because 'CVE-2024-21742'
         }
-        implementation('org.bouncycastle:bcprov-jdk18on:1.78') {
+        implementation('org.bouncycastle:bcprov-jdk18on:1.83') {
             because 'CVE-2024-29857, CVE-2024-30171, CVE-2024-30172, CVE-2024-34447'
         }
-        implementation('org.testng:testng:7.7.0') {
+        implementation('org.testng:testng:7.12.0') {
             because 'CVE-2022-4065'
         }
     }

gradle/wrapper/gradle-wrapper.jar

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.4-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.properties

@@ -18,8 +18,8 @@
  */
 
 plugins {
-    id 'com.gradle.develocity' version '3.18.2'
-    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.0.2'
+    id 'com.gradle.develocity' version '3.19.2'
+    id 'com.gradle.common-custom-user-data-gradle-plugin' version '2.4.0'
 }
 
 def isCI = System.getenv('GITHUB_ACTIONS') != null