Bump the minor-updates group across 1 directory with 4 updates

[dependabot]

Bumps the minor-updates group with 4 updates in the /java directory: com.github.spotbugs:spotbugs-annotations, org.apache.commons:commons-lang3, io.lettuce:lettuce-core and commons-cli:commons-cli.

Updates com.github.spotbugs:spotbugs-annotations from 4.8.0 to 4.9.6

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

4.9.6

SpotBugs 4.9.6

CHANGELOG

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.6-javadoc.jar	b4b9373ad6f22ad2547a8274501f87b01e2428c30aabaea3aeec3f9095636e24
spotbugs-4.9.6-sources.jar	89687b6e685c9a07f7faf49f29b832fb861884f2160947eb4396498cdbb33cc4
spotbugs-4.9.6.tgz	55aa9b9e3deef0391be285335dcf134d1ce54aae222bba1da757eaa616108957
spotbugs-4.9.6.zip	86fb3f93c4147383f76fe21ab2807956b34cf17108a42a76311efa4977f952cc
spotbugs-annotations-4.9.6-javadoc.jar	4c9f8027f6a2313ef22347f4832e5dccc9c58d350d1bd5bff4d5a53f37e1c220
spotbugs-annotations-4.9.6-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	523d394a6b36174ad0a22f0c1c75b105ccff42869a8b7ce86e7fd339ca6f86ce
spotbugs-ant-4.9.6-javadoc.jar	9b510af8cd3a5c62560fe544b730ebf44cbb109e085fe526add155258612273c
spotbugs-ant-4.9.6-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	62a0def31899338200fc9013b4db8a8aedfc3536ca7d70d59038b092dfaa6819
test-harness-4.9.6-javadoc.jar	bdcef7587312fb9a85d0d292623ea1a779bfe8b9a5e321d73bb8ad92ce79ed0a
test-harness-4.9.6-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.6.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.6-javadoc.jar	7d7a7d6944e7199e06384104b163c11145ed60dd567fefd9b788f3ac03770e18
test-harness-core-4.9.6-sources.jar	656579431db1b2714faeeca3c3d59426e2ffdfdb0725546b4090f993d2413eeb
test-harness-core-4.9.6.jar	66db286ae1dd056458c1e0303a8e2f81fe95a2c5d2888172a3ed17e993434bf1
test-harness-jupiter-4.9.6-javadoc.jar	8925836d7d1198ec223c4ff5118fd596278df4157d910eb767f7f312a7df8904
test-harness-jupiter-4.9.6-sources.jar	59bbb8581ed4bdd212a669d94ec363b6c1d6df9276a608359c66d7f0c1688279
test-harness-jupiter-4.9.6.jar	0582a99bdc66e24c7e36753014729149189fd27129ec5a2f38a8d67457bc9696

SpotBugs 4.9.5

CHANGELOG

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

CHECKSUM

| file | checksum (sha256) |

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotatoin (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)

... (truncated)

Commits

• aa3a737 release v4.9.6
• 7d37faa chore(build): Temporarily remove the publish part
• 923f053 chore(docs): Minor syntax
• d662709 chore(build): Rework the bin/hub to gh replacement
• 95470b8 prepare for next release
• 71e3706 release v4.9.6
• 68013c0 chore(Build): Rename as yaml extensions, use gh, and update conf versions (#3...
• 9f0ec12 chore: Use proper import (#3716)
• 6f81754 chore(deps): update plugin com.gradle.develocity to v4.2 (#3714)
• 1f1fd68 Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest ...
• Additional commits viewable in compare view

Updates org.apache.commons:commons-lang3 from 3.13.0 to 3.19.0

Updates io.lettuce:lettuce-core from 6.2.6.RELEASE to 6.8.1.RELEASE

Release notes

Sourced from io.lettuce:lettuce-core's releases.

6.8.1.RELEASE

The Lettuce team is pleased to announce the Lettuce 6.8.1 service release! This release ships with bugfixes and dependency upgrades.

Lettuce 6 supports Redis 2.6+ up to Redis 8.2. In terms of Java runtime, Lettuce requires at least Java 8 and works with Java 21.

Thanks to all contributors who made Lettuce 6.8.1 possible.

📗 Links

• Reference documentation: https://lettuce.io/core/6.8.1.RELEASE/reference/
• Javadoc: https://lettuce.io/core/6.8.1.RELEASE/api/

🐞 Bug Fixes

• Extend the JSON API to accept values of raw types in redis/lettuce#3369
• Possible NullPointerException in DelegateJsonObject in redis/lettuce#3417
• Avoid creating a new instance of the ObjectMapper ctd. in redis/lettuce#3412
• JSON implementation has reduced the API surface in redis/lettuce#3368

Full Changelog: redis/lettuce@6.8.0.RELEASE...6.8.1.RELEASE

6.8.0.RELEASE

The Lettuce team is pleased to announce the Lettuce 6.8.0 minor release!

This release provides support for the newly introduced Redis Query Engine support which was is part of Redis 8.0 and previously - as part of RedisStack. The new operators (DIFF, DIFF1, ANDOR and ONE) for the BITOP command are also available. The team has worked on extending the contract of the XADD and XTRIM commands to support trimming policy, and also introduced the new XDELEX and XACKDEL commands.

Lettuce 6.8.0 supports Redis 2.6+ up to Redis 8.x. In terms of Java runtime, Lettuce requires at least Java 8 and works with Java 24. The driver is tested against Redis 8.2, Redis 8.0, Redis 7.4 and Redis 7.2.

Find the full changelog at the end of this document. Thanks to all contributors who made Lettuce 6.8.0.RELEASE possible.

📗 Links Reference documentation: https://lettuce.io/core/6.8.0.RELEASE/reference/ Javadoc: https://lettuce.io/core/6.8.0.RELEASE/api/

⭐ New Features Introduce RediSearch by @​tishun in redis/lettuce#3375 Add support for new operations of BITOP command in Redis Community Edition 8.2 by @​atakavci in redis/lettuce#3334 Add support for 8.2 stream commands by @​uglide in redis/lettuce#3374

🐞 Bug Fixes NoClassDefFoundError in Lettuce 6.7.0 #3317 by @​tishun in redis/lettuce#3318

💡 Other The instance of the ObjectMapper can now be reused in the DefaultJsonParser by @​thachlp in redis/lettuce#3372 Added basic connection interruption tests by @​uglide in redis/lettuce#3292 DOC-4758 async JSON doc examples by @​andy-stark-redis in redis/lettuce#3335 Fixed SocketOptions.Builder validation messages by @​hubertchylik in redis/lettuce#3366 Refactor tests for clarity and maintainability by @​Rian-Ismael in redis/lettuce#3363

... (truncated)

Changelog

Sourced from io.lettuce:lettuce-core's changelog.

Lettuce 6.8.1 RELEASE NOTES

The Redis team is delighted to announce the release of Lettuce 6.8.1

Lettuce 6 supports Redis 2.6+ up to Redis 8.2 In terms of Java runtime, Lettuce requires at least Java 8 and works with Java 21.

Thanks to all contributors who made Lettuce 6.8.1 possible.

If you need any support, meet Lettuce at

• GitHub Discussions: https://github.com/lettuce-io/lettuce-core/discussions
• Stack Overflow (Questions): https://stackoverflow.com/questions/tagged/lettuce
• Join the chat at https://discord.gg/redis and look for the "Help:Tools Lettuce" channel
• GitHub Issues (Bug reports, feature requests): https://github.com/lettuce-io/lettuce-core/issues
• Documentation: https://lettuce.io/core/6.8.1.RELEASE/reference/
• Javadoc: https://lettuce.io/core/6.8.1.RELEASE/api/

Fixes

• Extend the JSON API to accept values of raw types in redis/lettuce#3369
• Possible NullPointerException in DelegateJsonObject in redis/lettuce#3417
• Avoid creating a new instance of the ObjectMapper ctd. in redis/lettuce#3412
• JSON implementation has reduced the API surface in redis/lettuce#3368

Commits

• ec0535e Release Lettuce 6.8.1.RELEASE (#3430)
• 19d0aa3 Add String-based JSON API to avoid unnecessary conversions (#3369) (#3394)
• 92fd4e5 Refactor JsonValue to Object mapping #3412 (#3413)
• 9328af1 Return name method to ProtocolKeyword public interface. (#3424)
• 75bc4d3 Fix a NullPointerException in DelegateJsonObject #3417 (#3418)
• 8e6e63d Release 6.8.0.RELEASE (#3388)
• 5794560 reuse-objectmapper-defaultjsonparser (#3372)
• b789b62 Provide support for the SVS-VMANA index (#3385) (#3386)
• 6567f2d Introduce RediSearch (#3375)
• 6e7bb10 Bumping to 8.2-rc2-pre (#3376)
• Additional commits viewable in compare view

Updates commons-cli:commons-cli from 1.5.0 to 1.10.0

Changelog

Sourced from commons-cli:commons-cli's changelog.

Apache Commons CLI 1.10.0 Release Notes

The Apache Commons CLI team is pleased to announce the release of Apache Commons CLI 1.10.0.

Apache Commons CLI provides a simple API for presenting, processing, and validating a Command Line Interface.

This is a feature and maintenance release. Java 8 or later is required.

New Features

• CLI-339: Help formatter extension in the new package #314. Thanks to Claude Warren, Gary Gregory.

•       CommandLine.Builder implements Supplier<CommandLine>. Thanks to Gary Gregory.
  

•       DefaultParser.Builder implements Supplier<DefaultParser>. Thanks to Gary Gregory.
  

• CLI-340: Add CommandLine.getParsedOptionValues() #334. Thanks to Claude Warren, Gary Gregory.
• CLI-333: org.apache.commons.cli.Option.Builder implements Supplier. Thanks to Claude Warren, Gary Gregory.

Fixed Bugs

•       Deprecate CommandLine.Builder() in favor of CommandLine.builder(). Thanks to Gary Gregory.
  

•       Deprecate DeprecatedAttributes.Builder() in favor of DeprecatedAttributes.builder(). Thanks to Gary Gregory.
  

•       Refactor default parser test [#294](https://github.com/apache/commons-cli/issues/294). Thanks to Dávid Szigecsán.
  

•       Port to JUnit 5. Thanks to Gary Gregory.
  

•       Generics for Converter should use Exception not Throwable. Thanks to Gary Gregory.
  

•       Pick up maven-antrun-plugin version from parent POM org.apache:apache. Thanks to Gary Gregory.
  

•       Javadoc is missing its Overview page. Thanks to Gary Gregory.
  

•       Get mockito version from parent pom ([#351](https://github.com/apache/commons-cli/issues/351)). Thanks to Arnout Engelen.
  

•       Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80). Thanks to Gary Gregory.
  

•       Deprecate PatternOptionBuilder.PatternOptionBuilder(). Thanks to Arnout Engelen.
  

• CLI-341: HelpFormatter infinite loop with 0 width input. Thanks to Ruiqi Dong, Gary Gregory.
• CLI-349: Fail faster with a more precise NullPointerException: Option.processValue() throws NullPointerException when passed null value with value separator configured. Thanks to Leo Fernandes, Gary Gregory.
• CLI-344: Fail faster with a more precise NullPointerException: DefaultParser.parse() throws NullPointerException when options parameter is null. Thanks to Ruiqi Dong, Gary Gregory.
• CLI-347: Options.addOptionGroup(OptionGroup) does not remove required options from requiredOpts list. Thanks to Ruiqi Dong, Gary Gregory.

•       org.apache.commons.cli.Option.Builder.get() should throw IllegalStateException instead of IllegalArgumentException. Thanks to Gary Gregory.
  

•       org.apache.commons.cli.Option.processValue(String) should throw IllegalStateException instead of IllegalArgumentException. Thanks to Gary Gregory.
  

•       org.apache.commons.cli.OptionBuilder.create() should throw IllegalStateException instead of IllegalArgumentException. Thanks to Gary Gregory.
  

Updates

•       Bump org.apache.commons:commons-parent from 72 to 85 [#302](https://github.com/apache/commons-cli/issues/302), [#304](https://github.com/apache/commons-cli/issues/304), [#310](https://github.com/apache/commons-cli/issues/310), [#315](https://github.com/apache/commons-cli/issues/315), [#320](https://github.com/apache/commons-cli/issues/320), [#327](https://github.com/apache/commons-cli/issues/327), [#371](https://github.com/apache/commons-cli/issues/371). Thanks to Gary Gregory, Dependabot.
  

•       [test] Bump commons-io:commons-io from 2.16.1 to 2.20.0 [#309](https://github.com/apache/commons-cli/issues/309), [#337](https://github.com/apache/commons-cli/issues/337). Thanks to Gary Gregory, Dependabot.
  

•       [test] Bump org.apache.commons:commons-text from 1.12.0 to 1.14.0 [#344](https://github.com/apache/commons-cli/issues/344). Thanks to Gary Gregory, Dependabot.
  

•       Update site documentation to https://maven.apache.org/xsd/xdoc-2.0.xsd. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-cli/changes.html

... (truncated)

Commits

• 0458115 Prepare for the release candidate 1.10.0 RC1
• 6667053 Prepare for the next release candidate
• d9e46ab Prepare for the next release candidate
• 045ffbb Use JUnit convention
• 0ab5c5c Add @​Override
• 859d5e5 [CLI-343] OptionFormatter.getBothOpt() lacks validation for Options
• ea9e408 Better parameter names
• 7835c1c Fix Javadoc for Java 11
• 13563d0 Force sync with Apache GitBox
• d931195 Fix HTML markup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: gradle. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.