Update Mend: high confidence minor and patch dependency updates

[mend-for-github.amrom.workers.dev]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
event-source-polyfill	1.0.26 -> 1.0.31
maven (source)	3.8.1 -> 3.9.11
org.apache.maven.plugins:maven-enforcer-plugin (source)	3.3.0 -> 3.6.2
com.diffplug.spotless:spotless-maven-plugin	2.38.0 -> 2.46.1
org.hsqldb:hsqldb (source)	2.5.2 -> 2.7.4
org.apache.commons:commons-compress (source)	1.23.0 -> 1.28.0
com.auth0:java-jwt	4.4.0 -> 4.5.0
com.auth0:jwks-rsa	0.22.1 -> 0.23.0
org.apache.commons:commons-exec (source)	1.3 -> 1.6.0
org.ow2.asm:asm (source)	9.5 -> 9.9
com.nulab-inc:zxcvbn	1.8.0 -> 1.9.0
com.thoughtworks.xstream:xstream (source)	1.4.5 -> 1.4.21
org.apache.maven.plugins:maven-surefire-plugin (source)	3.1.2 -> 3.5.4
org.jsoup:jsoup (source)	1.16.1 -> 1.21.2
org.webjars:jquery (source)	3.6.4 -> 3.7.1
org.bitbucket.b_c:jose4j (source)	0.9.3 -> 0.9.6
io.jsonwebtoken:jjwt	0.9.1 -> 0.13.0
org.jacoco:jacoco-maven-plugin (source)	0.8.10 -> 0.8.14
com.google.guava:guava	32.1.1-jre -> 32.1.3-jre
org.apache.commons:commons-text (source)	1.10.0 -> 1.14.0
org.apache.maven.plugins:maven-checkstyle-plugin (source)	3.3.0 -> 3.6.0

---

Release Notes

Yaffle/EventSource (event-source-polyfill)

v1.0.31

Compare Source

v1.0.30

Compare Source

v1.0.29

Compare Source

v1.0.28

Compare Source

apache/maven (maven)

v3.9.11: 3.9.11

Compare Source

🚀 New features and improvements

• Augment version range resolution used repositories (#​2574) @​cstamas

🐛 Bug Fixes

• Deduplicate filtered dependency graph (#​2489) @​alzimmermsft
• Move ensure in boundaries of project lock (#​2470) @​cstamas

👻 Maintenance

• [MNGSITE-393] - remove references to Maven 2 (#​2438) @​elharo
• Update CONTRIBUTING after GitHub issues enabled (#​2449) @​slawekjaranowski
• Enable Github Issues (3.9.x) (#​2414) @​Bukama
• [MNG-8763] - Remove name from site bannerLeft (#​2419) @​slawekjaranowski

🔧 Build

• Pin GitHub action versions by hash (#​10898) @​slawekjaranowski
• Build the project by JDK 21 as default (#​10896) @​slawekjaranowski
• Use Maven 3.9.10 for build on GitHub (#​2452) @​slawekjaranowski

📦 Dependency updates

• Bump resolverVersion from 1.9.23 to 1.9.24 (#​2540) @​dependabot[bot]
• Bump xmlunitVersion from 2.10.2 to 2.10.3 (#​2500) @​dependabot[bot]
• Bump org.apache.maven:maven-parent from 44 to 45 (#​2491) @​dependabot[bot]
• Bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 (#​2432) @​dependabot[bot]

v3.9.10: 3.9.10

Compare Source

Release Notes - Maven - Version 3.9.10

Bug

• [MNG-8096] - Inconsistent dependency resolution behaviour for concurrent multi-module build can cause failures
• [MNG-8169] - MINGW support requires --add-opens java.base/java.lang=ALL-UNNAMED
• [MNG-8170] - Maven 3.9.8 contains weird native library for Jansi on Windows/arm64
• [MNG-8211] - Maven should fail builds that use CI Friendly versions but have no values set
• [MNG-8248] - WARNING: A restricted method in java.lang.System has been called
• [MNG-8256] - ProjectDependencyGraph bug: in case of filtering, non-direct module links are lost
• [MNG-8315] - Failure of mvn.cmd if a .mvn directory is located at drive root
• [MNG-8396] - Maven takes forever to resume
• [MNG-8711] - "Duplicate artifact" in LifecycleDependencyResolver

Improvement

• [MNG-8370] - Introduce maven.repo.local.head
• [MNG-8399] - JDK 24+ issues warning about usage of sun.misc.Unsafe
• [MNG-8707] - Add methods to remove compile and test source roots
• [MNG-8712] - improve dependency version explanation: it&#​39;s a requirement, not always effective version
• [MNG-8717] - Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding
• [MNG-8722] - Use a single standalone version of asm
• [MNG-8731] - Use https for xsi:schemaLocation in generated descriptors
• [MNG-8734] - Simplify scripting like "get project version" cases

Task

• [MNG-8728] - Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 and use Java 24 on CI

Dependency upgrade

• [MNG-8289] - Update Plexus annotations to 2.2.0
• [MNG-8443] - Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre
• [MNG-8531] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0
• [MNG-8532] - Bump commons-io:commons-io from 2.16.1 to 2.18.0
• [MNG-8534] - Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1
• [MNG-8635] - Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3
• [MNG-8636] - Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre
• [MNG-8640] - Bump org.apache.maven:maven-parent from 43 to 44
• [MNG-8661] - Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre
• [MNG-8701] - Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28
• [MNG-8702] - Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0
• [MNG-8703] - Bump commons-io:commons-io from 2.18.0 to 2.19.0
• [MNG-8704] - Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre
• [MNG-8705] - Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0
• [MNG-8706] - Bump commons-cli:commons-cli from 1.8.0 to 1.9.0
• [MNG-8715] - Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2
• [MNG-8716] - Bump resolver to 1.9.23
• [MNG-8745] - Bump xmlunitVersion from 2.10.0 to 2.10.2

What's Changed

• [MNG-8211] Fail the build if CI Friendly revision used without value by @​cstamhttps://github.com/apache/maven/pull/1656l/1656
• Add missing since by @​cstamhttps://github.com/apache/maven/pull/1682l/1682
• [MNG-8256] FilteredProjectDependencyGraph fix for non-transitive case by @​cstamhttps://github.com/apache/maven/pull/1724l/1724
• [MNG-8315] Failure of mvn.cmd if a .mvn folder is located at drive root by @​fmarhttps://github.com/apache/maven/pull/1806l/1806
• [MNG-8289] Update Plexus Annotations to 2.2.0 by @​dependabhttps://github.com/apache/maven/pull/1666l/1666
• [MNG-8370] Add maven.repo.local.head by @​slawekjaranowshttps://github.com/apache/maven/pull/1915l/1915
• [MNG-8443] Bump com.google.guava:guava from 33.2.1-jre to 33.4.0-jre by @​dependabhttps://github.com/apache/maven/pull/1991l/1991
• [MNG-8531] Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 by @​dependabhttps://github.com/apache/maven/pull/2013l/2013
• [MNG-8532] Bump commons-io:commons-io from 2.16.1 to 2.18.0 by @​dependabhttps://github.com/apache/maven/pull/1926l/1926
• [MNG-8534] Bump org.codehaus.mojo:buildnumber-maven-plugin from 3.2.0 to 3.2.1 by @​dependabhttps://github.com/apache/maven/pull/1699l/1699
• Add PR Automation action by @​slawekjaranowshttps://github.com/apache/maven/pull/2113l/2113
• Bump com.google.guava:failureaccess from 1.0.2 to 1.0.3 by @​dependabhttps://github.com/apache/maven/pull/2167l/2167
• Bump com.google.guava:guava from 33.4.0-jre to 33.4.5-jre by @​dependabhttps://github.com/apache/maven/pull/2168l/2168
• [MNG-8640] Bump org.apache.maven:maven-parent from 43 to 44 by @​dependabhttps://github.com/apache/maven/pull/2163l/2163
• Use Maven 3.9.9 for build maven-3.9.x branch by @​slawekjaranowshttps://github.com/apache/maven/pull/2177l/2177
• [MNG-8248] Add enable-native-access to startup scripts by @​slawekjaranowshttps://github.com/apache/maven/pull/2171l/2171
• [MNG-8661] Bump com.google.guava:guava from 33.4.5-jre to 33.4.6-jre by @​dependabhttps://github.com/apache/maven/pull/2185l/2185
• Use dedicated local repo for ITs on Jenkins by @​slawekjaranowshttps://github.com/apache/maven/pull/2255l/2255
• [MNG-8701] Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 by @​dependabhttps://github.com/apache/maven/pull/2240l/2240
• [MNG-8702] Bump org.codehaus.plexus:plexus-classworlds from 2.8.0 to 2.9.0 by @​dependabhttps://github.com/apache/maven/pull/2241l/2241
• [MNG-8703] Bump commons-io:commons-io from 2.18.0 to 2.19.0 by @​dependabhttps://github.com/apache/maven/pull/2258l/2258
• [MNG-8704] Bump com.google.guava:guava from 33.4.6-jre to 33.4.8-jre by @​dependabhttps://github.com/apache/maven/pull/2264l/2264
• [MNG-8705] Bump commons-jxpath:commons-jxpath from 1.3 to 1.4.0 by @​dependabhttps://github.com/apache/maven/pull/2270l/2270
• [MNG-8706] Bump commons-cli:commons-cli from 1.8.0 to 1.9.0 by @​dependabhttps://github.com/apache/maven/pull/1665l/1665
• [MNG-8715] Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 by @​dependabhttps://github.com/apache/maven/pull/2280l/2280
• [MNG-8707] Add methods to remove compile and test source roots by @​gnodhttps://github.com/apache/maven/pull/2275l/2275
• [MNG-8712] dependency version is a requirement, not effective by @​hboutehttps://github.com/apache/maven/pull/2279l/2279
• [MNG-8717] Remove maven-plugin-plugin:addPluginArtifactMetadata from default binding by @​slawekjaranowshttps://github.com/apache/maven/pull/2295l/2295
• [MNG-8169] Add opens java.base/java.lang=ALL-UNNAMED for MinGW by @​slawekjaranowshttps://github.com/apache/maven/pull/2296l/2296
• [MNG-8722] Use a single standalone version of asm by @​slawekjaranowshttps://github.com/apache/maven/pull/2297l/2297
• [MNG-8716] Bump resolver to 1.9.23 by @​slawekjaranowshttps://github.com/apache/maven/pull/2282l/2282
• [MNG-8731] Use https for xsi:schemaLocation in generated descriptors by @​slawekjaranowshttps://github.com/apache/maven/pull/2343l/2343
• [MNG-8711] Fix concurrent cache access by @​slawekjaranowshttps://github.com/apache/maven/pull/2345l/2345
• Update README.md by @​slawekjaranowshttps://github.com/apache/maven/pull/2353l/2353
• [MNG-8728] Bump Eclipse Sisu from 0.9.0.M3 to 0.9.0.M4 by @​cstamhttps://github.com/apache/maven/pull/2359l/2359
• [MNG-8728] Build ITs on JDK 21, 24 by @​slawekjaranowshttps://github.com/apache/maven/pull/2360l/2360
• [MNG-8734] Make Maven 3.9.10 ignore --raw-streams option by @​cstamhttps://github.com/apache/maven/pull/2361l/2361
• Bump xmlunitVersion from 2.10.0 to 2.10.1 by @​dependabhttps://github.com/apache/maven/pull/2354l/2354
• [MNG-8396] Backport: add cache layer to the filtered dep graph by @​cstamhttps://github.com/apache/maven/pull/2393l/2393
• [MNG-8745] Bump xmlunitVersion from 2.10.1 to 2.10.2 by @​dependabhttps://github.com/apache/maven/pull/2389l/2389

New Contributors

• @​fmarot made their first contributihttps://github.com/apache/maven/pull/1806l/1806

Full Changelog: apache/maven@maven-3.9.9...maven-3.9.10

v3.9.9: 3.9.9

Compare Source

Release Notes - Maven - Version 3.9.9

Bug

• [MNG-8159] - Fix search for topDirectory when using -f / --file for Maven 3.9.x
• [MNG-8165] - Maven does not find extensions for -f when current dir is root
• [MNG-8177] - Warning "&#​39;dependencyManagement.dependencies.dependency.systemPath&#​39; for com.sun:tools:jar refers to a non-existing file C:\Temp\jdk-11.0.23\..\lib\tools.jar"
• [MNG-8178] - Profile activation based on OS properties is broken for "mvn site"
• [MNG-8180] - Resolver will blindly assume it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR
• [MNG-8182] - Missing or mismatching Trusted Checksum for some artifacts is not properly reported
• [MNG-8188] - [REGRESSION] Property not resolved in profile pluginManagement

Task

• [MNG-8206] - Remove Maven 2.1 (v 2.0) compatibility bits

Dependency upgrade

• [MNG-8175] - Resolver 1.9.21
• [MNG-8179] - Upgrade Parent to 43
• [MNG-8193] - Resolver 1.9.22
• [MNG-8198] - (build) Animal Sniffer 1.24
• [MNG-8199] - Hamcrest 3.0

What's Changed

• [MNG-8159] Fix search for topDirectory when using -f / --file by @​gzmhttps://github.com/apache/maven/pull/1589l/1589
• [MNG-7194] Test missing property evaluation by @​pzygiehttps://github.com/apache/maven/pull/1570l/1570
• [3.9.x] [MNG-8175] Update Resolver to 1.9.21 by @​cstamhttps://github.com/apache/maven/pull/1598l/1598
• [MNG-8178] Fall back to system properties for missing profile activation context properties by @​kohlschuetthttps://github.com/apache/maven/pull/1603l/1603
• [MNG-8179] Upgrade Parent to 43 by @​slawekjaranowshttps://github.com/apache/maven/pull/1610l/1610
• [MNG-8180] Fail install/deploy if rogue Maven Plugin metadata found by @​cstamhttps://github.com/apache/maven/pull/1611l/1611
• [3.9.x][MNG-8193] Update to Resolver 1.9.22 by @​cstamhttps://github.com/apache/maven/pull/1627l/1627
• [MNG-8199] Hamcrest 3.0 by @​cstamhttps://github.com/apache/maven/pull/1631l/1631
• [MNG-8182] Resolved errors were created based on collect exceptions by @​cstamhttps://github.com/apache/maven/pull/1632l/1632
• [MNG-8180] Handle NPE due non-existent tags by @​cstamhttps://github.com/apache/maven/pull/1641l/1641
• [MNG-8180] Back out from failing the build by @​cstamhttps://github.com/apache/maven/pull/1642l/1642
• [MNG-8206] Remove bad plugin.xml from maven-compat by @​cstamhttps://github.com/apache/maven/pull/1646l/1646
• [MNG-8177] Add contextual info for model warnings by @​cstamhttps://github.com/apache/maven/pull/1633l/1633
• [MNG-8188] Profile properties are not interpolated by @​cstamhttps://github.com/apache/maven/pull/1634l/1634
• [MNG-8165] Align mvn.sh script with mvn.cmd by @​cstamhttps://github.com/apache/maven/pull/1647l/1647
• [MNG-8165] Get rid of bashism creeped in by @​cstamhttps://github.com/apache/maven/pull/1653l/1653

New Contributors

• @​gzm55 made their first contributihttps://github.com/apache/maven/pull/1589l/1589
• @​kohlschuetter made their first contributihttps://github.com/apache/maven/pull/1603l/1603

Full Changelog: apache/maven@maven-3.9.8...maven-3.9.9

v3.9.8: 3.9.8

Compare Source

Release Notes - Maven - Version 3.9.8

Bug

• [MNG-7758] - o.e.aether.resolution.ArtifactResolutionException incorrectly examined when multiple repositories are involved
• [MNG-8066] - Maven hangs on self-referencing exceptions
• [MNG-8116] - Plugin configuration can randomly fail in case of method overloading as it doesn&#​39;t take into account implementation attribute
• [MNG-8131] - Property replacement in dependency pom no longer works
• [MNG-8135] - Profile activation based on OS properties is no longer case insensitive
• [MNG-8142] - If JDK profile activator gets "invalid" JDK version for whatever reason, it chokes but does not tell why
• [MNG-8147] - Profile interpolation broke their evaluation in case of duplicate IDs

Improvement

• [MNG-7902] - Sort plugins in validation report
• [MNG-8140] - When a model is discarded (by model builder) for whatever reason, show why it happened
• [MNG-8141] - Model Builder should report if not sure about "fully correct" outcome
• [MNG-8150] - Make SimplexTransferListener handle absent source/target files

Task

• [MNG-8146] - Drop use of commons-lang

Dependency upgrade

• [MNG-8136] - Update to Eclipse Sisu 0.9.0.M3
• [MNG-8143] - Update to commons-cli 1.8.0
• [MNG-8144] - Update to Guava 32.2.1-jre
• [MNG-8154] - Upgrade default plugin bindings

---

What's Changed

• Use Maven Wrapper to build by @​slawekjaranowski in #​1553
• [3.9.x] [MNG-8136] Update Eclipse Sisu to 0.9.0.M3 by @​cstamas in #​1547
• [MNG-8135] Profile activation based on OS properties is no longer case insensitive by @​cstamas in #​1561
• [3.9.x] Dependency updates by @​cstamas in #​1560
• [MNG-7902] Sort plugins in the validation report (#​1510) by @​slawekjaranowski in #​1562
• [MNG-8066] Default exception handler does not handle recursion by @​cstamas in #​1558
• [MNG-8142] Hidden bug: JDK profile activator throw NumberFormatEx by @​cstamas in #​1557
• [MNG-8146] Drop commons-lang by @​cstamas in #​1564
• [MNG-8140] Always tell why model was discarded as "invalid" by @​cstamas in #​1555
• [MNG-8141] Model builder should report problems it finds during build by @​cstamas in #​1556
• [MNG-8141][MNG-8147] Restore profile ID invariance but warn if duplicate IDs present by @​cstamas in #​1568
• [MNG-8141] Aftermath, and tidy up by @​cstamas in #​1572
• [MNG-8150] Backport TransferListener improvements for Maven 3.9.x by @​pshevche in #​1576
• [MNG-7758] Report dependency problems for all repository by @​slawekjaranowski in #​1584
• [MNG-8154] Upgrade default plugin bindings by @​slawekjaranowski in #​1586

Full Changelog: apache/maven@maven-3.9.7...maven-3.9.8

v3.9.7: 3.9.7

Compare Source

Release Notes - Maven - Version 3.9.7

Bug

• [MNG-8106] - Maven Metadata corruption if repository directory role overlaps
• [MNG-8121] - NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)

New Feature

• [MNG-5726] - Update OS Activation To Allow Wildcards In OS Version
• [MNG-8030] - Backport: Add ability to ignore dependency repositories: mvn -itr

Improvement

• [MNG-8019] - Streamline update policy of pluginRepository/repository of Maven Central in Super POM
• [MNG-8029] - improve documentation of mirror in settings
• [MNG-8031] - Backport: Make Maven transfer listener used with Resolver more concurrent friendly
• [MNG-8081] - default profile activation should consider available system and user properties
• [MNG-8085] - swtich from png+imagemap to svg
• [MNG-8117] - Improve prerequisite evaluation and plugin version selection logging

Task

• [MNG-7309] - Remove redundant MojoDescriptor parameterMap
• [MNG-8011] - Minimize and make generic the README.txt
• [MNG-8055] - Investigate possible solutions for build number diffs on deploy

Dependency upgrade

• [MNG-8094] - Resolver 1.9.19
• [MNG-8100] - Upgrade default plugin bindings
• [MNG-8101] - Upgrade Parent to 42
• [MNG-8109] - Resolver 1.9.20
• [MNG-8115] - Upgrade minimal set of dependencies
• [MNG-8125] - (build) Bump buildhelper-maven-plugin to 3.6.0 (was 3.4.0)
• [MNG-8126] - Bump logback classic to 1.2.13 (was 1.2.12)
• [MNG-8127] - Bump guava to 33.2.0-jre

---

What's Changed

• [MNG-6776] Inconsistent list of parameters for MojoDescriptor (#​584) by @​michael-o in #​1361
• [MNG-8055] Ability to force build number by @​cstamas in #​1415
• [MNG-8029] improve documentation about mirror settings by @​hboutemy in #​1395
• MNG-8019 streamline central update policy by @​kwin in #​1381
• MNG-5726 (backport for Maven 3.9) by @​kwin in #​1431
• [MNG-4840] document requiredMavenVersion in plugin descriptor by @​hboutemy in #​1444
• [MNG-8085] switch png+imagemap to svg by @​hboutemy in #​1452
• [MNG-4840] fix requiredMavenVersion description #​1444 by @​hboutemy in #​1456
• [MNG-6399] Lift JDK minimum to JDK 8 by @​turbanoff in #​1382
• Update GitHub actions to v4 by @​slawekjaranowski in #​1472
• [MNG-8101] Upgrade Parent to 42 by @​slawekjaranowski in #​1473
• [MNG-8100] Upgrade default plugin bindings by @​slawekjaranowski in #​1474
• [MNG-8031] Backport concurrent friendly transport listener by @​cstamas in #​1471
• [MNG-8030] Backport itr: ignore transitive repositories by @​cstamas in #​1469
• [MNG-8011] Neuter the README by @​cstamas in #​1470
• [MNG-8094] Resolver 1.9.19 by @​cstamas in #​1468
• [3.9.x][MNG-8106] Fix metadata merge by @​cstamas in #​1480
• [3.9.x][MNG-8109] Resolver 1.9.20 by @​cstamas in #​1490
• [MNG-8081] Interpolate available properties during default profile selection (Maven 3.9.x) by @​mbenson in #​1447
• [3.9.x][MNG-8117] Backport to Maven 3.9.x by @​cstamas in #​1505
• [MNG-8115] Upgrade dependencies by @​slachiewicz in #​1496
• [MNG-8121] Fix NPE in metadata merge by @​cstamas in #​1508
• [MNG-8126] Mild updates by @​cstamas in #​1533

New Contributors

• @​turbanoff made their first contribution in #​1382

Full Changelog: apache/maven@maven-3.9.6...maven-3.9.7

v3.9.6: 3.9.6

Compare Source

Release Notes - Maven - Version 3.9.6

Improvement

• [MNG-7939] - Allow to exclude plugins from validation

Dependency upgrade

• [MNG-7913] - Upgrade Sisu version to 0.9.0.M2
• [MNG-7934] - Upgrade Resolver version to 1.9.18
• [MNG-7942] - Upgrade to parent POM 41
• [MNG-7943] - Upgrade default plugin bindings

v3.9.5: 3.9.5

Compare Source

Release Notes - Maven - Version 3.9.5

Bug

• [MNG-7851] - Error message when modelVersion is 4.0 is confusing

Improvement

• [MNG-7875] - colorize transfer messages
• [MNG-7895] - Support ${project.basedir} in file profile activation

Task

• [MNG-7856] - Maven Resolver Provider classes ctor change
• [MNG-7870] - Undeprecate wrongly deprecated repository metadata
• [MNG-7872] - Deprecate org.apache.maven.repository.internal.MavenResolverModule
• [MNG-7874] - maven-resolver-provider: introduce NAME constants.

Dependency upgrade

• [MNG-7859] - Update to Resolver 1.9.16

v3.9.4: 3.9.4

Compare Source

Release Notes - Maven - Version 3.9.4

Bug

• [MNG-7846] - endless loop in DefaultExceptionHandler.getMessage()

Dependency upgrade

• [MNG-7828] - Bump guava from 31.1-jre to 32.0.1-jre
• [MNG-7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box