chore(deps-dev): bump the dev-deps group across 1 directory with 7 updates

[dependabot]

Bumps the dev-deps group with 7 updates in the / directory:

Package	From	To
org.folio.okapi:okapi-testing	7.0.1	7.0.2
org.mockito:mockito-junit-jupiter	5.21.0	5.22.0
org.assertj:assertj-core	3.27.6	3.27.7
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.codehaus.mojo:properties-maven-plugin	1.2.1	1.3.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5
org.jsonschema2pojo:jsonschema2pojo-maven-plugin	1.2.2	1.3.3

Updates org.folio.okapi:okapi-testing from 7.0.1 to 7.0.2

Release notes

Sourced from org.folio.okapi:okapi-testing's releases.

v7.0.2

• OKAPI-1230 Add optional "required" property to EnvEntry.json of module descriptor
• OKAPI-1231 Migrate from AbstractVerticle to VerticleBase
• OKAPI-1232 Vert.x 5.0.6 fixing CVE-2025-67735 Netty CRLF injection
• OKAPI-1234 Support Docker 29 and later
• OKAPI-1236 upgrade to test-containers 2.0.3
• OKAPI-1238 log4j 4.5.23 fixing SocketAppender TLS hostname verification CVE-2025-68161
• OKAPI-1239 Vertx 5.0.7 (CVE-2026-1002), assertj 3.27.7, micrometer 1.16.2

Changelog

Sourced from org.folio.okapi:okapi-testing's changelog.

7.0.2 2026-02-11

• OKAPI-1228 Add javadoc about ServicesResourceTransformer requirement
• OKAPI-1230 Add optional "required" property to EnvEntry.json of module descriptor
• OKAPI-1231 Migrate from AbstractVerticle to VerticleBase
• OKAPI-1232 Vert.x 5.0.6 fixing CVE-2025-67735 Netty CRLF injection
• OKAPI-1234 Support Docker 29 and later
• OKAPI-1236 upgrade to test-containers 2.0.3 (#1432)
• OKAPI-1238 log4j 4.5.23 fixing SocketAppender TLS hostname verification CVE-2025-68161
• OKAPI-1239 Vertx 5.0.7 (CVE-2026-1002), assertj 3.27.7, micrometer 1.16.2

Commits

• ef1b9f4 [maven-release-plugin] prepare release v7.0.2
• 26275d9 NEWS for 7.0.2
• cbab3f6 OKAPI-1239 upgrade Vertx, assertj, micrometer (#1434)
• 8a386ed Merge pull request #1433 from folio-org/OKAPI-1238
• 483b004 OKAPI-1238: log4j 4.5.23 fixing SocketAppender TLS hostname verification CVE-...
• 0510937 OKAPI-1236 upgrade to test-containers 2.0.3 (#1432)
• 14ffcfe OKAPI-1234 Docker API version (#1431)
• ff65e50 Merge pull request #1428 from folio-org/OKAPI-1232
• 6f0a592 OKAPI-1232: Vert.x 5.0.6 fixing CVE-2025-67735 Netty CRLF injection
• 94966d5 Merge pull request #1425 from folio-org/OKAPI-1228
• Additional commits viewable in compare view

Updates org.mockito:mockito-junit-jupiter from 5.21.0 to 5.22.0

Release notes

Sourced from org.mockito:mockito-junit-jupiter's releases.

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

Commits

• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• 9e5d449 Add tests for Sets utility class (#3771)
• 8d9a62f Bump actions/upload-artifact from 5 to 6 (#3774)
• See full diff in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.codehaus.mojo:properties-maven-plugin from 1.2.1 to 1.3.0

Release notes

Sourced from org.codehaus.mojo:properties-maven-plugin's releases.

1.3.0

🚀 New features and improvements

• Feature Request: add yml properties manager (#134) @​mattmeye
• Include/exclude project properties (#126) @​reda-alaoui

👻 Maintenance

• Use Sisu plugin (#140) @​slachiewicz

🔧 Build

• Bump release-drafter/release-drafter from 5 to 6 (#120) @dependabot[bot]

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#156) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#154) @dependabot[bot]
• Bump org.yaml:snakeyaml from 2.4 to 2.5 (#153) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#152) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#149) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 87 to 91 (#148) @dependabot[bot]
• Require Maven 3.6.3 (#139) @​slachiewicz
• Bump org.yaml:snakeyaml from 2.3 to 2.4 (#138) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 86 to 87 (#137) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#132) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#133) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 84 to 85 (#131) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 80 to 84 (#130) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 78 to 80 (#122) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#125) @dependabot[bot]
• Bump apache/maven-gh-actions-shared from 3 to 4 (#124) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 77 to 78 (#119) @dependabot[bot]

Commits

• 91a2ade [maven-release-plugin] prepare release properties-maven-plugin-1.3.0
• bf56d32 Bump org.codehaus.mojo:mojo-parent from 94 to 95
• 80e20be Bump org.codehaus.mojo:mojo-parent from 93 to 94
• e8ae7a5 Bump org.yaml:snakeyaml from 2.4 to 2.5
• bb39c3d Bump org.codehaus.mojo:mojo-parent from 92 to 93
• b41267b Bump org.codehaus.mojo:mojo-parent from 91 to 92
• bb548c5 Bump org.codehaus.mojo:mojo-parent from 87 to 91
• 3ffa9cb Use Sisu plugin
• 7adbe3b Require Maven 3.6.3
• 407342f Bump org.yaml:snakeyaml from 2.3 to 2.4
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.jsonschema2pojo:jsonschema2pojo-maven-plugin from 1.2.2 to 1.3.3

Release notes

Sourced from org.jsonschema2pojo:jsonschema2pojo-maven-plugin's releases.

1.3.3

No release notes provided.

1.3.2

• Could not apply requested plugin error when using version 1.3.1 of Gradle plugin 'org.jsonschema2pojo' (#1769)

1.3.1

• Add plexus-utils dependency, as this is no longer provided in Maven 3.9 (#1751)

1.3.0

• Migrate publishing from legacy OSSRH to Maven Central Portal (#1747)
• Remove Ant task (no longer supported) (#1743)
• Require JDK 17 (#1741)
• Add Jackson 3 annotation support (#1740)
• Prevent StackOverflowError when root is self-referencing (#1679)
• Fix 'AbstractCompile.destinationDir property has been deprecated' error when using Gradle 8 (#1646)
• Fix problems with remote URL (e.g. http) when using Maven Plugin (#1614)
• Fix generics class warning when using generated base builder class (#1587)
• Allow URL(s) as source in jsonschema2pojo-gradle-plugin (#1554)

Changelog

Sourced from org.jsonschema2pojo:jsonschema2pojo-maven-plugin's changelog.

1.3.3

• Support type-use annotations for map value validation (Map<String, @​Valid T>) (#1774)
• Ignore null values when generating item type from array examples (#1772)
• Support type-use annotations for array item validation (List<@​Valid T>) (#1771)

1.3.2

• Could not apply requested plugin error when using version 1.3.1 of Gradle plugin 'org.jsonschema2pojo' (#1769)

1.3.1

• Add plexus-utils dependency, as this is no longer provided in Maven 3.9 (#1751)

1.3.0

• Migrate publishing from legacy OSSRH to Maven Central Portal (#1747)
• Remove Ant task (no longer supported) (#1743)
• Require JDK 17 (#1741)
• Add Jackson 3 annotation support (#1740)
• Prevent StackOverflowError when root is self-referencing (#1679)
• Fix 'AbstractCompile.destinationDir property has been deprecated' error when using Gradle 8 (#1646)
• Fix problems with remote URL (e.g. http) when using Maven Plugin (#1614)
• Fix generics class warning when using generated base builder class (#1587)
• Allow URL(s) as source in jsonschema2pojo-gradle-plugin (#1554)

Commits

• ad02aab [maven-release-plugin] prepare release jsonschema2pojo-1.3.3
• beebaf9 Avoid publishing integration tests
• 49171ff Merge pull request #1774 from joelittlejohn/valid-annotates-value-type-on-maps
• 6beff79 Support type-use annotations for map value validation (Map<String, @​Valid T>)
• dc4677a Ensure integration tests are not published during deploy
• 8833225 Remove noisy warnings and unnecessary info from the build
• 21da375 Avoid producing javadocs unless we are running a release
• e27cc47 Upgrade github actions
• a57294d Dependency and plugin upgrades
• 49f1f19 Upgrade dependencies for all examples
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions