fix(deps): update maven dependencies (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
biz.aQute.bnd:bnd-maven-plugin (source)	6.4.0 → 7.2.1
org.springframework:spring-framework-bom	6.2.16 → 7.0.6
org.flywaydb:flyway-maven-plugin (source)	11.20.3 → 12.1.0
org.flywaydb:flyway-core (source)	11.20.3 → 12.1.0
org.eclipse.jgit:org.eclipse.jgit	6.10.1.202505221210-r → 7.6.0.202603022253-r
org.eclipse.lsp4j:org.eclipse.lsp4j.jsonrpc (source)	0.24.0 → 1.0.0
org.codehaus.mojo:native2ascii-maven-plugin (source)	1.0-beta-1 → 2.1.1
org.jetbrains.kotlin:kotlin-bom (source)	1.9.25 → 2.3.20
org.junit.jupiter:junit-jupiter-engine (source)	5.14.3 → 6.0.3
org.junit.jupiter:junit-jupiter-params (source)	5.14.3 → 6.0.3
org.junit.jupiter:junit-jupiter-api (source)	5.14.3 → 6.0.3
org.slf4j:slf4j-api (source, changelog)	1.7.36 → 2.0.17

---

Release Notes

bndtools/bnd (biz.aQute.bnd:bnd-maven-plugin)

v7.2.1: Bnd/Bndtools 7.2.1

Compare Source

See Release Notes.

Full Changelog: bndtools/bnd@7.2.0...7.2.1

v7.2.0: Bnd/Bndtools 7.2.0

Compare Source

See Release Notes.

What's Changed

• Bump github/codeql-action from 3.27.1 to 3.27.3 by @​dependabot[bot] in #​6367
• Bump gradle/actions from 4.1.0 to 4.2.0 by @​dependabot[bot] in #​6366
• Buid/dev7.2.0 by @​pkriens in #​6368
• Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @​dependabot[bot] in #​6375
• Bump github/codeql-action from 3.27.3 to 3.27.4 by @​dependabot[bot] in #​6369
• Bump gradle/actions from 4.2.0 to 4.2.1 by @​dependabot[bot] in #​6374
• Docs: Fix broken link to version policy by @​chrisrueger in #​6373
• Bump github/codeql-action from 3.27.4 to 3.27.5 by @​dependabot[bot] in #​6376
• NPE in Resolve when running without project by @​pkriens in #​6382
• Add explicit dependencies to biz.aQute.bnd.maven by @​laeubi in #​6385
• Remove fixed bnd workspace problem markers from Problem view again by @​chrisrueger in #​6383
• Fix NPE by @​chrisrueger in #​6388
• Bump github/codeql-action from 3.27.5 to 3.27.6 by @​dependabot[bot] in #​6386
• Bump webrick from 1.9.0 to 1.9.1 in /docs by @​dependabot[bot] in #​6384
• Bump ruby/setup-ruby from 1.202.0 to 1.203.0 by @​dependabot[bot] in #​6392
• Fix Bnd Launcher with Java 24 by @​chrisrueger in #​6371
• cnf change: prevent full build although 'Build automatically' is disabled by @​chrisrueger in #​6391
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.1 to 3.9.0 in /maven-plugins by @​dependabot[bot] in #​6398
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.1 to 3.11.2 in /maven-plugins by @​dependabot[bot] in #​6397
• Bump github/codeql-action from 3.27.6 to 3.27.7 by @​dependabot[bot] in #​6399
• Bump github/codeql-action from 3.27.7 to 3.27.8 by @​dependabot[bot] in #​6402
• Fixes a number of errors in the bndrun handling by @​pkriens in #​6401
• Bump github/codeql-action from 3.27.8 to 3.27.9 by @​dependabot[bot] in #​6404
• Bump ruby/setup-ruby from 1.203.0 to 1.204.0 by @​dependabot[bot] in #​6405
• Docs: add anchor links to all headlines by @​chrisrueger in #​6409
• Bump org.junit.jupiter:junit-jupiter from 5.11.3 to 5.11.4 in /gradle-plugins by @​dependabot[bot] in #​6410
• Bump org.junit:junit-bom from 5.11.3 to 5.11.4 in /maven-plugins by @​dependabot[bot] in #​6411
• Bump gradle/actions from 4.2.1 to 4.2.2 by @​dependabot[bot] in #​6412
• Bump actions/setup-java from 4.5.0 to 4.6.0 by @​dependabot[bot] in #​6413
• Bump org.assertj:assertj-core from 3.26.3 to 3.27.0 in /maven-plugins by @​dependabot[bot] in #​6414
• Bump github/codeql-action from 3.27.9 to 3.28.0 by @​dependabot[bot] in #​6415
• Apply the -runbundles+ decorator on the computed RunBundles when resolving by @​glimmerveen in #​6407
• Bump ruby/setup-ruby from 1.204.0 to 1.205.0 by @​dependabot[bot] in #​6416
• Bump ruby/setup-ruby from 1.205.0 to 1.207.0 by @​dependabot[bot] in #​6419
• Bump org.assertj:assertj-core from 3.27.0 to 3.27.1 in /maven-plugins by @​dependabot[bot] in #​6420
• conditonalpackage missed classes added by plugins, like Blueprint. by @​pkriens in #​6421
• The https://repository.springsource.com repo disappeared by @​pkriens in #​6423
• Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 in /maven-plugins by @​dependabot[bot] in #​6422
• Whitespace after the quote character is skipped by @​pkriens in #​6424
• Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @​dependabot[bot] in #​6425
• Bump github/codeql-action from 3.28.0 to 3.28.1 by @​dependabot[bot] in #​6426
• first draft of Effective tab for BndEditor by @​chrisrueger in #​6406
• Bump ruby/setup-ruby from 1.207.0 to 1.208.0 by @​dependabot[bot] in #​6428
• Bump ruby/setup-ruby from 1.208.0 to 1.210.0 by @​dependabot[bot] in #​6430
• Bump ruby/setup-ruby from 1.210.0 to 1.213.0 by @​dependabot[bot] in #​6432
• Bump step-security/harden-runner from 2.10.3 to 2.10.4 by @​dependabot[bot] in #​6433
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 in /maven-plugins by @​dependabot[bot] in #​6434
• Add Refresh Cache (with re-download) context menue to RepoBrowser / BundleRevsion by @​chrisrueger in #​6435
• Bump github/codeql-action from 3.28.1 to 3.28.2 by @​dependabot[bot] in #​6436
• Bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot[bot] in #​6437
• Bump github/codeql-action from 3.28.2 to 3.28.3 by @​dependabot[bot] in #​6438
• improve description of -nouses by @​chrisrueger in #​6441
• Bump github/codeql-action from 3.28.3 to 3.28.4 by @​dependabot[bot] in #​6443
• Fix some spotbugs findings by @​chrisrueger in #​6442
• Bump github/codeql-action from 3.28.4 to 3.28.5 by @​dependabot[bot] in #​6444
• Bump ruby/setup-ruby from 1.213.0 to 1.214.0 by @​dependabot[bot] in #​6446
• Bump github/codeql-action from 3.28.5 to 3.28.6 by @​dependabot[bot] in #​6447
• fix RunRequirements could not be saved by @​chrisrueger in #​6449
• Bump actions/setup-java from 4.6.0 to 4.7.0 by @​dependabot[bot] in #​6450
• Bump github/codeql-action from 3.28.6 to 3.28.8 by @​dependabot[bot] in #​6451
• Bump ruby/setup-ruby from 1.214.0 to 1.215.0 by @​dependabot[bot] in #​6452
• Bump gradle/actions from 4.2.2 to 4.3.0 by @​dependabot[bot] in #​6453
• Workspace Templates: show error when fetching templates from Github by @​chrisrueger in #​6440
• Fix missing '.' in filter name by @​laeubi in #​6455
• Fix MessageReporter#details return null instead of this by @​laeubi in #​6456
• Extract code to automatically derive data from maven-project by @​laeubi in #​6362
• Template Fragments Wizard: increase column with of template name by @​chrisrueger in #​6459
• Fix off-by-one error in AbstractBndMavenPlugin by @​laeubi in #​6457
• Bump ruby/setup-ruby from 1.215.0 to 1.218.0 by @​dependabot[bot] in #​6461
• fix source lookup for sub-projects via -sub instruction by @​chrisrueger in #​6463
• Bump github/codeql-action from 3.28.8 to 3.28.9 by @​dependabot[bot] in #​6462
• Bump ruby/setup-ruby from 1.218.0 to 1.219.0 by @​dependabot[bot] in #​6464
• Derive source file from builder when processing DS annotations by @​laeubi in #​6458
• Improve documentation (e.g. for -sub, -exportcontents, Export-Package, ...) by @​chrisrueger in #​6467
• add back summary in markdown frontmatter block by @​chrisrueger in #​6468
• docs: exclude /releases urls from search engines by @​chrisrueger in #​6469
• Add a ProjectLauncher#getCommand for easier extension by @​laeubi in #​6471
• Bump ruby/setup-ruby from 1.219.0 to 1.221.0 by @​dependabot[bot] in #​6472
• Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @​dependabot[bot] in #​6473
• sub-bundles: show warning markers in sub .bnd file by @​chrisrueger in #​6470
• Docs: Add pagefind search for bnd manual by @​chrisrueger in #​6475
• search: fix broken close button by @​chrisrueger in #​6478
• Bump github/codeql-action from 3.28.9 to 3.28.10 by @​dependabot[bot] in #​6484
• Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0 in /maven-plugins by @​dependabot[bot] in #​6485
• Bump org.junit.jupiter:junit-jupiter from 5.11.4 to 5.12.0 in /gradle-plugins by @​dependabot[bot] in #​6487
• Bump org.junit:junit-bom from 5.11.4 to 5.12.0 in /maven-plugins by @​dependabot[bot] in #​6486
• Removed copyright header after granted ASL 2.0 license. by @​pkriens in #​6483
• Support reading the manifest from an exploded bundle by @​laeubi in #​6477
• Docs: Improve docs for -library instruction (add examples) by @​chrisrueger in #​6479
• Fix javadoc of Project#getBundle by @​chrisrueger in #​6489
• Bump org.codehaus.mojo:flatten-maven-plugin from 1.6.0 to 1.7.0 in /maven-plugins by @​dependabot[bot] in #​6490
• Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.3 to 3.1.4 in /maven-plugins by @​dependabot[bot] in #​6494
• Bump org.apache.maven.plugins:maven-install-plugin from 3.1.3 to 3.1.4 in /maven-plugins by @​dependabot[bot] in #​6495
• BndEditor: fix incorrect Effective Source View by @​chrisrueger in #​6499
• Bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot[bot] in #​6500
• Bump ruby/setup-ruby from 1.221.0 to 1.224.0 by @​dependabot[bot] in #​6504
• PropertiesParser: Warn on duplicate samefile properties (when pedantic=true) by @​chrisrueger in #​6501
• -include: Show warning on counter-intuitive overwriting of properties by @​chrisrueger in #​6493
• Bump ruby/setup-ruby from 1.224.0 to 1.225.0 by @​dependabot[bot] in #​6506
• Bump org.junit.jupiter:junit-jupiter from 5.12.0 to 5.12.1 in /gradle-plugins by @​dependabot[bot] in #​6509
• allow sub-classes of project to provide repos by @​chrisrueger in #​6488
• Add feature for ECF remote services by @​scottslewis in #​6513
• Verifier: don't warn "Duplicate name" for caps/req (when pedantic=true) by @​chrisrueger in #​6502
• Bump ruby/setup-ruby from 1.225.0 to 1.226.0 by @​dependabot[bot] in #​6515
• Bump org.junit:junit-bom from 5.12.0 to 5.12.1 in /maven-plugins by @​dependabot[bot] in #​6510
• add dev tips for unit tests by @​chrisrueger in #​6505
• Fix for ecf feature.xml by @​scottslewis in #​6517
• Replaced feature includes with plugin references in ecf feature.xml by @​scottslewis in #​6519
• Bump ruby/setup-ruby from 1.226.0 to 1.227.0 by @​dependabot[bot] in #​6520
• Improved ecf feature.xml by using require features by @​scottslewis in #​6522
• Fix for bndtools sdk feature version matching strategy by @​scottslewis in #​6527
• Bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot[bot] in #​6523
• add README how to generate JDK .properties by @​chrisrueger in #​6518
• Removed version specifics for dependent features by @​scottslewis in #​6534
• Bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot[bot] in #​6538
• Fix keep duplicate -runbundles by @​chrisrueger in #​6537
• Bump gradle/actions from 4.3.0 to 4.3.1 by @​dependabot[bot] in #​6540
• Bump ruby/setup-ruby from 1.227.0 to 1.228.0 by @​dependabot[bot] in #​6539
• some forgotten tweaks from last PR by @​chrisrueger in #​6542
• Reduce pedantic warnings "Imports that lack version ranges" for some JDK packages by @​chrisrueger in #​6508
• Bump ruby/setup-ruby from 1.228.0 to 1.229.0 by @​dependabot[bot] in #​6541
• Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.2 to 3.5.3 in /maven-plugins by @​dependabot[bot] in #​6543
• Update bnd cli link for 7.1.0 by @​chrisrueger in #​6544
• docs: fix contract examples and cross link by @​chrisrueger in #​6546
• [Java24] Create new .properties files and compiled class files by @​chrisrueger in #​6529
• Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @​dependabot[bot] in #​6547
• -pedantic: Add hint that Eclipse restart is required by @​chrisrueger in #​6511
• bndrun: refresh model before Resolve to get changes of included .bndrun files by @​chrisrueger in #​6550
• Fix double-resolve when having resolveMode=AUTO by @​chrisrueger in #​6551
• Effective: show textbox tooltips and checkbox by @​chrisrueger in #​6552
• use Eclipse 2022-09 Platform or simrel p2 site by @​chrisrueger in #​6535
• Bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in #​6553
• RepoView: improve performance & fix memory leak by @​chrisrueger in #​6554
• Bump actions/setup-java from 4.7.0 to 4.7.1 by @​dependabot[bot] in #​6555
• Bump org.junit.jupiter:junit-jupiter from 5.12.1 to 5.12.2 in /gradle-plugins by @​dependabot[bot] in #​6556
• Bump org.junit:junit-bom from 5.12.1 to 5.12.2 in /maven-plugins by @​dependabot[bot] in #​6557
• Fix NPE in ResolutionView when opening a file inside the JARViewer by @​chrisrueger in #​6561
• allow dropping advanced search result to reqs by @​chrisrueger in #​6569
• fix Image already disposed error by @​chrisrueger in #​6570
• fix Customize Imports forgets selection after save by @​chrisrueger in #​6567
• Effective view: show merged properties by @​chrisrueger in #​6571
• Effective View: fix broken double-click opener by @​chrisrueger in #​6572
• enable/disable checkbox for mergedProps by @​chrisrueger in #​6574
• HeaderClause: fix wrong quoting of directives by @​chrisrueger in #​6564
• Build with JDK24 via Gradle 8.14 by @​chrisrueger in #​6558
• try to fix error "Missing system library" by @​chrisrueger in #​6577
• addSources context menu for BndPomRepo by @​chrisrueger in #​6581
• Docs: add page.summary dynamically to all page where it is maintained in frontmatter block by @​chrisrueger in #​6588
• Template fragments: use bnd workspace if possible by @​chrisrueger in #​6586
• fix bug in Add sources in Maven Repo by @​chrisrueger in #​6594
• Bump ruby/setup-ruby from 1.229.0 to 1.238.0 by @​dependabot[bot] in #​6592
• Bump github/codeql-action from 3.28.15 to 3.28.17 by @​dependabot[bot] in #​6587
• Fix duplicates in Open Type dialog (write empty.index file with correct version) by @​chrisrueger in #​6597
• get DiskIndex.SIGNATURE via reflection by @​chrisrueger in #​6599
• create per-project empty.index by @​chrisrueger in #​6600
• upgrade plexus-build-api to 1.2.0 by @​chrisrueger in #​6601
• move dev-setup from bndtools website to CONTRIBUTING by @​chrisrueger in #​6610
• Bump ruby/setup-ruby from 1.238.0 to 1.243.0 by @​dependabot[bot] in #​6611
• Bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in #​6605
• Bump gradle/actions from 4.3.1 to 4.4.0 by @​dependabot[bot] in #​6604
• Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @​dependabot[bot] in #​6573
• Bump ruby/setup-ruby from 1.243.0 to 1.244.0 by @​dependabot[bot] in #​6613
• Update to latest guava 33.4.8 by @​chrisrueger in #​6603
• Move the BuildListener to the API by @​laeubi in #​6608
• Experimental: BndRunAnalyzer context menu to identify unreferenced Bundles in repos by @​chrisrueger in #​6589
• ResolutionView: fix a ClassCastException in CapReqComparator for osgi.ee List by @​chrisrueger in #​6591
• post guava upgrade fix by @​chrisrueger in #​6617
• BndRunAnalyzer tuning: also consider -runpath by @​chrisrueger in #​6618
• rework Add sources & calculateSourceAttachmentPath by @​chrisrueger in #​6595
• Bump org.junit:junit-bom from 5.12.2 to 5.13.0 in /gradle-plugins by @​dependabot[bot] in #​6619
• Bump org.junit:junit-bom from 5.12.2 to 5.13.0 in /maven-plugins by @​dependabot[bot] in #​6620
• Eclipse: Support source attachments for sub-bundles + ${repo} refs by @​chrisrueger in #​6621
• Bump github/codeql-action from 3.28.18 to 3.29.0 by @​dependabot[bot] in #​6625
• Bump ruby/setup-ruby from 1.244.0 to 1.245.0 by @​dependabot[bot] in #​6627
• Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @​dependabot[bot] in #​6626
• try to make test predictable / less flaky by @​chrisrueger in #​6629
• [bndlib] Project-Container: add maven coordinates to the container by @​stbischof in #​6631
• Bump gradle/actions from 4.4.0 to 4.4.1 by @​dependabot[bot] in #​6628
• Upgrade to Eclipse 2022-12 by @​chrisrueger in #​6635
• Set TCCL on tester thread when testing by @​kriegfrj in #​6641
• [launchpad] BundleBuilder to allow adding classes by copy w/recursion by @​kriegfrj in #​6648
• [tester] BundleEngine to report failing test engine by @​kriegfrj in #​6649
• [tester] Support JUnit 5.12.x by @​kriegfrj in #​6650
• [junit-platform] Restrict upper end of version range by @​kriegfrj in #​6655
• Set bndeditor as default for bnd extensions by @​chrisrueger in #​6656
• Custom tooltip with help button in BndEditor source view by @​chrisrueger in #​6657
• bnd manual: Generate Header / Instructions / Commands via bnd CLI by @​chrisrueger in #​6659
• Fix for #​6664 by @​scottslewis in #​6665
• fix bnd manual inconsistencies by @​chrisrueger in #​6667
• Fix syntax returntype handling and show descriptions of Directives and Options by @​chrisrueger in #​6668
• Docs: add prev/next pagination by @​chrisrueger in #​6669
• Docs: css layout improvements, Search filters, Improve Introduction by @​chrisrueger in #​6670
• Docs / Syntax: add -noparallel, -profile by @​chrisrueger in #​6671
• Add target-dir link by @​chrisrueger in #​6676
• Bump ruby/setup-ruby from 1.245.0 to 1.246.0 by @​dependabot[bot] in #​6679
• Bump step-security/harden-runner from 2.12.1 to 2.13.0 by @​dependabot[bot] in #​6678
• bndtools: fix Eclipse sourcelookup for runfw by @​chrisrueger in #​6680
• [CLI] rename createOption.Manifest() to skipmanifest to fix random exception in Commandline.getOptions and swallowed option by @​chrisrueger in #​6677
• Fix for #​6682 by @​scottslewis in #​6683
• Bump ruby/setup-ruby from 1.246.0 to 1.247.0 by @​dependabot[bot] in #​6681
• fix typo for -workspace-templates instruction by @​chrisrueger in #​6684
• [CLI] improve subcommands for add/remove to allow docs generation by @​chrisrueger in #​6687
• add JDK25 support by @​chrisrueger in #​6672
• Finetune docs with Copilot by @​chrisrueger in #​6663
• Regen docs by @​chrisrueger in #​6688
• [CLI] Change bnd build to also compile by @​chrisrueger in #​6675
• [CLI] add 'bnd add fragment' command to add template fragments by @​chrisrueger in #​6685
• CLI: remove -i / --index option for add workspace and add fragment by @​chrisrueger in #​6690
• add confirmation dialog for 3rd party fragments by @​chrisrueger in #​6692
• Bump org.junit:junit-bom from 5.13.0 to 5.13.3 in /gradle-plugins by @​dependabot[bot] in #​6662
• Bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in #​6652
• Bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.0 to 3.9.1 in /maven-plugins by @​dependabot[bot] in #​6654
• Bump org.codehaus.mojo:flatten-maven-plugin from 1.7.0 to 1.7.1 in /maven-plugins by @​dependabot[bot] in #​6637
• Bump org.junit:junit-bom from 5.13.0 to 5.13.3 in /maven-plugins by @​dependabot[bot] in #​6661
• Bump org.junit:junit-bom from 5.13.3 to 5.13.4 in /gradle-plugins by @​dependabot[bot] in #​6694
• Bump org.junit:junit-bom from 5.13.3 to 5.13.4 in /maven-plugins by @​dependabot[bot] in #​6695
• Bump ruby/setup-ruby from 1.247.0 to 1.248.0 by @​dependabot[bot] in #​6696
• Bump github/codeql-action from 3.29.2 to 3.29.3 by @​dependabot[bot] in #​6697
• Template Fragments: add more zip slip tests by @​chrisrueger in #​6698
• Bump github/codeql-action from 3.29.3 to 3.29.4 by @​dependabot[bot] in #​6699
• Create KEYS.md by @​peterkir in #​6705
• Bump ruby/setup-ruby from 1.248.0 to 1.252.0 by @​dependabot[bot] in #​6706
• fix examples in fixupmessages.md by @​chrisrueger in #​6708
• generate docs to PR by @​chrisrueger in #​6709
• chore(docs): update generated docs by @​github-actions[bot] in #​6710
• docs: run bundler update by @​chrisrueger in #​6711
• docs: update to ruby 3.4.5 by @​chrisrueger in #​6712
• Docs: GH Action Generate: run on master merge by @​chrisrueger in #​6713
• docs: use colon for instruction by @​chrisrueger in #​6714
• chore(docs): update generated docs by @​github-actions[bot] in #​6715
• docs: generate on successfull CI build by @​chrisrueger in #​6716
• Clarify major version 0 with respect to baselining by @​kwin in #​6700
• docs: trigger docs-gen also on _ext folder changes by @​chrisrueger in #​6717
• fix typo error by @​chrisrueger in #​6718
• docs: update generated docs by @​github-actions[bot] in #​6719
• docs: update generated docs by @​github-actions[bot] in #​6720
• Bump ruby/setup-ruby from 1.252.0 to 1.253.0 by @​dependabot[bot] in #​6721
• Bump org.codehaus.mojo:flatten-maven-plugin from 1.7.1 to 1.7.2 in /maven-plugins by @​dependabot[bot] in #​6722
• Bump ruby/setup-ruby from 1.253.0 to 1.254.0 by @​dependabot[bot] in #​6724
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​6723
• Add dependencies in sub-bundle pom.xml by @​chrisrueger in #​6726
• docs: update generated docs by @​github-actions[bot] in #​6728
• tests for -sub bundles with -pom:true by @​chrisrueger in #​6729
• Fix private reference warning (bndlib now exports aQute.libg.command) by @​chrisrueger in #​6707
• test to ensure junit.jupiter.version is in sync by @​chrisrueger in #​6733
• maven.target.version to 3.3.9 again + testcase by @​chrisrueger in #​6731
• deploy p2 repos for snapshots by @​peterkir in #​6734
• Bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in #​6741
• test to ensure junit.jupiter.version is in sync (gradle) by @​chrisrueger in #​6736
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 in /maven-plugins by @​dependabot[bot] in #​6744
• speedup CDIAnnotations plugin by @​chrisrueger in #​6739
• Bump github/codeql-action from 3.29.7 to 3.29.8 by @​dependabot[bot] in #​6747
• Bump gradle/actions from 4.4.1 to 4.4.2 by @​dependabot[bot] in #​6740
• Bump ruby/setup-ruby from 1.254.0 to 1.255.0 by @​dependabot[bot] in #​6752
• added Peter Kirschner as contributor by @​peterkir in #​6757
• Gradle wrapper 8.14.3 by @​peterkir in #​6758
• Improve warning for optional Imports w/o version by @​chrisrueger in #​6559
• docs: add syntax highlighter for code snippets by @​chrisrueger in #​6766
• wording: Imports that lack version ranges by @​chrisrueger in #​6765
• docs: remove toc of FAQ by @​chrisrueger in #​6767
• Bump github/codeql-action from 3.29.8 to 3.29.9 by @​dependabot[bot] in #​6755
• Bump github/codeql-action from 3.29.9 to 3.29.10 by @​dependabot[bot] in #​6769
• Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.11.3 in /maven-plugins by @​dependabot[bot] in #​6770
• MavenBndRepo: Fix for Already closed error by @​chrisrueger in #​6763
• Bump ruby/setup-ruby from 1.255.0 to 1.256.0 by @​dependabot[bot] in #​6773
• Bump github/codeql-action from 3.29.10 to 3.29.11 by @​dependabot[bot] in #​6775
• RepoBrowser: show the bnd-cache repo by @​chrisrueger in #​6764
• [Deprecation] Deprecate Search/Query feature in BndPomRepository by @​chrisrueger in #​6760
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​6751
• Bump actions/setup-java from 4.7.1 to 5.0.0 by @​dependabot[bot] in #​6774
• Bump actions/upload-pages-artifact from 3 to 4 by @​dependabot[bot] in [#​6778](https://redirect.githu

---

Configuration

📅 Schedule: Branch creation - "after 7am every weekday,before 7pm every weekday" in timezone CET, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonar-review-alpha]

Summary

⚠️ Major Dependency Upgrades - Careful Testing Required

This PR contains significant major version bumps across several core dependencies, some of which may introduce breaking changes:

Most Notable Upgrades:

• JUnit 5 → 6 (5.14.3 → 6.0.3) - Requires careful review of any test infrastructure changes
• Kotlin 1.9 → 2.3 - Minor/patch language version jump but includes breaking changes
• Spring Framework 6 → 7 - Major framework upgrade that may affect backend code
• LSP4j 0.24 → 1.0 - Explicitly a 1.0 release, likely API stability improvements
• Flyway 11 → 12 - Database migration tool upgrade
• JGit 6 → 7 - Git operations library (note: upgrading to Java 17+ compatible version)
• SLF4j 1.7 → 2.0 - Significant logging framework update

Key Considerations:

• These upgrades span infrastructure (plugins), frameworks, libraries, and testing tools
• The Renovate summary is truncated—check release notes for each package's breaking changes
• Integration tests are included (custom-sensor-plugin, global-extension-plugin) and will validate API compatibility
• Pay special attention to the Spring 7 and JUnit 6 upgrades, as they're most likely to have code-level impacts

Recommend running the full CI pipeline and manual integration testing before merge.

What reviewers should know

This comment highlights the significance of major version upgrades across testing frameworks, language runtime, and core libraries. It alerts reviewers to potential breaking changes while focusing on the most impactful upgrades (JUnit 6, Spring 7, Kotlin 2.3) that are most likely to require code changes. The comment complements the Renovate-generated description by emphasizing testing requirements and cross-cutting concerns.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[hashicorp-vault-sonar-prod]

Renovate Jira issue ID: SLCORE-2235

[sonar-review-alpha]

There is one bug that needs fixing before merge.

🗣️ Give feedback

[sonar-review-alpha]

jgit6.version has been set to a JGit 7.x release (7.6.0.202603022253-r), but the comment directly above this line explicitly states this property exists to pin JGit to version 6 for the Java 11 clients. client/java-client-utils (<maven.compiler.release>11</maven.compiler.release>) and client/java-client-dependencies both reference ${jgit6.version}. JGit 7 requires Java 17, so this will break compilation or runtime for the Eclipse/OSGi client.

On top of that, jgit6.version is now 7.6.0 — newer than jgit7.version (7.5.0), which is an obvious version inversion.

Renovate seems to have treated this as an ordinary bump without understanding the architectural split. jgit6.version should stay on the latest 6.x release; any JGit 7.x upgrade belongs solely in jgit7.version.