Bumps `errorprone.version` from 2.19.0 to 2.19.1.
Updates `error_prone_annotations` from 2.19.0 to 2.19.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/error-prone/releases">error_prone_annotations's releases</a>.</em></p>
<blockquote>
<h2>Error Prone 2.19.1</h2>
<p>This release fixes a binary compatibility issue when running on JDK 11, see <a href="https://redirect.github.com/google/error-prone/issues/3895">#3895</a></p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/google/error-prone/compare/v2.19.0...v2.19.1">https://github.com/google/error-prone/compare/v2.19.0...v2.19.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/google/error-prone/commit/66ca96fc662c82bd46120f7abdbac02260f62d04"><code>66ca96f</code></a> Release Error Prone 2.19.1</li>
<li><a href="https://github.com/google/error-prone/commit/c2b71f9d1ef980c8e7acc3d2801eaf2d1fe28e7a"><code>c2b71f9</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/25d34deaa689bdc23e56397ec4c95e44a78f62ad"><code>25d34de</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/62355bf462ff0e713eeae256aee1d9cbd33e1151"><code>62355bf</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/020a541797c8fa1ac7d0c820695d03dc2e6e83f9"><code>020a541</code></a> Update JDK versions, and test compatibility on JDK 11</li>
<li><a href="https://github.com/google/error-prone/commit/5da8e9a6b53710d24ef3514c263ca122a4aeecc2"><code>5da8e9a</code></a> Fix binary compatibility issues when building on JDK 17 and running on JDK 11...</li>
<li><a href="https://github.com/google/error-prone/commit/7335ba2402aa0b725978c3686f144e6f3de11ef1"><code>7335ba2</code></a> Don't consider overloads to have a functional interface clash if the paramete...</li>
<li><a href="https://github.com/google/error-prone/commit/94a93e9ffd0aba7e0523f389a8d45cffd1b52c17"><code>94a93e9</code></a> Fix <code>ImmutableChecker</code> to allow wildcard <code>@ImmutableTypeParameter</code>s which are...</li>
<li>See full diff in <a href="https://github.com/google/error-prone/compare/v2.19.0...v2.19.1">compare view</a></li>
</ul>
</details>
<br />

Updates `error_prone_type_annotations` from 2.19.0 to 2.19.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/error-prone/releases">error_prone_type_annotations's releases</a>.</em></p>
<blockquote>
<h2>Error Prone 2.19.1</h2>
<p>This release fixes a binary compatibility issue when running on JDK 11, see <a href="https://redirect.github.com/google/error-prone/issues/3895">#3895</a></p>
<p><strong>Full Changelog</strong>: <a href="https://github.com/google/error-prone/compare/v2.19.0...v2.19.1">https://github.com/google/error-prone/compare/v2.19.0...v2.19.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/google/error-prone/commit/66ca96fc662c82bd46120f7abdbac02260f62d04"><code>66ca96f</code></a> Release Error Prone 2.19.1</li>
<li><a href="https://github.com/google/error-prone/commit/c2b71f9d1ef980c8e7acc3d2801eaf2d1fe28e7a"><code>c2b71f9</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/25d34deaa689bdc23e56397ec4c95e44a78f62ad"><code>25d34de</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/62355bf462ff0e713eeae256aee1d9cbd33e1151"><code>62355bf</code></a> Update ci.yml</li>
<li><a href="https://github.com/google/error-prone/commit/020a541797c8fa1ac7d0c820695d03dc2e6e83f9"><code>020a541</code></a> Update JDK versions, and test compatibility on JDK 11</li>
<li><a href="https://github.com/google/error-prone/commit/5da8e9a6b53710d24ef3514c263ca122a4aeecc2"><code>5da8e9a</code></a> Fix binary compatibility issues when building on JDK 17 and running on JDK 11...</li>
<li><a href="https://github.com/google/error-prone/commit/7335ba2402aa0b725978c3686f144e6f3de11ef1"><code>7335ba2</code></a> Don't consider overloads to have a functional interface clash if the paramete...</li>
<li><a href="https://github.com/google/error-prone/commit/94a93e9ffd0aba7e0523f389a8d45cffd1b52c17"><code>94a93e9</code></a> Fix <code>ImmutableChecker</code> to allow wildcard <code>@ImmutableTypeParameter</code>s which are...</li>
<li>See full diff in <a href="https://github.com/google/error-prone/compare/v2.19.0...v2.19.1">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1513

COPYBARA_INTEGRATE_REVIEW=#1513 from google:dependabot/maven/value/errorprone.version-2.19.1 c6fdfaa
PiperOrigin-RevId: 533127707

PiperOrigin-RevId: 533253621

Bumps [maven-source-plugin](https://github.com/apache/maven-source-plugin) from 3.2.1 to 3.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/apache/maven-source-plugin/commit/02a984779ed6157698fdb9235e5e66154b3d24e7"><code>02a9847</code></a> [maven-release-plugin] prepare release maven-source-plugin-3.3.0</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/f186993414e076abcf70b960b487813a6b1df8b7"><code>f186993</code></a> [MSOURCES-135] Cleanup project code</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/021af551aedf361dec82a5f6808054030ac47e8b"><code>021af55</code></a> [MSOURCES-134] Refresh download page</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/b11a457ba99a83fb5808b132967b4ddcc9523e89"><code>b11a457</code></a> Use shared GitHub actions v3</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/7caf2b0debe39afa2d1aff4fa38fa38b8988acad"><code>7caf2b0</code></a> [MSOURCES-133] Upgrade Parent to 39 - ignore git blame</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/dee4c1000d57c8c385cfe1147c81950371437d4b"><code>dee4c10</code></a> [MSOURCES-133] Upgrade Parent to 39</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/452111f29c36260640ae2cebc2afd8ec5f6279a0"><code>452111f</code></a> Add dependabot configuration</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/e691ac3b7f0f451e9da973e7734e07671b21efa9"><code>e691ac3</code></a> s/MSOURCE/MSOURCES/</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/1ddffd8923b65e37b28abf60120f979ea6238a23"><code>1ddffd8</code></a> Auto-link MSOURCE Jira</li>
<li><a href="https://github.com/apache/maven-source-plugin/commit/37ffefea6f479bbd78e89a2df97b4acd5b57f5b3"><code>37ffefe</code></a> Add pull request template</li>
<li>Additional commits viewable in <a href="https://github.com/apache/maven-source-plugin/compare/maven-source-plugin-3.2.1...maven-source-plugin-3.3.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-source-plugin&package-manager=maven&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1521

COPYBARA_INTEGRATE_REVIEW=#1521 from google:dependabot/maven/value/org.apache.maven.plugins-maven-source-plugin-3.3.0 29076c4
PiperOrigin-RevId: 534426990

RELNOTES=n/a
PiperOrigin-RevId: 534484290

Bumps `guava.version` from 31.1-jre to 32.0.0-jre.
Updates `guava` from 31.1-jre to 32.0.0-jre
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/guava/releases">guava's releases</a>.</em></p>
<blockquote>
<h2>32.0.0</h2>
<h3>Maven</h3>
<pre lang="xml"><code>&lt;dependency&gt;
  &lt;groupId&gt;com.google.guava&lt;/groupId&gt;
  &lt;artifactId&gt;guava&lt;/artifactId&gt;
  &lt;version&gt;32.0.0-jre&lt;/version&gt;
  &lt;!-- or, for Android: --&gt;
  &lt;version&gt;32.0.0-android&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar">32.0.0-jre.jar</a></li>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar">32.0.0-android.jar</a></li>
</ul>
<p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar">failureaccess-1.0.1.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/docs/">32.0.0-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/docs/">32.0.0-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/diffs/">32.0.0-jre vs. 31.1-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/diffs/">32.0.0-android vs. 31.1-android</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/androiddiffs/">32.0.0-android vs. 32.0.0-jre</a></li>
</ul>
<h3>Changelog</h3>
<h4>Security fixes</h4>
<ul>
<li>Reimplemented <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> to further address <a href="https://redirect.github.com/google/guava/issues/4011">CVE-2020-8908</a> and [Guava issue <a href="https://redirect.github.com/google/guava/issues/2575">#2575</a>](<a href="https://redirect.github.com/google/guava/issues/2575">google/guava#2575</a>) (CVE forthcoming). (feb83a1c8f)</li>
</ul>
<p>While CVE-2020-8908 was officially closed when we deprecated <code>Files.createTempDir</code> in <a href="https://github.com/google/guava/releases/tag/v30.0">Guava 30.0</a>, we've heard from users that even recent versions of Guava have been listed as vulnerable in <em>other</em> databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used <code>FileBackedOutputStream</code> class, which had a similar issue) to eliminate the insecure behavior entirely. This change technically carries small risks (dicussed under &quot;Incompatible changes&quot; below), but we expect no practical risk to users.</p>
<h4>Incompatible changes</h4>
<p>Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the <code>guava</code> artifact. Still, it makes a few changes that may cause problems for users in less common situations:</p>
<ul>
<li>This release makes a binary-incompatible change to a <code>@beta</code> API in the separate artifact <code>guava-testlib</code>. Specifically, we changed the return type of <code>TestingExecutors.sameThreadScheduledExecutor</code> to <code>ListeningScheduledExecutorService</code>. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)</li>
<li>This release <em>adds</em> two methods to the Android flavor of Guava: <code>Invokable.getAnnotatedReturnType()</code> and <code>Parameter.getAnnotatedType()</code>. Those methods do not work under an Android VM; we added them only to help our tests of the Android flavor (since we also run those tests under a JRE). Android VMs tolerate such methods as long as the app does not call them or perform reflection on them, and builds tolerate them because of our new Proguard configurations (discussed below). Thus, we expect no impact to most users. However, we could imagine build problems for users who have set up their own build system for the Android flavor of Guava. Please report any problems so that we can judge how safely we might be able to add other methods to the Android flavor in the future, such as APIs that use Java 8 classes like <code>Stream</code>. (b30e73cfa81ad15c1023c17cfd083255a3df0105)</li>
<li>This release removes various APIs from the <code>guava-gwt</code>. This affects only users of <a href="https://www.gwtproject.org/">GWT</a>. The APIs we removed are <code>Enums</code>, <code>Sets.complementOf</code>, and the <code>Enum*BiMap</code> classes' <code>keyType()</code> and <code>valueType()</code> methods. These changes prepare for the removal of reflective enum-related APIs from <a href="https://github.com/google/j2cl">J2CL</a>. If one of these changes causes you problems as a GWT user, let us know. (c3a155dc85, 09db2c29ae, 3de12be516)</li>
<li>The new implementations of <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> are annotated as <code>@J2ObjCIncompatible</code>. If you need to use them under J2ObjC, contact us. (56dc928a25)</li>
<li>Because the new version of <code>Files.createTempDir</code> restricts permissions to the current user, it could break any user that relies on letting other users access the directory.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `guava-gwt` from 31.1-jre to 32.0.0-jre
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/guava/releases">guava-gwt's releases</a>.</em></p>
<blockquote>
<h2>32.0.0</h2>
<h3>Maven</h3>
<pre lang="xml"><code>&lt;dependency&gt;
  &lt;groupId&gt;com.google.guava&lt;/groupId&gt;
  &lt;artifactId&gt;guava&lt;/artifactId&gt;
  &lt;version&gt;32.0.0-jre&lt;/version&gt;
  &lt;!-- or, for Android: --&gt;
  &lt;version&gt;32.0.0-android&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar">32.0.0-jre.jar</a></li>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar">32.0.0-android.jar</a></li>
</ul>
<p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar">failureaccess-1.0.1.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/docs/">32.0.0-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/docs/">32.0.0-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/diffs/">32.0.0-jre vs. 31.1-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/diffs/">32.0.0-android vs. 31.1-android</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/androiddiffs/">32.0.0-android vs. 32.0.0-jre</a></li>
</ul>
<h3>Changelog</h3>
<h4>Security fixes</h4>
<ul>
<li>Reimplemented <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> to further address <a href="https://redirect.github.com/google/guava/issues/4011">CVE-2020-8908</a> and [Guava issue <a href="https://redirect.github.com/google/guava/issues/2575">#2575</a>](<a href="https://redirect.github.com/google/guava/issues/2575">google/guava#2575</a>) (CVE forthcoming). (feb83a1c8f)</li>
</ul>
<p>While CVE-2020-8908 was officially closed when we deprecated <code>Files.createTempDir</code> in <a href="https://github.com/google/guava/releases/tag/v30.0">Guava 30.0</a>, we've heard from users that even recent versions of Guava have been listed as vulnerable in <em>other</em> databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used <code>FileBackedOutputStream</code> class, which had a similar issue) to eliminate the insecure behavior entirely. This change technically carries small risks (dicussed under &quot;Incompatible changes&quot; below), but we expect no practical risk to users.</p>
<h4>Incompatible changes</h4>
<p>Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the <code>guava</code> artifact. Still, it makes a few changes that may cause problems for users in less common situations:</p>
<ul>
<li>This release makes a binary-incompatible change to a <code>@beta</code> API in the separate artifact <code>guava-testlib</code>. Specifically, we changed the return type of <code>TestingExecutors.sameThreadScheduledExecutor</code> to <code>ListeningScheduledExecutorService</code>. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)</li>
<li>This release <em>adds</em> two methods to the Android flavor of Guava: <code>Invokable.getAnnotatedReturnType()</code> and <code>Parameter.getAnnotatedType()</code>. Those methods do not work under an Android VM; we added them only to help our tests of the Android flavor (since we also run those tests under a JRE). Android VMs tolerate such methods as long as the app does not call them or perform reflection on them, and builds tolerate them because of our new Proguard configurations (discussed below). Thus, we expect no impact to most users. However, we could imagine build problems for users who have set up their own build system for the Android flavor of Guava. Please report any problems so that we can judge how safely we might be able to add other methods to the Android flavor in the future, such as APIs that use Java 8 classes like <code>Stream</code>. (b30e73cfa81ad15c1023c17cfd083255a3df0105)</li>
<li>This release removes various APIs from the <code>guava-gwt</code>. This affects only users of <a href="https://www.gwtproject.org/">GWT</a>. The APIs we removed are <code>Enums</code>, <code>Sets.complementOf</code>, and the <code>Enum*BiMap</code> classes' <code>keyType()</code> and <code>valueType()</code> methods. These changes prepare for the removal of reflective enum-related APIs from <a href="https://github.com/google/j2cl">J2CL</a>. If one of these changes causes you problems as a GWT user, let us know. (c3a155dc85, 09db2c29ae, 3de12be516)</li>
<li>The new implementations of <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> are annotated as <code>@J2ObjCIncompatible</code>. If you need to use them under J2ObjC, contact us. (56dc928a25)</li>
<li>Because the new version of <code>Files.createTempDir</code> restricts permissions to the current user, it could break any user that relies on letting other users access the directory.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `guava-testlib` from 31.1-jre to 32.0.0-jre
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/guava/releases">guava-testlib's releases</a>.</em></p>
<blockquote>
<h2>32.0.0</h2>
<h3>Maven</h3>
<pre lang="xml"><code>&lt;dependency&gt;
  &lt;groupId&gt;com.google.guava&lt;/groupId&gt;
  &lt;artifactId&gt;guava&lt;/artifactId&gt;
  &lt;version&gt;32.0.0-jre&lt;/version&gt;
  &lt;!-- or, for Android: --&gt;
  &lt;version&gt;32.0.0-android&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar">32.0.0-jre.jar</a></li>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar">32.0.0-android.jar</a></li>
</ul>
<p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar">failureaccess-1.0.1.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/docs/">32.0.0-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/docs/">32.0.0-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/diffs/">32.0.0-jre vs. 31.1-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/diffs/">32.0.0-android vs. 31.1-android</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/androiddiffs/">32.0.0-android vs. 32.0.0-jre</a></li>
</ul>
<h3>Changelog</h3>
<h4>Security fixes</h4>
<ul>
<li>Reimplemented <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> to further address <a href="https://redirect.github.com/google/guava/issues/4011">CVE-2020-8908</a> and [Guava issue <a href="https://redirect.github.com/google/guava/issues/2575">#2575</a>](<a href="https://redirect.github.com/google/guava/issues/2575">google/guava#2575</a>) (CVE forthcoming). (feb83a1c8f)</li>
</ul>
<p>While CVE-2020-8908 was officially closed when we deprecated <code>Files.createTempDir</code> in <a href="https://github.com/google/guava/releases/tag/v30.0">Guava 30.0</a>, we've heard from users that even recent versions of Guava have been listed as vulnerable in <em>other</em> databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used <code>FileBackedOutputStream</code> class, which had a similar issue) to eliminate the insecure behavior entirely. This change technically carries small risks (dicussed under &quot;Incompatible changes&quot; below), but we expect no practical risk to users.</p>
<h4>Incompatible changes</h4>
<p>Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the <code>guava</code> artifact. Still, it makes a few changes that may cause problems for users in less common situations:</p>
<ul>
<li>This release makes a binary-incompatible change to a <code>@beta</code> API in the separate artifact <code>guava-testlib</code>. Specifically, we changed the return type of <code>TestingExecutors.sameThreadScheduledExecutor</code> to <code>ListeningScheduledExecutorService</code>. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)</li>
<li>This release <em>adds</em> two methods to the Android flavor of Guava: <code>Invokable.getAnnotatedReturnType()</code> and <code>Parameter.getAnnotatedType()</code>. Those methods do not work under an Android VM; we added them only to help our tests of the Android flavor (since we also run those tests under a JRE). Android VMs tolerate such methods as long as the app does not call them or perform reflection on them, and builds tolerate them because of our new Proguard configurations (discussed below). Thus, we expect no impact to most users. However, we could imagine build problems for users who have set up their own build system for the Android flavor of Guava. Please report any problems so that we can judge how safely we might be able to add other methods to the Android flavor in the future, such as APIs that use Java 8 classes like <code>Stream</code>. (b30e73cfa81ad15c1023c17cfd083255a3df0105)</li>
<li>This release removes various APIs from the <code>guava-gwt</code>. This affects only users of <a href="https://www.gwtproject.org/">GWT</a>. The APIs we removed are <code>Enums</code>, <code>Sets.complementOf</code>, and the <code>Enum*BiMap</code> classes' <code>keyType()</code> and <code>valueType()</code> methods. These changes prepare for the removal of reflective enum-related APIs from <a href="https://github.com/google/j2cl">J2CL</a>. If one of these changes causes you problems as a GWT user, let us know. (c3a155dc85, 09db2c29ae, 3de12be516)</li>
<li>The new implementations of <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> are annotated as <code>@J2ObjCIncompatible</code>. If you need to use them under J2ObjC, contact us. (56dc928a25)</li>
<li>Because the new version of <code>Files.createTempDir</code> restricts permissions to the current user, it could break any user that relies on letting other users access the directory.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li>
</ul>
</details>
<br />

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1524

COPYBARA_INTEGRATE_REVIEW=#1524 from google:dependabot/maven/value/guava.version-32.0.0-jre f1b8c8c
PiperOrigin-RevId: 536460041

Bumps [guava](https://github.com/google/guava) from 31.1-jre to 32.0.0-jre.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/guava/releases">guava's releases</a>.</em></p>
<blockquote>
<h2>32.0.0</h2>
<h3>Maven</h3>
<pre lang="xml"><code>&lt;dependency&gt;
  &lt;groupId&gt;com.google.guava&lt;/groupId&gt;
  &lt;artifactId&gt;guava&lt;/artifactId&gt;
  &lt;version&gt;32.0.0-jre&lt;/version&gt;
  &lt;!-- or, for Android: --&gt;
  &lt;version&gt;32.0.0-android&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>
<h3>Jar files</h3>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-jre/guava-32.0.0-jre.jar">32.0.0-jre.jar</a></li>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/guava/32.0.0-android/guava-32.0.0-android.jar">32.0.0-android.jar</a></li>
</ul>
<p>Guava requires <a href="https://github.com/google/guava/wiki/UseGuavaInYourBuild#what-about-guavas-own-dependencies">one runtime dependency</a>, which you can download here:</p>
<ul>
<li><a href="https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar">failureaccess-1.0.1.jar</a></li>
</ul>
<h3>Javadoc</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/docs/">32.0.0-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/docs/">32.0.0-android</a></li>
</ul>
<h3>JDiff</h3>
<ul>
<li><a href="http://guava.dev/releases/32.0.0-jre/api/diffs/">32.0.0-jre vs. 31.1-jre</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/diffs/">32.0.0-android vs. 31.1-android</a></li>
<li><a href="http://guava.dev/releases/32.0.0-android/api/androiddiffs/">32.0.0-android vs. 32.0.0-jre</a></li>
</ul>
<h3>Changelog</h3>
<h4>Security fixes</h4>
<ul>
<li>Reimplemented <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> to further address <a href="https://redirect.github.com/google/guava/issues/4011">CVE-2020-8908</a> and [Guava issue <a href="https://redirect.github.com/google/guava/issues/2575">#2575</a>](<a href="https://redirect.github.com/google/guava/issues/2575">google/guava#2575</a>) (CVE forthcoming). (feb83a1c8f)</li>
</ul>
<p>While CVE-2020-8908 was officially closed when we deprecated <code>Files.createTempDir</code> in <a href="https://github.com/google/guava/releases/tag/v30.0">Guava 30.0</a>, we've heard from users that even recent versions of Guava have been listed as vulnerable in <em>other</em> databases of security vulnerabilities. In response, we've reimplemented the method (and the very rarely used <code>FileBackedOutputStream</code> class, which had a similar issue) to eliminate the insecure behavior entirely. This change technically carries small risks (dicussed under &quot;Incompatible changes&quot; below), but we expect no practical risk to users.</p>
<h4>Incompatible changes</h4>
<p>Although this release bumps Guava's major version number, it makes no binary-incompatible changes to the <code>guava</code> artifact. Still, it makes a few changes that may cause problems for users in less common situations:</p>
<ul>
<li>This release makes a binary-incompatible change to a <code>@beta</code> API in the separate artifact <code>guava-testlib</code>. Specifically, we changed the return type of <code>TestingExecutors.sameThreadScheduledExecutor</code> to <code>ListeningScheduledExecutorService</code>. The old return type was a package-private class, which caused the Kotlin compiler to produce warnings. (dafaa3e435)</li>
<li>This release <em>adds</em> two methods to the Android flavor of Guava: <code>Invokable.getAnnotatedReturnType()</code> and <code>Parameter.getAnnotatedType()</code>. Those methods do not work under an Android VM; we added them only to help our tests of the Android flavor (since we also run those tests under a JRE). Android VMs tolerate such methods as long as the app does not call them or perform reflection on them, and builds tolerate them because of our new Proguard configurations (discussed below). Thus, we expect no impact to most users. However, we could imagine build problems for users who have set up their own build system for the Android flavor of Guava. Please report any problems so that we can judge how safely we might be able to add other methods to the Android flavor in the future, such as APIs that use Java 8 classes like <code>Stream</code>. (b30e73cfa81ad15c1023c17cfd083255a3df0105)</li>
<li>This release removes various APIs from the <code>guava-gwt</code>. This affects only users of <a href="https://www.gwtproject.org/">GWT</a>. The APIs we removed are <code>Enums</code>, <code>Sets.complementOf</code>, and the <code>Enum*BiMap</code> classes' <code>keyType()</code> and <code>valueType()</code> methods. These changes prepare for the removal of reflective enum-related APIs from <a href="https://github.com/google/j2cl">J2CL</a>. If one of these changes causes you problems as a GWT user, let us know. (c3a155dc85, 09db2c29ae, 3de12be516)</li>
<li>The new implementations of <code>Files.createTempDir</code> and <code>FileBackedOutputStream</code> are annotated as <code>@J2ObjCIncompatible</code>. If you need to use them under J2ObjC, contact us. (56dc928a25)</li>
<li>Because the new version of <code>Files.createTempDir</code> restricts permissions to the current user, it could break any user that relies on letting other users access the directory.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/guava/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.guava:guava&package-manager=maven&previous-version=31.1-jre&new-version=32.0.0-jre)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1525

COPYBARA_INTEGRATE_REVIEW=#1525 from google:dependabot/maven/factory/com.google.guava-guava-32.0.0-jre 5b921ec
PiperOrigin-RevId: 536460069

Bumps [kotlinx-metadata-jvm](https://github.com/JetBrains/kotlin) from 0.6.0 to 0.6.1.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/JetBrains/kotlin/commits/build-0.6.1">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains.kotlinx:kotlinx-metadata-jvm&package-manager=maven&previous-version=0.6.0&new-version=0.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1528

COPYBARA_INTEGRATE_REVIEW=#1528 from google:dependabot/maven/value/org.jetbrains.kotlinx-kotlinx-metadata-jvm-0.6.1 e783df1
PiperOrigin-RevId: 536697468

Bumps `truth.version` from 1.1.3 to 1.1.4.
Updates `truth` from 1.1.3 to 1.1.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/truth/releases">truth's releases</a>.</em></p>
<blockquote>
<h2>1.1.4</h2>
<ul>
<li>Updated Truth to build with <code>-source 8 -target 8</code>. This means that it no longer runs under Java 7 VMs. It continues to run under Android, even old versions, for all apps that have <a href="https://developer.android.com/studio/write/java8-support#supported_features">enabled support for Java 8 language features</a>. (db5db2429)</li>
<li>Updated Truth to depend on Guava 32.0.0. That release contains changes related to CVEs. Neither of the CVEs relates to any methods that are used by Truth, so this version bump is just about eliminating any warnings related to the old version and helping tools like Maven to select the newest version of Guava. (f8d4dbba8adc65effba70879d59a39da092dce51, 99b1df8852a25b5638590bea1b55a31ae536936d)</li>
<li>Added support for <code>value of: method()</code> to <code>expect.that</code>, matching the existing support for <code>assertThat</code>. (bd8efd003)</li>
<li>Enhanced <code>IterableSubject.containsAtLeastElementsIn().inOrder()</code> to print an extra line that shows only the expected elements in their actual order. (9da7dd184)</li>
<li>Annotated Truth for nullness. (2151add71)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/truth/commits/v1.1.4">compare view</a></li>
</ul>
</details>
<br />

Updates `truth-java8-extension` from 1.1.3 to 1.1.4

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1527

COPYBARA_INTEGRATE_REVIEW=#1527 from google:dependabot/maven/value/truth.version-1.1.4 69571c7
PiperOrigin-RevId: 536697469

Bumps [truth](https://github.com/google/truth) from 1.1.3 to 1.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/google/truth/releases">truth's releases</a>.</em></p>
<blockquote>
<h2>1.1.4</h2>
<ul>
<li>Updated Truth to build with <code>-source 8 -target 8</code>. This means that it no longer runs under Java 7 VMs. It continues to run under Android, even old versions, for all apps that have <a href="https://developer.android.com/studio/write/java8-support#supported_features">enabled support for Java 8 language features</a>. (db5db2429)</li>
<li>Updated Truth to depend on Guava 32.0.0. That release contains changes related to CVEs. Neither of the CVEs relates to any methods that are used by Truth, so this version bump is just about eliminating any warnings related to the old version and helping tools like Maven to select the newest version of Guava. (f8d4dbba8adc65effba70879d59a39da092dce51, 99b1df8852a25b5638590bea1b55a31ae536936d)</li>
<li>Added support for <code>value of: method()</code> to <code>expect.that</code>, matching the existing support for <code>assertThat</code>. (bd8efd003)</li>
<li>Enhanced <code>IterableSubject.containsAtLeastElementsIn().inOrder()</code> to print an extra line that shows only the expected elements in their actual order. (9da7dd184)</li>
<li>Annotated Truth for nullness. (2151add71)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/google/truth/commits/v1.1.4">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=com.google.truth:truth&package-manager=maven&previous-version=1.1.3&new-version=1.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1526

COPYBARA_INTEGRATE_REVIEW=#1526 from google:dependabot/maven/factory/com.google.truth-truth-1.1.4 6841012
PiperOrigin-RevId: 537023031

Bumps [kotlinx-metadata-jvm](https://github.com/JetBrains/kotlin) from 0.6.1 to 0.6.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/JetBrains/kotlin/commit/440716c81713a3a14cace55e335d7bddec2c5e06"><code>440716c</code></a> Updated to IDEA 132.27 EAP.</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/e29c593c58a3c9da7491b5999974b9ec041834ce"><code>e29c593</code></a> Fix check in JetQuickDocumentationProvider#isKotlinDeclaration</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/1072b1943f8b96d4631ddee0d6970c77cc46688f"><code>1072b19</code></a> Provide sources of dependency in AbstractJavaWithLibCompletionTest</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/3bf32c09a991c41018780a773b39ad49699bd6cf"><code>3bf32c0</code></a> JS backend: added ability to debug kotlin code in browser with using JavaScri...</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/b3658472ac4f8cb06cf7e01c568b056d47dbc091"><code>b365847</code></a> JS backend: improved sourcemap generation and moved SourceMap3Builder and JsS...</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/e05ffd03c33fd39f4d8c901e4cdb1494dee29b8c"><code>e05ffd0</code></a> JS backend:  sourcemap should use absolute file urls.</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/3ab095a4f5f127a503eeb334aa95e8b66773be5a"><code>3ab095a</code></a> JS backend: started to implement source maps</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/e39943f9bd9ff0de15e0912006b379c4236642b0"><code>e39943f</code></a> JS backend: report expression location on error in StringTemplateTranslator.</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/1c173c5224c6d325a7043c109e64a22f337e9211"><code>1c173c5</code></a> JS backend: improve compilation performance -- don't create extra list.</li>
<li><a href="https://github.com/JetBrains/kotlin/commit/4f9485b40e85472d93ace0c7a4cf1cba069d4a1d"><code>4f9485b</code></a> JS backend: fixed bug when explicitly use invoke method in function literal c...</li>
<li>Additional commits viewable in <a href="https://github.com/JetBrains/kotlin/compare/build-0.6.1...build-0.6.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jetbrains.kotlinx:kotlinx-metadata-jvm&package-manager=maven&previous-version=0.6.1&new-version=0.6.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1530

COPYBARA_INTEGRATE_REVIEW=#1530 from google:dependabot/maven/value/org.jetbrains.kotlinx-kotlinx-metadata-jvm-0.6.2 703075a
PiperOrigin-RevId: 537308542

… one.

RELNOTES=n/a
PiperOrigin-RevId: 537311624

RELNOTES=n/a
PiperOrigin-RevId: 537883384

RELNOTES=n/a
PiperOrigin-RevId: 537940469

Bumps [maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.1.0 to 3.1.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/apache/maven-surefire/commit/5e097b58edfe8317ef043e0d2e553cb475305b67"><code>5e097b5</code></a> [maven-release-plugin] prepare release surefire-3.1.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/255bb51cc0cdc627d1570a073d8c38e52a6ca55d"><code>255bb51</code></a> Update commons compress to 1.23.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a77dfb24f8872b44635204d8bab844c78a022cf6"><code>a77dfb2</code></a> Drop unused commons-lang 2.6 from management (<a href="https://redirect.github.com/apache/maven-surefire/issues/661">#661</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/95e8e95ee02ee0e12af70850440bd3d4c053d5db"><code>95e8e95</code></a> [SUREFIRE-2157] Upgrade junit-jupiter to 5.9.3/junit-platform to 1.9.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/9092b5ec59ef638a6d9d84ca940cca597594c560"><code>9092b5e</code></a> [SUREFIRE-2157] Upgrade surefire IT to 3.1.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/1af92f5ffe91d111278ee9b88dddcf6721885c6c"><code>1af92f5</code></a> Remove old junittoolbox dependency no longer used (<a href="https://redirect.github.com/apache/maven-surefire/issues/658">#658</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/8878ed5e5cda4e0d365bf19e1d5d15fece8a5d17"><code>8878ed5</code></a> update test libraries (<a href="https://redirect.github.com/apache/maven-surefire/issues/657">#657</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a6613a815018c832cf0bd5fd1a7f37731a727e79"><code>a6613a8</code></a> Remove redundant space</li>
<li><a href="https://github.com/apache/maven-surefire/commit/e0e89e44ab78445b25cc99bf5f7f2b2b1430756b"><code>e0e89e4</code></a> update commons-io to 2.12.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/d8ac134c3ac8019043ce4c7f523e1eaf5b26055b"><code>d8ac134</code></a> [MNGSITE-393] remove descriptions of Maven 2.x and very old versions</li>
<li>Additional commits viewable in <a href="https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-failsafe-plugin&package-manager=maven&previous-version=3.1.0&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1537

COPYBARA_INTEGRATE_REVIEW=#1537 from google:dependabot/maven/value/org.apache.maven.plugins-maven-failsafe-plugin-3.1.2 1d33f78
PiperOrigin-RevId: 538449035

Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.0 to 3.1.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/apache/maven-surefire/commit/5e097b58edfe8317ef043e0d2e553cb475305b67"><code>5e097b5</code></a> [maven-release-plugin] prepare release surefire-3.1.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/255bb51cc0cdc627d1570a073d8c38e52a6ca55d"><code>255bb51</code></a> Update commons compress to 1.23.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a77dfb24f8872b44635204d8bab844c78a022cf6"><code>a77dfb2</code></a> Drop unused commons-lang 2.6 from management (<a href="https://redirect.github.com/apache/maven-surefire/issues/661">#661</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/95e8e95ee02ee0e12af70850440bd3d4c053d5db"><code>95e8e95</code></a> [SUREFIRE-2157] Upgrade junit-jupiter to 5.9.3/junit-platform to 1.9.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/9092b5ec59ef638a6d9d84ca940cca597594c560"><code>9092b5e</code></a> [SUREFIRE-2157] Upgrade surefire IT to 3.1.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/1af92f5ffe91d111278ee9b88dddcf6721885c6c"><code>1af92f5</code></a> Remove old junittoolbox dependency no longer used (<a href="https://redirect.github.com/apache/maven-surefire/issues/658">#658</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/8878ed5e5cda4e0d365bf19e1d5d15fece8a5d17"><code>8878ed5</code></a> update test libraries (<a href="https://redirect.github.com/apache/maven-surefire/issues/657">#657</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a6613a815018c832cf0bd5fd1a7f37731a727e79"><code>a6613a8</code></a> Remove redundant space</li>
<li><a href="https://github.com/apache/maven-surefire/commit/e0e89e44ab78445b25cc99bf5f7f2b2b1430756b"><code>e0e89e4</code></a> update commons-io to 2.12.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/d8ac134c3ac8019043ce4c7f523e1eaf5b26055b"><code>d8ac134</code></a> [MNGSITE-393] remove descriptions of Maven 2.x and very old versions</li>
<li>Additional commits viewable in <a href="https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.1.0&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1539

COPYBARA_INTEGRATE_REVIEW=#1539 from google:dependabot/maven/value/org.apache.maven.plugins-maven-surefire-plugin-3.1.2 d5e3ed2
PiperOrigin-RevId: 538463528

Bumps [maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.1.0 to 3.1.2.
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/apache/maven-surefire/commit/5e097b58edfe8317ef043e0d2e553cb475305b67"><code>5e097b5</code></a> [maven-release-plugin] prepare release surefire-3.1.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/255bb51cc0cdc627d1570a073d8c38e52a6ca55d"><code>255bb51</code></a> Update commons compress to 1.23.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a77dfb24f8872b44635204d8bab844c78a022cf6"><code>a77dfb2</code></a> Drop unused commons-lang 2.6 from management (<a href="https://redirect.github.com/apache/maven-surefire/issues/661">#661</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/95e8e95ee02ee0e12af70850440bd3d4c053d5db"><code>95e8e95</code></a> [SUREFIRE-2157] Upgrade junit-jupiter to 5.9.3/junit-platform to 1.9.2</li>
<li><a href="https://github.com/apache/maven-surefire/commit/9092b5ec59ef638a6d9d84ca940cca597594c560"><code>9092b5e</code></a> [SUREFIRE-2157] Upgrade surefire IT to 3.1.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/1af92f5ffe91d111278ee9b88dddcf6721885c6c"><code>1af92f5</code></a> Remove old junittoolbox dependency no longer used (<a href="https://redirect.github.com/apache/maven-surefire/issues/658">#658</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/8878ed5e5cda4e0d365bf19e1d5d15fece8a5d17"><code>8878ed5</code></a> update test libraries (<a href="https://redirect.github.com/apache/maven-surefire/issues/657">#657</a>)</li>
<li><a href="https://github.com/apache/maven-surefire/commit/a6613a815018c832cf0bd5fd1a7f37731a727e79"><code>a6613a8</code></a> Remove redundant space</li>
<li><a href="https://github.com/apache/maven-surefire/commit/e0e89e44ab78445b25cc99bf5f7f2b2b1430756b"><code>e0e89e4</code></a> update commons-io to 2.12.0</li>
<li><a href="https://github.com/apache/maven-surefire/commit/d8ac134c3ac8019043ce4c7f523e1eaf5b26055b"><code>d8ac134</code></a> [MNGSITE-393] remove descriptions of Maven 2.x and very old versions</li>
<li>Additional commits viewable in <a href="https://github.com/apache/maven-surefire/compare/surefire-3.1.0...surefire-3.1.2">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.maven.plugins:maven-surefire-plugin&package-manager=maven&previous-version=3.1.0&new-version=3.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1538

COPYBARA_INTEGRATE_REVIEW=#1538 from google:dependabot/maven/factory/org.apache.maven.plugins-maven-surefire-plugin-3.1.2 63c2d76
PiperOrigin-RevId: 538478677

Bumps `kotlin.version` from 1.8.21 to 1.8.22.
Updates `kotlin-stdlib` from 1.8.21 to 1.8.22
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/JetBrains/kotlin/commits">compare view</a></li>
</ul>
</details>
<br />

Updates `kotlin-maven-plugin` from 1.8.21 to 1.8.22

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

Fixes #1540

COPYBARA_INTEGRATE_REVIEW=#1540 from google:dependabot/maven/value/kotlin.version-1.8.22 b920e45
PiperOrigin-RevId: 538607407

We will shortly be supporting both `javax.inject` and `jakarta.inject`. The test here is being parameterized, though it only has one value for the parameter at the moment. With the `jakarta.inject` change, we will have several.

RELNOTES=n/a
PiperOrigin-RevId: 538848481

RELNOTES=n/a
PiperOrigin-RevId: 539064634

�[0m to 1.1.1.