chore(deps): update mend: high confidence minor and patch dependency updates

[mend-for-github-com]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
maven	3.8.1 -> 3.9.9
org.apache.maven.plugins:maven-enforcer-plugin	3.3.0 -> 3.5.0
com.diffplug.spotless:spotless-maven-plugin	2.41.1 -> 2.43.0
org.jruby:jruby	9.4.3.0 -> 9.4.9.0
org.apache.commons:commons-compress (source)	1.25.0 -> 1.27.1
org.ow2.asm:asm (source)	9.5 -> 9.7.1
com.nulab-inc:zxcvbn	1.8.0 -> 1.9.0
org.webjars:webjars-locator-core (source)	0.53 -> 0.59
io.github.bonigarcia:webdrivermanager (source)	5.6.3 -> 5.9.2
org.apache.maven.plugins:maven-surefire-plugin	3.2.1 -> 3.5.2
org.jsoup:jsoup (source)	1.17.2 -> 1.18.1
org.webjars:jquery (source)	3.7.0 -> 3.7.1
org.bitbucket.b_c:jose4j (source)	0.9.3 -> 0.9.6
org.apache.commons:commons-text (source)	1.10.0 -> 1.12.0
commons-io:commons-io (source)	2.15.1 -> 2.17.0
org.apache.maven.plugins:maven-checkstyle-plugin	3.3.1 -> 3.6.0
org.webjars:bootstrap (source)	5.3.2 -> 5.3.3

---

Release Notes

diffplug/spotless (com.diffplug.spotless:spotless-maven-plugin)

v2.43.0

Added

• Support custom rule sets for Ktlint. (#​1896)

Fixed

• Fix Eclipse JDT on some settings files. (#​1864 fixes #​1638)

Changed

• Bump default ktlint version to latest 1.0.0 -> 1.0.1. (#​1855)
• Add a Step to remove semicolons from Groovy files. (#​1881)

v2.42.0

Added

• Support for biome. The Rome project was renamed to Biome.
  The configuration is still the same, but you should switch to the new biome tag / function and adjust
  the version accordingly. (#​1804).
• Support for google-java-format's skip-javadoc-formatting option. (#​1793)
• Support configuration of mirrors for P2 repositories in Maven DSL (#​1697).
• New line endings mode GIT_ATTRIBUTES_FAST_ALLSAME. (#​1838)

Fixed

• Fix support for plugins when using Prettier version 3.0.0 and newer. (#​1802)
• Fix configuration cache issue around external process started '/usr/bin/git --version'. (#​1806)

Changed

• Bump default flexmark version to latest 0.64.0 -> 0.64.8. (#​1801)
• Bump default ktlint version to latest 0.50.0 -> 1.0.0. (#​1808)

jruby/jruby (org.jruby:jruby)

v9.4.9.0: JRuby 9.4.9.0 Released

Compare Source

The JRuby community is pleased to announce the release of JRuby 9.4.9.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 9.4.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! @​kares, @​jpcamara, @​jsvd

Ruby Compatibility

• Various fixes for keyword arguments. #​8344, #​8344, #​8382, #​8389
• Mutex has been fixed to check for thread interrupts (Thread#kill, Thread#raise) immediately after acquiring the lock. #​8403, #​8404

Standard Library

• The fiddle library is now a default gem and can be upgraded independently of JRuby. #​8385

Developer Experience

• The core jar file of JRuby can be rebuilt more quickly by calling Maven with the -Dcore flag. #​8326
• Support for Coordinated Restore at Checkpoint (OpenJDK Project CRaC), which allows snapshotting a running JRuby process and quickly resuming it later. #​8367

Java Integration

• The "lazy" constants feature for classes imported from Java, introduced in JRuby 9.4.8.0, has been reverted due to spurious warnings. We'll revisit it in a future release. #​8349, #​8368, #​8399, #​8400, #​8401
• Functions were added to allow flushing out thread-local and fiber-local storage for an entire JRuby runtime. #​8369

Security

• REXML was updated to 3.3.9 to get recent fixes and to address CVE-2024-49761, a ReDOS vulnerability. Only users parsing unsanitized XML with REXML are affected. #​8396

v9.4.8.0: JRuby 9.4.8.0 Released

Compare Source

The JRuby community is pleased to announce the release of JRuby 9.4.8.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 9.4.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! @​edipofederle, @​fidothe, @​ikaronen-relex, @​jimtng, @​jsvd, @​kares, @​mullermp, @​ntkme

Ruby Compatibility

• Fixed a bug in the bytecode JIT causing patterns to execute incorrect branches. #​8283, #​8284

Standard Library

• jruby-openssl is updated to 0.15.0, with updated Bouncy Castle libraries to avoid CVEs in older versions.
• uri is updated to 0.12.2, mitigating CVE-2023-36617.
• net-ftp is updated to 0.3.7 with restored functionality on JRuby.

58 Github Issues resolved for 9.4.8.0

• #​6198 Add test for #​6197
• #​7515 Process.wait and Process.wait2 not behaving as expected on Windows with JDK > 8
• #​7688 Correct Binding#dup to properly propagate values it captures
• #​7750 File.absolute_path does not work correctly on Windows when dir_string is specified and contains non-ASCII characters
• #​7879 New failures in Rack tests relating to deflater
• #​8129 arity for { |a,| } was -2 and should have been 1
• #​8140 [ji] support re-reifying class hierarchy
• #​8178 Java::JavaLang::ClassCastException: class org.jruby.java.proxies.ConcreteJavaProxy cannot be cast to class org.jruby.RubyArray
• #​8183 IPSocket#addr returning "0:0:0:0:0:0:0:0" as bound ip address and not "::" when preferring IPv6
• #​8210 Requiring visibility=PRIVATE for native initialize is error-prone
• #​8213 Introduce a DEFAULT visibility to indicate unspecified
• #​8216 IO.popen fails to find executable with chdir: kwarg
• #​8217 JRuby Jar comuptation fails in OSGi environment
• #​8218 Process chdir option sooner so execFillarg sees it
• #​8219 Class vars overtaken
• #​8220 Fix some error messages to make MRI test pass
• #​8222 Update uri to 0.12.2 for CVE-2023-36617
• #​8225 Different behavior for Array#reject in required file
• #​8232 Synchronize state in AbstractVariable and Argv
• #​8237 Open3 doesn't write on the right STDOUT
• #​8239 Fix Dir.home for empty dir name
• #​8241 Making excluded tests from test/mri/ruby/test_env.rb pass
• #​8242 Resolve symlinks in user provided $JAVA_HOME
• #​8243 handle FileSystemNotFoundException when getting jruby jar
• #​8244 org.jruby.javasupport.ext.JavaLang.Number#define emits "method redefined" warnings in verbose mode
• #​8245 Remove unused variable assignment from Fiddle::Pointer.to_ptr
• #​8246 Remove skipped tests from TestAssignment
• #​8247 Remove redundant (and slightly broken) to_int and to_f aliases
• #​8248 JRuby parses "mixed" IPv6 address as IPv4
• #​8250 [ji] avoid already initialized constant warnings
• #​8251 Dir.chdir conflicting warning and error
• #​8252 yield specific for interp should have same rest logic as other paths
• #​8255 Fix #​8183. IPSocket#addr should report :: vs long unspecified address
• #​8256 Inconsistent debug info for jitted code in IntelliJ
• #​8257 Remove passing MRI test Fixnum
• #​8258 Check for override method on eql?
• #​8261 [deps] update jruby-openssl to 0.14.6
• #​8269 Unbound#== for aliases to be considered equal.
• #​8270 Enumerable#inject/reduce should show arg error with no arg or block
• #​8273 ARGF spec fixes.
• #​8274 fix some range conditions in String#* by relaxing to long at first
• #​8275 Refinement#import_methods always warns
• #​8278 IO.popen does not return value of the provided block
• #​8280 Enhancements for IR printing
• #​8281 Set writer modification time to now by default
• #​8282 Properly check for Module's superclass
• #​8283 Pattern matching not working
• #​8284 Fix pattern JIT Hash match and SyntaxError
• #​8288 Race fixes for AOT mode in 9.3
• #​8289 Subprocess launch with shell fails with empty env
• #​8290 Check for empty string from ENV.op_aref
• #​8292 Return the value of the block for IO.popen
• #​8294 Fix IPSocket.getaddress to handle special case IPv6 addresses
• #​8303 update jruby-openssl to 0.15.0
• #​8305 Update net-ftp to JRuby-compatible 0.3.7
• #​8306 Properly fall back if can't setAccessible
• #​8309 Default Windows filesystem encoding to UTF-8
• #​8310 Enhance reflective pid-getting for Windows Java 8+

v9.4.7.0: JRuby 9.4.7.0 Released

Compare Source

The JRuby community is pleased to announce the release of JRuby 9.4.7.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 9.4.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! @​kares, @​ryannevell, @​jsvd

Ruby Compatibility

• Many edge cases in language compatibility have been fixed. #​7440, #​8128, #​8192, #​8193, #​8195, #​8197, #​8198

Standard Library

• jruby-openssl is updated to 0.14.5
• rdoc is updated to 6.4.1.1
• Warnings due to method aliasing in the ostruct library have been mitigated. #​8200, #​8206

JVM Integration

• Ruby classes that are "reified" into a Java class and later redefined can be "re-reified" to a new Java class with an incrementing version number. #​8141, #​8185
• Java objects from other classloaders can pollute the Java:: namespace. This behavior can be disabled now, and will be disabled by default in JRuby 10. #​8156, #​8208

53 Github Issues resolved for 9.4.7.0

• #​7440 Multiple assignment evaluation order consistency
• #​8112 update this ancient lockfile
• #​8113 Remove long dead torquebox from template Gemfile and update to newer …
• #​8114 one last update to puma version for sample Gemfile
• #​8119 Possible Keyword Argument Regression in 9.4.6.0
• #​8121 Prepending a module to a subclass changes it representation in the superclass#subclasses array
• #​8122 Handle prepend in subclasses
• #​8123 lutimes was passing huge wrong values to function
• #​8124 Method.clone of frozen should stay frozen
• #​8125 Proc#clone of frozen proc should stay frozen
• #​8126 UnboundMethod#clone of frozen UnboundMethod should stay frozen
• #​8127 EncodingError should be SyntaxError for bad symbols?
• #​8128 parameters value for **nil should be nokey
• #​8130 Return proper encoding error string for String#to_c
• #​8131 frozen error handling for remove_instance_variable
• #​8132 test flags for stats need to handle file instances as well as strings
• #​8133 Implement string/eval form of trace_var
• #​8134 Fix various kwarg-related specs in IO#open, File#open and Kernel#open.
• #​8135 Cannot install latest rubocop
• #​8136 Redo java commandline calculation to work with newer Java's
• #​8138 [deps] update joda-time to 2.12.7
• #​8139 to_time raise an exception. (class org.jruby.ext.date.RubyDate cannot be cast to class org.jruby.ext.date.RubyDateTime)
• #​8141 can not re-reify sub-class of a Java sub-class
• #​8142 Add-Opens for complete -jar runs as expected in later Java's
• #​8144 Allow extended DateTime to still be constructed using DateTime
• #​8148 Profiler raises 'wrong number of arguments for constructor (ArgumentError)' for the march_hare gem
• #​8155 Concurrently requiring a file from multiple threads may "succeed" even if the file raises an error
• #​8156 JRuby adds Java proxy classes to the Java module even if they are not from JRubyClassLoader
• #​8157 Incorrect case tree selection when comparing Symbols during compiled Ruby code execution
• #​8167 Some simple refactoring but removing some mysterious classcast guards
• #​8173 Coverage doesn't cover begin
• #​8179 Thread#pending_interupt? crashes
• #​8185 [ji] support re-reifying class hierarchy
• #​8186 [fix] LoadError on require should not complete load
• #​8191 Rearrange cond0 to behave more like MRI did in 3.1
• #​8192 lhs of compound const would crash if not a Module/Class
• #​8193 side-effects in const op element assign by exec parent of lhs twice
• #​8195 use left to right evaluation
• #​8196 [deps] update jruby-openssl to 0.14.5
• #​8197 END was not getting parents lvars
• #​8198 Give same error message for duplicated case arms
• #​8199 Enumerator#next_values behavior does not match MRI or docs
• #​8200 Warnings emitted by requiring 'ostruct'
• #​8201 Fix issue#8199
• #​8202 do not emit labels which are not used while constructing loops + IGV enhancements
• #​8203 rename all closures to more closely match a name you can read vs CLOSURE_2
• #​8204 bump rdoc dependency to 6.4.1.1
• #​8205 begin node coverage line should not get added if it has been removed
• #​8206 Mark frame-aware method names with bang suffix for ostruct
• #​8207 Partially undo kwarg optz from #​8095
• #​8208 Only set up Java:: constants when accessed directly
• #​8209 opted case needs to use updated ints when loaded into new runtime.
• #​8211 Always unwrap old initialize methods

v9.4.6.0: JRuby 9.4.6.0 Released

Compare Source

The JRuby community is pleased to announce the release of JRuby 9.4.6.0.

• Homepage: https://www.jruby.org/
• Download: https://www.jruby.org/download

JRuby 9.4.x targets Ruby 3.1 compatibility.

Thank you to our contributors this release, you help keep JRuby moving forward! [@​evaniainbrooks], [@​ahorek], @​kares, [@​most00], @​ntkme, [@​sk757a]

Ruby Compatibility

• Support for the new Prism parser for Ruby code has been merged in. A blog post will follow soon. [#​8103]
• IO#fcntl had inverted logic for setting O_NONBLOCK (setting it cleared the value, etc). [#​8081], [#​8090]
• Many fixes to language and core class compatibility, see issue list.
• Warnings should match verbosity levels of CRuby, with many unwanted warnings now properly omitted without verbose enabled. [#​7183], [#​8071]

Standard Library

• json is updated to 2.7.1. [#​7752], [#​7954]
• io-console is updated to 0.7.2. This version fixes IRB on Apple M-series by using stty for console manipulation. [#​8012]
• nkf is now supported by gem version 0.2.0. [#​8077]
• strscan is updated to 3.1.0. [#​8074], [#​8086]
• reline is updated to 0.4.2 [#​8102]
• jruby-openssl is updated to 0.14.3 [#​8107]

JVM Integration

• Ruby Symbols can be use as arguments to JVM methods that receive Java String. [#​8015], [#​8057]
• Starting with Java 17, package-private methods will no longer be bound automatically even if they can be made visible. [#​8061], [#​8093]

Native Integration

• The subsystem used for native calls has been updated to support RHEL/CentOS 7 and the Java 9+ Cleaner API. [#​8104]

Performance

• Performance of keyword argument handling has been improved. [#​8021]
• Pattern matching is now supported in JRuby's JIT compiler. [#​8026], [#​8027]

77 Github Issues resolved for 9.4.6.0

• #​4808 [Rework global variables, caching to eliminate race conditions][#​4808]
• #​6430 [Using <internal: for core library methods defined in Ruby][#​6430]
• #​7151 [File.identical? should use stat to compare files][#​7151]
• #​7183 [Various alias forms warn on redefine when they should not][#​7183]
• #​7523 [Define IO::READABLE, WRITABLE, PRIORITY for IO#wait][#​7523]
• #​7695 [jffi ships with binaries requiring glibc 2.27][#​7695]
• #​7721 [jirb on win10 : The signal TSTP is in use by the JVM and will not work correctly on this platform][#​7721]
• #​7729 [Sock fixes][#​7729]
• #​7752 [Update JSON gem to not use Bigdecimal.new][#​7752]
• #​7759 [irb on CentOS7, JRuby 9.4.2.0 , and JDK 1.8][#​7759]
• #​7760 [Failure to load FFI gives an outdated message][#​7760]
• #​7845 [Including a module again after prepending another module to it isn't idempotent][#​7845]
• #​7862 [Ruby 2.7 conformance: ObjectSpace::WeakMap is broken for FixNum keys][#​7862]
• #​7939 [Yaml exception when trying to install rdoc-data][#​7939]
• #​7954 [Update json for BigDecimal.new fix][#​7954]
• #​7958 [Prepend internal marker to internal sources][#​7958]
• #​7974 [[ji] support java_alias with constructor][#​7974]
• #​7981 [Less instrs][#​7981]
• #​7996 [Add %aA for printf and friends][#​7996]
• #​8001 [Fix various specs][#​8001]
• #​8002 [Time spec fixes][#​8002]
• #​8003 [Fix issues in global variable thread-safety][#​8003]
• #​8005 [New MRI test failures on less common architectures][#​8005]
• #​8007 [Fix intermittent fails in CI][#​8007]
• #​8009 [Expand WeakMap to allow floats and fixnums][#​8009]
• #​8010 [Kernel#send does not strip off empty keywords hashes before calling eventual method][#​8010]
• #​8011 [Fixes #​8010. Kernel#send + empty kwargs hash error][#​8011]
• #​8012 [Update io-console][#​8012]
• #​8013 [Tag sweep2][#​8013]
• #​8014 [Fixes language specs involving blocks/yield][#​8014]
• #​8015 [Java method lookup for arity-1 method with inexact argument fails in the presence of arity-2 method with same name][#​8015]
• #​8016 [Lang specs][#​8016]
• #​8021 [Reduce overhead of kwargs for no-arg methods and blocks][#​8021]
• #​8022 [Remove implicit prologue state to methods/blocks if that state is unused][#​8022]
• #​8026 [Full JIT support for pattern matching][#​8026]
• #​8027 [Pattern jit][#​8027]
• #​8031 [Reuse thread-local jump exceptions to avoid construction][#​8031]
• #​8033 [Implement Exception.to_tty?][#​8033]
• #​8039 [Implement Exception.to_tty?][#​8039]
• #​8040 [Match Exception#full_message with MRI 3.2][#​8040]
• #​8045 [Try to find class resource to avoid exception][#​8045]
• #​8046 [Socket::IFF_* are missing][#​8046]
• #​8047 [add socket flags for zeroconf][#​8047]
• #​8048 [Try and make UDP look a little more like MRI (and hopefully make it more functional)][#​8048]
• #​8049 [Fix String#unpack from using capacity() and causing wrong error][#​8049]
• #​8050 [Various cleanups for String operations][#​8050]
• #​8052 [ignore codes logic was not doing anything in unpack][#​8052]
• #​8053 [More arity splitting][#​8053]
• #​8054 [A bit confusing error: "FrozenError: can't modify frozen NilClass"][#​8054]
• #​8055 [override getDelegate in PrependedModule to return origin][#​8055]
• #​8056 [Add hex exponential notation for Kernel::Float][#​8056]
• #​8057 [recognize RubySymbol as assignable to String][#​8057]
• #​8060 [Inspect frozen object for error][#​8060]
• #​8061 [enumerable.map raise wrong number of arguments only when Ruby script is executed from Gradle using JDK 21][#​8061]
• #​8063 [Fix typos in cli options][#​8063]
• #​8070 [Attribute definition on singleton should call singleton_method_added][#​8070]
• #​8071 [Update some warnings to deprecated][#​8071]
• #​8072 [Added Module#refinements and Refinement#refined_class][#​8072]
• #​8074 [Update strscan to fix improper sharing][#​8074]
• #​8077 [Switch to default gem for nkf][#​8077]
• #​8080 [[fix] avoid Class#subclasses deprecation with class.rb ext][#​8080]
• #​8083 [(master) rdoc test suite failing with Java::JavaLang::ArrayIndexOutOfBoundsException][#​8083]
• #​8088 [Update strscan to 3.1.0 for OOB fix][#​8088]
• #​8091 [Ripper is not returning unary minus with proper symbol][#​8091]
• #​8093 [Rework visibility checks for Java integration][#​8093]
• #​8095 [Tweak kwargs logic to improve JIT inlining][#​8095]
• #​8099 [[ji] fix java_import when constant exists in Object][#​8099]
• #​8100 [Extra splat instr which did nothing][#​8100]
• #​8101 [Flip File.identical? logic to try native first][#​8101]
• #​8102 [Update reline to 0.4.2][#​8102]
• #​8103 [Prism pluggable integration work][#​8103]
• [#​8105](https://redirect.github.com/jruby/jruby/issues/8

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box