Bump the gradle-dependencies group with 3 updates

[dependabot]

Bumps the gradle-dependencies group with 3 updates: org.apache.commons:commons-csv, com.google.code.gson:gson and com.github.spotbugs.

Updates org.apache.commons:commons-csv from 1.10.0 to 1.11.0

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV Version 1.11.0 Release Notes

This document contains the release notes for the 1.11.0 version of Apache Commons CSV. Commons CSV reads and writes files in variations of the Comma Separated Value (CSV) format.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

Feature and bug fix release (Java 8 or above)

Changes in this version include:

New Features

• CSV-308: [Javadoc] Add example to CSVFormat#setHeaderComments() #344. Thanks to Buddhi De Silva, Gary Gregory.

•       Add and use CSVFormat#setTrailingData(boolean) in CSVFormat.EXCEL for Excel compatibility [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

•       Add and use CSVFormat#setLenientEof(boolean) in CSVFormat.EXCEL for Excel compatibility [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

Fixed Bugs

• CSV-306: Replace deprecated method in user guide, update external link #324, #325. Thanks to Sam Ng, Bruno P. Kinoshita.

•       Document duplicate header behavior [#309](https://github.com/apache/commons-csv/issues/309). Thanks to Seth Falco, Bruno P. Kinoshita.
  

•       Add missing docs [#328](https://github.com/apache/commons-csv/issues/328). Thanks to jkbkupczyk.
  

•       [StepSecurity] CI: Harden GitHub Actions [#329](https://github.com/apache/commons-csv/issues/329), [#330](https://github.com/apache/commons-csv/issues/330). Thanks to step-security-bot.
  

• CSV-147: Better error message during faulty CSV record read #347. Thanks to Steven Peterson, Benedikt Ritter, Gary Gregory, Joerg Schaible, Buddhi De Silva, Elliotte Rusty Harold.
• CSV-310: Misleading error message when QuoteMode set to None #352. Thanks to Buddhi De Silva.
• CSV-311: OutOfMemory for very long rows despite using column value of type Reader. Thanks to Christian Feuersaenger, Gary Gregory.

•       Use try-with-resources to manage JDBC Clob in CSVPrinter.printRecords(ResultSet). Thanks to Gary Gregory.
  

•       JDBC Blob columns are now output as Base64 instead of Object#toString(), which usually is InputStream#toString(). Thanks to Gary Gregory.
  

•       Support unusual Excel use cases: Add support for trailing data after the closing quote, and EOF without a final closing quote [#303](https://github.com/apache/commons-csv/issues/303). Thanks to DamjanJovanovic, Gary Gregory.
  

•       MongoDB CSV empty first column parsing fix [#412](https://github.com/apache/commons-csv/issues/412). Thanks to Igor Kamyshnikov, Gary Gregory.
  

Changes

•       Bump commons-io:commons-io: from 2.11.0 to 2.16.1 [#408](https://github.com/apache/commons-csv/issues/408), [#413](https://github.com/apache/commons-csv/issues/413). Thanks to Gary Gregory.
  

•       Bump commons-parent from 57 to 69 [#410](https://github.com/apache/commons-csv/issues/410). Thanks to Gary Gregory, Dependabot.
  

•       Bump h2 from 2.1.214 to 2.2.224 [#333](https://github.com/apache/commons-csv/issues/333), [#349](https://github.com/apache/commons-csv/issues/349), [#359](https://github.com/apache/commons-csv/issues/359). Thanks to Dependabot.
  

•       Bump commons-lang3 from 3.12.0 to 3.14.0. Thanks to Gary Gregory.
  

•       Update exception message in CSVRecord#getNextRecord() [#348](https://github.com/apache/commons-csv/issues/348). Thanks to Buddhi De Silva, Michael Osipov, Gary Gregory.
  

•       Bump tests using com.opencsv:opencsv from 5.8 to 5.9 [#373](https://github.com/apache/commons-csv/issues/373). Thanks to Dependabot.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes-report.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports,

... (truncated)

Commits

• 74e1274 Prepare for the next release candidate
• 89cbc7b Prepare for the next release candidate
• 447682e Match version to POM
• 4c186f2 Merge pull request #420 from apache/dependabot/github_actions/actions/checkou...
• 8af37f7 Merge pull request #418 from apache/dependabot/github_actions/github/codeql-a...
• 2238314 Merge pull request #419 from apache/dependabot/github_actions/actions/upload-...
• 2ccf668 Bump actions/checkout from 4.1.2 to 4.1.4
• 26cf90e Bump actions/upload-artifact from 4.3.2 to 4.3.3
• 586310a Bump github/codeql-action from 3.25.1 to 3.25.3
• bea505a Merge pull request #416 from apache/dependabot/github_actions/actions/upload-...
• Additional commits viewable in compare view

Updates com.google.code.gson:gson from 2.10.1 to 2.11.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.11.0

Most important changes

• Added default ProGuard / R8 rules (@​Marcono1234, #2397, #2420; @​sgjesse, #2448; @​sfreilich)
  If you are using ProGuard or R8 (for example for Android projects) you might not need any special Gson configuration anymore if your classes have a no-args constructor and use @SerializedName for their fields.
• On Android, Gson now requires API level 21 or newer
• Added new Strictness API (@​marten-voorberg & fellow students, #2437)
  Some of Gson's API is still lenient by default, but you can now use the newly added methods GsonBuilder#setStrictness, JsonReader#setStrictness and JsonWriter#setStrictness with Strictness.STRICT to override this behavior and to instead strictly adhere to the JSON specification when parsing.
• New FormattingStyle class to allow configuring line breaks in JSON output (@​mihnita, #2231)
  Can be set using GsonBuilder#setFormattingStyle and JsonWriter#setFormattingStyle.
• TypeToken can no longer capture type variables by default (@​Marcono1234, #2376)
  This was previously a common source of issues. The newly thrown exception refers to a Troubleshooting Guide article which explains this in more detail and provides suggestions for updating affected code.
• Added serialization support for anonymous and local classes with a custom adapter (@​Marcono1234, #2498)
  This affects for example List implementations returned by libraries such as Guava which are implemented as anonymous class, which were previously serialized as null. Anonymous and local classes without custom adapter will still be serialized as null.
• Added dependency on com.google.errorprone:error_prone_annotations
  Your project can use Maven or Gradle dependency exclusions to remove the transitive error_prone_annotations dependency from Gson. Or if you are manually maintaining dependencies as JARs in your project you can omit error_prone_annotations. And it should still work correctly.
  But Gson itself does declare it as a required dependency, and if you don't perform any custom configuration, then Maven or Gradle will by default try to download and use it.
• Many exception messages now refer to the Troubleshooting Guide (@​Marcono1234, #2357)
  Feedback regarding the Troubleshooting Guide is appreciated!
• Officially documented that JVM languages other than Java might not be fully supported, see the README.
• Guarantee that JsonElement#toString produces JSON output (@​Marcono1234, #2659)

Other changes

Bug fixes

• Fixed incorrect JsonPrimitive#equals results for large BigInteger values (@​MaicolAntali, #2311)
• Fixed incorrect JsonPrimitive#equals results for large BigDecimal values (@​MaicolAntali, #2364)
• Fixed JsonReader throwing NumberFormatException instead of MalformedJsonException for malformed Unicode escape sequences (@​MaicolAntali, #2337)
• Fixed TypeToken#getParameterized returning bogus ParameterizedType for non-generic types (@​Marcono1234, #2447)
• Fixed Java Record adapter not working for GraalVM Native Image (@​eamonnmcmanus, #2465)
• Fixed JsonWriter#name not throwing exception when no JSON object is currently being written (@​shivam-sehgal, #2475; @​Marcono1234, #2476)
• Fixed Gson#getDelegateAdapter not working properly for @JsonAdapter (@​Marcono1234, #2435)
  Note that null is now not allowed as skipPast value anymore, which was previously allowed but undocumented.
• Fixed GsonBuilder not rejecting type adapters for Object and JsonElement, whose default adapters cannot be overridden (@​sachinp97; #2479)
• Fixed no limits being enforced when deserializing BigDecimal and BigInteger (@​Marcono1234, #2510)
  The new limits prevent potential performance problems when user code uses the deserialized numbers. Gson itself was and is not affected by these performance problems. The limits should be high enough to not cause issues for most use cases, but feedback is appreciated.
• Fixed GsonBuilder#setDateFormat not rejecting invalid date formats (@​Carpe-Wang, #2538)
• Fixed GsonBuilder#setDateFormat not rejecting invalid date styles (@​Marcono1234, #2545)
• Fixed GsonBuilder#setDateFormat ignoring partial DEFAULT style (@​Marcono1234, #2556)
• Fixed TypeToken#isAssignableFrom throwing AssertionError in some cases (@​Marcono1234, #2544)
• Fixed date adapters not restoring time zone after parsing (@​Carpe-Wang, #2549)
• Fixed TypeToken#equals erroneously returning false for equal generic type parameters in some cases (@​d-william, #2599)
• Fixed incorrect inherited URLs in pom.xml (@​Marcono1234, #2351)

Performance improvements

• Slightly reduce memory usage for reflection-based adapter (@​sembseth, #2325; @​Marcono1234, #2440)
• Improved parsing speed of ToNumberPolicy#LONG_OR_DOUBLE (@​ctasada, #2674)

... (truncated)

Commits

• 828a97b [maven-release-plugin] prepare release gson-parent-2.11.0
• 93bc0f2 Skip signing graal-native-test module. (#2675)
• b153ca1 [maven-release-plugin] rollback the release of gson-parent-2.11.0
• 0e3d2aa [maven-release-plugin] prepare for next development iteration
• 545b802 [maven-release-plugin] prepare release gson-parent-2.11.0
• 8bfdbb4 Guarantee that JsonElement.toString() produces JSON (#2659)
• 9008b09 Extend Troubleshooting Guide with some ProGuard / R8 information (#2656)
• 05652c3 Document that other JVM languages are not fully supported (#2666)
• 454a491 Improved Long-Double Number Policy (#2674)
• 570d911 Bump the github-actions group with 4 updates (#2671)
• Additional commits viewable in compare view

Updates com.github.spotbugs from 6.0.13 to 6.0.15

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions