Bump the dependencies group with 6 updates #39

dependabot · 2025-04-11T00:07:10Z

Bumps the dependencies group with 6 updates:

Package	From	To
com.google.auto.service:auto-service	`1.0-rc6`	`1.1.1`
com.google.guava:guava	`29.0-jre`	`33.4.7-jre`
com.google.errorprone:error_prone_core	`2.3.3`	`2.37.0`
com.google.testing.compile:compile-testing	`0.18`	`0.21.0`
junit:junit	`4.13.1`	`4.13.2`
org.apache.maven.plugins:maven-surefire-plugin	`2.19.1`	`3.5.3`

Updates com.google.auto.service:auto-service from 1.0-rc6 to 1.1.1

Release notes

Sourced from com.google.auto.service:auto-service's releases.

auto-service-1.1.1

What's Changed

No functional changes.

Dependencies updated.

Some minor code improvements.

Full Changelog: google/auto@auto-service-1.1.0...auto-service-1.1.1

AutoCommon 1.1

com.google.auto.common is annotated for null-safety. (9d79ce1e)

Add String and TypeElement versions of auto-common APIs that currently take in Class. (dec3bf0e)

AutoService 1.1.0

AutoService now verifies by default that the annotated class does indeed implement the interface in @AutoServce. Previously this only happened when compiling with -Averify=true. The verification can be disabled either by compiling with -Averify=false or by adding @SuppressWarnings("AutoService") to the annotated class. (965e89328)

The @AutoService annotation can no longer be applied to an interface or abstract class. This new verification can also be disabled in the same way. (591731c32)

AutoFactory 1.1.0

AutoFactory now recognizes and generates both javax.inject and jakarta.inject. If jakarta.inject is on the classpath then it will be used, and otherwise javax.inject. A new compiler option -Acom.google.auto.factory.InjectApi can be set to either javax or jakarta to force the use of one or the other. (67772b26d)

There is now a way to add annotations to generated AutoFactory classes. See the javadoc for @AutoFactory.AnnotationsToApply. (b2a1c0885)

The exception message for a null value now indicates not only which number argument it is but also how many arguments there are in total. This may lead to a small increase in code size. (ab6c7bfb6)

AutoFactory now correctly handles the case where a parameter annotation has @Target with both PARAMETER and TYPE_USE. (9d455fa17)

When a requested supertype of the generated factory class has a type parameter, the generated class now always has the same parameter. (206b67396)

Better error message when detecting duplicate parameters (59ec5e659)

AutoService 1.0.2

Updating Maven dependencies only. No functional changes.

AutoFactory 1.0.1

Fixed Gradle incremental compilation. (8f17e4c4)

AutoCommon 1.0.1

Added some methods to allow annotation processors to use Streams functionality that is present in mainline Guava but not Android Guava. This can be useful if Android Guava might be on the processor path.

AutoService 1.0.1

AutoService no longer throws an exception for a missing service class. (d8083fde)

Fixed a bug in AutoServiceProcessor that could lead to some services not being processed. (d4c865be)

Auto Common 1.0

This has only cosmetic differences from Auto Common 0.11, but we are updating the version number to indicate stability.

AutoService 1.0

@AutoService classes can now reference generic services and still pass -Averify=true. (afe607c3)

AutoServiceProcessor no longer claims the @AutoService annotation. (c27b527a)

AutoService 1.0-rc7

Use CLASS retention to support Gradle aggregating incremental annotation processors (28a2c79)

Set an Automatic-Module-Name. (61256c3)

Commits

See full diff in compare view

Updates com.google.guava:guava from 29.0-jre to 33.4.7-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.4.7

Known issue: This release breaks the build of Android apps with a minSdkVersion below 26. We will publish a fixed version soon. Sorry again for the continuing trouble.

Guava 33.4.7, like 33.4.6, fixes two problems that we introduced while modularizing Guava and migrating off Unsafe in 33.4.5.

Even if you're not upgrading from Guava 33.4.0 or earlier, still read the release notes for Guava 33.4.1. Those release notes contain information about the effects of Guava 33.4.5 and higher on the module system.

Maven
<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.4.7-jre</version>
  
  <version>33.4.7-android</version>
</dependency>
Jar files

33.4.7-jre.jar

33.4.7-android.jar

Guava requires one runtime dependency, which you can download here:

failureaccess-1.0.3.jar

Javadoc

33.4.7-jre

33.4.7-android

JDiff

33.4.7-jre vs. 33.4.6-jre

33.4.7-android vs. 33.4.6-android

33.4.7-android vs. 33.4.7-jre

Changelog

Modified the guava module's dependency on failureaccess to be transitive. Also, modified the guava-testlib module to make its dependency on guava transitive, to remove its dependency on failureaccess, and to add a dependency (transitive) on junit. (63ecdf2239)

util.concurrent: Modified our fast paths to ensure that they continue to work when run through optimizers, such as those commonly used by Android apps. This fixes problems that some users may have seen since Guava 33.4.5. (b8dcaede09bcf1c3bd5fc037690498f6ac560c54, f9eff 8000 73b8d)

util.concurrent: Changed the guava-android copy of AbstractFuture to try VarHandle before Unsafe, eliminating a warning under newer JDKs. (7336af1831)

33.4.6

Prefer to upgrade straight to 33.4.7: While Guava 33.4.6 fixes two problems that we introduced while modularizing Guava in 33.4.5, it still contains some small problems with the module system, and it may still cause trouble for optimizers. These problems have been fixed in 33.4.7.

Even if you're not upgrading from Guava 33.4.0 or earlier, still read the release notes for Guava 33.4.1. Those release notes contain information about Guava 33.4.5 and 33.4.6's effect on the module system.

... (truncated)

Commits

See full diff in compare view

Updates com.google.errorprone:error_prone_core from 2.3.3 to 2.37.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.37.0

Changes:

The annotations that were previously in error_prone_type_annotations have been been merged into error_prone_annotations. error_prone_type_annotations is now deprecated, and will be removed in a future release.

New checks:

AssignmentExpression - The use of an assignment expression can be surprising and hard to read; consider factoring out the assignment to a separate statement.

IntFloatConversion - Detect calls to scalb that should be using the double overload instead

InvalidSnippet - Detects snippets which omit the : required for inline code.

JUnit4EmptyMethods - Detects empty JUnit4 @Before, @After, @BeforeClass, and @AfterClass methods.

MockIllegalThrows - Detects cases where Mockito is configured to throw checked exception types which are impossible.

NegativeBoolean - Prefer positive boolean names.

RuleNotRun - Detects TestRules not annotated with @Rule, that won't be run.

StringConcatToTextBlock - Replaces concatenated multiline strings with text blocks.

TimeInStaticInitializer - Detects accesses of the system time in static contexts.

Closed issues:

Propagate check flags in patch mode (#4699)

Fixes a crash in ComputeIfAbsentAmbiguousReference (#4736)

Show the field name in HidingField diagnostics (#4775)

Add support for jakarta annotations to some checks (#4782)

FloatingPointAssertionWithinEpsilonTest depends on default locale (#4815)

@InlineMe patching of Strings.repeat produces broken code (#4819)

Fix a crash in IdentifierName on unnamed (_) variables (#4847)

Fix a crash in ArgumentParameterSwap (#490)

Full changelog: google/error-prone@v2.36.0...v2.37.0

Error Prone 2.36.0

Changes:

Add new matcher interfaces to ErrorProneScanner for AST nodes introduced after Java 11 (e5fd194fa21ef9a01e8d4c72489906247aad81c8)

Fix compatibility with latest JDK 24 EA builds (google/error-prone@d67bc15)

Check that --should-stop=ifError=FLOW is set when using the -Xplugin integration (e71db1f369a9367f6f2db34c4fbd006b6d6238fd)

New checks:

DuplicateBranches: Discourage conditional expressions and if statements where both branches are the same

RedundantControlFlow: Reports redundant continue statements.

Closed issues: #4633, #4646

Full changelog: google/error-prone@v2.35.1...v2.36.0

Error Prone 2.35.1

Error Prone's dependency on protobuf has been downgraded to 3.25.5 for this release.

... (truncated)

Commits

a453935 Release Error Prone 2.37.0
81faa5a Update JDK versions in release.yml
62086b7 Handle multiple arguments in thenThrow.
7440ff1 In StringConcatToTextBlock, don't assume that string literals always have sou...
04fe835 Adds type_annotations back but as a relocation to annotations
1ad73c2 Handle yield in Reachability
b1b521f Sniff out the canonical constructor using detective work rather than a flag w...
86e5c95 Optimization: Abort class scan in JUnit4TestNotRun if all suspicious method...
c139e7f [StatementSwitchToExpressionSwitch] for the return switch pattern, fix a bug ...
296fb4e Hardcode BoxedPrimitiveEquality:ExemptStaticConstants = false.
Additional commits viewable in compare view

Updates com.google.testing.compile:compile-testing from 0.18 to 0.21.0

Release notes

Sourced from com.google.testing.compile:compile-testing's releases.

0.21.0

Fixed a bug: When comparing ASTs, for example in JavaFileObjectSubject.hasSourceEquivalentTo, some kinds of nodes were omitted from the comparison. In particular, if the expected code had an annotated type or a union type (multicatch), the actual code could contain anything at that point and the test would still pass. This was also true for post-Java-8 constructs like module declarations, yield statements, and the like. These omissions have been corrected. Some tests may now fail if the expected and actual source do not match, in ways that were hidden by this bug. (google/compile-testing@9a592f7)

0.20

Allow sources being compiled to be read from annotation processors. (95e749d)

Fix false negative when comparing source files that differ only in try-with-resources specifications. (cb6486c)

Add withAnnotationProcessorPath() to Compiler. (80a9ee0)

Improve error messages rendered by JavaSourcesSubject.parsesAs() and JavaFileObjectSubject.containsElementsIn() to more easily distinguish between errors incurred in actual vs expected source. (115014e)

Use @Nullable from the Checker Framework and fix a few null-correctness issues. (6260258)

Fixed bug where testing package-info.java with parsesAs() threw a NullPointerException. (c46b1b6)

Close JavaCompiler objects to avoid resource leaks. (cd2c0a8)

0.19

Updated Truth usages to be compatible with Truth 1.0 and higher.

Improved exception thrown by onLine(n) when n is out of range. (b4eaa92)

Commits

c24c262 Set version number for compile-testing to 0.21.0.
9a592f7 Use reflection to implement TreeDiffer.DiffVisitor.
cd5e8a9 Adjust configuration and documents to reflect the renamed main branch.
75b95ed Name our release profile sonatype-oss-release instead of release.
ea22b1d Bump styfle/cancel-workflow-action from 0.10.1 to 0.11.0
1148d31 Bump error_prone_annotations from 2.15.0 to 2.16
d288d45 Bump auto-value from 1.9 to 1.10
6be818d Bump checker-qual from 3.25.0 to 3.26.0
b9a66d1 Bump styfle/cancel-workflow-action from 0.10.0 to 0.10.1
c2bd7ba Bump maven-jar-plugin from 3.2.2 to 3.3.0
Additional commits viewable in compare view

Updates junit:junit from 4.13.1 to 4.13.2

Release notes

Sourced from junit:junit's releases.

JUnit 4.13.2

Please refer to the release notes for details.

Commits

05fe2a6 [maven-release-plugin] prepare release r4.13.2
ff57344 Add build for JDK 17-ea
02aaa01 Improve check that thread is stopped
e9a75f4 Merge test for exception type and message
d27ad52 Rename DelegateStatement to DelegatingStatement
b83dc2e Better name for test that stops statement
527f3a3 Replace InfiniteLoop with RunForASecond
2db6394 Tidy up FailOnTimeoutTest
64634e1 Update 4.13.2 release notes to document pull 1654
f8ee412 Fix serialization of AssumptionViolatedException (#1654)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 2.19.1 to 3.5.3

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.3

🐛 Bug Fixes

[SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @slawekjaranowski

[SUREFIRE-1643] - surefire junit5 parallel tests (#815) @olamy

[SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @elharo

👻 Maintenance

surefire shared utils version current version (#825) @olamy

Update site descriptors (#821) @slawekjaranowski

Use newer version of surefire for itself testing, enable JUnit 5 in tests (#822) @slawekjaranowski

Remove dependencies from root pom (#819) @slawekjaranowski

move this dependency to dptMngt (#818) @olamy

[SUREFIRE-2291] - Change logger from Plexus to SLF4J (#811) @jeffjensen

Add GitHub Automation actions (#812) @slawekjaranowski

Convert reports to Guice (#803) @elharo

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#809) @Bukama

Update encoding docs (#802) @elharo

Guice injection (#801) @elharo

📦 Dependency updates

Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1 (#823) @dependabot[bot]

Bump parent to 44 (#817) @slawekjaranowski

Bump org.codehaus.plexus:plexus-java from 1.3.0 to 1.4.0 (#810) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.4.0 to 4.10.0 (#813) @dependabot[bot]

Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#797) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#807) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.0 to 3.27.2 (#805) @dependabot[bot]

Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 (#800) @dependabot[bot]

3.5.2

🚀 New features and improvements

[SUREFIRE-2278] - Don't say please. (#792) @elharo

📦 Dependency updates

[SUREFIRE-2281] - Doxia 2.0.0 ga (#794) @michael-o

Bump commons-io:commons-io from 2.2 to 2.14.0 in /surefire-its/src/test/resources/surefire-979-smartStackTrace-wrongClassloader/module1 (#789) @dependabot

👻 Maintenance

[SUREFIRE-2282] - surefire-report-plugin: Update Introduction documenta… (#796) @michael-o

Reduce cyclomatic complexity (#793) @elharo

... (truncated)

Commits

4434650 [maven-release-plugin] prepare release surefire-3.5.3
1270950 use github directly
59f3a1f release tag name backward compatible
dfbabe2 assertj-core must be test scope (#826)
e1f8119 back to 3.5.3-SNAPSHOT
c497559 [maven-release-plugin] prepare for next development iteration
3962112 [maven-release-plugin] prepare release v3.5.3
227c134 surefire shared utils version current version (#825)
1d34c34 Bump org.htmlunit:htmlunit from 4.10.0 to 4.11.1
906b65a Update site descriptors
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [com.google.auto.service:auto-service](https://github.com/google/auto) | `1.0-rc6` | `1.1.1` | | [com.google.guava:guava](https://github.com/google/guava) | `29.0-jre` | `33.4.7-jre` | | [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) | `2.3.3` | `2.37.0` | | [com.google.testing.compile:compile-testing](https://github.com/google/compile-testing) | `0.18` | `0.21.0` | | [junit:junit](https://github.com/junit-team/junit4) | `4.13.1` | `4.13.2` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `2.19.1` | `3.5.3` | Updates `com.google.auto.service:auto-service` from 1.0-rc6 to 1.1.1 - [Release notes](https://github.com/google/auto/releases) - [Commits](https://github.com/google/auto/commits/auto-service-1.1.1) Updates `com.google.guava:guava` from 29.0-jre to 33.4.7-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `com.google.errorprone:error_prone_core` from 2.3.3 to 2.37.0 - [Release notes](https://github.com/google/error-prone/releases) - [Commits](google/error-prone@v2.3.3...v2.37.0) Updates `com.google.testing.compile:compile-testing` from 0.18 to 0.21.0 - [Release notes](https://github.com/google/compile-testing/releases) - [Commits](google/compile-testing@compile-testing-0.18...v0.21.0) Updates `junit:junit` from 4.13.1 to 4.13.2 - [Release notes](https://github.com/junit-team/junit4/releases) - [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md) - [Commits](junit-team/junit4@r4.13.1...r4.13.2) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 2.19.1 to 3.5.3 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-2.19.1...surefire-3.5.3) --- updated-dependencies: - dependency-name: com.google.auto.service:auto-service dependency-version: 1.1.1 dependency-type: direct:production dependency-group: dependencies - dependency-name: com.google.guava:guava dependency-version: 33.4.7-jre dependency-type: direct:production dependency-group: dependencies - dependency-name: com.google.errorprone:error_prone_core dependency-version: 2.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: com.google.testing.compile:compile-testing dependency-version: 0.21.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: junit:junit dependency-version: 4.13.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

@ben-manes

…rone). (Also, use a Temurin JDK instead of Zulu: Per [advice](google/guava#7492 (comment)) from @ben-manes, LTS versions of Temurin [come pre-installed](https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Hosted-Tool-Cache). Compare google/guava#7591.) We should really migrate all the way off `oss-parent`, as we've done for other projects. I don't know if an actual release would work now or not. Fixes #39 RELNOTES=The Guava Beta Checker now requires Java 17 to run (like Error Prone). Like Error Prone, it can still be used when targeting older Java versions (by passing `-source 8 -target 8`, for example). PiperOrigin-RevId: 746486321

@ben-manes

…rone). (Also, use a Temurin JDK instead of Zulu: Per [advice](google/guava#7492 (comment)) from @ben-manes, LTS versions of Temurin [come pre-installed](https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Hosted-Tool-Cache). Compare google/guava#7591.) We should really migrate all the way off `oss-parent`, as we've done for other projects. I don't know if an actual release would work now or not. Fixes #39 RELNOTES=The Guava Beta Checker now requires Java 17 to run (like Error Prone). Like Error Prone, it can still be used when targeting older Java versions (by passing `-source 8 -target 8`, for example). PiperOrigin-RevId: 746486321

dependabot · 2025-04-11T18:29:17Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Apr 11, 2025

cpovirk self-assigned this Apr 11, 2025

cpovirk added the P2 label Apr 11, 2025

copybara-service bot mentioned this pull request Apr 11, 2025

Bump deps and plugins, and bump Java version to 17 (following Error Prone). #41

Merged

copybara-service bot closed this in 235be60 Apr 11, 2025

dependabot bot deleted the dependabot/maven/dependencies-4e47c94869 branch April 11, 2025 18:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group with 6 updates #39

Bump the dependencies group with 6 updates #39

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bump the dependencies group with 6 updates #39

Bump the dependencies group with 6 updates #39

Uh oh!

Conversation

auto-service-1.1.1

What's Changed

AutoCommon 1.1

AutoService 1.1.0

AutoFactory 1.1.0

AutoService 1.0.2

AutoFactory 1.0.1

AutoCommon 1.0.1

AutoService 1.0.1

Auto Common 1.0

AutoService 1.0

AutoService 1.0-rc7

33.4.7

Maven

Jar files

Javadoc

JDiff

Changelog

33.4.6

Error Prone 2.37.0

Error Prone 2.36.0

Error Prone 2.35.1

0.21.0

0.20

0.19

JUnit 4.13.2

3.5.3

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.2

🚀 New features and improvements

📦 Dependency updates

👻 Maintenance

Uh oh!

Uh oh!

Uh oh!