Bump the java-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the java-dependencies group with 7 updates in the /winery-launcher directory:

Package	From	To
org.junit.jupiter:junit-jupiter-engine	5.14.3	5.14.4
org.junit.jupiter:junit-jupiter	5.14.3	5.14.4
org.junit.jupiter:junit-jupiter-params	5.14.3	5.14.4
org.glassfish.jersey.containers:jersey-container-servlet-core	2.47	2.48
org.jsoup:jsoup	1.22.1	1.22.2
org.apache.maven.plugins:maven-dependency-plugin	3.10.0	3.11.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.5	3.5.6

Updates org.junit.jupiter:junit-jupiter-engine from 5.14.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.14.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-params from 5.14.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.14.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-params from 5.14.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter-params's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.glassfish.jersey.containers:jersey-container-servlet-core from 2.47 to 2.48

Updates org.jsoup:jsoup from 1.22.1 to 1.22.2

Release notes

Sourced from org.jsoup:jsoup's releases.

jsoup Java HTML Parser release 1.22.2

jsoup 1.22.2 is out now, with fixes and refinements across the library. It makes editing the DOM during traversal more predictable, refreshes the default HTML tag definitions with newer elements and better text boundaries, and improves reliability in parsing and HTTP transport. The release also fixes a number of edge cases in cleaning, stream parsing, XML doctype handling, and Android packaging.

jsoup is a Java library for working with real-world HTML and XML. It provides a very convenient API for extracting and manipulating data, using the best of HTML5 DOM methods and CSS selectors.

Download jsoup now.

Improvements

• Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
• Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
• Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

• Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
• Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
• Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
• Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
• Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
• If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
• Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
• In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

• Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491

---

My sincere thanks to everyone who contributed to this release! If you have any suggestions for the next release, I would love to hear them; please get in touch via jsoup discussions, or with me directly.

You can also follow me (@jhy@tilde.zone) on Mastodon / Fediverse to receive occasional notes about jsoup releases.

Changelog

Sourced from org.jsoup:jsoup's changelog.

1.22.2 (2026-Apr-20)

Improvements

• Expanded and clarified NodeTraversor support for in-place DOM rewrites during NodeVisitor.head(). Current-node edits such as remove, replace, and unwrap now recover more predictably, while traversal stays within the original root subtree. This makes single-pass tree cleanup and normalization visitors easier to write, for example when unwrapping presentational elements or replacing text nodes as you walk the DOM. #2472
• Documentation: clarified that a configured Cleaner may be reused across concurrent threads, and that shared Safelist instances should not be mutated while in use. #2473
• Updated the default HTML TagSet for current HTML elements: added dialog, search, picture, and slot; made ins, del, button, audio, video, and canvas inline by default (Tag#isInline(), aligned to phrasing content in the spec); and added readable Element.text() boundaries for controls and embedded objects via the new Tag.TextBoundary option. This improves pretty-printing and keeps normalized text from running adjacent words together. #2493

Bug Fixes

• Android (R8/ProGuard): added a rule to ignore the optional re2j dependency when not present. #2459
• Fixed a NodeTraversor regression in 1.21.2 where removing or replacing the current node during head() could revisit the replacement node and loop indefinitely. The traversal docs now also clarify which inserted nodes are visited in the current pass. #2472
• Parsing during charset sniffing no longer fails if an advisory available() call throws IOException, as seen on JDK 8 HttpURLConnection. #2474
• Cleaner no longer makes relative URL attributes in the input document absolute when cleaning or validating a Document. URL normalization now applies only to the cleaned output, and Safelist.isSafeAttribute() is side effect free. #2475
• Cleaner no longer duplicates enforced attributes when the input Document preserves attribute case. A case-variant source attribute is now replaced by the enforced attribute in the cleaned output. #2476
• If a per-request SOCKS proxy is configured, jsoup now avoids using the JDK HttpClient, because the JDK would silently ignore that proxy and attempt to connect directly. Those requests now fall back to the legacy HttpURLConnection transport instead, which does support SOCKS. #2468
• Connection.Response.streamParser() and DataUtil.streamParser(Path, ...) could fail on small inputs without a declared charset, if the initial 5 KB charset sniff fully consumed the input and closed it before the stream parse began. #2483
• In XML mode, doctypes with an internal subset, such as <!DOCTYPE root [<!ENTITY name "value">]>, now round-trip correctly. The subset is preserved as raw text only; entities are not expanded and external DTDs are not loaded. #2486

Build Changes

• Migrated the integration test server from Jetty to Netty, which actively maintains support for our minimum JDK target (8). #2491

Commits

• ac28afe [maven-release-plugin] prepare release jsoup-1.22.2
• 52f2cd3 Improve entity example in changelog
• cf6ffe0 Add Tag#TextBoundary option; bring TagSet to spec (#2493)
• 2be739c Bump github/codeql-action from 4 to 4.35.1 (#2492)
• 45de7cb Migrate integration test server from Jetty to Netty (#2491)
• 1df14ed Preserve XML doctype internal subset
• 06fa52d Adding Contribution Guide
• d4a8941 Simplify the test; doesn't need the buffer
• 823709f Don't reuse a fully read sniffed doc for StreamParser
• e1b0df5 NodeFilter javadoc tweak
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.11.0

🚀 New features and improvements

• Add dependency:add and dependency:remove goals (#1599) @​brunoborges
• Added ability to provide arbitrary dependencies to properties mojo (#1561) @​treilhes

🐛 Bug Fixes

• Fix artifact relocation support (#1633) @​slawekjaranowski
• fix: fix addParentPoms=true causes repositories to be ignored. (#1585) @​k-wall
• Fix false positive in analyze-exclusions with transitive dependency exclusion (#1628) @​slawekjaranowski
• Make AbstractAnalyzeMojo.filterArtifactsByScope() null-safe (#1622) @​elharo
• Prevent NPE in BuildClasspathMojo.appendArtifactPath() when an artifact has no resolved file (#1623) @​elharo
• Log unpacking at debug level (#1624) @​elharo
• Resolve plugins declared in pluginManagement for resolve-plugins and go-offline (#1603) @​slawekjaranowski
• Fix analyze-exclusions crashes if there is no dependencyManagement element (#1597) @​JackPGreen

👻 Maintenance

• Enable ITs for dependency:remove and use mock dependencies (#1613) @​slawekjaranowski
• More meaningful assertions (#1611) @​elharo
• Cure various typos IntelliJ complains about (#1612) @​elharo
• Remove unused jansi dependency (#1606) @​slawekjaranowski
• Enable ITs for dependecy:add and use mock dependencies (#1610) @​slawekjaranowski
• Cleaner exception handling (#1566) @​elharo

📦 Dependency updates

• Manage ASM version 9.10 to support JDK 27 (#1632) @​slawekjaranowski
• Bump eu.maveniverse.maven.domtrip:domtrip-core from 1.5.0 to 1.5.1 (#1631) @dependabot[bot]
• Bump eu.maveniverse.maven.domtrip:domtrip-maven from 1.5.0 to 1.5.1 (#1630) @dependabot[bot]
• Bump mavenVersion from 3.9.15 to 3.9.16 (#1626) @dependabot[bot]
• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.17.0 to 1.17.1 (#1627) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /src/it/projects/remove-dependency/basic (#1607) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 47 to 48 (#1605) @dependabot[bot]
• Bump mavenVersion from 3.9.14 to 3.9.15 (#1601) @dependabot[bot]
• Bump org.jsoup:jsoup from 1.22.1 to 1.22.2 (#1602) @dependabot[bot]
• Bump org.apache.maven.doxia:doxia-sink-api from 2.0.0 to 2.1.0 (#1595) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#1596) @dependabot[bot]
• Bump mavenVersion from 3.9.12 to 3.9.14 (#1594) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#1589) @dependabot[bot]

Commits

• c186d05 [maven-release-plugin] prepare release maven-dependency-plugin-3.11.0
• 3712611 Fix artifact relocation support
• e873e0e Manage ASM version 9.10 to support JDK 27
• 70b5356 fix: fix addParentPoms=true causes repositories to be ignored. (#1585)
• 51d8939 Fix false positive in analyze-exclusions with transitive dependency exclusion...
• 02b865b Bump eu.maveniverse.maven.domtrip:domtrip-core from 1.5.0 to 1.5.1
• 04f4de1 Bump eu.maveniverse.maven.domtrip:domtrip-maven from 1.5.0 to 1.5.1
• 2812490 Bump mavenVersion from 3.9.15 to 3.9.16
• ce117da Bump org.apache.maven.shared:maven-dependency-analyzer
• aea7a64 Prevent NPE (#1622)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions