build(deps): bump the remaining-minor-updates group with 13 updates

[dependabot]

Bumps the remaining-minor-updates group with 13 updates:

Package	From	To
org.camunda.bpm.model:camunda-bpmn-model	7.22.0	7.24.0
org.junit.jupiter:junit-jupiter	5.11.3	5.14.4
net.bytebuddy:byte-buddy	1.15.8	1.18.9
net.bytebuddy:byte-buddy-agent	1.15.8	1.18.9
com.fasterxml.jackson.core:jackson-databind	2.18.0	2.22.0
com.fasterxml.jackson.core:jackson-core	2.18.6	2.21.4
com.fasterxml.jackson.core:jackson-annotations	2.18.0	2.22
org.xmlunit:xmlunit-core	2.10.3	2.12.0
com.fasterxml.jackson.datatype:jackson-datatype-jsr310	2.18.2	2.22.0
dev.dsf:dsf-bpe-process-api-v1	1.7.0	1.9.0
dev.dsf:dsf-bpe-process-api-v2	2.0.2	2.1.0
org.camunda.bpm:camunda-engine	7.20.0	7.24.0
ca.uhn.hapi.fhir:hapi-fhir-base	5.1.0	5.7.9

Updates org.camunda.bpm.model:camunda-bpmn-model from 7.22.0 to 7.24.0

Updates org.junit.jupiter:junit-jupiter from 5.11.3 to 5.14.4

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.14.4 = Platform 1.14.4 + Jupiter 5.14.4 + Vintage 5.14.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.3...r5.14.4

JUnit 5.14.3 = Platform 1.14.3 + Jupiter 5.14.3 + Vintage 5.14.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.2...r5.14.3

JUnit 5.14.2 = Platform 1.14.2 + Jupiter 5.14.2 + Vintage 5.14.2

See Release Notes.

New Contributors

• @​uglide made their first contribution in junit-team/junit-framework#5245

Full Changelog: junit-team/junit-framework@r5.14.1...r5.14.2

JUnit 5.14.1 = Platform 1.14.1 + Jupiter 5.14.1 + Vintage 5.14.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.14.0...r5.14.1

JUnit 5.14.0 = Platform 1.14.0 + Jupiter 5.14.0 + Vintage 5.14.0

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0

JUnit 5.14.0-RC1 = Platform 1.14.0-RC1 + Jupiter 5.14.0-RC1 + Vintage 5.14.0-RC1

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.4...r5.14.0-RC1

JUnit 5.13.4 = Platform 1.13.4 + Jupiter 5.13.4 + Vintage 5.13.4

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.3...r5.13.4

JUnit 5.13.3 = Platform 1.13.3 + Jupiter 5.13.3 + Vintage 5.13.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r5.13.2...r5.13.3

... (truncated)

Commits

• 096fd69 Release 5.14.4
• 11fd02b Remove JDK 24 (EOL)
• 5b7f023 Fix integration tests on JDK 27
• 18f842a Test against JDK 26 (GA) and JDK 27 (EA)
• a5bf336 Polish 5.14.4 release notes
• 7667c14 Fix race condition in NodeTestTask (#5427)
• ac01f2d Include full display name in legacy XML reports (#5524)
• fbd4a8e Include class template invocation index in legacy reporting names
• 7d6f0c0 Only check PDF for GA releases
• 14f534d Test 5.14.x against JDK 25 ga (#5623)
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy from 1.15.8 to 1.18.9

Release notes

Sourced from net.bytebuddy:byte-buddy's releases.

Byte Buddy 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

Byte Buddy 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

... (truncated)

Changelog

Sourced from net.bytebuddy:byte-buddy's changelog.

1. June 2026: version 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

1. April 2026: version 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

... (truncated)

Commits

• 3d8e72d [publish] Releasing Byte Buddy 1.18.9
• 3525602 [release] Release new version
• 619cb82 Update Gradle.
• dc5fba6 Update versions and build
• 0c4582f Fix Gradle test on legacy versions.
• 3dedb98 Make test fail after optimization prevented this.
• 455dbce Support library modules with AGP9 new DSL (#1905)
• 473ce81 Add short cut methods for descriptors.
• 567b161 Make build robust for profile-independant running.
• 93c2b67 Add pseudo annotation for Gradle Classpath for legacy compilation.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.15.8 to 1.18.9

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

Byte Buddy 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

... (truncated)

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. June 2026: version 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

1. April 2026: version 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

... (truncated)

Commits

• 3d8e72d [publish] Releasing Byte Buddy 1.18.9
• 3525602 [release] Release new version
• 619cb82 Update Gradle.
• dc5fba6 Update versions and build
• 0c4582f Fix Gradle test on legacy versions.
• 3dedb98 Make test fail after optimization prevented this.
• 455dbce Support library modules with AGP9 new DSL (#1905)
• 473ce81 Add short cut methods for descriptors.
• 567b161 Make build robust for profile-independant running.
• 93c2b67 Add pseudo annotation for Gradle Classpath for legacy compilation.
• Additional commits viewable in compare view

Updates net.bytebuddy:byte-buddy-agent from 1.15.8 to 1.18.9

Release notes

Sourced from net.bytebuddy:byte-buddy-agent's releases.

Byte Buddy 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

Byte Buddy 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

Byte Buddy 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

Byte Buddy 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

Byte Buddy 1.18.4

• Add support for new build description in Android 9.

Byte Buddy 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

Byte Buddy 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

Byte Buddy 1.18.1

• Fix generated module-info to include new package.

Byte Buddy 1.18.0

• Add support for module-info class files and ModuleDescriptions.
• Allow for manipulating module information using the ByteBuddy API.

Byte Buddy 1.17.8

• Avoid use of types that are deprecated as of Java 26.
• Include ASM 9.9 that offers ASM support for Java 26.
• Make sure that generated code internal to Byte Buddy supports CDS if available.
• Update version of ASM to JDK Class File API bridge to fix some minor bugs related to type annotations.

Byte Buddy 1.17.7

• Specify correct JVM environment for Android builds when using the Gradle plugin.
• Avoid recomputing the size of a parameter list for performance reasons after measuring the significant impact.
• Correct validation of JVM names to avoid breaking when Java names are not allowed while JVM names are, with Kotlin and others.

... (truncated)

Changelog

Sourced from net.bytebuddy:byte-buddy-agent's changelog.

1. June 2026: version 1.18.9

• Disable use of Unsafe by default when Java 25or newer is discovered.
• Check for escape when creating folders in Plugin.Engine.
• Improve OpenJ9 attachment.
• Avoid null pointer on missing annotation types.
• Improve diagnostics for external agent attachment.
• Improve on Gradle context discovery.
• Support Android libraries on AGP9 or newer.
• Update ASM.

1. April 2026: version 1.18.8

• Improve support for repeatable builds.
• Fix reordering of exception table in type initializers when instrumenting.

1. March 2026: version 1.18.7

• Introduce new versioning concept with -jdk5 suffix for backwards-compatible jar and Java 8 baseline for regular jar.

27. February 2026: version 1.18.6

Accidental release during rework of release pipeline. Functional, but with incorrect suffices.

15. February 2026: version 1.18.5

• Eagerly resolve of canonical files during attach emulation to avoid failure when process ends before file can be deleted.
• Add super classes to hash code / equals computation in Advice that were missing.

16. January 2026: version 1.18.4

• Add support for new build description in Android 9.

26. November 2025: version 1.18.3

• Avoid using Class File API when Byte Buddy is loaded on the boot loader where multi-release jars are not available.
• Add additional safety when processing class files with illegally formed parameters.
• Update to latest ASM.

26. November 2025: version 1.18.2

• Support modifiers for value classes in Valhalla builds.
• Improve use of build cache in Gradle.

12. November 2025: version 1.18.1

• Fix generated module-info to include new package.

11. November 2025: version 1.18.0

... (truncated)

Commits

• 3d8e72d [publish] Releasing Byte Buddy 1.18.9
• 3525602 [release] Release new version
• 619cb82 Update Gradle.
• dc5fba6 Update versions and build
• 0c4582f Fix Gradle test on legacy versions.
• 3dedb98 Make test fail after optimization prevented this.
• 455dbce Support library modules with AGP9 new DSL (#1905)
• 473ce81 Add short cut methods for descriptors.
• 567b161 Make build robust for profile-independant running.
• 93c2b67 Add pseudo annotation for Gradle Classpath for legacy compilation.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.0 to 2.22.0

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.18.6 to 2.21.4

Commits

• f17a4f7 [maven-release-plugin] prepare release jackson-core-2.21.4
• c6411e1 Prep for 2.21.4 release
• 52633da Merge branch '2.20' into 2.21
• 1fa7bb9 Merge branch '2.19' into 2.20
• 6dea8a8 Merge branch '2.18' into 2.19
• ada244d Post-release dep version bump
• 52f69d3 [maven-release-plugin] prepare for next development iteration
• 899d70a [maven-release-plugin] prepare release jackson-core-2.18.8
• a006b52 Prep for 2.18.8 release
• 4c05816 Merge branch '2.20' into 2.21
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-annotations from 2.18.0 to 2.22

Commits

• See full diff in compare view

Updates org.xmlunit:xmlunit-core from 2.10.3 to 2.12.0

Release notes

Sourced from org.xmlunit:xmlunit-core's releases.

XMLUnit for Java 2.12.0

This release may require you to adjust you configuration when comparing files that use DTDs. When XMLUnit 2.6.0 has been release it was intended to disallow DTD parsing by default, but due to a bug still allowed it. This has now been fixed.

Full list of changes:

• bumped xmlunit-assertj3's dependency on assert to 3.27.7.

  This is to make people aware of GHSA-rqfh-9r24-8c9r

  XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

  PRs #320 and #321

• actually made withDTDParsingDisabled do what it says.

  This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

  PRs #326 by @​jmestwa-coder and #328

XMLUnit for Java 2.11.0

This release is identical to XMLUnit for Java 2.10.4 except for the dependency list of the xmlunit-jakarta-jaxb-impl modulle. If you don't use the module, you can ignore this release.

Up until XMLUnit 2.10.4 the xmlunit-jakarta-jaxb-impl module depended on org.glassfish.jaxb:jaxb-runtime making it more difficult to chose a different JAXB implementation than necessary (see #313). This dependency has now been removed.

If you use the xmlunit-jakarta-jaxb-impl module you may now need to specify the JAXB implementation you want to use explicitly. If you have excluded the module's dependency inside your own build configuration so far, you can now safely remove the exclusion.

XMLUnit for Java 2.10.4

This is a bugfix release. Fixed bugs:

• attributes with null values could cause a NullPointerException. Issue #307 PR #309

Changelog

Sourced from org.xmlunit:xmlunit-core's changelog.

XMLUnit for Java 2.12.0 - /Released 2026-05-31/

• bumped xmlunit-assertj3's dependency on assert to 3.27.7.

  This is to make people aware of GHSA-rqfh-9r24-8c9r

  XMLUnit itself does not use the affected code in AssertJ so the upgrade is not strictly necessary - and this is why the xmlunit-assertj module is not updated. In fact the assertions provided by xmlunit-assertj3 are the recommended upgrade path for users of AssertJ 3.x+.

  PRs #320 and #321

• actually made withDTDParsingDisabled do what it says.

  This is a bugfix and in a way it is backwards incompatible as it changes default behavior in a way that I intended to do with XMLUnit 2.6.0 eight years ago. DocumentBuilderFactoryConfigurer.DefaultWithDTDParsing provides the behavior of XMLUnit 2.6.0 to 2.11.0.

  PRs #326 by @​jmestwa-coder and #328

XMLUnit for Java 2.11.0 - /Released 2025-10-24/

• the xmlunit-jakarta-jaxb-impl no longer depends on org.glassfish.jaxb:jaxb-runtime directly. Issue #313 PR #314

  This is a breaking change and may force you to add an explicit dependency if you are using the module and rely on XMLUnit to provide the JAXB implementation.

XMLUnit for Java 2.10.4 - /Released 2025-09-13/

• attributes with null values could cause a NullPointerException. Issue #307 PR #309

Commits

• 35a8243 prepare 2.12.0 release
• e84de90 make javadoc build work
• 7e11085 bump plugins
• 9bfc67b Merge pull request #328 from xmlunit/fix-tests-introduce-new-DefaultWithDtdPa...
• b5361e0 adjust tests, allow DTD parsing where necessary
• e71cc58 introduce DefaultWithDTDParsing configuration
• aafa4e4 Merge pull request #327 from xmlunit/rel-notes
• a799d5c xmlunit-assertj3 is also certainly recommended for assertj 3 users
• ba255e7 Merge pull request #326 from jmestwa-coder/dtd-parsing-disabled
• 3a28d4e fix withDTDParsingDisabled to actually reject doctype declarations
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.2 to 2.22.0

Updates dev.dsf:dsf-bpe-process-api-v1 from 1.7.0 to 1.9.0

Updates dev.dsf:dsf-bpe-process-api-v2 from 2.0.2 to 2.1.0

Updates org.camunda.bpm:camunda-engine from 7.20.0 to 7.24.0

Updates ca.uhn.hapi.fhir:hapi-fhir-base from 5.1.0 to 5.7.9

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions