Bump the dependencies group with 7 updates

[dependabot]

Bumps the dependencies group with 7 updates:

Package	From	To
io.avaje:avaje-inject	9.10	11.6
io.avaje:avaje-inject-generator	9.10	11.6
io.avaje:avaje-config	4.0	4.1
com.auth0:java-jwt	4.4.0	4.5.0
com.google.errorprone:error_prone_core	2.32.0	2.41.0
de.skuzzle.enforcer:restrict-imports-enforcer-rule	2.0.0	3.0.0
com.spotify.fmt:fmt-maven-plugin	2.21	2.27

Updates io.avaje:avaje-inject from 9.10 to 11.6

Release notes

Sourced from io.avaje:avaje-inject's releases.

11.6

What's New

• @Lazy beans now generate a compile-time proxy for extra laziness
• @Priority is integrated as an alternative to the @Primary and @Secondary annotations to determine wiring order

Changes

What's Changed

• Support Nested Wildcard Lists by @​SentryMan in avaje/avaje-inject#817
• Graceful shutdown - defaults for io.ebean.Database to shutdown() last by @​rbygrave in avaje/avaje-inject#820
• Fix TYPE_USE annotated dependencies by @​SentryMan in avaje/avaje-inject#823
• fix: handle nested java types like Flow.Publisher in Util.shortName by @​VincentPolfliet in avaje/avaje-inject#826
• Fix invalid Provider generation with AOP by @​SentryMan in avaje/avaje-inject#833
• Support a main package called avaje by @​SentryMan in avaje/avaje-inject#832
• Generate Compile Time Proxies for certain @Lazy beans by @​SentryMan in avaje/avaje-inject#831
• Register Generic Supertype as an Injectable Type by @​SentryMan in avaje/avaje-inject#836
• Support Generic Assist Factory Interfaces by @​SentryMan in avaje/avaje-inject#837
• Support Lazy proxy generation for generic factory methods by @​SentryMan in avaje/avaje-inject#838
• [events] Support Prototype Scope by @​SentryMan in avaje/avaje-inject#840
• Fix external dependency error messages by @​SentryMan in avaje/avaje-inject#843
• allow bulk external by @​SentryMan in avaje/avaje-inject#842
• Fix Factory Method Empty Lists by @​SentryMan in avaje/avaje-inject#844
• Add Compile Warnings to Use Lazy Correctly by @​SentryMan in avaje/avaje-inject#845
• Determine Priority Annotations at Compile Time by @​SentryMan in avaje/avaje-inject#852
• Read @PluginProvides Annotation with Maven Plugin by @​SentryMan in avaje/avaje-inject#855
• Use strings for provides/requires by @​SentryMan in avaje/avaje-inject#835
• Merge requires/provides with their auto variants by @​SentryMan in avaje/avaje-inject#851
• ScopeInfo providesString & requiresString to use generic types only by @​rbygrave in avaje/avaje-inject#857
• Fix raw generic messing up tests by @​SentryMan in avaje/avaje-inject#861
• Tidy only - final methods on internal DBuilder by @​rbygrave in avaje/avaje-inject#862
• [test] Add a switch to create a scope per test by @​SentryMan in avaje/avaje-inject#859
• [test] better name for the refresh scope flag by @​SentryMan in avaje/avaje-inject#863

New Contributors

• @​VincentPolfliet made their first contribution in avaje/avaje-inject#826

Full Changelog: avaje/avaje-inject@11.5...11.6

11.5

What's Changed

• Fix Jex Request-Scoped Context by @​SentryMan in avaje/avaje-inject#789
• [generator] Make aop/events requires static by @​SentryMan in avaje/avaje-inject#791
• [test] remove hard dependency on events by @​SentryMan in avaje/avaje-inject#792
• Fix duplicate short names in Module Generation by @​SentryMan in avaje/avaje-inject#795
• Multi-Scope Wiring by @​SentryMan in avaje/avaje-inject#800
• Add more detections to BeanReader#shouldDelay by @​cbarlin in avaje/avaje-inject#805
• Support Inherited Lifecycle on Factory Methods by @​SentryMan in avaje/avaje-inject#810
• #811 @​InjectTest field Lookup, fix use field.getDeclaringClass(); by @​rbygrave in avaje/avaje-inject#812

... (truncated)

Commits

• 0701d58 Merge pull request #866 from avaje/dependabot/maven/master/dependencies-9afee...
• 6a48ea2 Bump org.apache.maven:maven-core in the dependencies group
• 1273972 11.6-RC8 (#864)
• 4ff72e5 Merge pull request #863 from SentryMan/refreshscope
• 59117bc Update MetaInfo.java
• acf536d better name
• 1470498 [test] add a switch to create a scope per test (#859)
• 90cc092 Merge pull request #862 from avaje/feature/tidy-dbuilder
• 751ac9e Tidy only - final methods on internal DBuilder
• 037e011 fix raw generic messing up tests (#861)
• Additional commits viewable in compare view

Updates io.avaje:avaje-inject-generator from 9.10 to 11.6

Updates io.avaje:avaje-config from 4.0 to 4.1

Release notes

Sourced from io.avaje:avaje-config's releases.

4.1

What's Changed

• Replace avaje-lang null annotations with JSpecify annotations by @​SentryMan in avaje/avaje-config#158
• Update Dependabot Grouping by @​SentryMan in avaje/avaje-config#164
• Bump io.avaje:avaje-spi-service to 2.13 in the dependencies group
• Add avaje-config-toml by @​Mechite in avaje/avaje-config#172
• Implement support for most TOML types by @​Mechite in avaje/avaje-config#173
• Add missing JSpecify @​Nullable by @​rbygrave in avaje/avaje-config#179
• Reproducible Builds by @​SentryMan in avaje/avaje-config#190
• fix native test by @​SentryMan in avaje/avaje-config#211
• Bump io.avaje:junit from 1.5 to 1.6 in the dependencies group by @​dependabot in avaje/avaje-config#212

New Contributors

• @​Mechite made their first contribution in avaje/avaje-config#172

Full Changelog: avaje/avaje-config@4.0...4.1

Commits

• 2a1a2f7 Merge pull request #212 from avaje/dependabot/maven/master/dependencies-1c104...
• bc95948 Bump io.avaje:junit from 1.5 to 1.6 in the dependencies group
• bd53395 fix native test (#211)
• 906ab59 Merge pull request #190 from SentryMan/reproducible
• 6074211 reproducible
• 7b5c9e3 avaje-aws-appconfig version 1.4
• 17b098c [aws AppConfig] Fix INFO logging message format for retries (#210)
• 1b0fb94 Merge pull request #209 from avaje/dependabot/maven/master/dependencies-3048d...
• e0f1356 Bump io.avaje:avaje-spi-service in the dependencies group
• c33f82d Merge pull request #208 from avaje/dependabot/maven/master/dependencies-634c2...
• Additional commits viewable in compare view

Updates com.auth0:java-jwt from 4.4.0 to 4.5.0

Release notes

Sourced from com.auth0:java-jwt's releases.

4.5.0

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Changelog

Sourced from com.auth0:java-jwt's changelog.

4.5.0 (2025-01-29)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-28)

Full Changelog

Added

• Upgraded Plugin #711 (tanya732)
• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

4.5.0 (2025-01-22)

Full Changelog

Added

• Fix jackson vuln #705 (tanya732)
• Fix typo in example code #682 (kasperkarlsson)
• Remove dead README links #676 (jimmyjames)
• Fix typo on a comment in JWTCreator.java #672 (sgc109)
• Remove CircleCI #670 (jimmyjames)
• Empty string audience claim should be deserialized as empty string #663 (jimmyjames)

Fixed

• empty expected audience array should throw InvalidClaimException #679 (jimmyjames)

Commits

• ee7332b Release 4.5.0 (#716)
• 051e1c3 Release 4.5.0
• 293a77b Modified WorkFlow (#715)
• 05bc002 added JAVA_HOME
• 38ff89e Release 4.5.0 (#714)
• ca4f842 Release 4.5.0
• 51be7df Added JAVA_HOME (#713)
• dcbc560 added JAVA_HOME path
• 2b0b2ba Upgraded Plugin (#711)
• 6e76728 upgraded plugin
• Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_core from 2.32.0 to 2.41.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.41.0

New checks:

• EffectivelyPrivate: Detect declarations that have public or protected modifiers, but are effectively private

Changes:

• Skip BooleanLiteral findings if the target type is boxed (#5134)

Full changelog: google/error-prone@v2.40.0...v2.41.0

Error Prone 2.40.0

Changes:

• Bug fixes and improvements
• Releases (including snapshots) have migrated from OSSRH to the Central Publisher Portal

Full changelog: google/error-prone@v2.39.0...v2.40.0

Error Prone 2.39.0

Changes:

• Temporarily downgrade to Guava 33.4.0 (#5108)

Checks:

• BooleanLiteral: Prefer true to Boolean.TRUE
• ExpensiveLenientFormatString: Renamed from PreconditionsExpensiveString, detects unnecessary calls to String.format in the arguments of lenient formatting methods.
• UnnecessaryQualifier: Detects @Qualifier or @BindingAnnotation annotations that have no effect, and can be removed

Issues: #4996, #5045

Full changelog: google/error-prone@v2.38.0...v2.39.0

Error Prone 2.38.0

New checks:

• AddNullMarkedToPackageInfo: adds @org.jspecify.annotations.NullMarked annotation to package-info files
• IntLiteralCast: Suggests a literal of the desired type instead of casting an int literal to a long, float, or double
• MisleadingEmptyVarargs: Discourages calling varargs methods that expect at least one argument with no arguments, like Mockito's thenThrow
• PreconditionsExpensiveString: Discourages expensive string formatting in Guava Preconditions checks
• SelfSet: Detects mistakes like proto.setFoo(proto.getFoo())
• UnnecessaryCopy: detect unnecessary copies of proto Lists and Maps.

Closed issues: #4924, #4897, #4995

Full changelog: google/error-prone@v2.37.0...v2.38.0

Error Prone 2.37.0

Changes:

... (truncated)

Commits

• d6539d6 Release Error Prone 2.41.0
• 6161d4e Skip BooleanLiteral findings if the target type is boxed
• 98d83bf Avoid touching parameters of @Subscribe methods.
• 13d46e7 Refactor to use WellKnownKeep
• ef33eee Fix a println statement left over from https://github.com/google/error-prone/...
• ce784a9 Detect non-private, non-override methods in anonymous classes
• 43759cd Recognise com.google.common.inject.components.OtherRequiredBindings as an i...
• ef5073b UnnecessaryQualifier: don't fire on interfaces, in deference to Dagger.
• 3d7b585 TruthIncompatibleType support for MultisetSubject#hasCount.
• b5c6175 Add a test confirming external #5151.
• Additional commits viewable in compare view

Updates io.avaje:avaje-inject-generator from 9.10 to 11.6

Updates de.skuzzle.enforcer:restrict-imports-enforcer-rule from 2.0.0 to 3.0.0

Release notes

Sourced from de.skuzzle.enforcer:restrict-imports-enforcer-rule's releases.

v3.0.0

[!NOTE] This version removes support for all enforcer-plugin versions prior to 3.2.1

Features

• #90 Replace implementation of deprecated Maven interfaces EnforcerRule and EnforcerRule2 with using AbstractEnforcerRule

Dependency coordinates

<dependency>
    <groupId>de.skuzzle.enforcer</groupId>
    <artifactId>restrict-imports-enforcer-rule</artifactId>
    <version>3.0.0</version>
</dependency>

Gradle plugin DSL

plugins {
  id("de.skuzzle.restrictimports") version "3.0.0"
}

Gradle Legacy

buildscript {
  repositories {
    maven {
      url = uri("https://plugins.gradle.org/m2/")
    }
  }
  dependencies {
    classpath("de.skuzzle.enforcer:restrict-imports-gradle-plugin:3.0.0")
  }
}
apply(plugin = "de.skuzzle.restrictimports")

Gradle version catalog (Toml)

</tr></table> 

... (truncated)

Commits

• bf1e22f Release 3.0.0
• a5c676f Merge pull request #261 from skuzzle/dependabot/gradle/develop/org.assertj-as...
• bb11213 Bump org.assertj:assertj-core from 3.27.3 to 3.27.4
• f08df38 Merge pull request #260 from skuzzle/dependabot/gradle/develop/org.apache.mav...
• 6c10a85 Bump org.apache.maven.enforcer:enforcer-api from 3.6.0 to 3.6.1
• 7f3b7f2 Release 3.0.0-rc2
• 01c1c79 Merge pull request #259 from skuzzle/update-maven-max
• 5c8a8a9 Update mavenMax to 3.9.11
• 0170f23 Fix list items
• f6c8667 Minor readme fixes
• Additional commits viewable in compare view

Updates com.spotify.fmt:fmt-maven-plugin from 2.21 to 2.27

Release notes

Sourced from com.spotify.fmt:fmt-maven-plugin's releases.

2.27.0

What's Changed

• Update workflow with new versions by @​andreasfolkesson in spotify/fmt-maven-plugin#201
• Upgrade Google Java Format 1.24.0 -> 1.26.0 by @​vladimirconev in spotify/fmt-maven-plugin#198

New Contributors

• @​andreasfolkesson made their first contribution in spotify/fmt-maven-plugin#201
• @​vladimirconev made their first contribution in spotify/fmt-maven-plugin#198

Full Changelog: spotify/fmt-maven-plugin@2.25...2.27.0

2.25

What's Changed

• Upgrade Google Java Format 1.23.0 -> 1.24.0 by @​Stephan202 in spotify/fmt-maven-plugin#194

Full Changelog: spotify/fmt-maven-plugin@2.24...2.25

2.24

What's Changed

• Upgrade Google Java Format 1.21.0 -> 1.22.0 by @​Stephan202 in spotify/fmt-maven-plugin#190
• Upgrade Google Java Format 1.22.0 -> 1.23.0 by @​Stephan202 in spotify/fmt-maven-plugin#192

Full Changelog: spotify/fmt-maven-plugin@2.23...2.24

2.23

What's Changed

• Update foss-root to 17 by @​caesar-ralf in spotify/fmt-maven-plugin#187
• Bump google format & other dependencies by @​caesar-ralf in spotify/fmt-maven-plugin#188

Full Changelog: spotify/fmt-maven-plugin@2.22.1...2.23

2.22.1

There are no changes in this release and it was done purely for verifying problems with our release process.

Full Changelog: spotify/fmt-maven-plugin@2.22.0...2.22.1

2.22.0

What's Changed

• This upgrades google-java-format to 1.19.2 which adds support for formatting Java 21
• Adds test for switch with arrow by @​caesar-ralf in spotify/fmt-maven-plugin#183
• Bump google-java-format to 1.18.1 by @​caesar-ralf in spotify/fmt-maven-plugin#182
• Bump google-java-format to 1.19.2 by @​bryanlb in spotify/fmt-maven-plugin#185

New Contributors

• @​bryanlb made their first contribution in spotify/fmt-maven-plugin#185

Full Changelog: spotify/fmt-maven-plugin@2.21.1...2.22.0

... (truncated)

Commits

• 7370aa9 [maven-release-plugin] prepare release 2.27.0
• 2a6bcc0 [maven-release-plugin] prepare for next development iteration
• 4e1fd13 Upgrade Google Java Format 1.24.0 -> 1.26.0 (#198)
• e139c6e Update workflow with new versions (#201)
• 8b68c45 [maven-release-plugin] prepare for next development iteration
• 9e0190f [maven-release-plugin] prepare release 2.25
• a3aff4a Upgrade Google Java Format 1.23.0 -> 1.24.0 (#194)
• 7fa55be [maven-release-plugin] prepare for next development iteration
• f5a2675 [maven-release-plugin] prepare release 2.24
• 775d418 Upgrade Google Java Format 1.22.0 -> 1.23.0 (#192)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.