chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.4 to 4.9.8.2 in /jans-bom

[dependabot]

Bumps com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.4 to 4.9.8.2.

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.8.2

• Fixed generate site reports to include all site variations, thanks to @​bradleylarrick
• Add support for source jar/zip, thanks to @​cortlepp

Spotbugs Maven Plugin 4.9.8.1

Bug fix with SpotbugsInfo.EOF error (was meant to be SpotbugsInfo.EOL).

Spotbugs Maven Plugin 4.9.8.0

Bug fix release supporting spotbugs 4.9.8.

Spotbugs Maven Plugin 4.9.7.0

• Supports 4.9.7 of spotbugs
• Build updates
• Fixes spotbugs/spotbugs-maven-plugin#1215

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.
• Commons io fileutils replaced by files.walk with detailed output moved to debug collection only rather than all runs
• Normalization of path to linux style
• Any regex usage is now precompiled
• Use re-entrant lock for source indexer
• Correct locale usage to use default if not given
• Block doctype and XXE when processing xml files
• Cleanup some fields from resources and in code never used

Producer

• Pin versions of github actions tools
• Run maven 3.6.3 integration test on windows to get more broad support
• Run maven integration test on mac to get more broad support

... (truncated)

Commits

• a03feda [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.2
• 1c8063d [gha] Update actions
• f59d628 Merge pull request #1265 from spotbugs/renovate/actions-checkout-6.x
• 1c232fb chore(deps): update actions/checkout action to v6
• 436be13 Merge pull request #1263 from spotbugs/renovate/actions-checkout-digest
• 0708203 Merge pull request #1264 from spotbugs/renovate/github-codeql-action-digest
• fcd2d1b chore(deps): update github/codeql-action digest to e12f017
• 7c54b5b chore(deps): update actions/checkout digest to 93cb6ef
• 79d724e Merge pull request #1262 from spotbugs/renovate/lang3.version
• b9bbed3 fix(deps): update dependency org.apache.commons:commons-lang3 to v3.20.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mo-auto]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[dependabot]

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.