Bump the maven-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the maven-dependencies group with 3 updates in the / directory: com.google.protobuf:protobuf-bom, io.projectreactor:reactor-test and org.apache.httpcomponents.client5:httpclient5.

Updates com.google.protobuf:protobuf-bom from 4.30.2 to 4.31.0

Commits

• 3d4adad Updating version.json and repo version numbers to: 31.0
• 0fad924 Merge pull request #21743 from shaod2/31-cp
• aa5410d Remove fast-path check for non-clang compilers in MessageCreator.
• 0cf5489 Fix silent failure of rb_test rules to run test (#21733)
• d390631 Add missing include.
• 01b42bb Cherry-pick Rust fix to 31.x (#21617)
• ac2bbec Merge pull request #21546 from protocolbuffers/31.x-202504301807
• ca59567 Updating version.json and repo version numbers to: 31.0-dev
• 4f81598 Updating version.json and repo version numbers to: 31.0-rc2
• 1fb0d06 Cherry pick import option for protoc (#21489)
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.7.5 to 3.7.6

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.7.6

Reactor Core 3.7.6 is part of 2024.0.6 Release Train.

What's Changed

✨ New features and improvements

• Bump byteBuddyVersion from 1.17.2 to 1.17.5 by @​dependabot in reactor/reactor-core#4018
• Depend on Micrometer 1.14.7 by @​chemicL in 90909e5010215daca84433d5679eb7705276c3d7
• Depend on Micrometer Tracing 1.4.6 by @​chemicL in 90909e5010215daca84433d5679eb7705276c3d7

Full Changelog: reactor/reactor-core@v3.7.5...v3.7.6

Commits

• 90909e5 [release] Prepare and release 3.7.6
• bca63aa Merge-ignore release 3.6.17 into 3.7.6
• 264d689 [release] Next development version 3.6.18-SNAPSHOT
• 220fb6e [release] Prepare and release 3.6.17
• 4ae9adf Merge #4018 into 3.7.6
• c212a95 Bump byteBuddyVersion from 1.17.2 to 1.17.5 (#4018)
• b6e024d Merge #4021 into 3.7.6
• 945d52c Bump org.junit:junit-bom from 5.12.0 to 5.12.2 (#4021)
• 905295d Merge #4022 into 3.7.6
• 0531066 Bump actions/setup-java from 4.7.0 to 4.7.1 in /.github/workflows (#4022)
• Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.4 to 5.5

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.5

This is the first GA release in the 5.5 release series. This release finalizes the 5.5 APIs and adds several experimental features and improvements, such as request multiplexing over a shared HTTP/2 connection and the Classic API facade acting as a compatibility bridge between classic I/O client services and the asynchronous message transport used internally.

Notable changes and features included in the 5.5 series:

• Improved conformance to RFC 7616 (HTTP Digest Access Authentication).

• The connection pool implementation acts as a caching facade in front of a standard managed connection pool and shares already leased connections to multiplex message exchanges over active HTTP/2 connections. Experimental.

• Extended Auth API and improved authentication protocol logic to support mutual authentication.

• The Classic API facade now acts as a compatibility bridge between the classic I/O client services (based on the standard InputStream / OutputStream model) and the asynchronous message transport used internally. This is experimental.

• HTTP/2 support for the Fluent Facade (via Classic API facade). This is experimental.

Compatibility notes:

• As of this release, HttpClient does not automatically execute redirects if the original request manually added headers that are considered sensitive.

Change Log

• HTTPCLIENT-2367: Fixed NPE in InternalAbstractHttpAsyncClient by adding a null check for resolvedTarget (#634). Contributed by Arturo Bernal

• Fixed case of Cookie#HTTP_ONLY_ATTR Contributed by Finn Petersen fp7@posteo.net

• Simplified ProtocolSwitchStrategy by leveraging ProtocolVersionParser (#627). Contributed by Arturo Bernal

• HTTPCLIENT-2364: Fixed incorrect re-binding of the upgraded SSL socket to the HTTP connection by the #upgrade method of the DefaultHttpClientConnectionOperator. Contributed by Oleg Kalnichevski

... (truncated)

Commits

• b42e73c HttpClient 5.5 release
• 3061c34 Updated release notes for HttpClient 5.5 release
• 14a9208 Updated NOTICE to 2025
• 4021b7c Link text adjustment
• be441c1 Update the GitHub Security page with a link to the new HttpComponents
• f5f9ae8 HTTPCLIENT-2367 - Fix NPE in InternalAbstractHttpAsyncClient by adding null c...
• 19c0278 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 #632
• ef06a27 Bump org.junit:junit-bom from 5.12.1 to 5.12.2 (#632)
• 9bae302 Fix case of Cookie.HTTP_ONLY_ATTR
• 0ba6102 Simplify ProtocolSwitchStrategy by Leveraging ProtocolVersionParser (#627)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[smcvb]

Looks good to me 👍

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud