Update all non-major dependencies

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
org.mockito:mockito-bom	5.15.2 -> 5.16.0
com.google.oauth-client:google-oauth-client-java6	1.38.0 -> 1.39.0
org.jsoup:jsoup (source)	1.18.3 -> 1.19.1
org.checkerframework:checker-qual (source)	3.49.0 -> 3.49.1
com.google.oauth-client:google-oauth-client	1.38.0 -> 1.39.0
com.google.cloud:google-cloud-datastore	2.26.4 -> 2.27.0
io.grpc:grpc-netty	1.70.0 -> 1.71.0
io.grpc:grpc-protobuf	1.70.0 -> 1.71.0
io.grpc:grpc-api	1.70.0 -> 1.71.0
org.eclipse.jetty.ee10:jetty-ee10-servlet (source)	12.0.16 -> 12.0.17
org.eclipse.jetty:jetty-util (source)	12.0.16 -> 12.0.17
org.eclipse.jetty:jetty-server (source)	12.0.16 -> 12.0.17

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

mockito/mockito (org.mockito:mockito-bom)

v5.16.0

^{Changelog generated by Shipkit Changelog Gradle Plugin}

5.16.0

• 2025-03-03 - 10 commit(s) by Brice Dutheil, Rafael Winterhalter, TDL, dependabot[bot]
• Add support for including module-info in Mockito. (#​3597)
• Bump com.gradle.develocity from 3.19 to 3.19.1 (#​3579)
• Bump org.assertj:assertj-core from 3.27.2 to 3.27.3 (#​3577)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 7.0.1 to 7.0.2 (#​3574)
• Bump com.diffplug.spotless:spotless-plugin-gradle from 6.25.0 to 7.0.1 (#​3571)
• Bump org.assertj:assertj-core from 3.27.1 to 3.27.2 (#​3569)
• Tweaks documentation on mockito agent config for maven (#​3568)
• Adds --info to diagnose closeAndReleaseStagingRepositories issues (#​3567)
• Refine reflection when calling management factory (#​3566)
• Avoid warning when dynamic attach is enabled (#​3551)

googleapis/google-oauth-java-client (com.google.oauth-client:google-oauth-client-java6)

v1.39.0

Compare Source

Features

• Next release from main branch is 1.39.0 (#​1151) (389afaa)
• Next release from main branch is 1.39.0 (#​1153) (5d58567)

Bug Fixes

• Release-please's tagPullRequestNumber (#​1155) (382e823)

jhy/jsoup (org.jsoup:jsoup)

v1.19.1

Changes

• Added support for http/2 requests in Jsoup.connect(), when running on Java 11+, via the Java HttpClient
  implementation. #​2257.
  • In this version of jsoup, the default is to make requests via the HttpUrlConnection implementation: use
    System.setProperty("jsoup.useHttpClient", "true"); to enable making requests via the HttpClient instead ,
    which will enable http/2 support, if available. This will become the default in a later version of jsoup, so now is
    a good time to validate it.
  • If you are repackaging the jsoup jar in your deployment (i.e. creating a shaded- or a fat-jar), make sure to specify
    that as a Multi-Release
    JAR.
  • If the HttpClient impl is not available in your JRE, requests will continue to be made via
    HttpURLConnection (in http/1.1 mode).
• Updated the minimum Android API Level validation from 10 to 21. As with previous jsoup versions, Android
  developers need to enable core library desugaring. The minimum Java version remains Java 8.
  #​2173
• Removed previously deprecated class: org.jsoup.UncheckedIOException (replace with java.io.UncheckedIOException);
  moved previously deprecated method Element Element#forEach(Consumer) to
  void Element#forEach(Consumer()). #​2246
• Deprecated the methods Document#updateMetaCharsetElement(boolean) and Document#updateMetaCharsetElement(), as the
  setting had no effect. When Document#charset(Charset) is called, the document's meta charset or XML encoding
  instruction is always set. #​2247

Improvements

• When cleaning HTML with a Safelist that preserves relative links, the isValid() method will now consider these
  links valid. Additionally, the enforced attribute rel=nofollow will only be added to external links when configured
  in the safelist. #​2245
• Added Element#selectStream(String query) and Element#selectStream(Evaluator) methods, that return a Stream of
  matching elements. Elements are evaluated and returned as they are found, and the stream can be
  terminated early. #​2092
• Element objects now implement Iterable, enabling them to be used in enhanced for loops.
• Added support for fragment parsing from a Reader via
  Parser#parseFragmentInput(Reader, Element, String). #​1177
• Reintroduced CLI executable examples, in jsoup-examples.jar. #​1702
• Optimized performance of selectors like #id .class (and other similar descendant queries) by around 4.6x, by better
  balancing the Ancestor evaluator's cost function in the query
  planner. #​2254
• Removed the legacy parsing rules for <isindex> tags, which would autovivify a form element with labels. This is no
  longer in the spec.
• Added Elements.selectFirst(String cssQuery) and Elements.expectFirst(String cssQuery), to select the first
  matching element from an Elements list. #​2263
• When parsing with the XML parser, XML Declarations and Processing Instructions are directly handled, vs bouncing
  through the HTML parser's bogus comment handler. Serialization for non-doctype declarations no longer end with a
  spurious !. #​2275
• When converting parsed HTML to XML or the W3C DOM, element names containing < are normalized to _ to ensure valid
  XML. For example, <foo<bar> becomes <foo_bar>, as XML does not allow < in element names, but HTML5
  does. #​2276
• Reimplemented the HTML5 Adoption Agency Algorithm to the current spec. This handles mis-nested formating / structural elements. #​2278

Bug Fixes

• If an element has an ; in an attribute name, it could not be converted to a W3C DOM element, and so subsequent XPath
  queries could miss that element. Now, the attribute name is more completely
  normalized. #​2244
• For backwards compatibility, reverted the internal attribute key for doctype names to
  "name". #​2241
• In Connection, skip cookies that have no name, rather than throwing a validation
  exception. #​2242
• When running on JDK 1.8, the error java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()Ljava/nio/ByteBuffer;
  could be thrown when calling Response#body() after parsing from a URL and the buffer size was
  exceeded. #​2250
• For backwards compatibility, allow null InputStream inputs to Jsoup.parse(InputStream stream, ...), by returning
  an empty Document. #​2252
• A template tag containing an li within an open li would be parsed incorrectly, as it was not recognized as a
  "special" tag (which have additional processing rules). Also, added the SVG and MathML namespace tags to the list of
  special tags. #​2258
• A template tag containing a button within an open button would be parsed incorrectly, as the "in button scope"
  check was not aware of the template element. Corrected other instances including MathML and SVG elements,
  also. #​2271
• An :nth-child selector with a negative digit-less step, such as :nth-child(-n+2), would be parsed incorrectly as a
  positive step, and so would not match as expected. #​1147
• Calling doc.charset(charset) on an empty XML document would throw an
  IndexOutOfBoundsException. #​2266
• Fixed a memory leak when reusing a nested StructuralEvaluator (e.g., a selector ancestor chain like A B C) by
  ensuring cache reset calls cascade to inner members. #​2277
• Concurrent calls to doc.clone().append(html) were not supported. When a document was cloned, its Parser was not cloned but was a shallow copy of the original parser. #​2281

googleapis/java-datastore (com.google.cloud:google-cloud-datastore)

v2.27.0

Compare Source

Features

• Next release from main branch is 2.27.0 (#​1781) (d29f47c)

Bug Fixes

• deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (b9b302b)

Dependencies

• Update dependency com.google.cloud:gapic-libraries-bom to v1.53.0 (#​1779) (8369118)

grpc/grpc-java (io.grpc:grpc-netty)

v1.71.0

API Changes

• xds: Enable Xds Client Fallback by default. This allows having a backup xDS server as described in gRFC A71-xds-fallback.md (#​11817) (176f3ee)
• protobuf: Experimental API marshallerWithRecursionLimit in ProtoUtils is now stabilized (#​11884) (90b1c4f)

Bug Fixes

• xds: Cluster weights should be uint32 (199a7ea). They were previously processed as int32, although the sum of weights was checked to be positive. So this would have caused a very large weight to never be selected and to reduce the chances of immediately-following clusters to be selected. There have been no reports of control planes using such large weights
• xds: Fix an unlikely infinite loop triggered by route update (199a7ea). Triggering required the old cluster to no longer be used, an RPC processing when the update arrived, and for a RPC to not match any route in the new config. There have been no reports of this actually happening
• core: Release data frame if it is received before the headers (dc316f7)

Improvements

• Replace jsr305's CheckReturnValue with Error Prone's (#​11811) (7b5d069)
• core: optimize number of buffer allocations for message sizes larger than 1 MB (#​11879) (5a7f350)
• core: Update the retry backoff range from [0, 1] to [0.8, 1.2] as per the A6 redefinition (#​11858) (44e92e2)
• core: include last pick status in status message when wait-for-ready RPC’s deadline expires (#​11851) (7585b16). This makes it much easier to debug connectivity issues when using wait-for-ready RPCs
• xds: Include max concurrent request limit in the error status for concurrent connections limit exceeded (#​11845) (0f5503e)
• netty, servlet: Remove 4096 min write buffer size because MessageFramer.flush() is being called between every message, so messages are never combined and the larger allocation just wastes memory. (4a10a38, 7153ff8)
• core: When ClientStreamObserver closes the response observer log the error message if this operation fails (#​11880) (302342c)
• bom: use gradle java-platform to build pom instead of custom xml generation (#​11875) (3142928)
• xds: Reuse filter interceptors on client-side across RPCs (c506190, b3db8c2). This was an internal refactor that should have no user-visible change
• alts: Enhance AltsContextUtil to allow getting the AltsContext on client-side (b1bc0a9)
• xds: Envoy proto sync to 2024-11-11 (#​11816) (b44ebce)

Documentation

• examples: Update HelloWorldServer to use Executor (#​11850) (16edf7a)
• examples: Add README for all examples lacking it (#​11676) (9e86299)

Dependencies

• Version upgrades (#​11874) (fc8571a)
• Upgrade netty-tcnative to 2.0.70 (122b683)

Thanks to

@​benjamin
@​panchenko
@​harshagoo94
@​NaveenPrasannaV

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.