chore(deps): bump the low-risk group with 9 updates

[dependabot]

Bumps the low-risk group with 9 updates:

Package	From	To
ch.qos.logback:logback-core	1.5.27	1.5.28
ch.qos.logback:logback-classic	1.5.27	1.5.28
org.pitest:pitest-parent	1.22.0	1.22.1
org.pitest:pitest-maven	1.22.0	1.22.1
com.nimbusds:oauth2-oidc-sdk	11.32	11.33
io.netty:netty-codec-http	4.2.9.Final	4.2.10.Final
io.netty:netty-codec	4.2.9.Final	4.2.10.Final
io.netty:netty-common	4.2.9.Final	4.2.10.Final
io.netty:netty-handler	4.2.9.Final	4.2.10.Final

Updates ch.qos.logback:logback-core from 1.5.27 to 1.5.28

Release notes

Sourced from ch.qos.logback:logback-core's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e7a1855 prepare release 1.5.28
• e8dee44 cosmetic changes only
• ded504c minor refactoring
• 8af5459 fix NPE as reported in issues/1014
• 4f560a0 appender names of references not subject to substitution
• eab8e1d remove spurious Sytem.out, add javadoc
• 9ff843d fix issues/1016
• 769bce0 add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction
• 6fd0943 add missing package.html in logback-core
• 5350e54 add missing package.html in logback-classic
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.27 to 1.5.28

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e7a1855 prepare release 1.5.28
• e8dee44 cosmetic changes only
• ded504c minor refactoring
• 8af5459 fix NPE as reported in issues/1014
• 4f560a0 appender names of references not subject to substitution
• eab8e1d remove spurious Sytem.out, add javadoc
• 9ff843d fix issues/1016
• 769bce0 add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction
• 6fd0943 add missing package.html in logback-core
• 5350e54 add missing package.html in logback-classic
• Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.27 to 1.5.28

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.28

2026-02-06 Release of logback version 1.5.28

• Appender names or appender references are no longer subject to variable substitution.

• Fixed issue with configurations with conditionals encompassing appenders. This was reported in issues/1016 reported by Sergey Sazonov.

• The element now admits a 'scan' attribute which can be used to override the 'scan' attribute in the element.

• Fixed NullPointerException thrown by VersionUtil.checkForVersionEquality method occurring with GraalVM Native Images. This issue was reported in issues/1014.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit e7a1855ab562bb102333f754603ff89359bf3cfc associated with the tag v_1.5.28. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Commits

• e7a1855 prepare release 1.5.28
• e8dee44 cosmetic changes only
• ded504c minor refactoring
• 8af5459 fix NPE as reported in issues/1014
• 4f560a0 appender names of references not subject to substitution
• eab8e1d remove spurious Sytem.out, add javadoc
• 9ff843d fix issues/1016
• 769bce0 add scanStr field to PropertiesConfiguratorAction, refactor ResourceAction
• 6fd0943 add missing package.html in logback-core
• 5350e54 add missing package.html in logback-classic
• Additional commits viewable in compare view

Updates org.pitest:pitest-parent from 1.22.0 to 1.22.1

Release notes

Sourced from org.pitest:pitest-parent's releases.

1.22.1

• #1445 pin dependencies in github actions
• #1449 bump asm to 9.9.
• #1452 Filter equivalent mutations to null final field assignments

Commits

• e195484 Merge pull request #1452 from hcoles/feature/null_final_fields
• 8b1781b do not mutate null assignments to final fields
• 5ec1570 failing test
• edc45e6 Merge pull request #1450 from hcoles/dependabot/maven/samples/org.assertj-ass...
• 991e4fc Merge pull request #1451 from hcoles/dependabot/maven/org.assertj-assertj-cor...
• f3a3657 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
• 0296b34 Bump org.assertj:assertj-core from 3.14.0 to 3.27.7 in /samples
• bfdeffe Merge pull request #1449 from hcoles/feature/bump_asm_9_9_1
• 92e8fe0 bump asm to 9.9.1
• 8092404 Merge pull request #1445 from mlachenmayr-celonis/feat/pin-github-actions
• Additional commits viewable in compare view

Updates org.pitest:pitest-maven from 1.22.0 to 1.22.1

Release notes

Sourced from org.pitest:pitest-maven's releases.

1.22.1

• #1445 pin dependencies in github actions
• #1449 bump asm to 9.9.
• #1452 Filter equivalent mutations to null final field assignments

Commits

• e195484 Merge pull request #1452 from hcoles/feature/null_final_fields
• 8b1781b do not mutate null assignments to final fields
• 5ec1570 failing test
• edc45e6 Merge pull request #1450 from hcoles/dependabot/maven/samples/org.assertj-ass...
• 991e4fc Merge pull request #1451 from hcoles/dependabot/maven/org.assertj-assertj-cor...
• f3a3657 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
• 0296b34 Bump org.assertj:assertj-core from 3.14.0 to 3.27.7 in /samples
• bfdeffe Merge pull request #1449 from hcoles/feature/bump_asm_9_9_1
• 92e8fe0 bump asm to 9.9.1
• 8092404 Merge pull request #1445 from mlachenmayr-celonis/feat/pin-github-actions
• Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.32 to 11.33

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 2ade16b [maven-release-plugin] prepare for next development iteration
• 22be156 Fixes Issuer issues: replaces regex in equalsIgnoreTrailingSlash with simple ...
• 113abfc Adds InvalidDPoPNonceException extends InvalidDPoPProofException, wires it to...
• c9691bd [maven-release-plugin] prepare release 11.33
• See full diff in compare view

Updates io.netty:netty-codec-http from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-common from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-handler from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-codec from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-common from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates io.netty:netty-handler from 4.2.9.Final to 4.2.10.Final

Commits

• 4cc9873 [maven-release-plugin] prepare release netty-4.2.10.Final
• 54b8663 Remove unnecessary allocations and abstractions in HttpContentCompressor (#16...
• 961f427 Update to netty-tcnative 2.0.75.Final (#16227)
• 3007ba9 Use recommanded finalize chain pattern when override finalize() method (#16212)
• b918042 Update some dependencies (#16198) (#16215)
• 874c995 Reduce allocations on DefaultHeaders::containsValue (#15843)
• e0fe794 Remove unnecessary null check in WebSocketServerExtensionHandler (#16201)
• 1b0636b Move default compression options into static variable in HttpContentCompresso...
• 85a3a0e codec-http2: move the accessors from Http2Headers to DefaultHttp2Headers (#16...
• f44a88d Improve chunk picking for the large-size buddy allocator (#16179)
• Additional commits viewable in compare view

Updates org.pitest:pitest-maven from 1.22.0 to 1.22.1

Release notes

Sourced from org.pitest:pitest-maven's releases.

1.22.1

• #1445 pin dependencies in github actions
• #1449 bump asm to 9.9.
• #1452 Filter equivalent mutations to null final field assignments

Commits

• e195484 Merge pull request #1452 from hcoles/feature/null_final_fields
• 8b1781b do not mutate null assignments to final fields
• 5ec1570 failing test
• edc45e6 Merge pull request #1450 from hcoles/dependabot/maven/samples/org.assertj-ass...
• 991e4fc Merge pull request #1451 from hcoles/dependabot/maven/org.assertj-assertj-cor...
• f3a3657 Bump org.assertj:assertj-core from 3.27.3 to 3.27.7
• 0296b34 Bump org.assertj:assertj-core from 3.14.0 to 3.27.7 in /samples
• bfdeffe Merge pull request #1449 from hcoles/feature/bump_asm_9_9_1
• 92e8fe0 bump asm to 9.9.1
• 8092404 Merge pull request #1445 from mlachenmayr-celonis/feat/pin-github-actions
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[RichardSlater]

/azp run

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[RichardSlater]

Patch bumps, low-risk, passing ci, standard pre-approved change.