Bump org.apache.bcel:bcel from 6.9.0 to 6.10.0

[dependabot]

Bumps org.apache.bcel:bcel from 6.9.0 to 6.10.0.

Changelog

Sourced from org.apache.bcel:bcel's changelog.

Apache Commons BCEL Version 6.10.0 RELEASE NOTES

Introduction

The Apache Commons BCEL team is pleased to announce the release of Apache Commons BCEL 6.10.0.

The Byte Code Engineering Library (BCEL) is intended to give users a convenient way to analyze, create, and manipulate compiled .class files. Classes are represented by objects containing all the symbolic information of the given class: methods, fields, and byte code instructions.

Maintenance and bug fix release. Requires a minimum of Java 8.

Changes

•       Fix PMD UnnecessaryFullyQualifiedName. Thanks to Gary Gregory.
  

•       Fix PMD EmptyCatchBlock by allowing commented blocks. Thanks to Gary Gregory.
  

•       Fix PMD EmptyControlStatement by allowing commented blocks. Thanks to Gary Gregory.
  

•       Fix SpotBugs RV_RETURN_VALUE_IGNORED_BAD_PRACTICE in JasminVisitor. Thanks to Gary Gregory.
  

•       SpotBugs checks should ignore code generated by JavaCC. Thanks to Gary Gregory.
  

•       Fix SpotBugs URF_UNREAD_FIELD in ClassDumper. Thanks to Gary Gregory.
  

•       Fix SpotBugs DM_DEFAULT_ENCODING in JasminVisitor. Thanks to Gary Gregory.
  

•       Fix SpotBugs RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE in ASTFunAppl. Thanks to Gary Gregory.
  

•       Fix SpotBugs RV_ABSOLUTE_VALUE_OF_HASHCODE in Mini.Environment. Thanks to Gary Gregory.
  

•       Fix SpotBugs DM_DEFAULT_ENCODING in Mini.MiniC. Thanks to Gary Gregory.
  

•       Fix SpotBugs WMI_WRONG_MAP_ITERATOR in Package.go(String[]). Thanks to Gary Gregory.
  

•       Deprecate TransitiveHull.INGORED in favor of TransitiveHull.getIgnored(). Thanks to Gary Gregory.
  

•       Add accessors to model and unit tests, Javadoc [#183](https://github.com/apache/commons-bcel/issues/183). Thanks to nbauma109, Gary Gregory, Mark Roberts.
  

•       Add Const.MAJOR_22. Thanks to Gary Gregory.
  

•       Add Const.MINOR_22. Thanks to Gary Gregory.
  

•       Add Const.MAJOR_23. Thanks to Gary Gregory.
  

•       Add Const.MINOR_23. Thanks to Gary Gregory.
  

•       Add Const.MAJOR_24. Thanks to Gary Gregory.
  

•       Add Const.MINOR_24. Thanks to Gary Gregory.
  

•       Bump tests from org.assertj:assertj-core 3.25.3 to 3.26.3 [#322](https://github.com/apache/commons-bcel/issues/322), [#332](https://github.com/apache/commons-bcel/issues/332). Thanks to Dependabot.
  

•       Bump tests from org.jetbrains.kotlin:kotlin-stdlib 1.9.23 to 2.0.0 [#309](https://github.com/apache/commons-bcel/issues/309), [#318](https://github.com/apache/commons-bcel/issues/318). Thanks to Dependabot.
  

•       Bump tests from org.apache.commons:commons-collections4 4.4 to 4.5.0-M2. Thanks to Gary Gregory.
  

•       Bump org.apache.commons:commons-parent from 69 to 71. Thanks to Gary Gregory.
  

•       Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to 3.1.0 [#331](https://github.com/apache/commons-bcel/issues/331). Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-bcel/changes-report.html

For complete information on Apache Commons BCEL, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons BCEL website:

https://commons.apache.org/proper/commons-bcel

... (truncated)

Commits

• 907c61d Prepare for the next release candidate
• a7333c0 Prepare for the next release candidate
• 2d95820 Add Const.MAJOR_24
• 8f87b81 Add Const.MAJOR_23
• e9aa068 Add Const.MAJOR_22
• 9818c89 Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 #332
• 10f5191 Bump org.assertj:assertj-core from 3.26.0 to 3.26.3 (#332)
• fe3651d Bump github/codeql-action from 3.25.11 to 3.25.12 (#333)
• d93052b Remove redundant keywords
• 65bd198 Remove redundant keywords
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[manovotn]

The error here is a CNFE coming from org.apache.commons:commons-lang3 missing class.

This should be a transitive dep of bcel, coming in version 3.14.0 but it seems to appear in 3.12.0 where that particular class indeed isn't present.

Here's a snippet from the mvn dependency:tree output:

[INFO] +- org.apache.bcel:bcel:jar:6.10.0:compile
[INFO] |  \- org.apache.commons:commons-lang3:jar:3.12.0:compile

And here's a link to the POM on this BCEL release showing a different version.

[manovotn]

I managed to find the culprit - this is coming from an Arquillian BOM import.

            <dependency>
                <groupId>org.jboss.arquillian</groupId>
                <artifactId>arquillian-bom</artifactId>
                <version>${arquillian.version}</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>

A newer version of arq. exists and has this transitive dep updated.
However, the newer version also:

• Splits Jakarta Arq. deps into a separate BOM (https://github.com/arquillian/arquillian-jakarta/blob/main/bom/pom.xml)
  • We'll need to consume that one as well
• It no longer contains ShrinkWrap BOM imports so we'll have to consume those separately
  • https://github.com/shrinkwrap/resolver/blob/master/bom/pom.xml

EDIT: Newer version of Arq. alone doesn't help as a BOM import of Shrinkwrap resolver (3.3.0) will cause the same issue.
We will need a dep. management version for the clashing dep (org.apache.commons:commons.lang3) and hope it doesn't break anything else. We can remove it once they release newer version of Shrinkwrap resolver as their main branch already bumped this dep beyond what we need.

While at it, I will still try to update all Arq./Shrinkwrap deps to newer versions as that's something dependabot won't be able to do due to multiple BOM splits.

[manovotn]

In the end I chose to not include the conflicting bom and instead kept the two needed shrinkwrap resolver deps explicitly versioned. This way there doesn't need to be any version specific for the commons-lang3 artifact.