chore(deps): bump org.assertj:assertj-core from 3.27.6 to 3.27.7

[dependabot]

Bumps org.assertj:assertj-core from 3.27.6 to 3.27.7.

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: maven. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Qodana for JVM

45 new problems were found

Inspection name	Severity	Problems
Vulnerable declared dependency	🔶 Warning	6
Comparison of 'short' and 'char' values	🔶 Warning	2
Pointless arithmetic expression	🔶 Warning	2
AutoCloseable used without 'try'-with-resources	🔶 Warning	1
Injection point with ambiguous dependencies	🔶 Warning	1
Result of method call ignored	🔶 Warning	1
Unnecessary 'null' check before method call	🔶 Warning	1
Wrapper type may be primitive	🔶 Warning	1
Non-distinguishable logging calls	◽️ Notice	23
Vulnerable declared dependency	◽️ Notice	7

☁️ View the detailed Qodana report

Detected 144 dependencies

Third-party software list

This page lists the third-party software dependencies used in project

Dependency	Version	Licenses
aesh	2.8.2	Apache-2.0
annotations	26.0.2-1	Apache-2.0
arc-processor	3.30.6	Apache-2.0
arc	3.30.6	Apache-2.0
asm-analysis	9.9	BSD-3-Clause
asm-commons	9.9	BSD-3-Clause
asm-tree	9.9	BSD-3-Clause
asm-util	9.9	BSD-3-Clause
asm	9.9	BSD-3-Clause
bcprov-lts8on	2.73.9	MIT
byte-buddy	1.18.2	Apache-2.0
cache-api	1.1.1	Apache-2.0
commons-codec	1.20.0	Apache-2.0
commons-compress	1.28.0	Apache-2.0
commons-io	2.21.0	Apache-2.0
commons-logging-jboss-logging	1.0.0.final	Apache-2.0
commons-logging	1.3.5	Apache-2.0
crac	1.5.0	BSD-2-Clause
fastutil	6.5.11	Apache-2.0
gizmo	1.9.0	Apache-2.0
gizmo2	2.0.0.beta10	Apache-2.0
hazelcast	5.2.5	MIT
hdrhistogram	2.2.2	BSD-2-Clause
hll	1.6.0	Apache-2.0
jackson-annotations	2.20	Apache-2.0
jackson-core	2.20.1	Apache-2.0
jackson-databind	2.20.1	Apache-2.0
jakarta.annotation-api	2.1.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.annotation-api	3.0.0	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.el-api	6.0.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.enterprise.cdi-api	4.1.0	Apache-2.0
jakarta.enterprise.lang-model	4.1.0	Apache-2.0
jakarta.inject-api	2.0.1	Apache-2.0
jakarta.interceptor-api	2.2.0	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.json-api	2.1.3	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jakarta.transaction-api	2.0.1	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
jandex-gizmo2	3.5.2	Apache-2.0
jandex	3.5.2	Apache-2.0
jansi	2.4.0	Apache-2.0
jboss-logging	3.6.1.final	Apache-2.0
jboss-logmanager	3.1.2.final	Apache-2.0
jboss-threads	3.9.2	Apache-2.0
jctools-core	4.0.5	Apache-2.0
jdk-classfile-backport	25.1	GPL-2.0-only
jnats	2.25.1	Apache-2.0
jodd-util	6.3.0	BSD-2-Clause
jspecify	1.0.0	Apache-2.0
jul-to-slf4j	2.0.17	MIT
kafka-clients	4.1.1	Apache-2.0
kryo	5.6.2	BSD-3-Clause
latencyutils	2.0.3	CC0-1.0
log4j-api	2.25.3	Apache-2.0
log4j-to-slf4j	2.25.3	Apache-2.0
lz4-java	1.10.3	Apache-2.0
micrometer-commons	1.16.1	Apache-2.0
micrometer-core	1.16.1	Apache-2.0
micrometer-observation	1.16.1	Apache-2.0
micrometer-registry-datadog	1.16.1	Apache-2.0
micrometer-registry-influx	1.16.1	Apache-2.0
micrometer-registry-new-relic	1.16.1	Apache-2.0
micrometer-registry-otlp	1.16.1	Apache-2.0
micrometer-registry-prometheus	1.16.1	Apache-2.0
micronaut-aop	4.10.2	Apache-2.0
micronaut-context-propagation	4.10.2	Apache-2.0
micronaut-context	4.10.2	Apache-2.0
micronaut-core-reactive	4.10.2	Apache-2.0
micronaut-core	4.10.2	Apache-2.0
micronaut-discovery-core	4.10.2	Apache-2.0
micronaut-http-server	4.10.2	Apache-2.0
micronaut-http	4.10.2	Apache-2.0
micronaut-inject	4.10.2	Apache-2.0
micronaut-retry	4.10.2	Apache-2.0
micronaut-router	4.10.2	Apache-2.0
micronaut-runtime	4.10.2	Apache-2.0
microprofile-config-api	3.1	Apache-2.0
microprofile-context-propagation-api	1.3	Apache-2.0
minlog	1.3.1	BSD-3-Clause
mutiny	3.1.0	Apache-2.0
nativeimage	23.1.2	UPL-1.0
netty-common	4.2.9.final	Apache-2.0
opentelemetry-proto	1.8.0-alpha	Apache-2.0
parsson	1.1.7	Classpath-exception-2.0 EPL-2.0 GPL-2.0-only
prometheus-metrics-config	1.4.3	Apache-2.0
prometheus-metrics-core	1.4.3	Apache-2.0
prometheus-metrics-exposition-formats	1.4.3	Apache-2.0
prometheus-metrics-exposition-textformats	1.4.3	Apache-2.0
prometheus-metrics-model	1.4.3	Apache-2.0
prometheus-metrics-tracer-common	1.4.3	Apache-2.0
protobuf-java	4.32.0	BSD-3-Clause
quarkus-arc-deployment	3.30.6	Apache-2.0
quarkus-arc-dev	3.30.6	Apache-2.0
quarkus-arc	3.30.6	Apache-2.0
quarkus-bootstrap-app-model	3.30.6	Apache-2.0
quarkus-bootstrap-core	3.30.6	Apache-2.0
quarkus-bootstrap-runner	3.30.6	Apache-2.0
quarkus-builder	3.30.6	Apache-2.0
quarkus-class-change-agent	3.30.6	Apache-2.0
quarkus-classloader-commons	3.30.6	Apache-2.0
quarkus-core-deployment	3.30.6	Apache-2.0
quarkus-core	3.30.6	Apache-2.0
quarkus-development-mode-spi	3.30.6	Apache-2.0
quarkus-devui-deployment-spi	3.30.6	Apache-2.0
quarkus-fs-util	1.2.0	Apache-2.0
quarkus-hibernate-validator-spi	3.30.6	Apache-2.0
quarkus-ide-launcher	3.30.6	Apache-2.0
quarkus-smallrye-context-propagation-spi	3.30.6	Apache-2.0
reactive-streams	1.0.4	MIT-0
reactor-core	3.6.2	Apache-2.0
reactor-core	3.7.9	Apache-2.0
readline	2.6	Apache-2.0
redisson	4.1.0	Apache-2.0
reflectasm	1.11.9	BSD-3-Clause
rxjava	3.1.8	Apache-2.0
slf4j-api	2.0.17	MIT
slf4j-jboss-logmanager	2.0.2.final	Apache-2.0
smallrye-common-annotation	2.14.0	Apache-2.0
smallrye-common-classloader	2.14.0	Apache-2.0
smallrye-common-constraint	2.14.0	Apache-2.0
smallrye-common-cpu	2.14.0	Apache-2.0
smallrye-common-expression	2.14.0	Apache-2.0
smallrye-common-function	2.14.0	Apache-2.0
smallrye-common-io	2.14.0	Apache-2.0
smallrye-common-net	2.14.0	Apache-2.0
smallrye-common-os	2.14.0	Apache-2.0
smallrye-common-process	2.14.0	Apache-2.0
smallrye-common-ref	2.14.0	Apache-2.0
smallrye-common-resource	2.14.0	Apache-2.0
smallrye-config-common	3.14.1	Apache-2.0
smallrye-config-core	3.14.1	Apache-2.0
smallrye-config	3.14.1	Apache-2.0
snakeyaml	2.5	Apache-2.0
snappy-java	1.1.10.7	Apache-2.0
spring-aop	7.0.2	Apache-2.0
spring-beans	7.0.2	Apache-2.0
spring-boot-autoconfigure	4.0.1	Apache-2.0
spring-boot-starter-logging	4.0.1	Apache-2.0
spring-boot-starter	4.0.1	Apache-2.0
spring-boot	4.0.1	Apache-2.0
spring-context	7.0.2	Apache-2.0
spring-core	7.0.2	Apache-2.0
spring-expression	7.0.2	Apache-2.0
wildfly-common	2.0.1	Apache-2.0
word	23.1.2	UPL-1.0
zstd-jni	1.5.6-10	BSD-2-Clause

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions