Skip to content

build: bump the maven group across 1 directory with 6 updates#182

Merged
ObserverOfTime merged 1 commit into
masterfrom
dependabot/maven/maven-c7ac821a45
Jun 30, 2026
Merged

build: bump the maven group across 1 directory with 6 updates#182
ObserverOfTime merged 1 commit into
masterfrom
dependabot/maven/maven-c7ac821a45

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the maven group with 6 updates in the / directory:

Package From To
org.junit:junit-bom 6.0.1 6.1.1
com.diffplug.spotless:spotless-maven-plugin 3.1.0 3.8.0
com.github.spotbugs:spotbugs-maven-plugin 4.9.8.2 4.10.2.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.6
dev.sigstore:sigstore-maven-plugin 2.0.0 2.2.0
io.github.mavenplugins:central-publishing-maven-plugin 1.1.1 1.3.0

Updates org.junit:junit-bom from 6.0.1 to 6.1.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.1.1 = Platform 6.1.1 + Jupiter 6.1.1 + Vintage 6.1.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.1.0...r6.1.1

JUnit 6.1.0 = Platform 6.1.0 + Jupiter 6.1.0 + Vintage 6.1.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.3...r6.1.0

JUnit 6.1.0-RC1 = Platform 6.1.0-RC1 + Jupiter 6.1.0-RC1 + Vintage 6.1.0-RC1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.1.0-M1...r6.1.0-RC1

JUnit 6.1.0-M1 = Platform 6.1.0-M1 + Jupiter 6.1.0-M1 + Vintage 6.1.0-M1

See Release Notes.

New Contributors

Full Changelog: junit-team/junit-framework@r6.0.0...r6.1.0-M1

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

... (truncated)

Commits
  • 0d85889 Release 6.1.1
  • 0363eee Finalize 6.1.1 release notes
  • a6d540a Move entry to 6.1.1 release notes
  • 69339d5 Only pass timeout when publishing to avoid failure in nmcp plugin
  • dec2eb9 Allow excluding engines from memory cleanup mode (#5786)
  • a5f4270 Publish sha256/sha512 checksums again but filter out signature ones (#5796)
  • 8213012 Update plugin nmcp-settings to v1.6.0 (#5787)
  • d1bf847 Generate Javadoc for aggregator modules
  • d721de5 Pass --no-fonts to javadoc convention
  • d289ec6 Restore original SetSystemProperty values in a ParameterizedTest (#5720)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.8.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.8.0

Added

  • Add support for custom string format for license header copyright year via yearStringFormat(). (#2965)

Fixed

  • <expandWildcardImports> no longer triggers a full transitive dependency resolution on every build. Dependency resolution is now deferred until the step actually runs, so projects that do not use <expandWildcardImports> (or that use version ranges) are no longer penalized. (#2983)

Maven Plugin v3.7.0

Fixed

  • Parse standard git year output in LicenseHeaderStep. (#2940)
  • <toggleOffOn> no longer disables lint-only steps such as <forbidWildcardImports>. (#2962)
  • Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Added

  • Add support for AsciiDoc formatting via adocfmt. (#2960)
  • <flexmark> step now supports arbitrary formatter options via <formatterOptions>. (#2968)

Maven Plugin v3.6.0

Added

  • Add <cacheDirectory> to <eclipse>, <greclipse>, and <eclipseCdt> for the Equo/Solstice P2 cache. (#2944)
  • EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)

Fixed

  • <versionCatalog> no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)
  • spotless:apply no longer aborts on the first file with lints; it now formats all files and reports a single aggregated lint failure across every file, matching the Gradle plugin's behavior. (#2937)
  • <greclipse> and <eclipseCdt> now default P2 data to the Maven local repository. (#2944)
  • forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)

Changes

  • Improved formatting performance by eliminating redundant per-step line-ending normalization in the core formatter loop. (#2934)

Maven Plugin v3.5.1

Fixed

  • <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
  • Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Maven Plugin v3.5.0

Added

  • <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
  • Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
  • Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
  • Add a expandWildcardImports API for java (#2829)

Fixed

  • Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
  • The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
  • Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

  • Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
  • Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
  • Bump default cleanthat version 2.24 -> 2.25. (#2903)
  • Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)

Maven Plugin v3.4.0

... (truncated)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[4.8.0] - 2026-06-29

Added

  • Add support for custom string format for license header copyright year via yearStringFormat(). (#2965)

[4.7.0] - 2026-06-16

Added

  • Add support for AsciiDoc formatting via adocfmt. (#2960)
  • flexmark step now supports arbitrary formatter options via a formatterOptions map. (#2968)

Fixed

  • FenceStep.preserveWithin now forwards lints from nested steps while still suppressing lints inside preserved blocks. (#2962)
  • Support ktfmt 0.63 and use its new builder API for formatting options to better avoid future breaking changes.
  • Parse standard git year output in LicenseHeaderStep. (#2940)
  • Fix StringIndexOutOfBoundsException in scenarios where copyright year is surrounded by whitespace. (#2973)

Changes

  • Bump default greclipse version to latest 4.35 -> 4.39. (#2924)

[4.6.2] - 2026-05-27

Fixed

  • P2Provisioner now passes cache directory overrides directly to Solstice. (#2944)
  • forbidWildcardImports and forbidModuleImports now detect imports that have leading whitespace (indentation/tabs). (#2939)
  • versionCatalog step no longer splits long inline tables across multiple lines — Gradle's TOML 1.0 parser cannot read multi-line inline tables. The maxLineLength option has been removed. (#2948)

Changes

  • EclipseJdtFormtterStep now can conditionally set compiler source/compliance options. Allows for better parsing of AST Node for newer language features and more correct sorting; e.g. records or seal classes. (#2942)
  • Formatter no longer recomputes line-ending normalization (LineEnding.toUnix) a second time for every formatter step that changes content, removing redundant O(n) work from the core formatting loop. (#2934)
  • expandWildcardImports support pom type dependency. (#2839)

[4.6.1] - 2026-05-15

Fixed

  • LicenseHeaderStep in SET_FROM_GIT year mode no longer invokes git log through bash -c / cmd /c, eliminating a shell-injection vector when processing repositories that contain files whose names include shell metacharacters.

[4.6.0] - 2026-05-14

Added

  • scalafmt() now reads the version from the version field in the scalafmt config file when no version is explicitly set in the plugin config, falling back to the built-in default only if neither is available. (#2922)
  • Add versionCatalog step for formatting and sorting Gradle version catalog (.toml) files. (#2916)
  • Add javaparserVersion option to the Cleanthat step, allowing callers to override the JavaParser version pulled in transitively by Cleanthat. (#2903)

Fixed

... (truncated)

Commits
  • 03d43ba Published maven/3.8.0
  • 8b80c13 Published gradle/8.8.0
  • 8ee6cf9 Published lib/4.8.0
  • 6c02c0b Add missing changelog entry.
  • 264f4cc Add regression test for forbidWildcardImports inside toggleOffOn (#2982)
  • 6abb064 fix #2983, expandWildcardImports triggers a full transitive reso… (#2984)
  • f4536d4 Update plugin spotbugs to v6.5.8 (#2987)
  • 873454a Update plugin spotbugs to v6.5.8
  • 000b8a8 Update dependency org.junit.jupiter:junit-jupiter to v6.1.1 (#2985)
  • 84ebcab Update dependency org.junit.jupiter:junit-jupiter to v6.1.1
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 to 4.10.2.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.10.2.0

  • Support spotbugs 4.10.2

What's Changed

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.5...spotbugs-maven-plugin-4.10.2.0

Spotbugs Maven Plugin 4.9.8.5

What's Changed

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.4...spotbugs-maven-plugin-4.9.8.5

Spotbugs Maven Plugin 4.9.8.4

  • build support for maven 4 with maven 4 plugins
  • spotbugs extensions jars now moved to target/spotbugs instead of root
  • new spotbugs-aggregate mojo for multi module
  • support maven toolchains
  • block gui when environment is headless
  • all spotbug extensions as regular dependencies
  • learn to map spotbug extensions to their source project documentation
  • in auxiliary class path exclude java.* packages
  • improve code coverage

note: This release was done on older spotbugs (not the new 4.10.1) on purpose to keep these changes separate from that of spotbugs. The spotbugs 4.10.1 support release will be available in a day or two and users can otherwise override the core module as there are no changes to be done internally.

Spotbugs Maven Plugin 4.9.8.3

Consumer

  • Fix support for noClassOk
  • Fix xref links
  • library updates

Build

  • Update actions
  • Plugin updates
  • Restore spock test runs
  • Update copyright date on files from 2025 to 2026 to keep java 8 release in line with master
Commits
  • 2d39b75 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.10.2.0
  • 6c300e6 [pom] Bump internal spotbugs to 4.9.8.5
  • 250d685 Merge pull request #1425 from spotbugs/renovate/spotbugs.version
  • 12f6fb3 Merge pull request #1429 from spotbugs/hazendaz-patch-1
  • aaf0a09 Update ci.yaml
  • 8b5dff4 Merge branch 'master' into renovate/spotbugs.version
  • c83698d Update pom.xml
  • b8788fd [maven-release-plugin] prepare for next development iteration
  • f758cb5 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.5
  • cec6af5 Update pom.xml
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

  • Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

... (truncated)

Commits
  • 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
  • e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
  • dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
  • 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
  • 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
  • 04ad9a2 Use surefire 3.5.5 by project itself for testing
  • 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
  • a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
  • e838393 deploy 3.5.x branch to nexus
  • Additional commits viewable in compare view

Updates dev.sigstore:sigstore-maven-plugin from 2.0.0 to 2.2.0

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.2.0

See CHANGELOG.md for more details.

What's Changed

New Contributors

Full Changelog: sigstore/sigstore-java@v2.1.0...v2.2.0

v2.1.0

See CHANGELOG.md for more details.

What's Changed

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.2.0] - 2026-06-10

Added

Changed

  • DSSE types logged with rekor v2 will use hashedrekord as the log entry type, the dsse log type is no longer in use for rekor v2: sigstore/sigstore-java#1202

[2.1.0] - 2026-05-21

Added

Fixed

Commits
  • 55eec24 Merge pull request #1204 from sigstore/token-from-env
  • 80faad5 Merge pull request #1194 from arpitjain099/chore/cifuzz-perms
  • 7093d0b Add SIGSTORE_JAVA_ID_TOKEN for passing id token
  • ec147e7 ci: declare contents: read permissions on cifuzz workflow
  • 67503fc Merge pull request #1188 from arpitjain099/chore/declare-workflow-perms
  • d59fe48 Merge pull request #1193 from sigstore/renovate/com.github.vlsi.gradle-extens...
  • c04b6d2 Merge pull request #1178 from sigstore/renovate/jetty-monorepo
  • a52fc64 Update jetty monorepo to v12.1.10
  • fde64e4 Update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-ex...
  • ef3f101 Merge pull request #1202 from sigstore/dsseXhashedrekord
  • Additional commits viewable in compare view

Updates io.github.mavenplugins:central-publishing-maven-plugin from 1.1.1 to 1.3.0

Release notes

Sourced from io.github.mavenplugins:central-publishing-maven-plugin's releases.

v1.3.0

What's Changed

🚀 New features and improvements

👻 Maintenance

🔧 Build

🛡️ Security

📦 Dependency updates

❤️ Thanks

Many thanks for collaboration on this release for: @​mhoffrog

Full Changelog: mavenplugins/central-publishing-maven-plugin@v1.2.0...v1.3.0

v1.2.0

What's Changed

⚠️ Deprecated

  • Merge original v0.9.0 changes and deprecate skipBundling (#40) @​mhoffrog

🚀 New features and improvements

  • Merge original v0.9.0 changes and deprecate skipBundling (#40) @​mhoffrog

🐛 Bug Fixes

... (truncated)

Commits
  • 4b7dd6a [unleash-maven-plugin] 1.3.0 -> 1.3.1-SNAPSHOT Preparation for tag v1.3.0
  • d8f7be0 Bump org.apache.httpcomponents.client5:httpclient5 from 5.5 to 5.6.1
  • b1e70cd Bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.4.0
  • 8f3ee5a Bump org.apache.maven:maven-compat from 3.9.0 to 3.9.15
  • 45df894 Bump io.fabric8:docker-maven-plugin from 0.48.0 to 0.48.1
  • d8d2b10 Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre
  • 4626d6d Bump GHCICD/delete-deployment-environment from v3 to vHEAD
  • bb0974c Bump GHCICD/delete-deployment-environment from 3 to 4
  • ae4b8a3 Integrate changes of original version 0.11.0
  • 15db4a7 Bump plugin version to be used for release staging to most recent release
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the maven group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.junit:junit-bom](https://github.com/junit-team/junit-framework) | `6.0.1` | `6.1.1` |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `3.1.0` | `3.8.0` |
| [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.8.2` | `4.10.2.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.6` |
| [dev.sigstore:sigstore-maven-plugin](https://github.com/sigstore/sigstore-java) | `2.0.0` | `2.2.0` |
| [io.github.mavenplugins:central-publishing-maven-plugin](https://github.com/mavenplugins/central-publishing-maven-plugin) | `1.1.1` | `1.3.0` |



Updates `org.junit:junit-bom` from 6.0.1 to 6.1.1
- [Release notes](https://github.com/junit-team/junit-framework/releases)
- [Commits](junit-team/junit-framework@r6.0.1...r6.1.1)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.1.0 to 3.8.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@lib/3.1.0...maven/3.8.0)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.8.2 to 4.10.2.0
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.2...spotbugs-maven-plugin-4.10.2.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.6
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.6)

Updates `dev.sigstore:sigstore-maven-plugin` from 2.0.0 to 2.2.0
- [Release notes](https://github.com/sigstore/sigstore-java/releases)
- [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md)
- [Commits](sigstore/sigstore-java@v2.0.0...v2.2.0)

Updates `io.github.mavenplugins:central-publishing-maven-plugin` from 1.1.1 to 1.3.0
- [Release notes](https://github.com/mavenplugins/central-publishing-maven-plugin/releases)
- [Commits](mavenplugins/central-publishing-maven-plugin@v1.1.1...v1.3.0)

---
updated-dependencies:
- dependency-name: org.junit:junit-bom
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.8.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: dev.sigstore:sigstore-maven-plugin
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: io.github.mavenplugins:central-publishing-maven-plugin
  dependency-version: 1.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Dependency updates label Jun 30, 2026
@ObserverOfTime ObserverOfTime merged commit b720f04 into master Jun 30, 2026
9 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/maven-c7ac821a45 branch June 30, 2026 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant