build(deps): bump org.checkerframework:checker-qual from 3.53.0 to 3.53.1

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps org.checkerframework:checker-qual from 3.53.0 to 3.53.1.

Release notes

Sourced from org.checkerframework:checker-qual's releases.

Checker Framework 3.53.1

Version 3.53.1 (2026-02-02)

Closed issues

#4858, #6141, #6620, #7360, #7388.

Changelog

Sourced from org.checkerframework:checker-qual's changelog.

Version 3.53.1 (2026-02-02)

Closed issues

#4858, #6141, #6620, #7360, #7388.

Commits

• ef993ae new release 3.53.1
• c712fad Update release number.
• 18c01fc Prep for release.
• f8d4d55 Release script corrections
• 37845c8 Rename Shrinkable to CanShrink, to accommodate a future checker
• 77d27e7 Update cimg/base Docker tag to v2026.02 (#7470)
• e096e0d Update URLs
• 971a3f7 Use https URLs rather than http URLs
• c62acd1 Update Gradle to v9.3.1 (#7464)
• ce0eaa8 Add link to project list
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 1b43cdc.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

jms-broker/pom.xml

Package	Version	License	Issue Type
org.checkerframework:checker-qual	3.53.1	Null	Unknown License

service.data.impl/pom.xml

Package	Version	License	Issue Type
org.checkerframework:checker-qual	3.53.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.checkerframework:checker-qual	3.53.1	🟢 3.5	Details Check Score Reason Code-Review 🟢 3 Found 8/23 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts ⚠️ -1 internal error: failure checking for Gradle wrapper validating Action: failure listing workflow runs: internal error: ListWorkflowRunsByFileName: GET https://api.github.com/repos/typetools/checker-framework/actions/workflows/gradle-wrapper-validation.yml-DISABLED/runs?status=success: 404 Not Found [] Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
maven/org.checkerframework:checker-qual	3.53.1	🟢 3.5	Details Check Score Reason Code-Review 🟢 3 Found 8/23 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ -1 No tokens found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts ⚠️ -1 internal error: failure checking for Gradle wrapper validating Action: failure listing workflow runs: internal error: ListWorkflowRunsByFileName: GET https://api.github.com/repos/typetools/checker-framework/actions/workflows/gradle-wrapper-validation.yml-DISABLED/runs?status=success: 404 Not Found [] Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Files

• jms-broker/pom.xml
• service.data.impl/pom.xml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud