Bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.5.4

[dependabot]

Bumps org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.5.4.

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

• Name the shutdown hook (#3170) @​cstamas
• Implement fail-fast behavior for JUnit Platform provider (#3155) @​marcphilipp
• Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @​marcphilipp

🐛 Bug Fixes

• [SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @​olamy

👻 Maintenance

• feat: enable prevent branch protection rules (#3168) @​sparsick
• Get rid of plexus-annotations (#3163) @​olamy
• Remove maven-changes-plugin (#861) @​sparsick
• Enable GitHub Issues (#831) @​Bukama

📦 Dependency updates

• Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]
• Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]
• Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]
• Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]
• Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]
• Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

• [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @​slawekjaranowski
• [SUREFIRE-1643] - surefire junit5 parallel tests (#815) @​olamy
• [SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @​elharo

👻 Maintenance

• surefire shared utils version current version (#825) @​olamy
• Update site descriptors (#821) @​slawekjaranowski

... (truncated)

Commits

• 88513d8 [maven-release-plugin] prepare release surefire-3.5.4
• 9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
• 74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
• 6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
• 9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
• fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
• 1e63159 Name the shutdown hook (#3170)
• 76e806a feat: enable prevent branch protection rules (#3168)
• 0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
• 98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
maven/org.apache.maven.plugins:maven-surefire-plugin	3.5.4	🟢 5.8	Details Check Score Reason Code-Review 🟢 7 Found 13/17 approved changesets -- score normalized to 7 Maintained 🟢 10 25 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pom.xml

[cgivre]

@dependabot rebase