Bump the apache-commons group with 4 updates

[dependabot]

Bumps the apache-commons group with 4 updates: org.apache.commons:commons-lang3, org.apache.commons:commons-text, org.apache.commons:commons-compress and org.apache.commons:commons-pool2.

Updates org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0

Updates org.apache.commons:commons-text from 1.13.1 to 1.15.0

Changelog

Sourced from org.apache.commons:commons-text's changelog.

Apache Commons Text 1.15.0 Release Notes

The Apache Commons Text team is pleased to announce the release of Apache Commons Text 1.15.0.

Apache Commons Text is a set of utility functions and reusable components for processing and manipulating text in a Java environment.

Release 1.15.0. This is a feature and maintenance release. Java 8 or later is required.

New features

•        Add experimental CycloneDX VEX file [#683](https://github.com/apache/commons-text/issues/683). Thanks to Piotr P. Karwasz, Gary Gregory.
  

• TEXT-235: Add Damerau-Levenshtein distance #687. Thanks to LorgeN, Gary Gregory.

•        Add unit tests to increase coverage [#719](https://github.com/apache/commons-text/issues/719). Thanks to Michael Hausegger, Gary Gregory.
  

•        Add new test for CharSequenceTranslator#with() [#725](https://github.com/apache/commons-text/issues/725). Thanks to Michael Hausegger, Gary Gregory.
  

•        Add tests and assertions to org.apache.commons.text.similarity to get to 100% code coverage [#727](https://github.com/apache/commons-text/issues/727), [#728](https://github.com/apache/commons-text/issues/728). Thanks to Michael Hausegger.
  

Fixed Bugs

•        Fix exception message typo in XmlStringLookup.XmlStringLookup(Map, Path...). Thanks to Gary Gregory.
  

• TEXT-236: Inserting at the end of a TextStringBuilder throws a StringIndexOutOfBoundsException. Thanks to Pierre Post, Sumit Bera, Alex Herbert, Gary Gregory.

•        Fix TextStringBuilderTest.testAppendToCharBuffer() to use proper argument type [#724](https://github.com/apache/commons-text/issues/724). Thanks to Michael Hausegger.
  

•        Fix Apache RAT plugin console warnings. Thanks to Gary Gregory.
  

•        Fix site XML to use version 2.0.0 XML schema. Thanks to Gary Gregory.
  

•        Removed unreachable threshold verification code in src/main/java/org/apache/commons/text/similarity [#730](https://github.com/apache/commons-text/issues/730). Thanks to Michael Hausegger.
  

•        Enable secure processing for the XML parser in XmlStringLookup in case the underlying JAXP implementation doesn't [#729](https://github.com/apache/commons-text/issues/729). Thanks to 김민재 (minjas0507), Gary Gregory, Piotr Karwasz.
  

Changes

•        Bump org.apache.commons:commons-parent from 85 to 93 [#704](https://github.com/apache/commons-text/issues/704), [#723](https://github.com/apache/commons-text/issues/723), [#726](https://github.com/apache/commons-text/issues/726). Thanks to Gary Gregory.
  

•        Bump commons.bytebuddy.version from 1.17.6 to 1.18.2 [#696](https://github.com/apache/commons-text/issues/696), [#722](https://github.com/apache/commons-text/issues/722). Thanks to Gary Gregory.
  

•        Bump graalvm.version from 24.2.2 to 25.0.1 [#703](https://github.com/apache/commons-text/issues/703), [#716](https://github.com/apache/commons-text/issues/716). Thanks to Gary Gregory, Dependabot.
  

•        Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0. Thanks to Gary Gregory.
  

•        Bump commons-io:commons-io from 2.20.0 to 2.21.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-text/changes.html

For complete information on Apache Commons Text, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Text website:

https://commons.apache.org/proper/commons-text

Download page: https://commons.apache.org/proper/commons-text/download_text.cgi

... (truncated)

Commits

• 04e9374 Prepare for the release candidate 1.15.0 RC1
• 502c4c4 Prepare for the next release candidate
• c6e17ec Use direct access
• 58e1e12 Simplify XML FSP (#731)
• b5052c9 Bump actions/setup-java from 5.0.0 to 5.1.0
• 2e2d4bc Revert "Bump actions/setup-java from 5.0.0 to 5.1.0"
• b0ddbd1 Bump actions/setup-java from 5.0.0 to 5.1.0
• 1c2d382 Add tests with external DTD
• ed3df4b Internal clean up
• bb508f3 Bump actions/checkout from 6.0.0 to 6.0.1
• Additional commits viewable in compare view

Updates org.apache.commons:commons-compress from 1.26.0 to 1.28.0

Changelog

Sourced from org.apache.commons:commons-compress's changelog.

Apache Commons Compress 1.28.0 Release Notes

The Apache Commons Compress team is pleased to announce the release of Apache Commons Compress 1.28.0.

Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This is a feature and maintenance release. Java 8 or later is required.

This release updates Apache Commons Lang to 3.18.0 to pick up the fix for CVE-2025-48924 (https://nvd.nist.gov/vuln/detail/CVE-2025-48924), but is not affected by it.

Changes in this version

Changes in this version include the following.

New Features

•        Add GzipParameters.getModificationInstant(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.setModificationInstant(Instant). Thanks to Gary Gregory. 
  

•        Add GzipParameters.OS, setOS(OS), getOS(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.toString(). Thanks to Gary Gregory. 
  

• COMPRESS-638: Add GzipParameters.setFileNameCharset(Charset) and getFileNameCharset() to override the default ISO-8859-1 Charset #602. Thanks to vincexjl, Gary Gregory, Piotr P. Karwasz.

•        Add support for gzip extra subfields, see GzipParameters.setExtra(HeaderExtraField) [#604](https://github.com/apache/commons-compress/issues/604). Thanks to ddeschenes-1, Gary Gregory. 
  

•        Add CompressFilterOutputStream and refactor to use. Thanks to Gary Gregory. 
  

•        Add ZipFile.stream(). Thanks to Gary Gregory. 
  

•        GzipCompressorInputStream reads the modification time (MTIME) and stores its value incorrectly multiplied by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        GzipCompressorInputStream writes the modification time (MTIME) the value incorrectly divided by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add optional FHCRC to GZIP header [#627](https://github.com/apache/commons-compress/issues/627). Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder allowing to customize the file name and comment Charsets. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberStart(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberEnd(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add PMD check to default Maven goal. Thanks to Gary Gregory. 
  

•        Add SevenZFile.Builder.setMaxMemoryLimitKiB(int). Thanks to Gary Gregory. 
  

•        Add MemoryLimitException.MemoryLimitException(long, int, Throwable) and deprecate MemoryLimitException.MemoryLimitException(long, int, Exception). Thanks to Gary Gregory. 
  

• COMPRESS-692: Add support for zstd compression in zip archives. Thanks to Mehmet Karaman, Andrey Loskutov, Gary Gregory.

•        Add support for XZ compression in ZIP archives. Thanks to Gary Gregory. 
  

• COMPRESS-695: Add ZipArchiveInputStream.createZstdInputStream(InputStream) to provide a different InputStream implementation for Zstandard (Zstd) #649. Thanks to Gary Gregory.

•        Add org.apache.commons.compress.harmony.pack200.Pack200Exception.Pack200Exception(String, Throwable). Thanks to Gary Gregory. 
  

• COMPRESS-697: Move BitStream.nextBit() method to BitInputStream #663. Thanks to Fredrik Kjellberg, Gary Gregory.

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdCompressorOutputStream.builder/Builder() [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdConstants [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

... (truncated)

Commits

• 852d9c2 Prepare for the release candidate 1.28.0 RC1
• f5eb9e2 Prepare for the next release candidate
• 36f204c Camel case parameter name
• 4c04e4a Use final
• 6cb7da1 Javadoc
• 563c9d2 Javadoc
• ce73bd8 Javadoc
• a464ae9 Better parameter names
• c0b2b84 Add TODO for next major version
• c76bc97 Use OpenVEX to document that we are not affected by CVE-2025-48924 in
• Additional commits viewable in compare view

Updates org.apache.commons:commons-pool2 from 2.12.1 to 2.13.0

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
org.apache.commons:commons-compress	[>= 1.27.a, < 1.28]
org.apache.commons:commons-compress	[< 1.27, > 1.26.0]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions