deps(deps): bump the testing group across 1 directory with 2 updates

[dependabot]

Bumps the testing group with 2 updates in the / directory: org.junit.jupiter:junit-jupiter and org.assertj:assertj-core.

Updates org.junit.jupiter:junit-jupiter from 5.13.4 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

JUnit 5.14.3 = Platform 1.14.3 + Jupiter 5.14.3 + Vintage 5.14.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.2...r5.14.3

JUnit 5.14.2 = Platform 1.14.2 + Jupiter 5.14.2 + Vintage 5.14.2

See Release Notes.

New Contributors

• @​uglide made their first contribution in junit-team/junit-framework#5245

Full Changelog: junit-team/junit-framework@r5.14.1...r5.14.2

JUnit 5.14.1 = Platform 1.14.1 + Jupiter 5.14.1 + Vintage 5.14.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.0...r5.14.1

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.junit.jupiter:junit-jupiter	[>= 6.a0, < 7]

[dependabot]

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.assertj:assertj-core	3.27.7	Unknown	Unknown
maven/org.junit.jupiter:junit-jupiter	5.14.4	🟢 8.6	Details Check Score Reason Security-Policy 🟢 10 security policy file detected Code-Review 🟢 3 Found 6/18 approved changesets -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 9 binaries present in source code License 🟢 10 license file detected Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 19 out of 19 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 61 contributing companies or organizations

Scanned Files

• pom.xml

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml