chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.0.0-M5 to 3.5.2 in /jans-config-api

[dependabot]

Bumps org.apache.maven.plugins:maven-surefire-plugin from 3.0.0-M5 to 3.5.2.

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.2

🚀 New features and improvements

• [SUREFIRE-2278] - Don't say please. (#792) @​elharo

📦 Dependency updates

• [SUREFIRE-2281] - Doxia 2.0.0 ga (#794) @​michael-o
• Bump commons-io:commons-io from 2.2 to 2.14.0 in /surefire-its/src/test/resources/surefire-979-smartStackTrace-wrongClassloader/module1 (#789) @​dependabot

👻 Maintenance

• [SUREFIRE-2282] - surefire-report-plugin: Update Introduction documenta… (#796) @​michael-o
• Reduce cyclomatic complexity (#793) @​elharo

Full Changelog: apache/maven-surefire@surefire-3.5.1...surefire-3.5.2

3.5.1

🚀 New features and improvements

• [SUREFIRE-2270] - Use JUnit5 in surefire-shadefire (#783) @​slawekjaranowski
• [SUREFIRE-2266] - Execute ITs in parallel (#781) @​slawekjaranowski
• [SUREFIRE-2264] - Limit usage of commons-io from surefire-shared-utils (#777) @​slawekjaranowski

🐛 Bug Fixes

• [SUREFIRE-2267] - Packages for commons-codec should be relocated in surefire-shared-utils (#782) @​slawekjaranowski
• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#780) @​slawekjaranowski
• [SUREFIRE-2257] - [REGRESSION] NPEx: Cannot invoke "Object.toString()" … (#774) @​michael-o

📦 Dependency updates

• [SUREFIRE-2273] - Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#784) @​dependabot
• [SUREFIRE-2272] - Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.3.0 - JDK 23 support (#786) @​dependabot
• [SUREFIRE-2226] - Upgrade to Maven Verifier 2.0.0-M1 (#706) @​michael-o
• [SUREFIRE-2265] - Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#779) @​dependabot
• [SUREFIRE-2263] - Use the latest version of surefire for self build (#776) @​slawekjaranowski
• [SUREFIRE-2262] - Bump org.apache.commons:commons-lang3 from 3.16.0 to 3.17.0 (#775) @​dependabot

👻 Maintenance

• [SUREFIRE-2269] - Allow fail during clean in surefire-its (#785) @​slawekjaranowski

3.5.0

... (truncated)

Commits

• ea9f049 [maven-release-plugin] prepare release surefire-3.5.2
• e1f94a0 [SUREFIRE-2276] JUnit5's TestTemplate failures treated as flakes with retries
• d24adb4 [SUREFIRE-2277] RunResult#getFlakes() is lost during serialisation/deserialis...
• 4385e94 Remove links to non-existing report
• 8881971 Remove outdated FAQ
• 0121834 [SUREFIRE-2283] FAQ site contains broken link to failsafe-plugin
• 91d16c3 Fix formatting of XML schema files
• 6cb417a Add .xsd to .gitattributes
• 9ce5221 [SUREFIRE-2282] surefire-report-plugin: Update Introduction documentation page
• 620b983 [SUREFIRE-2281] Upgrade to Doxia 2.0.0 GA Stack
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity]

DryRun Security Summary

The provided code change is a routine update to the pom.xml file in the jans-config-api project, where the surefire-plugin.version has been updated from 3.0.0-M5 to 3.5.2, which is a common maintenance task to keep project dependencies up-to-date and does not introduce any significant security-related changes.

Expand for full summary

Summary:

The provided code change is an update to the pom.xml file in the jans-config-api project. The key change is an update to the surefire-plugin.version from 3.0.0-M5 to 3.5.2. From an application security perspective, this change is not particularly interesting, as the surefire-plugin is a Maven plugin used for running unit tests, and the version update is likely a routine maintenance task to keep the project dependencies up-to-date. Overall, this change does not appear to introduce any significant security-related updates or modifications, and it is a standard dependency version update that is common in software development projects.

Files Changed:

• jans-config-api/pom.xml: The pom.xml file has been updated to change the surefire-plugin.version from 3.0.0-M5 to 3.5.2. This is a routine maintenance task to keep the project dependencies up-to-date and does not introduce any significant security-related changes.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.