Bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: com.google.errorprone:error_prone_annotations, com.google.protobuf:protobuf-java, org.apache.maven.plugins:maven-javadoc-plugin and org.apache.maven.plugins:maven-surefire-plugin.

Updates com.google.errorprone:error_prone_annotations from 2.30.0 to 2.31.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.31.0

This is the last planned minor release of Error Prone that will support running on JDK 11, see #3803. Using Error Prone to compile code that is deployed to earlier versions will continue to be fully supported, but will require using JDK 17 or newer for compilation and setting --release or -source/-target/-bootclasspath.

Changes:

• Introduce @ThreadSafeTypeParameter with enforcement by ThreadSafe
• Improved support for latest JDK 24 EA builds
• Error Prone is now distributed as a Multi-Release jar (#3756)

New checks:

• AutoValueBoxedValues: AutoValue instances should not usually contain boxed types that are not Nullable. We recommend removing the unnecessary boxing.

Full changelog: google/error-prone@v2.30.0...v2.31.0

Commits

• 4294aac Release Error Prone 2.31.0
• 5bf91fb Replace {@link ThreadSafeTypeParameter} with {@code ThreadSafeTypeParameter}
• a5a7189 Replace ComparisonChain with a Comparator chain.
• 7e9a100 Make ThreadSafeTypeParameter useful in the open-source version of ErrorProne.
• b4cebef Fix typo noted by @​Stephan202.
• 354104e Remove ThreadSafe.TypeParameter now that it's been replaced by `ThreadSafeT...
• 7542d36 Don't fire CanIgnoreReturnValueSuggester for simple return param; impleme...
• 0a5a5b8 Migrate CollectionIncompatibleType from the deprecated withSignature to `...
• 78218f2 Write more about withSignature.
• 90d9390 Mark some Kotlin ranges as Immutable.
• Additional commits viewable in compare view

Updates com.google.protobuf:protobuf-java from 4.27.3 to 4.28.0

Commits

• See full diff in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.10.0

Commits

• 487e479 [maven-release-plugin] prepare release maven-javadoc-plugin-3.10.0
• 9638a6a [MJAVADOC-785] Align plugin implementation with AbstractMavenReport (maven-re...
• 9d33925 [MJAVADOC-784] Upgrade to Doxia 2.0.0 Milestone Stack
• a11b921 [MJAVADOC-809] Align Mojo class names
• 7c4b467 Bump org.apache.maven.plugins:maven-plugins from 42 to 43
• 636442b Improve ITs
• dbca15a Bump org.hamcrest:hamcrest-core from 2.2 to 3.0
• d02bb88 Bump org.apache.commons:commons-lang3 from 3.15.0 to 3.16.0
• 0a850a1 [MJAVADOC-807] Simplify IT for MJAVADOC-498
• 43e901f Improve URL handling
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.0

Commits

• c78365f [maven-release-plugin] prepare release surefire-3.5.0
• 05e4681 [SUREFIRE-2227] Dynamically calculate xrefTestLocation
• f1a419a [SUREFIRE-2228] Upgrade to Doxia 2.0.0 Milestone Stack
• 5e14d4f [SUREFIRE-2161] Align Mojo class names and output names
• c0784ab Bump org.apache.commons:commons-compress from 1.27.0 to 1.27.1
• 79ea717 [SUREFIRE-2256] Upgrade to Parent 43
• 4648b47 add Reproducible Builds badge
• f64c1b3 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml