Bump the "dependencies" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 2 updates: zizmorcore/zizmor-action and exasol/python-toolbox.

Updates zizmorcore/zizmor-action from 0.5.3 to 0.5.5

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.5

This is a no-op release.

v0.5.4

• 1.25.0 is now available via the action
• 1.25.0 is now the default version of zizmor used by the action

Commits

• a16621b Bump pins in README (#112)
• 1c03e04 chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...
• b572f7b Sync zizmor versions (#111)
• 06928c5 chore(deps): bump github/codeql-action in the github-actions group (#109)
• 5ea8b96 docs: Update link to GitHub docs (#108)
• 849ac26 chore(deps): bump the github-actions group with 2 updates (#106)
• 814f977 Bump pins in README (#103)
• See full diff in compare view

Updates exasol/python-toolbox from 7.0.0 to 8.0.0

Release notes

Sourced from exasol/python-toolbox's releases.

8.0.0 - 2026-05-13

Summary

In this major release, several modifications were made to the PTB's workflow templates:

• For automatically resolving vulnerabilities, the dependency-update.yml workflow was added. For more details, see the Update Dependencies section.
• The periodic run which was previously executed in the ci.yml has been moved to its own periodic-validation.yml and will run weekly. This also has been modified to run the slow-checks.yml so that more complete linting and coverage information is sent to Sonar.
• With the addition of periodic-validation.yml, the pr-merge.yml was reduced so that it only executes gh-pages.yml.
• The unit tests job has been moved from checks.yml to its own fast-tests.yml file.
• Workflow extensions were added to fast-tests and merge-gate. This allows users to add custom fast-tests-extension.yml and merge-gate-extension.yml files. For more details, check out the Workflow Extensions section.
• slow-checks.yml is only maintained by the project (not the PTB). See the Not Maintained by the PTB section.

Features

• #829: Extended removing a job from a workflow to also remove it from the needs of another job
• #825: Created two workflows by splitting up previous ones:
  • Moved the periodic jobs in ci.yml to its own periodic-validation.yml
  • Moved the unit tests job in checks.yml to its own fast-tests.yml
• #730: Added workflow extensions to fast-tests and merge-gate
• #756: Added dependency-update.yml to automate resolving vulnerabilities with a generated pull request
• #792: Improved dependency-update.yml documentation
• #831: Switched slow-checks.yml to be provided by the project and not maintained by the PTB and improved output of pydantic validation of .workflow-patcher.yml

Bugfix

• #563: Fixed merge-gate to prevent auto-merges from happening when integration tests failed

Security Issues

This release fixes vulnerabilities by updating dependencies:

Dependency	Vulnerability	Affected	Fixed in
urllib3	CVE-2026-44431	2.6.3	2.7.0
urllib3	CVE-2026-44432	2.6.3	2.7.0

• #836: Relocked poetry.lock

Dependency Updates

main

... (truncated)

Commits

• e46075c Prepare release 8.0.0 (#837)
• adef495 Feature/831 no longer overwrite slow checks (#834)
• a9b1d1e Update dependencies to fix vulnerabilities (2026-05-12) (#836)
• 17f6158 Fix dependency-update.yml (#835)
• 2ed2caf Documentation/792 improve dependency update documentation (#833)
• 240a8c5 add dependency-update workflow template (fixes #683) (#756)
• e83d651 Feature/825 split up workflows unit tests and periodic runs (#826)
• 3614732 Extend removing a job from a workflow to also remove it from the needs of a...
• c5e3691 Bugfix/563 fix merge gate (#819)
• See full diff in compare view

Bumps the dependencies group with 6 updates:

Package	From	To
org.itsallcode:junit5-system-extensions	1.2.2	1.2.3
org.slf4j:slf4j-jdk14	2.0.17	2.0.18
org.slf4j:slf4j-api	2.0.17	2.0.18
org.apache.maven:maven-model	3.9.15	3.9.16
org.apache.maven:maven-plugin-api	3.9.15	3.9.16
org.apache.maven:maven-core	3.9.15	3.9.16

Updates org.itsallcode:junit5-system-extensions from 1.2.2 to 1.2.3

Release notes

Sourced from org.itsallcode:junit5-system-extensions's releases.

1.2.3: Upgrade dependencies

This release upgrades dependencies and updates the automatic release process to Maven Central.

Bugfixes

• #76: Upgrade dependencies

Compile Dependency Changes

• Upgrade org.junit.jupiter:junit-jupiter-api from 5.11.0 to 5.14.4

Commits

• a6808c9 Upgrade dependencies and release workflow (#76)
• See full diff in compare view

Updates org.slf4j:slf4j-jdk14 from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.apache.maven:maven-model from 3.9.15 to 3.9.16

Updates org.apache.maven:maven-plugin-api from 3.9.15 to 3.9.16

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.16

🐛 Bug Fixes

• Trim threadConfiguration to accept input surrounded with spaces (#12042) @​slawekjaranowski
• Backport: Maven 3.10.x fixed plugin resolution (#12022) @​cstamas

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]
• [3.9.x] Bump to parent POM 48 (#12024) @​cstamas
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]
• Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]
• Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]

Commits

• 2bdd9fd [maven-release-plugin] prepare release maven-3.9.16
• 229e9d7 Trim threadConfiguration to accept input surrounded with spaces
• 7d5fd94 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039)
• 0d100e5 [3.9.x] Bump to parent POM 48 (#12024)
• 7ae7935 Backport: Maven 3.10.x fixes plugin resolution, by putting user in charge (#1...
• 86fc95b Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980)
• 029557a Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951)
• b5250f2 Bump actions/cache from 5.0.4 to 5.0.5 (#11943)
• 7ef2c23 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven:maven-core from 3.9.15 to 3.9.16

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates org.apache.maven:maven-plugin-api from 3.9.15 to 3.9.16

Release notes

Sourced from org.apache.maven:maven-plugin-api's releases.

3.9.16

🐛 Bug Fixes

• Trim threadConfiguration to accept input surrounded with spaces (#12042) @​slawekjaranowski
• Backport: Maven 3.10.x fixed plugin resolution (#12022) @​cstamas

📦 Dependency updates

• Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]
• [3.9.x] Bump to parent POM 48 (#12024) @​cstamas
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]
• Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]
• Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]

Commits

• 2bdd9fd [maven-release-plugin] prepare release maven-3.9.16
• 229e9d7 Trim threadConfiguration to accept input surrounded with spaces
• 7d5fd94 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039)
• 0d100e5 [3.9.x] Bump to parent POM 48 (#12024)
• 7ae7935 Backport: Maven 3.10.x fixes plugin resolution, by putting user in charge (#1...
• 86fc95b Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980)
• 029557a Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951)
• b5250f2 Bump actions/cache from 5.0.4 to 5.0.5 (#11943)
• 7ef2c23 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven:maven-core from 3.9.15 to 3.9.16

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions