Bump the prod-deps-ver group across 1 directory with 7 updates

[dependabot]

Bumps the prod-deps-ver group with 7 updates in the / directory:

Package	From	To
org.eclipse.jetty:jetty-bom	12.1.5	12.1.6
org.eclipse.jetty.ee10:jetty-ee10-servlet	12.1.5	12.1.6
org.eclipse.jetty.ee10:jetty-ee10-webapp	12.1.5	12.1.6
io.projectreactor:reactor-core	3.8.2	3.8.3
io.projectreactor:reactor-test	3.8.2	3.8.3
org.assertj:assertj-core	3.27.6	3.27.7
io.projectreactor:reactor-test	3.8.2	3.8.3
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5

Updates org.eclipse.jetty:jetty-bom from 12.1.5 to 12.1.6

Release notes

Sourced from org.eclipse.jetty:jetty-bom's releases.

12.1.6

Special Thanks to the following Eclipse Jetty community members

• @​afarber (Alexander Farber)

Changelog

• #14360 - jetty-ee8-cdi missing from jetty-ee8-bom
• #14330 - VirtualThreadPool can create unlimited threads while doc mentions otherwise
• #14319 - ZSTD CompressionHandler may duplicate bytes in response (@​afarber)
• #14280 - jetty-ee11-servlets mistakenly depends on jetty-client
• #14264 - org.eclipse.jetty.server.Response.sendRedirect doesn't allow a location containing a fragment (/#fragment)
• #14260 - Improve GZIP performance
• #14209 - Unable to use custom XmlParser for WebAppContext / MetaData descriptor parsing
• #14137 - 304 Not Modified produces incorrect ETag from CompressionHandler.
• #14068 - Jetty tmpdir processing doesn't match Java on Windows
• #14061 - Jetty 12.1.4 demo HTTP/3 wrong port in alt-svc response header (@​afarber)
• #13686 - Improve grow algorithms
• #13670 - jetty-ee11-servlet getParameter does not throw IllegalStateException
• #13353 - Create a glossary in the documentation (@​afarber)
• #13328 - Add option to share thread pool in ProxyHandler (@​afarber)
• #12806 - ComplianceViolation.Listener isn't very useful for helping identify clients that need to migrate to standards
• #12660 - Tagging the ClientUpgradeRequest to be able to support per-request client ssl auth
• #11505 - Document HttpURI methods (@​afarber)
• #10905 - Support cookie name prefixes (@​afarber)
• #10355 - Http3Fields efficiency
• #10281 - pom.xml description tags need updated
• #9019 - Server cannot be closed gracefully when ServerConnector's IdleTimeout is 0

Commits

• 88ca559 Updating to version 12.1.6
• d94be9b Preserve HttpCompliance across HttpFields copies (#14400)
• 49826aa Issue #12806 - Overhaul ComplianceViolation.Listener reporting (#14090)
• 8c25e1b Fix HttpChannelState mistakenly aborting in certain cases when the `ErrorHa...
• adfc2e1 [12.1.x EE8] Bump the dev-dependencies group
• e9d4cba Merge pull request #14263 from jetty/fix/jetty-12.1.x/9019-ShutdownIdleTimeout
• cf4636a Issue #14319 - Fix ZSTD byte duplication at 128KB boundary (#14325)
• eced742 Generalize BlockingArrayQueue's growing strategy (#14326)
• 2264d3d Issue #4652 - test to demonstrate the WebAppContext ClassLoader isolation
• 81b50d5 Updated module property documentation.
• Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.5 to 12.1.6

Updates org.eclipse.jetty.ee10:jetty-ee10-webapp from 12.1.5 to 12.1.6

Updates io.projectreactor:reactor-core from 3.8.2 to 3.8.3

Release notes

Sourced from io.projectreactor:reactor-core's releases.

v3.8.3

Reactor Core 3.8.3 is part of the 2025.0.3 Release Train.

What's Changed

✨ New features and improvements

• Update NullAway to 0.13.0 and ErrorProne to 2.46.0 by @​chemicL in #4187
• Bump ByteBuddy from 1.18.3 to 1.18.4 by @​dependabot[bot] in #4183
• Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 by @​chemicL in #4202

Full Changelog: reactor/reactor-core@v3.8.2...v3.8.3

Commits

• cb12ba5 [release] Prepare and release 3.8.3
• a430ffe Merge-ignore release 3.7.16 into 3.8.3
• cb0b5c1 [release] Next development version 3.7.17-SNAPSHOT
• f5d77fe [release] Prepare and release 3.7.16
• 48ee8d8 Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 (#4202)
• 48ffaab Merge CodeQL workflow changes to 3.8.3
• 83edd72 [chore] Improve CodeQL action to only compile classes
• bd9b3d4 [chore] Improve CodeQL action to skip building
• 2e72b8a Merge e215666df into 3.8.3
• e215666 [chore] Fix CodeQL workflow to exclude docs in build
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.8.2 to 3.8.3

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.8.3

Reactor Core 3.8.3 is part of the 2025.0.3 Release Train.

What's Changed

✨ New features and improvements

• Update NullAway to 0.13.0 and ErrorProne to 2.46.0 by @​chemicL in #4187
• Bump ByteBuddy from 1.18.3 to 1.18.4 by @​dependabot[bot] in #4183
• Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 by @​chemicL in #4202

Full Changelog: reactor/reactor-core@v3.8.2...v3.8.3

Commits

• cb12ba5 [release] Prepare and release 3.8.3
• a430ffe Merge-ignore release 3.7.16 into 3.8.3
• cb0b5c1 [release] Next development version 3.7.17-SNAPSHOT
• f5d77fe [release] Prepare and release 3.7.16
• 48ee8d8 Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 (#4202)
• 48ffaab Merge CodeQL workflow changes to 3.8.3
• 83edd72 [chore] Improve CodeQL action to only compile classes
• bd9b3d4 [chore] Improve CodeQL action to skip building
• 2e72b8a Merge e215666df into 3.8.3
• e215666 [chore] Fix CodeQL workflow to exclude docs in build
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-test from 3.8.2 to 3.8.3

Release notes

Sourced from io.projectreactor:reactor-test's releases.

v3.8.3

Reactor Core 3.8.3 is part of the 2025.0.3 Release Train.

What's Changed

✨ New features and improvements

• Update NullAway to 0.13.0 and ErrorProne to 2.46.0 by @​chemicL in #4187
• Bump ByteBuddy from 1.18.3 to 1.18.4 by @​dependabot[bot] in #4183
• Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 by @​chemicL in #4202

Full Changelog: reactor/reactor-core@v3.8.2...v3.8.3

Commits

• cb12ba5 [release] Prepare and release 3.8.3
• a430ffe Merge-ignore release 3.7.16 into 3.8.3
• cb0b5c1 [release] Next development version 3.7.17-SNAPSHOT
• f5d77fe [release] Prepare and release 3.7.16
• 48ee8d8 Bump Micrometer to 1.16.3 and Micrometer Tracing to 1.6.3 (#4202)
• 48ffaab Merge CodeQL workflow changes to 3.8.3
• 83edd72 [chore] Improve CodeQL action to only compile classes
• bd9b3d4 [chore] Improve CodeQL action to skip building
• 2e72b8a Merge e215666df into 3.8.3
• e215666 [chore] Fix CodeQL workflow to exclude docs in build
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.eclipse.jetty.ee10:jetty-ee10-servlet from 12.1.5 to 12.1.6

Updates org.eclipse.jetty.ee10:jetty-ee10-webapp from 12.1.5 to 12.1.6

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions