Updated dependencies to align with Spring Boot 3.3.5

Author: SimonTaylor

.github/workflows/build.yml

@@ -21,7 +21,7 @@ jobs:
             ${{ runner.os }}-maven-
 
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'

pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>3.3.4</version>
+		<version>3.3.5</version>
 		<relativePath /> <!-- lookup parent from repository -->
 	</parent>
 
@@ -33,35 +33,35 @@
 		<commons-collections.version>4.4</commons-collections.version>
 		<commons-logging.version>1.3.4</commons-logging.version>
 		<findbugs-jsr305.version>3.0.2</findbugs-jsr305.version>
-		<spt-development-audit-spring-boot.version>3.3.4</spt-development-audit-spring-boot.version>
-		<spt-development-logging-spring-boot.version>3.3.4</spt-development-logging-spring-boot.version>
+		<spt-development-audit-spring-boot.version>3.3.5</spt-development-audit-spring-boot.version>
+		<spt-development-logging-spring-boot.version>3.3.5</spt-development-logging-spring-boot.version>
 
 		<!-- Test dependency versions -->
 		<awaitility.version>4.2.2</awaitility.version>
-		<cucumber.version>7.19.0</cucumber.version>
-		<junit-platform.version>1.11.0</junit-platform.version>
-		<spt-development-test.version>3.1.11</spt-development-test.version>
+		<cucumber.version>7.20.1</cucumber.version>
+		<junit-platform.version>1.11.3</junit-platform.version>
+		<spt-development-test.version>3.1.12</spt-development-test.version>
 
 		<!-- Spring Boot overrides to fix security vulnerabilities -->
 		<artemis.version>2.37.0</artemis.version>
 
 		<!-- Plugin versions -->
-		<checkstyle-maven-plugin.version>3.5.0</checkstyle-maven-plugin.version>
-		<dependency-check-maven.version>10.0.4</dependency-check-maven.version>
+		<checkstyle-maven-plugin.version>3.6.0</checkstyle-maven-plugin.version>
+		<dependency-check-maven.version>11.1.0</dependency-check-maven.version>
 		<jacoco-maven-plugin.version>0.8.12</jacoco-maven-plugin.version>
 		<license-maven-plugin.version>2.4.0</license-maven-plugin.version>
-		<maven-jxr-plugin.version>3.5.0</maven-jxr-plugin.version>
-		<maven-pmd-plugin.version>3.25.0</maven-pmd-plugin.version>
+		<maven-jxr-plugin.version>3.6.0</maven-jxr-plugin.version>
+		<maven-pmd-plugin.version>3.26.0</maven-pmd-plugin.version>
 		<maven-scm-plugin.version>2.1.0</maven-scm-plugin.version>
 		<pitest-maven.version>1.17.0</pitest-maven.version>
-		<spotbugs-plugin.version>4.8.6.4</spotbugs-plugin.version>
+		<spotbugs-plugin.version>4.8.6.5</spotbugs-plugin.version>
 
 		<!-- Plugin dependencies -->
-		<checkstyle.version>10.18.1</checkstyle.version>
+		<checkstyle.version>10.20.0</checkstyle.version>
 		<findbugs-slf4j-bug-pattern.version>1.5.0</findbugs-slf4j-bug-pattern.version>
-		<findbugs-sec-bug-pattern.version>1.12.0</findbugs-sec-bug-pattern.version>
+		<findbugs-sec-bug-pattern.version>1.13.0</findbugs-sec-bug-pattern.version>
 		<pitest-junit5-plugin.version>1.2.1</pitest-junit5-plugin.version>
-		<pmd.version>7.5.0</pmd.version>
+		<pmd.version>7.7.0</pmd.version>
 	</properties>
 
 	<dependencyManagement>
@@ -423,6 +423,17 @@
 				<artifactId>maven-failsafe-plugin</artifactId>
 				<configuration>
 					<!--
+						Prevents the following warning introduced in JDK 21, caused by Mockito or more specifically byte-buddy-agent:
+
+						WARNING: A Java agent has been loaded dynamically (/Users/khm/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.5/byte-buddy-agent-1.14.5.jar)
+						WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
+						WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
+						WARNING: Dynamic loading of agents will be disallowed by default in a future release
+
+						NOTE. argLine property is set by JaCoCo in prepare-agent stage.
+					 -->
+					<argLine>-XX:+EnableDynamicAgentLoading ${argLine}</argLine>
+					<!--
                          classesDirectory is required to work around a bug that is discussed at
                          https://github.com/spring-projects/spring-boot/issues/6254. There are a number of different
                          workarounds, but this seems to be the cleanest.
@@ -450,6 +461,17 @@
 			<plugin>
 				<artifactId>maven-surefire-plugin</artifactId>
 				<configuration>
+					<!--
+						Prevents the following warning introduced in JDK 21, caused by Mockito or more specifically byte-buddy-agent:
+
+						WARNING: A Java agent has been loaded dynamically (/Users/khm/.m2/repository/net/bytebuddy/byte-buddy-agent/1.14.5/byte-buddy-agent-1.14.5.jar)
+						WARNING: If a serviceability tool is in use, please run with -XX:+EnableDynamicAgentLoading to hide this warning
+						WARNING: If a serviceability tool is not in use, please run with -Djdk.instrument.traceUsage for more information
+						WARNING: Dynamic loading of agents will be disallowed by default in a future release
+
+						NOTE. argLine property is set by JaCoCo in prepare-agent stage.
+					 -->
+					<argLine>-XX:+EnableDynamicAgentLoading ${argLine}</argLine>
 					<trimStackTrace>false</trimStackTrace>
 					<includes>
 						<include>**/*Test.java</include>
@@ -464,6 +486,19 @@
 				<groupId>com.github.spotbugs</groupId>
 				<artifactId>spotbugs-maven-plugin</artifactId>
 				<version>${spotbugs-plugin.version}</version>
+				<dependencies>
+					<!-- Included as dependencies as well as plugins so that versions plugins picks up new versions -->
+					<dependency>
+						<groupId>jp.skypencil.findbugs.slf4j</groupId>
+						<artifactId>bug-pattern</artifactId>
+						<version>${findbugs-slf4j-bug-pattern.version}</version>
+					</dependency>
+					<dependency>
+						<groupId>com.h3xstream.findsecbugs</groupId>
+						<artifactId>findsecbugs-plugin</artifactId>
+						<version>${findbugs-sec-bug-pattern.version}</version>
+					</dependency>
+				</dependencies>
 				<configuration>
 					<effort>Max</effort>
 					<threshold>Low</threshold>