Bump the maven-all group across 1 directory with 6 updates

[dependabot]

Bumps the maven-all group with 6 updates in the / directory:

Package	From	To
com.google.protobuf:protobuf-java	4.32.1	4.33.4
org.jsoup:jsoup	1.21.2	1.22.1
org.graalvm.polyglot:polyglot	25.0.0	25.0.2
org.graalvm.polyglot:js	25.0.0	25.0.2
org.testng:testng	7.11.0	7.12.0
com.microsoft.playwright:playwright	1.55.0	1.57.0

Updates com.google.protobuf:protobuf-java from 4.32.1 to 4.33.4

Commits

• See full diff in compare view

Updates org.jsoup:jsoup from 1.21.2 to 1.22.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.1

jsoup 1.22.1 is out now, adding support for the re2j regular expression engine for regex-based CSS selectors, a configurable maximum parser depth, and numerous bug fixes and improvements.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling Regex.usingRe2j(). #2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via Parser.setMaxDepth(). #2421
• Build: added CI coverage for JDK 25 #2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

---

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.1 (2026-Jan-01)

Improvements

• Added support for using the re2j regular expression engine for regex-based CSS selectors (e.g. [attr~=regex], :matches(regex)), which ensures linear-time performance for regex evaluation. This allows safer handling of arbitrary user-supplied query regexes. To enable, add the com.google.re2j dependency to your classpath, e.g.:

  <dependency>
    <groupId>com.google.re2j</groupId>
    <artifactId>re2j</artifactId>
    <version>1.8</version>
  </dependency>

(If you already have that dependency in your classpath, but you want to keep using the Java regex engine, you can disable re2j via System.setProperty("jsoup.useRe2j", "false").) You can confirm that the re2j engine has been enabled correctly by calling org.jsoup.helper.Regex.usingRe2j(). #2407

• Added an instance method Parser#unescape(String, boolean) that unescapes HTML entities using the parser's configuration (e.g. to support error tracking), complementing the existing static utility Parser.unescapeEntities(String, boolean). #2396
• Added a configurable maximum parser depth (to limit the number of open elements on stack) to both HTML and XML parsers. The HTML parser now defaults to a depth of 512 to match browser behavior, and protect against unbounded stack growth, while the XML parser keeps unlimited depth by default, but can opt into a limit via org.jsoup.parser.Parser#setMaxDepth. #2421
• Build: added CI coverage for JDK 25 #2403
• Build: added a CI fuzzer for contextual fragment parsing (in addition to existing full body HTML and XML fuzzers). [oss-fuzz #14041](google/oss-fuzz#14041)

Changes

• Set a removal schedule of jsoup 1.24.1 for previously deprecated APIs.

Bug Fixes

• Previously cached child Elements of an Element were not correctly invalidated in Node#replaceWith(Node), which could lead to incorrect results when subsequently calling Element#children(). #2391
• Attribute selector values are now compared literally without trimming. Previously, jsoup trimmed whitespace from selector values and from element attribute values, which could cause mismatches with browser behavior (e.g. [attr=" foo "]). Now matches align with the CSS specification and browser engines. #2380
• When using the JDK HttpClient, any system default proxy (ProxySelector.getDefault()) was ignored. Now, the system proxy is used if a per-request proxy is not set. #2388, #2390
• A ValidationException could be thrown in the adoption agency algorithm with particularly broken input. Now logged as a parse error. #2393
• Null characters in the HTML body were not consistently removed; and in foreign content were not correctly replaced. #2395
• An IndexOutOfBoundsException could be thrown when parsing a body fragment with crafted input. Now logged as a parse error. #2397, #2406
• When using StructuralEvaluators (e.g., a parent child selector) across many retained threads, their memoized results could also be retained, increasing memory use. These results are now cleared immediately after use, reducing overall memory consumption. #2411
• Cloning a Parser now preserves any custom TagSet applied to the parser. #2422, #2423
• Custom tags marked as Tag.Void now parse and serialize like the built-in void elements: they no longer consume following content, and the XML serializer emits the expected self-closing form. #2425
• The <br> element is once again classified as an inline tag (Tag.isBlock() == false), matching common developer expectations and its role as phrasing content in HTML, while pretty-printing and text extraction continue to treat it as a line break in the rendered output. #2387, #2439
• Fixed an intermittent truncation issue when fetching and parsing remote documents via Jsoup.connect(url).get(). On responses without a charset header, the initial charset sniff could sometimes (depending on buffering / available() behavior) be mistaken for end-of-stream and a partial parse reused, dropping trailing content. #2448
• TagSet copies no longer mutate their template during lazy lookups, preventing cross-thread ConcurrentModificationException when parsing with shared sessions. #2453
• Fixed parsing of <svg> foreignObject content nested within a <p>, which could incorrectly move the HTML subtree outside the SVG. #2452

Internal Changes

• Deprecated internal helper org.jsoup.internal.Functions (for removal in v1.23.1). This was previously used to support older Android API levels without full java.util.function coverage; jsoup now requires core library desugaring so this indirection is no longer necessary. #2412

Commits

• 8dd66fe [maven-release-plugin] prepare release jsoup-1.22.1
• d924385 Changelog prep for v1.22.1
• 0f3100c Bump actions/upload-artifact from 5 to 6 (#2457)
• cf6ac20 Bump org.apache.maven.plugins:maven-release-plugin from 3.3.0 to 3.3.1 (#2455)
• 6bef938 Fix parsing of SVG foreignObject in paragraphs
• 9b1c0fc Bump org.apache.maven.plugins:maven-release-plugin from 3.2.0 to 3.3.0 (#2450)
• 1415e64 Bump actions/checkout from 5 to 6 (#2451)
• 0e99fd9 Isolate TagSet copies to prevent shared mutation (#2453)
• 90019cb Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.24.2 to 0.25.0 (#2...
• 9395269 Don't preemptively close
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:polyglot from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:js from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.graalvm.polyglot:js from 25.0.0 to 25.0.2

Commits

• 981ecb6 [GR-72395] Release GraalVM 25.0.2
• 811aa54 release GraalVM 25.0.2
• aeff345 [GR-70219] Backport to 25.0: Induction variable overflow detection: iv have r...
• 58ec3b9 [GR-71786] Backport to 25.0: In-place copySwap in JavaMemoryUtil is a no-op.
• 3df0577 [GR-71011] Backport to 25.0: Make native slot wrappers context-specific. Fixe...
• ee11ac4 [GR-68985] Backport to 25.0: Fix the reachability-metadata schema and include...
• ee7da6d [GR-72185] Update labsjdk to 25.0.2+10-jvmci-b01
• c9260ad [GR-70097] Backport to 25.0: Fix constructor accessor checks.
• 182c6d5 [GR-71881] Drop RSSTracker from disabled trackers for barista.
• 0c0e816 [GR-71488] Backport to 25.0: Converting values injected by instruments.
• Additional commits viewable in compare view

Updates org.testng:testng from 7.11.0 to 7.12.0

Release notes

Sourced from org.testng:testng's releases.

7.12.0

What's Changed

• GITHUB-2765: Propagate timeout stack trace to fix testng-team#2765 by @​idontusenumbers in testng-team/testng#3206
• Streamline working of shared thread pools by @​krmahadevan in testng-team/testng#3207
• Streamline xml serialisation to string by @​krmahadevan in testng-team/testng#3208
• test: improve osgi tests by @​vlsi in testng-team/testng#3213
• chore: setup-java Oracle action supports Java 21+ only by @​vlsi in testng-team/testng#3215
• Add DynamicImport-Package to load classes by name by @​laeubi in testng-team/testng#3220
• Use UUID backed instance id instead by @​krmahadevan in testng-team/testng#3218
• Ensure assertions is contents aware by @​krmahadevan in testng-team/testng#3228
• Fix: Ensure DataProvider parameters are refreshed on retry when cacheDataForTestRetries=false by @​baflQA in testng-team/testng#3250
• Improve/test workflow jdk25 by @​baflQA in testng-team/testng#3253
• Fix: issue 3231 retry infinite loop by @​baflQA in testng-team/testng#3251
• Fix Release process by @​krmahadevan in testng-team/testng#3255

New Contributors

• @​idontusenumbers made their first contribution in testng-team/testng#3206
• @​laeubi made their first contribution in testng-team/testng#3220

Full Changelog: testng-team/testng@7.11.0...7.12.0

Changelog

Sourced from org.testng:testng's changelog.

7.12.0 Fixed: GITHUB-3231: TestNG retry is going into infinite loop when the data provider returned object is modified before failure (Bartek Florczak) Update: Updated GitHub Actions test matrix to include JDK 25 and JDK 26 EA (Bartek Florczak) Fixed: GITHUB-3236: DataProvider parameters are not refreshed on retry when cacheDataForTestRetries=false (Bartek Florczak) Fixed: GITHUB-3227: assertEqualsNoOrder false positive when collection has same size and actual Collection is subset of expected collection (Krishnan Mahadevan) Fixed: GITHUB-3177: Method org.testng.xml.XmlSuite#toXml do not save new properties like "share-thread-pool-for-data-providers" (Krishnan Mahadevan) Fixed: GITHUB-3179: ClassCastException when use shouldUseGlobalThreadPool(true) property (Krishnan Mahadevan) Fixed: GITHUB-2765: Test timeouts using existing Executor now propagate the stack trace to the ThreadTimeoutException (Charlie Hayes)

Commits

• a21a584 Fix Release process (#3255)
• be97321 Fix: issue 3231 retry infinite loop (#3251)
• bad4cb5 Improve/test workflow jdk25 (#3253)
• 61068a1 Fix: Ensure DataProvider parameters are refreshed on retry when cacheDataForT...
• d50b2ad Ensure assertions is contents aware
• 02d223d Use a composite key instead of String as key
• 58b3824 Add DynamicImport-Package to load classes by name
• 40cd805 chore: use pax-logging for osgi tests so it does not require runtime bytecode...
• 0fdf868 chore: setup-java Oracle action supports Java 21+ only
• 6a25754 test: improve osgi tests
• Additional commits viewable in compare view

Updates com.microsoft.playwright:playwright from 1.55.0 to 1.57.0

Release notes

Sourced from com.microsoft.playwright:playwright's releases.

v1.57.0

Chrome for Testing

Starting with this release, Playwright switches from Chromium, to using Chrome for Testing builds. Both headed and headless browsers are subject to this. Your tests should still be passing after upgrading to Playwright 1.57.

We're expecting no functional changes to come from this switch. The biggest change is the new icon and title in your toolbar.

If you still see an unexpected behaviour change, please file an issue.

On Arm64 Linux, Playwright continues to use Chromium.

Breaking Change

After 3 years of being deprecated, we removed page.accessibility() from our API. Please use other libraries such as Axe if you need to test page accessibility. See our Node.js guide for integration with Axe.

New APIs

• worker. onConsole event is emitted when JavaScript within the worker calls one of console API methods, e.g. console.log or console.dir. Worker.waitForConsoleMessage() can be used to wait for it.
• locator.description() returns locator description previously set with locator.describe().
• New option steps in locator.click() and locator.dragTo() that configures the number of mousemove events emitted while moving the mouse pointer to the target element.

Browser Versions

• Chromium 143.0.7499.4
• Mozilla Firefox 144.0.2
• WebKit 26.0

v1.56.0

New APIs

• New methods page.consoleMessages() and page.pageErrors() for retrieving the most recent console messages from the page
• New method page.requests() for retrieving the most recent network requests from the page

Breaking Changes

• Event browserContext.onBackgroundPage has been deprecated and will not be emitted. Method browserContext.backgroundPages() will return an empty list

Miscellaneous

• Aria snapshots render and compare input placeholder

Browser Versions

• Chromium 141.0.7390.37
• Mozilla Firefox 142.0.1
• WebKit 26.0

Commits

• f0c034d chore: mark 1.57.0 (#1872)
• 63bb008 chore: roll driver to 1.57.0-beta-1764692940000 (#1870)
• 9b3a788 chore(deps): bump actions/checkout from 5 to 6 in the actions group (#1868)
• 2f387ed chore(deps): bump the all group with 3 updates (#1867)
• 6eb30e2 chore(deps): bump junit.version from 5.13.4 to 5.14.1 (#1859)
• 0f14588 Migrate ExtensionContext.Store.CloseableResource to AutoCloseable (#1860)
• e417cad Fix document typo - setContextOptions (#1862)
• 059667e chore: remove background pages implementation (#1861)
• 98296d9 devops: update ado approver (#1857)
• 1599e1c chore: roll 1.56.1 (#1855)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml