chore(deps): bump the low-risk group across 1 directory with 6 updates

[dependabot]

Bumps the low-risk group with 6 updates in the / directory:

Package	From	To
org.yaml:snakeyaml	2.5	2.6
org.projectlombok:lombok	1.18.42	1.18.44
org.mockito:mockito-junit-jupiter	5.21.0	5.23.0
io.projectreactor:reactor-bom	2025.0.3	2025.0.4
io.projectreactor.netty:reactor-netty-core	1.3.3	1.3.4
com.nimbusds:oauth2-oidc-sdk	11.33	11.34

Updates org.yaml:snakeyaml from 2.5 to 2.6

Commits

• cc19a61 [maven-release-plugin] prepare for next development iteration
• bc4a8f4 Minor fixes in Javadoc
• f18203a Add a test for Y79Y-003
• ad1fceb Less output in tests
• 1db66b7 Add (failing) build with JDK 25
• 88ebaa8 build: fix JKD 25 tests compilation
• 6af8790 Update Javadoc
• a006b7a Update Javadoc
• c143db2 Update changes
• d78d11f Update changes
• Additional commits viewable in compare view

Updates org.projectlombok:lombok from 1.18.42 to 1.18.44

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.44 (March 11th, 2026)

• FEATURE: @Jacksonized now supports both Jackson2 and Jackson3; you'll get a warning until you configure which one (or even both!) you want lombok to generate. #3950.
• BUGFIX: On JDK25, val and @ExtensionMethod could sometimes cause erroneous errors (in that you see errors but compilation succeeds anyway) using javac. #3947.
• BUGFIX: @Jacksonized + fields marked transient would result in those transient fields being serialised which is surprising (and thus undesired) behaviour. #3936.

Commits

• 17c78fe [version] pre-release version bump
• 1edca70 [test][@Jacksonized] Test emission of warning when not choosing jackson ver...
• e789e82 [test] Update the generation of eclipse test targets from JDK14 to JDK25.
• a54cecd [trivial][changelog]
• 3db0a6c [bugfix][@Jacksonized] javac handler of jacksonized checked for existing ja...
• 12572fc [test] Adjusted tests to the new 'jackson version is a list' config key setup.
• 0e9699c [changelog] Document implementation of Jackson3 support: #3950.
• d441be1 [jacksonized] infrastructure for previous merge resolution: Changed to the co...
• d62b2d5 Merge branch 'master' into cachescrubber-gh-3950
• f49f0fe [test] Remove tests for deprecated @Logger(access = MODULE). They're deprec...
• Additional commits viewable in compare view

Updates org.mockito:mockito-junit-jupiter from 5.21.0 to 5.23.0

Release notes

Sourced from org.mockito:mockito-junit-jupiter's releases.

v5.23.0

NOTE: Breaking change for Android

The mockito-android artifact has a breaking change: tests now require a device or emulator based on API 28+ (Android P). This is to enable new support for mocking Kotlin classes. See #3788 for more details.

---

Changelog generated by Shipkit Changelog Gradle Plugin

5.23.0

• 2026-03-11 - 6 commit(s) by Brice Dutheil, Joshua Selbo, Philippe Kernevez
• Replace mockito-android mock maker implementation with dexmaker-mockito-inline [(#3792)](mockito/mockito#3792)
• Fix StackOverflowError with AbstractList after using mockSingleton [(#3790)](mockito/mockito#3790)
• Mark parameters of Mockito.when @Nullable [(#3503)](mockito/mockito#3503)

v5.22.0

Changelog generated by Shipkit Changelog Gradle Plugin

5.22.0

• 2026-02-27 - 6 commit(s) by Joshua Selbo, NiMv1, Rafael Winterhalter, dependabot[bot], eunbin son
• Avoid mocking of internal static utilities [(#3785)](mockito/mockito#3785)
• Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 [(#3780)](mockito/mockito#3780)
• Static mocking of UUID.class corrupted under JDK 25 [(#3778)](mockito/mockito#3778)
• Bump actions/upload-artifact from 5 to 6 [(#3774)](mockito/mockito#3774)
• docs: clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) [(#3773)](mockito/mockito#3773)
• Add tests for Sets utility class [(#3771)](mockito/mockito#3771)
• Add core API to enable Kotlin singleton mocking [(#3762)](mockito/mockito#3762)
• Stubbing Kotlin object singletons [(#3652)](mockito/mockito#3652)
• Incorrect documentation for RETURNS_MOCKS [(#3285)](mockito/mockito#3285)

Commits

• a231205 Fix StackOverflowError with AbstractList after using mockSingleton (#3790)
• f6a91a6 Replace mockito-android mock maker implementation with dexmaker-mockito-inlin...
• aa2298a fix: make spotless happy
• a6729d6 chore: update BDDMockito with jspecify annotation
• bb83c92 chore: move jspecify as a compile only dependency
• 47a4695 chore: add jspecify with minimal change. Fixes #3503
• 25f1395 Add core API to enable Kotlin singleton mocking (#3762)
• ef9ee55 Avoids mocking private static methods, as well as package-private static meth...
• d16fcfc Bump graalvm/setup-graalvm from 1.4.4 to 1.4.5 (#3780)
• 27eb8a3 Clarify RETURNS_MOCKS behavior with sealed abstract enums (Java 15+) (#3773)
• Additional commits viewable in compare view

Updates io.projectreactor:reactor-bom from 2025.0.3 to 2025.0.4

Release notes

Sourced from io.projectreactor:reactor-bom's releases.

2025.0.4

2025.0.4 release train is made of:

• reactor-core 3.8.4
• reactor-pool 1.2.4
• reactor-netty 1.3.4

These artifacts didn't have any changes:

• reactor-addons 3.6.0
• reactor-kotlin-extensions 1.3.0

Commits

• 6f9cbb5 [release] Prepare and release BOM 2025.0.4
• dd0bbaa Merge-ignore release 2024.0.16 into 2025.0.4
• 4542001 [release] Back to snapshots, next BOM will be SR 17
• 9bf3a91 [release] Prepare and release BOM 2024.0.16
• 7610166 [release] Back to snapshots, next BOM will be SR 4
• See full diff in compare view

Updates io.projectreactor.netty:reactor-netty-core from 1.3.3 to 1.3.4

Release notes

Sourced from io.projectreactor.netty:reactor-netty-core's releases.

v1.3.4

Reactor Netty 1.3.4 is part of 2025.0.4 Release Train.

What's Changed

✨ New features and improvements

• Depend on Reactor Core v3.8.4 by @​chemicL in 53e8319e6fc66e101c3b52fc3a1267a891d1aeff, see release notes
• Avoid DefaultChannelId generation for DisposedChannel by @​violetagg in #4095
• Push-based maxConcurrentStreams update via SETTINGS frame handler by @​violetagg in #4106
• Add configurable maxLifeTime with per-resource variance by @​violetagg in #4111
• Add Http2AllocationStrategy#streamBatchSize for batched stream dispatching by @​violetagg in #4114
• Override isSharable() explicitly to avoid annotation lookup by @​violetagg in #4120
• Add fast-path short-circuit for is100ContinueExpected check by @​violetagg in #4123
• Cache resolved HttpHeadersFactory instances to avoid repeated allocation by @​violetagg in #4124

🐞 Bug fixes

• Add FlushConsolidationHandler to H2C upgrade pipeline by @​violetagg in #4097
• Fix Http2Pool returning connection to the pool before H2C upgrade completes by @​violetagg in #4098
• Fix Http2Pool ACQUIRED counter not rolled back when deliver is rejected by @​violetagg in #4099
• Fix HttpClient#proxyWhen to use NoopAddressResolverGroup by @​violetagg in #4104

Full Changelog: reactor/reactor-netty@v1.3.3...v1.3.4

Commits

• 53e8319 [release] Prepare and release 1.3.4
• aa4dc0e Merge-ignore release 1.2.16 into 1.3.4
• b8db392 [release] Back to snapshots, next is 1.2.17-SNAPSHOT
• 98eb271 [release] Prepare and release 1.2.16
• d64826c [test] By default connection eviction happens on release or on acquire (#4127)
• 902ae00 Suppress issue reported by errorprone
• e507934 Merge a839725f3 into 1.3.4
• a839725 Suppress issue reported by errorprone
• 8fffa1a Merge #4125 into 1.3.4
• ac6c7f8 Bump ruby/setup-ruby from 1.289.0 to 1.290.0 (#4125)
• Additional commits viewable in compare view

Updates com.nimbusds:oauth2-oidc-sdk from 11.33 to 11.34

Changelog

Sourced from com.nimbusds:oauth2-oidc-sdk's changelog.

version 1.0 (2012-05-29) * First official release with authorisation endpoint, token endpoint, check ID endpoint and UserInfo endpoint support. * JSON Web Tokens (JWTs) support through the Nimbus-JWT library. * Language Tags (RFC 5646) support through the Nimbus-LangTag library. * JSON support through the JSON Smart library.

version 2.0 (2013-05-13) * Intermediary development release with Maven build, published to Maven Central.

version 2.1 (2013-06-06) * Updates the APIs to OpenID Connect Messages draft 20, OpenID Connect Standard draft 21, OpenID Connect Discovery draft 17 and OpenID Connect Registration draft 19. * Major refactoring of the APIs for greater simplicity. * Adds JUnit tests.

version 2.2 (2013-06-18) * Refactors dynamic OpenID Connect client registration. * Adds partial support of the OAuth 2.0 Dynamic Client Registration Protocol (draft-ietf-oauth-dyn-reg-12). * Optimises parsing of request parameters consisting of one or more tokens (scope, response type, etc).

version 2.3 (2013-06-19) * Renames OAuth 2.0 dynamic client registration package. * Adds ClientInformation.getClientMetadata() method. * Adds OIDCClientInformation class.

version 2.4 (2013-06-20) * Adds static OIDCClientInformation.parse(JSONObject) method.

version 2.5 (2013-06-22) * Adds support OAuth 2.0 dynamic client update. * Adds OpenID Connect dynamic client registration classes.

version 2.6 (2013-06-25) * Enforces order of preference of ACR values in OpenID Connect client metadata, as required by the specification. * Documentation and performance improvements.

version 2.7 (2013-06-26) * Switches Identifier generation to java.security.SecureRandom.

version 2.8 (2013-06-30) * Fixes serialisation and assignment bugs in ClientMetadata. * Switches Secret generation to java.security.SecureRandom.

version 2.9 (2013-09-17)

... (truncated)

Commits

• 17a2f1c [maven-release-plugin] prepare for next development iteration
• b59da22 Support multiple client auth candidates in TokenRequest and PushedAuthorizati...
• 1a9194d Edits release notes (iss #524)
• 3c7f184 TokenIntrospectionRequest gets client auth candidates support, parse method m...
• 97c607f TokenRevocationRequest receives constructor and parse method support for mult...
• f12bfd0 [maven-release-plugin] prepare release 11.34
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[RichardSlater]

Minor bump, standard pre-approved change.

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

Minor bump, standard pre-approved change.

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud