chore(deps): update binary tool pins

[renovate]

This PR contains the following updates:

Package	Update	Change
PHP-CS-Fixer/PHP-CS-Fixer	patch	3.95.2 → 3.95.3
checkstyle/checkstyle	minor	13.4.2 → 13.5.0
phpstan/phpstan	minor	2.1.56 → 2.2.1
pmd/pmd	minor	7.24.0 → 7.25.0

---

Release Notes

PHP-CS-Fixer/PHP-CS-Fixer (PHP-CS-Fixer/PHP-CS-Fixer)

v3.95.3

Compare Source

• fix: MultilinePromotedPropertiesFixer - fix for new in initializers (#​9619)
• fix: PhpdocLineSpanFixer - run after NoSuperfluousPhpdocTagsFixer (#​9615)
• CI: add generic phpstan/phpstan-deprecation-rules, so usage of old deprecated constants is detected (#​9636)
• CI: replace PHP 8.6snapshot with nightly in matrix (#​9628)
• deps: bump crate-ci/typos from 1.46.0 to 1.46.1 in /.github/workflows in the all group across 1 directory (#​9624)
• deps: bump crate-ci/typos from 1.46.1 to 1.46.2 in /.github/workflows in the all group across 1 directory (#​9631)
• deps: bump ergebnis/composer-normalize from 2.51.0 to 2.52.0 in /dev-tools (#​9627)
• deps: bump the phpstan group in /dev-tools with 2 updates (#​9626)
• deps: upgrade misc deps (#​9621)
• refactor: AttributeBlockNoSpacesFixer - no need for loop when we already know bracket indices (#​9446)

checkstyle/checkstyle (checkstyle/checkstyle)

v13.5.0

Compare Source

Checkstyle 13.5.0 - https://checkstyle.org/releasenotes.html#Release_13.5.0

New:

#​19496 - AvoidStarImport: new property maxAllowedStarImports to allow atmost one star import in a file.
#​14782 - LITERAL_DEFAULT token support in RightCurlyCheck.
#​15484 - New Check UnusedTryResourceShouldBeUnnamed.

Bug fixes:

#​17697 - Google style: Disallow comments enclosed in boxes.
#​19641 - Add checks for OpenJDK Style §3.10 - Variable Declarations.
#​19640 - Add checks for OpenJDK Style §4.1 - Package Names.
#​18227 - Extend TextBlockGoogleStyleFormatting to check indentation of each line in the blocks.
#​19770 - JavadocTypeCheck incorrectly matches record component @param tags using prefix instead of exact match.
#​17052 - Add support for flexible constructor bodies (JEP 513) targeted for JDK25.
#​17464 - RequireThis false positive inside annotation definition.
#​19623 - Add checks for OpenJDK Style §3.3 - Import statements.
#​17203 - PatternVariableAssignment check false negative when pattern variable extends beyond the statement of introduction.
#​19716 - False Negative: SimplifyBooleanExpression does not report with paranthesized boolean literals in ternary operators.
#​19617 - Add checks for OpenJDK Style §2 - Java Source Files.
#​17253 - Google-style: Illegal to break the line before or after the lambda arrow.
#​19149 - update MissingJavadocTypeCheck to use AST of javadoc.
#​2629 - IndentationCheck: incorrect validation for class definition.
#​5685 - Indentation: false positive for try child on the same line.
#​11822 - RequireThisCheck giving multiple violation for classes nested in lambdas.
#​19622 - Add checks for OpenJDK Style §3.2 - Package declaration.

Other Changes:

Confused supression of Indentation in google_checks.
Remove chapter numbers from Doc Comments Coverage Page.
Fix xdocs Examples AST Consistency Test (Reduce suppressions list).
Move violation comments out of Javadoc for all input files.
`Regexp` check for unnecessary `// ok` comments is configured under `TreeWalker`.
google_style.xml: support multiple config links per rule entry in XdocsPagesTest.
missing description of blue-tick checks at google style coverage page.
False Negative: FinalLocalVariableCheck does not report for variables assigned in adjacent catches.
Cached page of Documentation style guide should be open in mobile browser in easy to read rendering.
Documentation Comments Style Guide - Images in HTML Destination.
Documentation Comments Style Guide - `@`author.
AbbreviationAsWordInName doc should have horizontal line after above example description.
Remove Chapter number from openjdk_checks.xml file.
resolve Qodana inspections in Javadoc and test utilities.
NoClassDefFound Exception during compilation on jdk25.
review suppresions of org.openrewrite.staticanalysis.CodeCleanup.
Website warnings in maven output: Anchor name used more than once.
Add Oracle Doc Comments Style Guide coverage infrastructure.
Improve design of PropertiesMacros.
inner lambdas right curly idented too much on left to much same ident as wrapper statement.
Move violation comments above of annotated methods.
Violate all inlined violations that are placed in between method singature and annoation or javadoc.
Resolve CheckerFramework violations.
Trigger linkcheck by Github comment.
Organize openrewrite staticanalysis composite recipes by groups as it is done on openrewrite website.
Test extension: Variables `&` Patterns Syntax: Indentation.
Error in bash method does not stop execution of whole command.
Parsing problem detected by CI at jdk25/test/jdk/jdk/jfr/event/tracing/TestConstructors.java.
Remove UnmodifiableCollectionUtil and use pitest funmodifiablecollection feature.

phpstan/phpstan (phpstan/phpstan)

v2.2.1

Compare Source

Improvements 🔧

• Do not require specifying unsealed extra value type after ... on level 6+ (phpstan/phpstan-src@6ae7aa2)

Bugfixes 🐛

• Do not unpack unsealed array when expanding arguments in FunctionCallParametersCheck (phpstan/phpstan-src@7da57c9), #​14715
• Fix constants allowed in parameters for multi-variant functions (phpstan/phpstan-src@4a57953), #​14719

Function signature fixes 🤖

• Allow FILTER_VALIDATE_BOOL as a valid constant for filter_var and filter_input (#​5778), thanks @​aprat84!
• Add RoundingMode enum cases as valid constants of round() (phpstan/phpstan-src@53fe519), #​14716
• Fix Collator::setAttribute() allowed constants (phpstan/phpstan-src@f1a3110), #​14720

v2.2.0

Compare Source

Dive into details about this release on PHPStan's blog: PHPStan 2.2: Unsealed Array Shapes, Safer Array Keys, and More!. It explains all the changes and the motivation behind them.

Major new features 🚀

• Unsealed array shapes (#​5501), #​13565, #​8438, #​11494, #​12110, #​14032
• New types: decimal-int-string and non-decimal-int-string (#​5279)
• New config parameter: reportUnsafeArrayStringKeyCasting
• Check constants in parameters (#​5256), #​12850
  • New error identifiers:
    • argument.exclusiveConstants
    • argument.invalidConstant
    • argument.bitmaskNotAllowed
• Detect named arguments whose parameters are renamed in subtypes (phpstan/phpstan-src@4c1a2b9), #​7434, #​5279
  • New error identifier argument.parameterRenamedInSubtype

Bleeding edge 🔪

• Sealed array shapes are truly sealed
  • Array shape like array{a: int, b: string} does not allow for extra keys and does not accept general arrays

If you want to see the shape of things to come and adopt bleeding edge features early, you can include this config file in your project's phpstan.neon:

includes:
	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

Of course, there are no backwards compatibility guarantees when you include this file. The behaviour and reported errors can change in minor versions with this file included. Learn more

Improvements 🔧

• Allow custom rules to emit collector data for CollectedDataNode with CollectedDataEmitter (#​5261)
• Reduced false positives about constant conditions in traits (#​5309), #​13023, #​7599, #​13474, #​13687, #​12798, #​11949, #​12267, #​9515, #​4570, #​4121, #​8060, #​10353

Bugfixes 🐛

• Narrow division to int when modulo is known to be zero (#​5757), #​9724, thanks @​VincentLanglet and @​staabm!
• Do not normalize union types in tryRemove to preserve finite type combinations (#​5744), #​10128, #​11453, thanks @​VincentLanglet and @​staabm!
• Prevent infinite recursion in AttributeReflectionFactory when an attribute references itself on its constructor (#​5773), #​14707

Internals 🔍

• Refactor TypeSpecifier (#​5772), thanks @​VincentLanglet!
• Simplify InitializerExprTypeResolver api-surface (#​5767), thanks @​staabm!
• Cleanup ArrayType::tryRemove() (#​5766), thanks @​staabm!

pmd/pmd (pmd/pmd)

v7.25.0: PMD 7.25.0 (29-May-2026)

Compare Source

29-May-2026 - 7.25.0

The PMD team is pleased to announce PMD 7.25.0.

This is a minor release.

Table Of Contents

• 🚀️ New and noteworthy
  • Updated ANTLR library to 4.13.2
• 🌟️ New and Changed Rules
  • New Rules
  • Changed Rules
  • Renamed rules and properties
• 🐛️ Fixed Issues
• 🚨️ API Changes
  • Deprecations
  • Experimental API
• ✨️ Merged pull requests
• 📦️ Dependency updates
• 📈️ Stats

🚀️ New and noteworthy

Updated ANTLR library to 4.13.2

We have updated the ANTLR library (parser generator) from 4.9.3 to the latest version 4.13.2,
in order to be able to use the latest version of Apex parser library.

This is an incompatible update: In case you use custom language modules based on ANTLR, you
need to make sure to regenerate all of your lexers and parsers with the new ANTLR version.

For the ANTLR based language modules, that PMD ships (kotlin and swift and various CPD modules),
this is already done.

🌟️ New and Changed Rules

New Rules

• The new Java rule JUnitJupiterTestNoPrivateModifier find JUnit test classes and
  methods that are private. Test classes, test methods, and lifecycle methods are not required to be public,
  but they must not be private. Otherwise, they won’t be found by the test framework.
• The new Java rule UnnecessaryBlock reports blocks that are unnecessary as
  they don't introduce a new scope. This rule helps simplify code structure by identifying and flagging
  redundant blocks that can make code harder to read and may be misleading.
• The new Java rule VariableDeclarationUsageDistance flags local variables that are declared
  far from their usage, which can make code harder to read. The rule has a property maxDistance that allows to
  configure the maximum allowed distance between declaration and usage.
• The new Java rule AssertStatementInTest detects usages of assert statement in tests.
  These should be replaced by framework assertion methods such as assertEquals.
  Such methods provide better error messages and make test behave correctly when running without -ea.

Changed Rules

• The rule OnlyOneReturn has a new property allowGuardIfs. When this property is
  true, then guard ifs at the beginning of a method are allowed their return statements don't count.
• The rules UseUtilityClass and ClassNamingConventions now use the
  same definition of what a utility class is. The most significant change is, that classes with main() methods are
  no longer considered utility classes by UseUtilityClass.
• We are continuously working to improve the precision of violation reporting for various rules.
  The goal is to ensure that rules report issues on the correct line and highlight only the relevant lines.
  For example, instead of flagging an entire class declaration (including its body), we now generally report only
  the class name. For more details, see [java] Single Line Warnings #​730
  and [java] Review reported locations of rules #​3769. While this effort
  is still ongoing, the following Java rules have been updated in this release:
  • AbstractClassWithoutAbstractMethod
  • AbstractClassWithoutAnyMethod
  • AtLeastOneConstructor
  • AvoidDollarSigns
  • AvoidCatchingGenericException
  • AvoidSynchronizedStatement (now reports only on synchronized keyword and not the whole synchronized block)
  • ClassNamingConventions
  • ClassWithOnlyPrivateConstructorsShouldBeFinal
  • CommentDefaultAccessModifier
  • CommentRequired
  • CouplingBetweenObjects (now reports only on class identifier and not whole compilation unit anymore)
  • CyclomaticComplexity
  • DataClass
  • ExcessiveImports (now reports only on imports and not the whole compilation unit anymore)
  • ExcessiveParameterList
  • ExcessivePublicCount
  • ExhaustiveSwitchHasDefault (now reports only on switch keyword and not the whole switch block)
  • GodClass
  • ImplicitFunctionalInterface
  • JUnit5TestShouldBePackagePrivate
  • LocalHomeNamingConvention
  • LocalInterfaceSessionNamingConvention
  • MissingSerialVersionUID
  • MissingStaticMethodInNonInstantiatableClass
  • NcssCount
  • NonExhaustiveSwitch (now reports only on switch keyword and not the whole switch block)
  • NoPackage
  • PublicMemberInNonPublicType
  • ShortClassName
  • SingleMethodSingleton
  • SwitchDensity (now reports only on switch keyword and not the whole switch block)
  • TestClassWithoutTestCases
  • TooFewBranchesForSwitch (now reports only on switch keyword and not the whole switch block)
  • TooManyFields (now reports only on class identifier and not the whole class body anymore)
  • TooManyMethods (now reports only on class identifier and not the whole class body anymore)
  • TooManyStaticImports (now reports only on the first static import and not the whole compilation unit anymore)
  • UnnecessaryModifier
  • UseUtilityClass

Renamed rules and properties

• One rule and one property have been renamed to reflect the fact that they work for both JUnit 5 and 6:
  • The rule JUnitJupiterTestShouldBePackagePrivate (Java Best Practices) was renamed from JUnit5TestShouldBePackagePrivate.
  • The property junitJupiterTestPattern of rule MethodNamingConventions (Java Code Style) was renamed from junit5TestPattern.

The old names still work but are deprecated.

🐛️ Fixed Issues

• core
  • #​4972: [core] Update ANTLR to 4.13.2
  • #​6308: [core] CPD Markdown format: Add syntax highlighting
• doc
  • #​6708: [doc] Update minimal Java version for building PMD in documentation
• java
  • #​1102: [java] Improve consistency of utility class detection across rules
  • #​5721: [java] StackOverflowError in 7.17.0 with nested wildcard generics
  • #​5746: [java] Separate test sources and resources
  • #​6688: [java] LocalVariableCouldBeFinalRule API changed
  • #​6704: [java] Rename rules and properties with JUnit5 in the name
• java-bestpractices
  • #​3212: [java] Enhance UseStandardCharsets to flag some constructors of IO-related classes
  • #​3777: [java] New rule: AssertStatementInTest
  • #​5477: [java] JUnit5TestShouldBePackagePrivate is not applied when @​Test method is only present in parent class
  • #​6606: [java] UnusedPrivateField: False positive on JUnit Jupiter @​FieldSource
  • #​6681: [java] UnitTestShouldIncludeAssert: False positive with JUnitSoftAssertions Rule (JUnit 4)
  • #​6710: [java] UseStandardCharsets: False negative when using lowercase standard charset names
  • #​6719: [java] UseStandardCharsets: False negative with Java 22+ and UTF-32 charsets
• java-codestyle
  • #​2801: [java] OnlyOneReturn should have a property to allow early exits (guard clauses)
  • #​4350: [java] ClassNamingConventions: testClassPattern not applied to class that inherits all its @​Test methods
  • #​6427: [java] UnnecessaryCast: False positive for long cast before bit-shift operations on int/byte
  • #​6602: [java] LocalVariableCouldBeFinal: False negative when multiple variables are declared at once
  • #​6622: [java] New rule: UnnecessaryBlock
  • #​6640: [java] New rule: VariableDeclarationUsageDistance
• java-design
  • #​559: [java] UseUtilityClass: False negative for constant only classes
• java-errorprone
  • #​3288: [java] New Rule: JUnit5TestNoPrivateModifier
  • #​4288: [java] Document that CallSuperFirst/CallSuperLast are Android specific
  • #​6163: [java] ConstructorCallsOverridableMethod: False positive when method is from enclosing class
  • #​6517: [java] UselessPureMethodCall: False negative for methods on IntStream/LongStream/DoubleStream
  • #​6652: [java] AvoidInstanceofChecksInCatchClause: false negative when pattern-matching instanceof
  • #​6712: [java] UnnecessaryBooleanAssertion: Use InvocationMatcher to find assertions
• java-multithreading
  • #​6520: [java] DoNotUseThreads: False positive on legitimate java.lang.Thread.onSpinWait() call
  • #​6636: [java] OverridingThreadRun: Fix false negatives with other methods and anonymous classes
• kotlin
  • #​6608: [kotlin] Lexer or parse errors are reported to stderr only without file context
  • #​6648: [kotlin] Multi-dollar interpolation parse error in annotations
  • #​6659: [kotlin] Parser hangs on complex files due to unbounded ATN prediction loop
  • #​6669: [kotlin] Add AST improvements, KotlinAstUtil

🚨️ API Changes

Deprecations

• java
  • FieldDeclarationsShouldBeAtStartOfClassRule#visit is an implementation detail of FieldDeclarationsShouldBeAtStartOfClassRule. It will be removed in a later release.
  • CyclomaticComplexityRule#visitTypeDecl is an implementation detail of CyclomaticComplexityRule. It will be removed in a later release.
  • SwitchDensityRule#visitSwitchLike is an implementation detail of SwitchDensityRule. It will be removed in a later release.
• kotlin
  • The constructor PmdKotlinParser#PmdKotlinParser has been deprecated.
    Use KotlinLanguageModule#getInstance, createProcessor, services and getParser instead
    to retrieve a correctly configured parser instance.
  • The constructor KotlinHandler#KotlinHandler has been deprecated.
    Use getInstance, createProcessor and services instead to access the LanguageVersionHandler
    for Kotlin.
  • The methods KotlinInnerNode#getImage and KotlinInnerNode#hasImageEqualTo have been deprecated.
    They have not been used yet in Kotlin and the long-term plan is to remove these methods on each node.
    Concrete nodes (subclasses of KotlinInnerNode) should provide a more specific attribute like
    "getName" or "getIdentifier" instead and not rely on "getImage".
    The same deprecation has been done for KotlinTerminalNode.
    See #​4787 for more information.

Experimental API

• kotlin
  • KotlinLanguageProperties#PARSE_TIMEOUT_SECONDS
  • KotlinLanguageProperties#getParseTimeoutSeconds
  • Multiple classes have been added that provide an experimental way to add custom attributes to nodes:
    • AttributeView
    • KtClassDeclarationAttributes
    • KtClassParameterAttributes
    • KtCompanionObjectAttributes
    • KtFunctionDeclarationAttributes
    • KtImportAliasAttributes
    • KtImportHeaderAttributes
    • KtVariableDeclarationAttributes
    • HasModifiers
    • HasSimpleIdentifier
  • Attributes can be accessed on each node in Java-based rules via KotlinInnerNode#attributes.
    The attributes are also automatically exposed for XPath rules.

✨️ Merged pull requests

• #​6084: [java] Shrink reported locations for some rules - Sören Glimm (@​UncleOwen)
• #​6522: [java] Fix #​6520: DoNotUseThreads: fix false positive on Thread.onSpinWait() - leemeii (@​leemeii)
• #​6524: [java] Fix #​6517: UselessPureMethodCall: fix false negative for primitive streams - leemeii (@​leemeii)
• #​6553: [java] Fix StackOverflowError in TypeOps projection of cyclic captured type vars - Sebastian Lövdahl (@​slovdahl)
• #​6557: [java] New rule: AssertStatementInTest - Zbynek Konecny (@​zbynek)
• #​6561: [java] Fix #​6163: ConstructorCallsOverridableMethod: False positive with call to enclosing class - Lukas Gräf (@​lukasgraef)
• #​6573: [java] Fix #​6427: Add bitwise and/or/xor to BINARY_PROMOTED_OPS - Sören Glimm (@​UncleOwen)
• #​6587: [java] Fix #​2801: Add a property to OnlyOneReturnRule to allow guard ifs - Sören Glimm (@​UncleOwen)
• #​6597: [java] Fix #​3212: Enhance UseStandardCharsets - Sören Glimm (@​UncleOwen)
• #​6601: [java] Fix #​4288: Document that CallSuperFirst and CallSuperLast are android only - Sören Glimm (@​UncleOwen)
• #​6603: [java] Fix #​6602: Fix false negative in LocalVariableCouldBeFinalRule - Sören Glimm (@​UncleOwen)
• #​6604: [java] Fix #​3288: New rule JUnit5TestNoPrivateModifierRule - Sören Glimm (@​UncleOwen)
• #​6605: [java] Fix #​6308: Add syntax highlighting to MarkdownRenderer - Sören Glimm (@​UncleOwen)
• #​6619: [java] Fix #​5746: Separate test sources and resources - Sören Glimm (@​UncleOwen)
• #​6623: [java] Cleanup: Remove TODO from ModifierOwner.getVisibility() - Sören Glimm (@​UncleOwen)
• #​6636: [java] OverridingThreadRun: Fix false negatives with other methods and anonymous classes - Zbynek Konecny (@​zbynek)
• #​6638: [java] Fix #​559: Improve UseUtilityClassRule to trigger also on static members - Sören Glimm (@​UncleOwen)
• #​6639: [java] New rule: UnnecessaryBlock - Sören Glimm (@​UncleOwen)
• #​6640: [java] New rule: VariableDeclarationUsageDistance - Zbynek Konecny (@​zbynek)
• #​6646: [test] Split up AbstractRuleSetFactoryTest.testAllPMDBuiltInRulesMeetConventions() - Sören Glimm (@​UncleOwen)
• #​6650: [kotlin] Fix #​6608: Improve kotlin parser error handling - Peter Paul Bakker (@​stokpop)
• #​6653: [kotlin] Fix #​6648: Multi-dollar interpolation for regular strings - Peter Paul Bakker (@​stokpop)
• #​6654: [swift] Fix invalid swift token OSXApplicationExtension - Andreas Dangel (@​adangel)
• #​6657: [java] AvoidSynchronizedStatement: Improve rule doc - Andreas Dangel (@​adangel)
• #​6658: [doc] Fix capitalization of ANTLR in release notes - Zbynek Konecny (@​zbynek)
• #​6660: [kotlin] Fix #​6659: Prevent parser hang via InterruptibleParserATNSimulator and parse timeout - Peter Paul Bakker (@​stokpop)
• #​6661: [java] Fix #​6652: Support new-style instanceof (with pattern matching) in AvoidInstanceofChecksInCatchClause - Sören Glimm (@​UncleOwen)
• #​6670: [kotlin] Add AST improvements, KotlinAstUtil - Peter Paul Bakker (@​stokpop)
• #​6671: [java] Part of #​4841: Deprecate unnecessary public methods in FieldDeclarationsShouldBeAtStartOfClassRule/CyclomaticComplexityRule/SwitchDensityRule - Sören Glimm (@​UncleOwen)
• #​6679: [chore] Fix typos in comments and documentation - Zbynek Konecny (@​zbynek)
• #​6680: [java] Fix #​5477: JUnit5TestShouldBePackagePrivate is not applied when @​Test method is only present in parent class - Sören Glimm (@​UncleOwen)
• #​6683: Fix duplicated "the" in Java and Visualforce comments - vip892766gma (@​vip892766gma)
• #​6686: [java] False positive for UnusedPrivateField referenced by @​FieldSource - Zbynek Konecny (@​zbynek)
• #​6687: LocalVariableCouldBeFinalRule: Revert API change - Sören Glimm (@​UncleOwen)
• #​6689: [java] Fix #​4350: Fix ClassNamingConventions by teaching TestFrameworkUtil about type resolution - Sören Glimm (@​UncleOwen)
• #​6691: [java] Fix #​1102: improve consistency of utility class detection across rules - Sören Glimm (@​UncleOwen)
• #​6705: [java] Fix #​6681: UnitTestShouldIncludeAssert: False positive with JUnitSoftAssertions Rule (JUnit 4) - Lukas Gräf (@​lukasgraef)
• #​6707: [java] Fix #​6704: rename rules and properties with JUnit5 in the name - Sören Glimm (@​UncleOwen)
• #​6708: [doc] Update minimal Java version for building PMD in documentation - Zbynek Konecny (@​zbynek)
• #​6712: [java] UnnecessaryBooleanAssertion: Use InvocationMatcher to find assertions - Zbynek Konecny (@​zbynek)
• #​6716: [java] Fix #​6710: Case insensitive comparison in UseStandardCharsets - Sören Glimm (@​UncleOwen)
• #​6726: [java] Fix #​6719: UseStandardCharsets UTF-32 on Java >= 22 - Sören Glimm (@​UncleOwen)

📦️ Dependency updates

• #​6612: chore(deps): bump io.github.apex-dev-tools:apex-parser from 4.4.1 to 5.0.0
• #​6620: Bump PMD from 7.23.0 to 7.24.0
• #​6621: [core] Fix #​4972: Update ANTLR from 4.9.3 to 4.13.2
• #​6631: chore(deps): bump ruby/setup-ruby from 1.305.0 to 1.306.0
• #​6635: chore(deps): bump com.google.code.gson:gson from 2.13.2 to 2.14.0
• #​6642: chore(deps): bump crate-ci/typos from 1.45.1 to 1.46.0
• #​6643: chore(deps): bump com.puppycrawl.tools:checkstyle from 13.4.0 to 13.4.2
• #​6644: chore(deps): bump org.checkerframework:checker-qual from 4.0.0 to 4.1.0
• #​6656: chore(deps): bump nokogiri from 1.19.2 to 1.19.3 in /.ci/files
• #​6662: chore(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0
• #​6663: chore(deps): bump scalameta.version from 4.16.1 to 4.17.0
• #​6664: chore(deps): bump ruby/setup-ruby from 1.306.0 to 1.307.0
• #​6666: chore(deps): bump crate-ci/typos from 1.46.0 to 1.46.1
• #​6665: chore(deps-dev): bump log4j.version from 2.25.4 to 2.26.0
• #​6667: chore(deps): bump org.apache.groovy:groovy from 5.0.5 to 5.0.6
• #​6668: chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.6 to 0.25.7
• #​6697: chore(deps): bump ruby/setup-ruby from 1.307.0 to 1.308.0
• #​6698: chore(deps): bump junit.version from 6.0.3 to 6.1.0
• #​6699: chore(deps): bump crate-ci/typos from 1.46.1 to 1.46.2
• #​6700: chore(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3
• #​6701: chore(deps): bump org.ow2.asm:asm from 9.9.1 to 9.10
• #​6702: chore(deps): bump com.google.protobuf:protobuf-java from 4.34.1 to 4.35.0
• #​6720: chore(deps): bump crate-ci/typos from 1.46.2 to 1.46.3
• #​6721: chore(deps): bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.25.7 to 0.26.0
• #​6722: chore(deps): bump ruby/setup-ruby from 1.308.0 to 1.310.0
• #​6723: chore(deps): bump org.ow2.asm:asm from 9.10 to 9.10.1
• #​6724: chore(deps-dev): bump com.github.hazendaz.maven:coveralls-maven-plugin from 5.0.0 to 5.1.0
• #​6725: chore(deps-dev): Update tmp from 0.2.5 to 0.2.6
• #​6729: chore(deps-dev): bump build-tools from 37 to 38

📈️ Stats

• 308 commits
• 72 closed tickets & PRs
• Days since last release: 34

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: undefined

Post-upgrade command 'uv run python scripts/fetch_checksums.py --force' has not been added to the allowed list in allowedCommands