chore: bump the gradle-updates group across 1 directory with 12 updates

[dependabot]

Bumps the gradle-updates group with 11 updates in the / directory:

Package	From	To
org.junit:junit-bom	5.13.4	5.14.1
org.ow2.asm:asm-bom	9.8	9.9
com.github.ben-manes.caffeine:caffeine	3.2.2	3.2.3
org.aspectj:aspectjtools	1.9.24	1.9.25
com.google.guava:guava	33.4.8-jre	33.5.0-jre
software.amazon.awscdk:aws-cdk-lib	2.208.0	2.228.0
software.constructs:constructs	10.4.2	10.4.3
com.github.javaparser:javaparser-core	3.27.0	3.27.1
com.fasterxml.jackson:jackson-bom	2.19.2	2.20.1
com.vanniktech.maven.publish	0.34.0	0.35.0
com.ncorti.ktfmt.gradle	0.23.0	0.25.0

Updates org.junit:junit-bom from 5.13.4 to 5.14.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 5.14.1 = Platform 1.14.1 + Jupiter 5.14.1 + Vintage 5.14.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.0...r5.14.1

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

Commits

• c7cde2d Release 5.14.1
• f9fd438 Remove "Latest Releases" section
• eae19b2 Finalize 5.14.1 release notes
• da25e47 Fix broken links in documentation
• 386bbf3 Fix since info for JRE.JAVA_26
• 09a1609 Update since info for backported changes
• 2ab3370 Improve documentation for TestInstantiationAwareExtension
• 0b9617e Fix support for package-private test methods (#5100)
• d43c3ca Restore JDK 8 compatibility
• 9c0c755 Validate that there are enough arguments to inject @Parameter fields
• Additional commits viewable in compare view

Updates org.ow2.asm:asm-bom from 9.8 to 9.9

Updates com.github.ben-manes.caffeine:caffeine from 3.2.2 to 3.2.3

Release notes

Sourced from com.github.ben-manes.caffeine:caffeine's releases.

3.2.3

• Fixed frequency tracking of weak keys to use the object's identity hash code (#1902)
• Added support for underscores in CaffeineSpec when using numeric literals (#1890)
• Improved the external api to no longer lock when querying for the maximum size or weighted size (#1897)
• Added detection and recovery when a custom CompletableFuture is in an inconsistent state (quarkus#50513)

Commits

• 5227a98 minor build touchups
• cc3f37d reorganize into separate gradle test suites
• 2299add Allow users to read the maximum size without locking (fixes #1897)
• 6250b38 clarify policy javadoc and add corresponding test cases (fixes #1927)
• c975fc0 upgrade error-prone static analyzer
• d8e0a92 allow the project.version to be overridden by external builders
• 0e46d22 detect if the user's future is inconsistent with the results
• 1971428 use the assemble task for a full build without running the test suites
• 782ac79 use the key reference with the frequency sketch (fixes #1902)
• e0dd94b minor build clean up
• Additional commits viewable in compare view

Updates org.aspectj:aspectjtools from 1.9.24 to 1.9.25

Release notes

Sourced from org.aspectj:aspectjtools's releases.

1.9.25

Java 25

AspectjJ 1.9.25 release notes

Commits

• See full diff in compare view

Updates com.google.guava:guava from 33.4.8-jre to 33.5.0-jre

Release notes

Sourced from com.google.guava:guava's releases.

33.5.0

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>33.5.0-jre</version>
  <!-- or, for Android: -->
  <version>33.5.0-android</version>
</dependency>

Jar files

• 33.5.0-jre.jar
• 33.5.0-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.3.jar

Javadoc

• 33.5.0-jre
• 33.5.0-android

JDiff

• 33.5.0-jre vs. 33.4.8-jre
• 33.5.0-android vs. 33.4.8-android
• 33.5.0-android vs. 33.5.0-jre

Changelog

• Restored the Automatic-Module-Name to guava-android. (It, unlike, guava-jre, is not a proper module.) (7a04a8a955)
• For users of guava-gwt: Google has moved off GWT internally. We plan to continue to release guava-gwt for users of GWT and J2CL, but the artifact is no longer tested for GWT-specific issues, and we have limited resources to fix any unexpected issues that might arise. While we do not anticipate any specific problems, we can't guarantee how long support will continue.
• Increased our Android minSdkVersion to 23 (Marshmallow). This follows the minimum of Google's foundational Android libraries, and we expect it to have no practical impact on users. (5c23347cc1)
• Listed the JSpecify annotations as an optional dependency in our OSGi metadata. (2dfd572981)
• cache: Improved the handling of exceptions from compute functions in Cache.asMap(). (We do still recommend using Caffeine rather than com.google.common.cache.) (087f2c4a80)
• collect: Improved Iterators.mergeSorted() to preserve stability for equal elements. (4dc93be9a8)
• math: Added saturatedAbs methods to IntMath and LongMath. (ed0e518f20)
• net: Added image/avif to MediaType. (53344caba6)
• testing: Made CollectorTester available to Android users. (294c251079)
• util.concurrent: Added Striped.custom. (1586eb271d)

Commits

• See full diff in compare view

Updates software.amazon.awscdk:aws-cdk-lib from 2.208.0 to 2.228.0

Release notes

Sourced from software.amazon.awscdk:aws-cdk-lib's releases.

v2.228.0

Features

• lambda: add new lambda/kafka esm properties and on failure desitination (65f9c35)

Bug Fixes

• cloudformation-include: TypeError when including template with intrinsic functions (#36157) (f2a384b), closes #36140 #35838

---

Alpha modules (2.228.0-alpha.0)

v2.227.0

CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-backup: AWS::Backup::LogicallyAirGappedBackupVault: EncryptionKeyArn attribute removed.

Features

• stepfunctions: add StateMachineGrants (#36094) (59ef00d)
• update L1 CloudFormation resource definitions (#36122) (51d805e)
• core: cfn constructs (L1s) can now accept constructs as parameters for known resource relationships (#35838) (6be7b4b)
• factory methods for Grants made public (#36123) (f9a894f)
• dynamodb: add TableGrants and StreamGrants (#36093) (d0b074a)
• rds: support instance and iam-db-auth-error CloudWatch log exports (#35058) (e71a8b1), closes #35018
• s3: add BucketGrants (#36102) (5891172)
• grants are now available through a separate class (#35782) (21fd959)

---

Alpha modules (2.227.0-alpha.0)

Features

• bedrock-agentcore-alpha: agentcore gateway L2 construct (#35771) (07c4a0d)
• imagebuilder-alpha: add support for Component Construct (#36107) (93a76e4), closes #36006 #36104
• imagebuilder-alpha: add support for Distribution Configuration Construct (#36108) (6051039), closes #36005

Bug Fixes

• bedrock-agentcore-alpha: fix unexpected validation error when properties are Token (#35978) (084b736)

v2.226.0

Features

• dynamodb: compound keys for global secondary indexes (046b06d)
• lambda: add multi-tenancy support with TenancyConfig (5f384db)

---

Alpha modules (2.226.0-alpha.0)

v2.225.0

⚠ BREAKING CHANGES

... (truncated)

Changelog

Sourced from software.amazon.awscdk:aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.228.0-alpha.0 (2025-11-24)

2.227.0-alpha.0 (2025-11-20)

Features

• bedrock-agentcore-alpha: agentcore gateway L2 construct (#35771) (07c4a0d)
• imagebuilder-alpha: add support for Component Construct (#36107) (93a76e4), closes #36006 #36104
• imagebuilder-alpha: add support for Distribution Configuration Construct (#36108) (6051039), closes #36005

Bug Fixes

• bedrock-agentcore-alpha: fix unexpected validation error when properties are Token (#35978) (084b736)

2.226.0-alpha.0 (2025-11-20)

2.225.0-alpha.0 (2025-11-17)

2.224.0-alpha.0 (2025-11-13)

Features

• imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789

2.223.0-alpha.0 (2025-11-10)

2.222.0-alpha.0 (2025-11-04)

Features

• eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)

Bug Fixes

• bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
• eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)

2.221.1-alpha.0 (2025-10-29)

2.221.0-alpha.0 (2025-10-24)

... (truncated)

Commits

• 367086f chore(release): v2.228.0 (#36166)
• 93f34cc chore(release): 2.228.0
• 65f9c35 feat(lambda): lambda esm features
• f2a384b fix(cloudformation-include): TypeError when including template with intrins...
• 5bb9e11 chore(release): 2.227.0 (#36137)
• 73ba451 chore: resolve merge conflict
• a5e2246 chore: update CHANGELOG.v2.md and CHANGELOG.v2.alpha.md
• 86eacae chore(release): 2.227.0
• 5a3fc87 chore(release): 2.227.0 (#36135)
• 59ef00d feat(stepfunctions): add StateMachineGrants (#36094)
• Additional commits viewable in compare view

Updates software.constructs:constructs from 10.4.2 to 10.4.3

Release notes

Sourced from software.constructs:constructs's releases.

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

• deps: upgrade to jsii & typescript 5.9 (#2823) (02796b2)

Commits

• 02796b2 fix(deps): upgrade to jsii & typescript 5.9 (#2823)
• f62df72 chore(deps): upgrade dev dependencies (#2822)
• 56d6cbf chore(deps): upgrade dev dependencies (#2821)
• a37b483 chore(deps): upgrade cdklabs-projen-project-types (#2819)
• 7826d73 chore(deps): upgrade dev dependencies (#2820)
• bbbf608 chore(deps): upgrade dev dependencies (#2818)
• 7c1b1ad chore(deps): upgrade dev dependencies (#2817)
• 27ec512 chore(deps): upgrade dev dependencies (#2816)
• 6e7e0a2 chore(deps): upgrade dev dependencies (#2815)
• e71d235 chore(deps): upgrade dev dependencies (#2814)
• Additional commits viewable in compare view

Updates com.github.javaparser:javaparser-core from 3.27.0 to 3.27.1

Release notes

Sourced from com.github.javaparser:javaparser-core's releases.

javaparser-parent-3.27.1

Changed

• fix: switch expression improvement (PR #4823 by @​seokjun7410)

Fixed

• Fix: Adjusts the range limits of lambda expression parameters to ignore brackets. (PR #4860 by @​jlerbsc)
• Fix issue 4846 (PR #4855 by @​PiTheGuy)
• Revert checkstyle plugin upgrade (PR #4836 by @​jlerbsc)
• Fix: issue 4832 Resolving type of fully qualified varargs invocation throws IndexOutOfBoundsException (PR #4835 by @​jlerbsc)
• Fix: Issue 4829 Infinite loop in DifferenceElementCalculator when calling setPermittedTypes (PR #4834 by @​jlerbsc)
• XmlPrinter: fix duplicate attribute name in generated xml (PR #4806 by @​sgqy)
• Use lambda parameter counts and block bodies for improved resolution (PR #4796 by @​johannescoetzee)
• Fix issue #4791 (PR #4792 by @​bannmann)

Developer Changes

• fix(deps): update dependency org.checkerframework:checker-qual to v3.51.1 (PR #4862 by @​renovate[bot])
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 (PR #4843 by @​renovate[bot])
• fix(deps): update dependency com.google.guava:guava to v33.5.0-jre (PR #4839 by @​renovate[bot])
• chore(deps): update codecov/codecov-action action to v5.5.1 (PR #4827 by @​renovate[bot])
• fix(deps): update dependency org.checkerframework:checker-qual to v3.50.0 (PR #4825 by @​renovate[bot])
• chore(deps): update actions/setup-java action to v5 (PR #4822 by @​renovate[bot])
• chore(deps): update actions/checkout action to v5 (PR #4811 by @​renovate[bot])
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v11 (PR #4808 by @​renovate[bot])
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.4 (PR #4701 by @​renovate[bot])

Uncategorised

• Improves documentation on LexicalPreservingPrinter (PR #4820 by @​jlerbsc)
• Improves documentation on the raw langage level (PR #4819 by @​jlerbsc)
• Fix javadoc of Name class (PR #4789 by @​bannmann)
• Fix NormalAnnotationExpr Javadoc (PR #4784 by @​bannmann)

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​seokjun7410
• @​bannmann
• @​sgqy
• @​johannescoetzee
• @​PiTheGuy
• @​jlerbsc

Changelog

Sourced from com.github.javaparser:javaparser-core's changelog.

Version 3.27.1

issues resolved

Changed

• fix: switch expression improvement (PR #4823 by @​seokjun7410)

Fixed

• Fix: Adjusts the range limits of lambda expression parameters to ignore brackets. (PR #4860 by @​jlerbsc)
• Fix issue 4846 (PR #4855 by @​PiTheGuy)
• Revert checkstyle plugin upgrade (PR #4836 by @​jlerbsc)
• Fix: issue 4832 Resolving type of fully qualified varargs invocation throws IndexOutOfBoundsException (PR #4835 by @​jlerbsc)
• Fix: Issue 4829 Infinite loop in DifferenceElementCalculator when calling setPermittedTypes (PR #4834 by @​jlerbsc)
• XmlPrinter: fix duplicate attribute name in generated xml (PR #4806 by @​sgqy)
• Use lambda parameter counts and block bodies for improved resolution (PR #4796 by @​johannescoetzee)
• Fix issue #4791 (PR #4792 by @​bannmann)

Developer Changes

• fix(deps): update dependency org.checkerframework:checker-qual to v3.51.1 (PR #4862 by @​renovate[bot])
• chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.12.0 (PR #4843 by @​renovate[bot])
• fix(deps): update dependency com.google.guava:guava to v33.5.0-jre (PR #4839 by @​renovate[bot])
• chore(deps): update codecov/codecov-action action to v5.5.1 (PR #4827 by @​renovate[bot])
• fix(deps): update dependency org.checkerframework:checker-qual to v3.50.0 (PR #4825 by @​renovate[bot])
• chore(deps): update actions/setup-java action to v5 (PR #4822 by @​renovate[bot])
• chore(deps): update actions/checkout action to v5 (PR #4811 by @​renovate[bot])
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v11 (PR #4808 by @​renovate[bot])
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.4 (PR #4701 by @​renovate[bot])

Uncategorised

• Improves documentation on LexicalPreservingPrinter (PR #4820 by @​jlerbsc)
• Improves documentation on the raw langage level (PR #4819 by @​jlerbsc)
• Fix javadoc of Name class (PR #4789 by @​bannmann)
• Fix NormalAnnotationExpr Javadoc (PR #4784 by @​bannmann)

❤️ Contributors

Thank You to all contributors who worked on this release!

• @​seokjun7410
• @​bannmann
• @​sgqy
• @​johannescoetzee
• @​PiTheGuy
• @​jlerbsc

Commits

• b87bb5d Migration to Central Publisher Portal 3 - Adding required properties
• 9897582 Migration to Central Publisher Portal 3 - Plugin declaration issue
• 0ab2944 Migration to Central Publisher Portal 3 - Artifact exclusion issues (try anot...
• f83857f Migration to Central Publisher Portal 3 - Artifact exclusion issues
• 92b44d3 Migration to Central Publisher Portal 3 - Configuration issues
• 532ac86 Migration to Central Publisher Portal 3 - excludes artifacts and resolves mav...
• 26f063a Migration to Central Publisher Portal 2
• 60c8cd4 Migration to Central Publisher Portal
• 0bcf677 [maven-release-plugin] prepare release javaparser-parent-3.27.1
• 387ad84 update readme
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.2 to 2.20.1

Commits

• 5e24010 [maven-release-plugin] prepare release jackson-bom-2.20.1
• 59a2e4a Prep for 2.20.1 release
• 3fc3645 Merge branch '2.19' into 2.20
• 7539ecc Post-release dep version bump
• 21f04ba [maven-release-plugin] prepare for next development iteration
• 085b32f [maven-release-plugin] prepare release jackson-bom-2.19.4
• f2a1f50 Prep for 2.19.4 release
• ee69fcf ...
• 3735e1e ...
• d405492 Add helper script for safekeeping
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.module:jackson-module-kotlin from 2.19.2 to 2.20.1

Commits

• 7602d41 [maven-release-plugin] prepare release jackson-module-kotlin-2.20.1
• a3e110c Prep for 2.20.1 release
• 2613d4f Merge branch '2.19' into 2.20
• 35aa6ab Post-release dep version bump
• c71ae67 [maven-release-plugin] prepare for next development iteration
• f475369 [maven-release-plugin] prepare release jackson-module-kotlin-2.19.4
• 1c832b0 Prep for 2.19.4 release
• d7ffcd3 Update README.md
• 613f938 Merge branch '2.19' into 2.20
• 30f83b1 Post-release dep version bump
• Additional commits viewable in compare view

Updates com.vanniktech.maven.publish from 0.34.0 to 0.35.0

Release notes

Sourced from com.vanniktech.maven.publish's releases.

0.35.0

• Add support for publishing Kotlin Multiplatform libraries that use com.android.kotlin.multiplatform.library.
• Add support for validating deployments to Central Portal
• Raise minimum Gradle version to 8.13
• Raise minimum Android Gradle Plugin version to 8.2.2
• Do not unconditionally disable DocLint
• Fail publishing if SONATYPE_HOST is not set to CENTRAL_PORTAL.
• Fix misleading error message when Android library variant is not found.
• Downgrade transitive OkHttp version.
• Don't check project heirarchy for POM properties when Isolated proejcts is enabled.

Thanks to @​joshfriend, @​Flowdalic and @​Goooler for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.13
• Android Gradle Plugin 8.2.2
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 9.2.0
• Gradle 9.3.0-milestone-1
• Android Gradle Plugin 8.13.1
• Android Gradle Plugin 9.0.0-alpha14
• Kotlin Gradle Plugin 2.2.21
• Kotlin Gradle Plugin 2.3.0-Beta2

0.35.0-rc1

• Add support for publishing Kotlin Multiplatform libraries that use com.android.kotlin.multiplatform.library.
• Add support for validating deployments to Central Portal
• Raise minimum Gradle version to 8.13
• Raise minimum Android Gradle Plugin version to 8.2.2
• Do not unconditionally disable DocLint
• Fail publishing if SONATYPE_HOST is not set to CENTRAL_PORTAL.
• Fix misleading error message when Android library variant is not found.
• Downgrade transitive OkHttp version.
• Don't check project heirarchy for POM properties when Isolated proejcts is enabled.

Thanks to @​joshfriend, @​Flowdalic and @​Goooler for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.13
• Android Gradle Plugin 8.2.2
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 9.2.0

... (truncated)

Changelog

Sourced from com.vanniktech.maven.publish's changelog.

0.35.0 (2025-11-11)

• Add support for publishing Kotlin Multiplatform libraries that use com.android.kotlin.multiplatform.library.
• Add support for validating deployments to Central Portal
• Raise minimum Gradle version to 8.13
• Raise minimum Android Gradle Plugin version to 8.2.2
• Do not unconditionally disable DocLint
• Fail publishing if SONATYPE_HOST is not set to CENTRAL_PORTAL.
• Fix misleading error message when Android library variant is not found.
• Downgrade transitive OkHttp version.
• Don't check project heirarchy for POM properties when Isolated proejcts is enabled.

Thanks to @​joshfriend, @​Flowdalic and @​Goooler for their contributions to this release.

Minimum supported versions

• JDK 11
• Gradle 8.13
• Android Gradle Plugin 8.2.2
• Kotlin Gradle Plugin 1.9.20

Compatibility tested up to

• JDK 24
• Gradle 9.2.0
• Gradle 9.3.0-milestone-1
• Android Gradle Plugin 8.13.1
• Android Gradle Plugin 9.0.0-alpha14
• Kotlin Gradle Plugin 2.2.21
• Kotlin Gradle Plugin 2.3.0-Beta2

Commits

• 8232338 update to 0.35.0-rc1
• 85b409d 0.35.0 prep
• 2e01bc6 Always run CI on the latest Java (#1193)
• fb36ee3 Update android.gradle to v8.13.1 (#1194)
• 0f8135b Use Java 25 on CI (#1184)
• 4cc5b52 Clean up toolchain usages in tests (#1191)
• aa456e1 Update plugin android-lint to v8.13.1 (#1195)
• 32a9226 Update dependency com.android.library to v9.0.0-alpha14 (#1188)
• 48a58af Support deploying API html (#1192)
• a795a97 Clean up android extensions in tests (#1190)
• Additional commits viewable in compare view

Updates com.ncorti.ktfmt.gradle from 0.23.0 to 0.25.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions