Bump the build-dependencies group with 15 updates

[dependabot]

Bumps the build-dependencies group with 15 updates:

Package	From	To
org.junit.platform:junit-platform-gradle-plugin	1.0.1	1.0.3
biz.aQute.bnd	7.0.0	7.1.0
com.diffplug.spotless	7.0.2	7.0.4
org.checkerframework	0.6.40	0.6.55
org.jetbrains.gradle.plugin.idea-ext	1.0	1.1.10
com.dorongold.task-tree	2.1.1	4.0.1
com.gradle.develocity	3.17.6	4.0.2
com.gradle.common-custom-user-data-gradle-plugin	2.0.2	2.3
org.apache.httpcomponents:httpclient	4.5.13	4.5.14
org.jsoup:jsoup	1.15.3	1.20.1
de.thetaphi:forbiddenapis	3.8	3.9
org.apache.maven:maven-embedder	3.9.9	3.9.10
org.apache.maven:maven-compat	3.9.9	3.9.10
org.apache.maven.resolver:maven-resolver-connector-basic	1.9.18	1.9.23
org.apache.maven.resolver:maven-resolver-transport-http	1.9.18	1.9.23

Updates org.junit.platform:junit-platform-gradle-plugin from 1.0.1 to 1.0.3

Commits

• See full diff in compare view

Updates biz.aQute.bnd from 7.0.0 to 7.1.0

Updates com.diffplug.spotless from 7.0.2 to 7.0.4

Updates org.checkerframework from 0.6.40 to 0.6.55

Updates org.jetbrains.gradle.plugin.idea-ext from 1.0 to 1.1.10

Updates com.dorongold.task-tree from 2.1.1 to 4.0.1

Updates com.gradle.develocity from 3.17.6 to 4.0.2

Updates com.gradle.common-custom-user-data-gradle-plugin from 2.0.2 to 2.3

Updates org.apache.httpcomponents:httpclient from 4.5.13 to 4.5.14

Updates org.jsoup:jsoup from 1.15.3 to 1.20.1

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup 1.20.1

Changes

• To better follow the HTML5 spec and current browsers, the HTML parser no longer allows self-closing tags (<foo />) to close HTML elements by default. Foreign content (SVG, MathML), and content parsed with the XML parser, still supports self-closing tags. If you need specific HTML tags to support self-closing, you can register a custom tag via the TagSet configured in Parser.tagSet(), using Tag#set(Tag.SelfClose). Standard void tags (such as <img>, <br>, etc.) continue to behave as usual and are not affected by this change. #2300.
• The following internal components have been deprecated. If you do happen to be using any of these, please take the opportunity now to migrate away from them, as they will be removed in jsoup 1.21.1.
  • ChangeNotifyingArrayList, Document.updateMetaCharsetElement(), Document.updateMetaCharsetElement(boolean), HtmlTreeBuilder.isContentForTagData(String), Parser.isContentForTagData(String), Parser.setTreeBuilder(TreeBuilder), Tag.formatAsBlock(), Tag.isFormListed(), TokenQueue.addFirst(String), TokenQueue.chompTo(String), TokenQueue.chompToIgnoreCase(String), TokenQueue.consumeToIgnoreCase(String), TokenQueue.consumeWord(), TokenQueue.matchesAny(String...)

Functional Improvements

• Rebuilt the HTML pretty-printer, to simplify and consolidate the implementation, improve consistency, support custom Tags, and provide a cleaner path for ongoing improvements. The specific HTML produced by the pretty-printer may be different from previous versions. #2286.
• Added the ability to define custom tags, and to modify properties of known tags, via the TagSet tag collection. Their properties can impact both the parse and how content is serialized (output as HTML or XML). #2285.
• Element.cssSelector() will prefer to return shorter selectors by using ancestor IDs when available and unique. E.g. #id > div > p instead of html > body > div > div > p #2283.
• Added Elements.deselect(int index), Elements.deselect(Object o), and Elements.deselectAll() methods to remove elements from the Elements list without removing them from the underlying DOM. Also added Elements.asList() method to get a modifiable list of elements without affecting the DOM. (Individual Elements remain linked to the DOM.) #2100.
• Added support for sending a request body from an InputStream with Connection.requestBodyStream(InputStream stream). #1122.
• The XML parser now supports scoped xmlns: prefix namespace declarations, and applies the correct namespace to Tags and Attributes. Also, added Tag#prefix(), Tag#localName(), Attribute#prefix(), Attribute#localName(), and Attribute#namespace() to retrieve these. #2299.
• CSS identifiers are now escaped and unescaped correctly to the CSS spec. Element#cssSelector() will emit appropriately escaped selectors, and the QueryParser supports those. Added Selector.escapeCssIdentifier() and ` Selector.unescapeCssIdentifier(). #2297, #2305

Structure and Performance Improvements

• Refactored the CSS QueryParser into a clearer recursive descent parser. #2310.
• CSS selectors with consecutive combinators (e.g. div >> p) will throw an explicit parse exception. #2311.
• Performance: reduced the shallow size of an Element from 40 to 32 bytes, and the NodeList from 32 to 24. #2307.
• Performance: reduced GC load of new StringBuilders when tokenizing input HTML. #2304.
• Made Parser instances threadsafe, so that inadvertent use of the same instance across threads will not lead to errors. For actual concurrency, use Parser#newInstance() per thread. #2314.

Bug Fixes

• Element names containing characters invalid in XML are now normalized to valid XML names when serializing. #1496.
• When serializing to XML, characters that are invalid in XML 1.0 should be removed (not encoded). #1743.
• When converting a Document to the W3C DOM in W3CDom, elements with an attribute in an undeclared namespace now get a declaration of xmlns:prefix="undefined". This allows subsequent serialization to XML via W3CDom.asString() to succeed. #2087.
• The StreamParser could emit the final elements of a document twice, due to how onNodeCompleted was fired when closing out the stack. #2295.
• When parsing with the XML parser and error tracking enabled, the trailing ? in <?xml version="1.0"?> would incorrectly emit an error. #2298.
• Calling Element#cssSelector() on an element with combining characters in the class or ID now produces the correct output. #1984.

jsoup 1.19.1

Changes

• Added support for http/2 requests in Jsoup.connect(), when running on Java 11+, via the Java HttpClient implementation. #2257.
  • In this version of jsoup, the default is to make requests via the HttpUrlConnection implementation: use System.setProperty("jsoup.useHttpClient", "true"); to enable making requests via the HttpClient instead , which will enable http/2 support, if available. This will become the default in a later version of jsoup, so now is a good time to validate it.
  • If you are repackaging the jsoup jar in your deployment (i.e. creating a shaded- or a fat-jar), make sure to specify that as a Multi-Release JAR.
  • If the HttpClient impl is not available in your JRE, requests will continue to be made via HttpURLConnection (in http/1.1 mode).

... (truncated)

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.20.1 (2025-04-29)

Changes

• To better follow the HTML5 spec and current browsers, the HTML parser no longer allows self-closing tags (<foo />) to close HTML elements by default. Foreign content (SVG, MathML), and content parsed with the XML parser, still supports self-closing tags. If you need specific HTML tags to support self-closing, you can register a custom tag via the TagSet configured in Parser.tagSet(), using Tag#set(Tag.SelfClose). Standard void tags (such as <img>, <br>, etc.) continue to behave as usual and are not affected by this change. #2300.
• The following internal components have been deprecated. If you do happen to be using any of these, please take the opportunity now to migrate away from them, as they will be removed in jsoup 1.21.1.
  • ChangeNotifyingArrayList, Document.updateMetaCharsetElement(), Document.updateMetaCharsetElement(boolean), HtmlTreeBuilder.isContentForTagData(String), Parser.isContentForTagData(String), Parser.setTreeBuilder(TreeBuilder), Tag.formatAsBlock(), Tag.isFormListed(), TokenQueue.addFirst(String), TokenQueue.chompTo(String), TokenQueue.chompToIgnoreCase(String), TokenQueue.consumeToIgnoreCase(String), TokenQueue.consumeWord(), TokenQueue.matchesAny(String...)

Functional Improvements

• Rebuilt the HTML pretty-printer, to simplify and consolidate the implementation, improve consistency, support custom Tags, and provide a cleaner path for ongoing improvements. The specific HTML produced by the pretty-printer may be different from previous versions. #2286.
• Added the ability to define custom tags, and to modify properties of known tags, via the TagSet tag collection. Their properties can impact both the parse and how content is serialized (output as HTML or XML). #2285.
• Element.cssSelector() will prefer to return shorter selectors by using ancestor IDs when available and unique. E.g. #id > div > p instead of html > body > div > div > p #2283.
• Added Elements.deselect(int index), Elements.deselect(Object o), and Elements.deselectAll() methods to remove elements from the Elements list without removing them from the underlying DOM. Also added Elements.asList() method to get a modifiable list of elements without affecting the DOM. (Individual Elements remain linked to the DOM.) #2100.
• Added support for sending a request body from an InputStream with Connection.requestBodyStream(InputStream stream). #1122.
• The XML parser now supports scoped xmlns: prefix namespace declarations, and applies the correct namespace to Tags and Attributes. Also, added Tag#prefix(), Tag#localName(), Attribute#prefix(), Attribute#localName(), and Attribute#namespace() to retrieve these. #2299.
• CSS identifiers are now escaped and unescaped correctly to the CSS spec. Element#cssSelector() will emit appropriately escaped selectors, and the QueryParser supports those. Added Selector.escapeCssIdentifier() and Selector.unescapeCssIdentifier(). #2297, #2305

Structure and Performance Improvements

• Refactored the CSS QueryParser into a clearer recursive descent parser. #2310.
• CSS selectors with consecutive combinators (e.g. div >> p) will throw an explicit parse exception. #2311.
• Performance: reduced the shallow size of an Element from 40 to 32 bytes, and the NodeList from 32 to 24. #2307.
• Performance: reduced GC load of new StringBuilders when tokenizing input HTML. #2304.
• Made Parser instances threadsafe, so that inadvertent use of the same instance across threads will not lead to errors. For actual concurrency, use Parser#newInstance() per thread. #2314.

... (truncated)

Commits

• 8f0dc29 [maven-release-plugin] prepare release jsoup-1.20.1
• 6b96c74 Don't log InterruptedException
• dec21ef Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 (#2316)
• fccfaae Updating changelog
• 603261d Perf optimize these deep IT tests
• f0d8782 Use a ReentrantLock in HttpConnection
• 01c823e Make Parser instances threadsafe (#2314)
• dcb4f79 Only match ASCII letters and digits (#2312)
• c4dd25e Disallow consecutive combinators in CSS selectors (#2311)
• f70a7bc Revamp QueryParser (#2310)
• Additional commits viewable in compare view

Updates de.thetaphi:forbiddenapis from 3.8 to 3.9

Updates org.apache.maven:maven-embedder from 3.9.9 to 3.9.10

Updates org.apache.maven:maven-compat from 3.9.9 to 3.9.10

Release notes

Sourced from org.apache.maven:maven-compat's releases.

3.9.10

Release Notes - Maven - Version 3.9.10

... (truncated)

Commits

• 5f519b9 [maven-release-plugin] prepare release maven-3.9.10
• c2acc2f [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 (#2389)
• 1da6ce5 [MNG-8396] Backport: add cache layer to the filtered dep graph (#2393)
• 169219a [MNG-8745] Bump xmlunitVersion from 2.10.0 to 2.10.1 (#2354)
• 88c77b6 [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option (#2361)
• ca55739 [MNG-8728] Build ITs on JDK 21, 24
• dee00c1 [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 (#2359)
• c2671d0 Update README.md
• 6559599 [MNG-8711] Fix concurrent cache access
• d213a7b [MNG-8731] Use https for xsi:schemaLocation in generated descriptors
• Additional commits viewable in compare view

Updates org.apache.maven.resolver:maven-resolver-connector-basic from 1.9.18 to 1.9.23

Release notes

Sourced from org.apache.maven.resolver:maven-resolver-connector-basic's releases.

1.9.23

Release Notes - Maven Resolver - Version 1.9.23

... (truncated)

Commits

• 8535d09 [maven-release-plugin] prepare release maven-resolver-1.9.23
• 5eb06ca Refresh links on the configuration page
• d60e7c8 Remove suppressions for checkstyle MagicNumber
• fcc2fcc [MRESOLVER-703] Expose redirect config for http transport
• 2830727 [MRESOLVER-711] Bump org.redisson:redisson from 3.45.1 to 3.46.0 (#714)
• fa94e8d Deploy snapshot artifacts by Jenkins
• 2683c54 Update site descriptors
• 27cb420 [MRESOLVER-717] Bump org.codehaus.plexus:plexus-classworlds from 2.7.0 to 2.9...
• 6a7019f [MRESOLVER-716] Bump com.google.guava:guava from 33.1.0-jre to 33.4.8-jre (#712)
• 79c973e [MRESOLVER-714] Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.2 (#709)
• Additional commits viewable in compare view

Updates org.apache.maven.resolver:maven-resolver-transport-http from 1.9.18 to 1.9.23

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions