fix(deps): update all dependencies j:cdx-227

[renovate-coveo]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@commitlint/config-conventional (source)	19.5.0 -> 19.8.0					devDependencies	minor
@octokit/auth-app	7.1.2 -> 7.1.5					devDependencies	patch
actions/setup-java	v4.5.0 -> v4.7.0					action	minor
actions/setup-node	v4.1.0 -> v4.3.0					action	minor
actions/upload-artifact	v4.4.3 -> v4.6.2					action	minor
ossf/scorecard-action	v2.4.0 -> v2.4.1					action	patch
step-security/harden-runner	v2.10.1 -> v2.11.0					action	minor
com.diffplug.spotless:spotless-maven-plugin	2.43.0 -> 2.44.3					build	minor
commons-codec:commons-codec (source)	1.17.1 -> 1.18.0					compile	minor
org.mockito:mockito-core	5.14.2 -> 5.16.1					test	minor
joda-time:joda-time (source)	2.13.0 -> 2.14.0					compile	minor
io.github.cdimascio:dotenv-java	3.0.2 -> 3.2.0					compile	minor
com.google.code.gson:gson	2.11.0 -> 2.12.1					compile	minor
org.apache.logging.log4j:log4j-core (source)	2.24.1 -> 2.24.3					compile	patch
org.apache.maven.plugins:maven-javadoc-plugin	3.11.1 -> 3.11.2					build	patch

[skip release]

---

Release Notes

conventional-changelog/commitlint (@​commitlint/config-conventional)

v19.8.0

Compare Source

Performance Improvements

• use node: prefix to bypass require.cache call for builtins (#​4302) (0cd8f41)

19.7.1 (2025-02-02)

Note: Version bump only for package @​commitlint/config-conventional

v19.7.1

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

v19.6.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

octokit/auth-app.js (@​octokit/auth-app)

v7.1.5

Compare Source

Bug Fixes

• deps: update octokit dependencies to mitigate ReDos vulnerability [security] (#​678) (499d1f6)

v7.1.4

Compare Source

Bug Fixes

• deps: bump Octokit deps to fix Deno compat (#​665) (33fd19f)

v7.1.3

Compare Source

Bug Fixes

• deps: replace lru-cache with toad-cache (#​654) (43b97a6)

actions/setup-java (actions/setup-java)

v4.7.0

Compare Source

What's Changed

• Configure Dependabot settings by @​HarithaVattikuti in https://github.com/actions/setup-java/pull/722
• README Update: Added a permissions section by @​benwells in https://github.com/actions/setup-java/pull/723
• Upgrade cache from version 3.2.4 to 4.0.0 by @​aparnajyothi-y in https://github.com/actions/setup-java/pull/724
• Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @​dependabot in https://github.com/actions/setup-java/pull/728
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in https://github.com/actions/setup-java/pull/727
• Upgrade @types/jest from 29.5.12 to 29.5.14 by @​dependabot in https://github.com/actions/setup-java/pull/729

New Contributors

• @​benwells made their first contribution in https://github.com/actions/setup-java/pull/723

Full Changelog: actions/setup-java@v4...v4.7.0

v4.6.0

Compare Source

What's Changed

Add-ons:

• Add Support for JetBrains Runtime by @​gmitch215 in https://github.com/actions/setup-java/pull/637

 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'

Bug fixes:

• Fix Ubuntu-latest CI failures by @​mahabaleshwars in https://github.com/actions/setup-java/pull/693

New Contributors

• @​gmitch215 made their first contribution in https://github.com/actions/setup-java/pull/637

Full Changelog: actions/setup-java@v4...v4.6.0

actions/setup-node (actions/setup-node)

v4.3.0

Compare Source

What's Changed

Dependency updates

• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in https://github.com/actions/setup-node/pull/1200
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​gowridurgad in https://github.com/actions/setup-node/pull/1251
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in https://github.com/actions/setup-node/pull/1203
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in https://github.com/actions/setup-node/pull/1220

New Contributors

• @​gowridurgad made their first contribution in https://github.com/actions/setup-node/pull/1251

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in https://github.com/actions/setup-node/pull/1174
• Add recommended permissions section to readme by @​benwells in https://github.com/actions/setup-node/pull/1193
• Configure Dependabot settings by @​HarithaVattikuti in https://github.com/actions/setup-node/pull/1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in https://github.com/actions/setup-node/pull/1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in https://github.com/actions/setup-node/pull/1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in https://github.com/actions/setup-node/pull/1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in https://github.com/actions/setup-node/pull/1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in https://github.com/actions/setup-node/pull/1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in https://github.com/actions/setup-node/pull/1205

New Contributors

• @​benwells made their first contribution in https://github.com/actions/setup-node/pull/1193

Full Changelog: actions/setup-node@v4...v4.2.0

actions/upload-artifact (actions/upload-artifact)

v4.6.2

Compare Source

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in https://github.com/actions/upload-artifact/pull/685

New Contributors

• @​salmanmkc made their first contribution in https://github.com/actions/upload-artifact/pull/685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

Compare Source

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

Compare Source

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in https://github.com/actions/upload-artifact/pull/578
• Add new artifact-digest output by @​bdehamer in https://github.com/actions/upload-artifact/pull/656

New Contributors

• @​hamirmahal made their first contribution in https://github.com/actions/upload-artifact/pull/578
• @​bdehamer made their first contribution in https://github.com/actions/upload-artifact/pull/656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

ossf/scorecard-action (ossf/scorecard-action)

v2.4.1

Compare Source

What's Changed

• This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
• Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • use Scorecard library entrypoint instead of Cobra hooking by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1423
• Some errors were made into annotations to make them more visible
  • Make default branch error more prominent by @​jsoref in https://github.com/ossf/scorecard-action/pull/1459
• There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • add input for specifying --file-mode by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1509
• The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.
  • 🌱 publish docker images to GitHub Container Registry by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1453

Docs

• Installation docs update by @​JeremiahAHoward in https://github.com/ossf/scorecard-action/pull/1416

New Contributors

• @​JeremiahAHoward made their first contribution in https://github.com/ossf/scorecard-action/pull/1416
• @​jsoref made their first contribution in https://github.com/ossf/scorecard-action/pull/1459
  Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

step-security/harden-runner (step-security/harden-runner)

v2.11.0

Compare Source

What's Changed

Release v2.11.0 in #​498
Harden-Runner Enterprise tier now supports the use of eBPF for DNS resolution and network call monitoring

Full Changelog: step-security/harden-runner@v2...v2.11.0

v2.10.4

Compare Source

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

Compare Source

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

v2.10.2

Compare Source

What's Changed

1. Fixes low-severity command injection weaknesses
   The advisory is here: GHSA-g85v-wf27-67xc

2. Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

diffplug/spotless (com.diffplug.spotless:spotless-maven-plugin)

v2.44.0

Added

• New static method to DiffMessageFormatter which allows to retrieve diffs with their line numbers (#​1960)
• Gradle - Support for formatting shell scripts via shfmt. (#​1994)

Fixed

• Fix empty files with biome >= 1.5.0 when formatting files that are in the ignore list of the biome configuration file. (#​1989 fixes #​1987)
• Fix a regression in BufStep where the same arguments were being provided to every buf invocation. (#​1976)

Changed

• Use palantir-java-format 2.39.0 on Java 21. (#​1948)
• Bump default ktlint version to latest 1.0.1 -> 1.1.1. (#​1973)
• Bump default googleJavaFormat version to latest 1.18.1 -> 1.19.2. (#​1971)
• Bump default diktat version to latest 1.2.5 -> 2.0.0. (#​1972)

apache/commons-codec (commons-codec:commons-codec)

v1.18.0

The Apache Commons Codec team is pleased to announce the release of Apache Commons Codec 1.18.0.

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

v1.17.2

The Apache Commons Codec component contains encoders and decoders for
formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.

This is a feature and maintenance release. Java 8 or later is required.

mockito/mockito (org.mockito:mockito-core)

v5.16.1

Compare Source

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.16.1

• 2025-03-15 - 3 commit(s) by Adrian Roos, Jérôme Prinet, Rafael Winterhalter
• Remove Arrays.asList from critical stubbing path in GenericMetadataSu… (#​3610)
• Rework of injection strategy in the context of modules (#​3608)
• Adjust inline mocking snippet to allow task relocatability (#​3606)
• Inline mocking configuration snippet for Gradle should allow task relocatability (#​3605)

v5.16.0

Compare Source

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.16.0

• 2025-03-03 - 10 commit(s) by Brice Dutheil, Rafael Winterhalter, TDL, dependabot[bot]
• Add support for including module-info in Mockito. (#​3597)
• Bump com.gradle.develocity from 3.19 to 3.19.1 (#​3579)
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#​3577)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.1 to 7.0.2 (#​3574)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.25.0 to 7.0.1 (#​3571)
• Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 (#​3569)
• Tweaks documentation on mockito agent config for maven (#​3568)
• Adds --info to diagnose closeAndReleaseStagingRepositories issues (#​3567)
• Refine reflection when calling management factory (#​3566)
• Avoid warning when dynamic attach is enabled (#​3551)

v5.15.2

Compare Source

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.15.2

• 2025-01-02 - 2 commit(s) by Brice Dutheil, dependabot[bot]
• Fix javadoc publication (#​3561)
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 (#​3560)
• The release job is failed again (#​3542)

JodaOrg/joda-time (joda-time:joda-time)

v2.14.0

Compare Source

See the change notes for more information.

What's Changed

• Update time zone data to 2025bgtz by @​jodastephen in https://github.com/JodaOrg/joda-time/pull/807
• Update build scripts by @​jodastephen in https://github.com/JodaOrg/joda-time/pull/808
• Fix to run locally by @​jodastephen in https://github.com/JodaOrg/joda-time/pull/809
• Setup release from GitHub by @​jodastephen in https://github.com/JodaOrg/joda-time/pull/810

Full Changelog: JodaOrg/joda-time@v2.13.1...v2.14.0

v2.13.1

Compare Source

See the change notes for more information.

What's Changed

• Update time zone data to 2025agtz by @​github-actions in https://github.com/JodaOrg/joda-time/pull/805

Full Changelog: JodaOrg/joda-time@v2.13.0...v2.13.1

cdimascio/dotenv-java (io.github.cdimascio:dotenv-java)

v3.2.0

(2025-02-22)

• Allow duplicate keys for variables (#​85) (69c3d92), closes #​85
• Cmd/melegati ml (#​79) (6d67cbf), closes #​79
• Handling real multi line entries. (#​78) (f3c43ec), closes #​78
• Update build workflow to upload JaCoCo code coverage report to https://codacy.com (#​54) (655d880), closes #​54
• update README and CONTRIBUTING (#​76) (bd434e1), closes #​76
• use Scanner constructor supported since Android Api Level 1 and add tests for UTF-8 values (#​86) (dde80ff), closes #​86
• v3.1.0 (#​80) (f9989e1), closes #​80

(2024-12-15)

• Cmd/melegati ml (#​79) (6d67cbf), closes #​79
• Handling real multi line entries. (#​78) (f3c43ec), closes #​78
• Update build workflow to upload JaCoCo code coverage report to https://codacy.com (#​54) (655d880), closes #​54
• update README and CONTRIBUTING (#​76) (bd434e1), closes #​76

(2024-09-01)

• Delete .github/workflows/codeql.yml (#​71) (c52803f), closes #​71 #​70 #​69
• fix javadoc target (#​72) (8c0b9c5), closes #​72
• fixes #​63 string oob with ignore malformed (#​74) (4e23eda), closes #​63 #​74
• update CHANGELOG.md (0fdabfd)
• Update codeql.yml (#​70) (1966f4f), closes #​70
• update CONTRIBUTING.md to include signed artifact github upload (#​73) (d216732), closes #​73
• update integrates OpenSSF badging details into README and CONTRIBUTING (#​75) (ba7ec54), closes #​75 #​63
• Update README.md (#​69) (7870e4f), closes #​69

(2024-09-01)

• [StepSecurity] Apply security best practices (#​66) (f50dd1b), closes #​66
• Add support from reading from jimfs in-memory FS (#​60) (0c5642e), closes #​60
• Create SECURITY.md (#​65) (162a574), closes #​65
• update CONTRIBUTING.md (6d60f39)
• Update CONTRIBUTING.md (#​67) (158a525), closes #​67
• update pom.xml (aa8d1d5)
• v3.0.1 (c8bf7b0)
• docs: add manoelcampos as a contributor for code, test, and infra (#​52) (5b6c71d), closes #​52

(2023-04-30)

• Adds support to Java 11 (#​51) (d586bd3), closes #​51
• v2.3.2 (10d4f06)
• v3.0.0 (2eaf6a5)

2.3.2 (2023-01-16)

• Implements support for quoted values (#​46) (bbfbcfa), closes #​46
• update dependency (c016121)
• Update README.md (006fc25)
• use v2.3.0 in example (1261b9e)
• v2.3.2 (fbc6186)
• v2.3.2 (d318ce4)
• v2.3.2 (6cb8616)

2.3.1 (2022-11-23)

• Support trailing comments (#​38) (45f25e2), closes #​38 /github.com/bkeepers/dotenv/blob/master/lib/dotenv/parser.rb#L14-L30
• Update README.md (74bbe2c)
• Update README.md (7166200)
• v2.3.1 (abe4108)
• docs: add c00ler as a contributor for code (#​39) (e52b498), closes #​39
• docs: add dizney as a contributor for code, and doc (#​41) (6d1c1cf), closes #​41
• docs: add yassenb as a contributor for code (#​40) (4430c0f), closes #​40

2.3.0 (2022-11-23)

• add change log (1817cd8)
• Ensure java 11 using enforcer plugin (#​35) (c2c69fc), closes #​35
• Fix classpath relative-to-absolute conversion in DotenvReader (#​27) (6dc4c52), closes #​27
• Fix license in the header (#​34) (d253407), closes #​34
• Fixed dangling kotlin-dotenv link at the README.md (#​23) (d5d886f), closes #​23
• Link Maven Central badge to the artifact page (#​19) (80c5cd6), closes #​19
• Precompile and reuse regular expressions (#​33) (82cf585), closes #​33
• Update CONTRIBUTING.md (3b44b8a)
• Update CONTRIBUTING.md (cf7605a)
• Update CONTRIBUTING.md (61488e0)
• Update CONTRIBUTING.md (ed5e545)
• update dep (8793318)
• update doc (5c607d7)
• Update Dotenv.java (bd79cdd)
• update gitignore (02bcb73)
• update pom (74945a5)
• update poms (2f57af8)
• update README (4a04796)
• update README (5ffffe3)
• Update README (#​30) (be31abb), closes #​30
• Update README.md (7c0e6f0)
• Update README.md (428bc3c)
• Update README.md (be128e9)
• Update README.md (3dab9c0)
• Update README.md (bdb3a55)
• Update README.md (51b5f2e)
• Update README.md (fc4e98a)
• Update README.md (393755c)
• Update README.md (2c1eef7)
• Update README.md (505d39e)
• Update README.md (902c7b4)
• v2.2.2 (4352c6a)
• v2.2.2 (8103047)
• v2.2.4 (5d60f3c)
• v2.3.0 (7398ee6)
• v2.3.0 change log (b96165c)
• v2.3.0 README update (fb48486)
• v3.0.1 (dbf540c)
• feat: add module info (#​37) (f69a9b3), closes #​37
• docs: add alexbraga as a contributor for doc (#​31) (a279af3), closes #​31
• docs: add Mooninaut as a contributor for code, test (#​28) (dd2999c), closes #​28
• docs: fix android code example (#​36) (7fc7794), closes #​36
• fix: remove unnecessary public modifier (ec42ff5)

2.2.0 (2020-10-15)

• java 8 compatibility improvements (#​18) (ca8916a), closes #​18

2.1.0 (2020-10-02)

• javadoc (5a97210)
• javadoc (f2edab0)
• Javadoc (#​7) (1fd956c), closes #​7
• Set theme jekyll-theme-leap-day (19d1c2f)
• support for java 8 (#​15) (55d90af), closes #​15
• Update README.md (ceff5c5)
• Update README.md (d54bcf0)
• Update README.md (03175dc)
• Update README.md (7f32109)
• Update README.md (5a819cb)
• Update README.md (04c565e)
• Update README.md (e8832d8)
• V2 (#​12) (ae3ac10), closes #​12
• v2 (#​9) (0ad3100), closes #​9
• v2 docs (#​10) (40b4a9b), closes [#​10](https://redirect.github.com/cdima

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone America/Toronto, Automerge - "after 9:00am and before 12:00pm on tuesday, wednesday, thursday" in timezone America/Toronto.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.