Bump the dependencies group across 1 directory with 36 updates #1944

dependabot · 2024-06-17T06:14:35Z

Bumps the dependencies group with 36 updates in the / directory:

Package	From	To
org.owasp:dependency-check-maven	`9.0.9`	`9.2.0`
org.jacoco:jacoco-maven-plugin	`0.8.11`	`0.8.12`
org.apache.maven.plugins:maven-source-plugin	`3.3.0`	`3.3.1`
org.apache.maven.plugins:maven-javadoc-plugin	`3.6.3`	`3.7.0`
org.apache.maven.plugins:maven-gpg-plugin	`3.1.0`	`3.2.4`
org.sonatype.plugins:nexus-staging-maven-plugin	`1.6.13`	`1.7.0`
org.apache.maven.plugins:maven-assembly-plugin	`3.6.0`	`3.7.1`
org.apache.maven.plugins:maven-compiler-plugin	`3.12.1`	`3.13.0`
org.apache.maven.plugins:maven-surefire-plugin	`3.2.5`	`3.3.0`
org.apache.maven.plugins:maven-release-plugin	`3.0.1`	`3.1.0`
ch.qos.logback:logback-classic	`1.5.0`	`1.5.6`
org.slf4j:jul-to-slf4j	`2.0.12`	`2.0.13`
org.slf4j:slf4j-api	`2.0.12`	`2.0.13`
org.apache.maven.plugins:maven-dependency-plugin	`3.6.1`	`3.7.0`
org.postgresql:postgresql	`42.7.2`	`42.7.3`
com.fasterxml.jackson.core:jackson-annotations	`2.16.1`	`2.17.1`
com.fasterxml.jackson.core:jackson-core	`2.16.1`	`2.17.1`
com.fasterxml.jackson.core:jackson-databind	`2.16.1`	`2.17.1`
org.apache.commons:commons-text	`1.11.0`	`1.12.0`
de.fraunhofer.iosb.ilt:Configurable	`0.34`	`0.35`
org.codehaus.mojo:javacc-maven-plugin	`3.0.1`	`3.1.0`
io.github.git-commit-id:git-commit-id-maven-plugin	`7.0.0`	`9.0.0`
org.apache.commons:commons-dbcp2	`2.11.0`	`2.12.0`
org.jooq:jooq	`3.16.23`	`3.19.10`
org.jooq:jooq-meta	`3.16.23`	`3.19.10`
org.jooq:jooq-codegen	`3.16.23`	`3.19.10`
org.keycloak:keycloak-servlet-filter-adapter	`23.0.6`	`24.0.5`
commons-io:commons-io	`2.15.1`	`2.16.1`
org.apache.commons:commons-csv	`1.10.0`	`1.11.0`
de.fraunhofer.iosb.ilt:FROST-Client	`0.44`	`0.45`
org.apache.maven.plugins:maven-shade-plugin	`3.5.1`	`3.6.0`
org.testcontainers:junit-jupiter	`1.19.5`	`1.19.8`
com.google.guava:guava	`33.0.0-jre`	`33.2.1-jre`
org.eclipse.jetty:jetty-servlet	`10.0.20`	`10.0.21`
org.json:json	`20240205`	`20240303`
org.apache.maven.plugins:maven-jar-plugin	`3.3.0`	`3.4.1`

Updates org.owasp:dependency-check-maven from 9.0.9 to 9.2.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 9.2.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 9.1.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 9.0.10

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 9.2.0 (2024-05-15)

docs: update logo per intellj (#6660)

feat: Carthage analyzer (#6614)

fix: Ensure valid JSON output for gitlab report (#6630)

feat: Support Package.swift version 3 Specification (#6578)

chore: Update the packaged suppressions to include new hosted suppressions (#6567)

See the full listing of changes.

Version 9.1.0 (2024-03-31)

feat: Add v2 support for maven_install.json (#6528)

build(deps): bump open-vulnerability-client (#6554)

resolves update issues due to CVSS Metrics 4.0

build(deps): bump jackson.version from 2.16.0 to 2.16.1 (#6353)

build(deps): bump org.jsoup:jsoup from 1.16.2 to 1.17.2 (#6362)

build(deps): bump golang from 1.21.5-alpine to 1.22.1-alpine (#6506)

See the full listing of changes.

Version 9.0.10 (2024-03-15)

fix: #4321 Suppress redis server CVEs for client libraries (#4321) (#6489)

fix: bump commons-compress from 1.25.0 to 1.26.0 to fix CVE-2024-25710 and CVE-2024-26308 (#6492)

feat: Allow to pass NVD API key via environment variable (#6454)

fix: issue 5452 - ConcurrentModificationException in NodePackageAnalyzer.processDependencies - adding synchronized block (#6501)

docs: document the default data directory (#6484)

fix: prevent NPE in bundler audit (#6462)

fix: #6441 Improve suppression rule to not restrict to a single version (#6442)

See the full listing of changes.

Commits

192b4cd build: prepare release v9.2.0
e50e20d docs: update changelog
5ce66cf build(deps): bump org.apache.maven.plugin-tools:maven-plugin-annotations from...
61edfd1 docs: update logo per intellj (#6660)
8b1746e build(deps): bump com.github.spotbugs:spotbugs-annotations from 4.8.4 to 4.8....
754dec1 build(deps): bump maven-plugin-plugin (#6646)
969bc27 build(deps): bump org.apache.maven.plugins:maven-surefire-report-plugin from ...
57b916a build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.4.0 to 4...
9c9c466 build(deps): bump commons-codec:commons-codec from 1.16.1 to 1.17.0 (#6633)
e26096d build(deps): bump commons-cli:commons-cli from 1.6.0 to 1.7.0 (#6629)
Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.12

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.12

New Features

JaCoCo now officially supports Java 22 (GitHub #1596).

Experimental support for Java 23 class files (GitHub #1553).

Fixed bugs

Branches added by the Kotlin compiler for functions with default arguments and having more than 32 parameters are filtered out during generation of report (GitHub #1556).

Branch added by the Kotlin compiler version 1.5.0 and above for reading from lateinit property is filtered out during generation of report (GitHub #1568).

Non-functional Changes

JaCoCo now depends on ASM 9.7 (GitHub #1600).

Commits

dbfb6f2 Prepare release 0.8.12
a50585b Upgrade maven-plugin-plugin to 3.6.4 (#1604)
fd63cc5 Configure labels that Dependabot assigns to PRs (#1603)
03a5333 Add configuration for Dependabot to simplify updates of ASM (#1601)
40ff9fb Upgrade ASM to 9.7 (#1600)
9077178 Happy birthday Java 22! (#1596)
7edd1b5 Bump actions/setup-java from 4.1.0 to 4.2.1 (#1594)
e50b547 Upgrade ECJ to 3.37.0 (#1590)
a1144d0 Upgrade maven-site-plugin to 3.12.1 (#1586)
04b0141 Bump actions/setup-java from 4.0.0 to 4.1.0 (#1587)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1

Commits

f80596e [maven-release-plugin] prepare release maven-source-plugin-3.3.1
7626998 Bump apache/maven-gh-actions-shared from 3 to 4
83c963c Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#18)
40ae495 Bump org.codehaus.plexus:plexus-archiver from 4.8.0 to 4.9.1 (#20)
073462b Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.1 (#21)
0b1c823 Fix typos in AbstractSourceJarMojo exception
099c65a [MSOURCES-142] Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (...
1edeea4 [MSOURCES-139] Fix typo in AbstractSourceJarMojo exception
436966e [maven-release-plugin] prepare for next development iteration
See full diff in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.7.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.7.0

[MJAVADOC-795] - Upgrade to Parent 42 and Maven 3.6.3 (#281) @michael-o

[MJAVADOC-682] - Reactor builds fail when multiple modules with same gr… (#253) @michael-o

directory, not folder (#252) @michael-o

[MJAVADOC-782] - Align read-only parameters naming with other plugins (#251) @michael-o

[MJAVADOC-781] - Upgrade plugins and components (in ITs) (#250) @michael-o

[MJAVADOC-780] - add missing plugin configuration (#249) @hboutemy

📦 Dependency updates

Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0 (#283) @dependabot

Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#282) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#271) @dependabot

Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 (#277) @dependabot

Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#276) @dependabot

[MJAVADOC-789] - Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3 (#268) @dependabot

[MJAVADOC-788] - Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#273) @dependabot

Bump apache/maven-gh-actions-shared from 3 to 4 (#270) @dependabot

Bump com.thoughtworks.qdox:qdox from 2.0.3 to 2.1.0 (#266) @dependabot

Bump org.assertj:assertj-core from 3.25.1 to 3.25.3 (#269) @dependabot

Bump org.codehaus.plexus:plexus-interactivity-api from 1.1 to 1.2 (#258) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.1 (#263) @dependabot

Bump org.assertj:assertj-core from 3.24.2 to 3.25.1 (#260) @dependabot

Bump org.codehaus.plexus:plexus-io from 3.4.1 to 3.4.2 (#262) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.1 (#256) @dependabot

Bump org.codehaus.plexus:plexus-io from 3.4.1 to 3.4.2 (#257) @dependabot

Bump commons-io:commons-io from 2.15.0 to 2.15.1 (#254) @dependabot

📝 Documentation updates

Fix addStylesheets Javadoc (#261) @scordio

👻 Maintenance

Bump org.springframework:spring-context from 4.3.29.RELEASE to 5.2.21.RELEASE in /src/it/projects/MJAVADOC-434_fixcompile (#280) @dependabot

Exclude JDK 8 - temurin, adopt-openj9 on macos (#279) @slawekjaranowski

🔧 Build

Fix build (#264) @slawekjaranowski

Commits

2c28b8d [maven-release-plugin] prepare release maven-javadoc-plugin-3.7.0
5530d68 [MJAVADOC-793] java.lang.NullPointerException: Cannot invoke "String.length()...
08cf68e Revert "Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2"
6446822 Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
49c93ad Bump org.assertj:assertj-core from 3.25.3 to 3.26.0
4e72048 [MJAVADOC-795] Upgrade to Parent 42 and Maven 3.6.3
b55dd96 Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2
77ad410 Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
c21568a Bump commons-io:commons-io from 2.16.0 to 2.16.1
ded56a9 Exclude JDK 8 - temurin, adopt-openj9 on macos
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.4

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.4

Release Notes - Maven GPG Plugin - Version 3.2.4

[MGPG-125] - Fix "bestPractices" (#95) @cstamas

📦 Dependency updates

Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94) @dependabot

3.2.3

Release Notes - Maven GPG Plugin - Version 3.2.3

... (truncated)

Commits

789149e [maven-release-plugin] prepare release maven-gpg-plugin-3.2.4
893aedc [MGPG-125] Fix "bestPractices" (#95)
b6f0324 [MGPG-126] Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#94)
3c5878b [maven-release-plugin] prepare for next development iteration
89b91a4 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.3
fc2efa3 [MGPG-123][MGPG-124] Dependency upgrades (#93)
50222d3 [MGPG-120] New mojo sign-deployed (#88)
a6c3a09 [MGPG-122] Bump org.apache.maven.plugins:maven-invoker-plugin from 3.6.0 to 3...
78f5e37 [MGPG-121] Return the workaround for pseudo security (#90)
582df74 [MGPG-117] Improve passphrase handling (#86)
Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0

Updates org.apache.maven.plugins:maven-assembly-plugin from 3.6.0 to 3.7.1

Release notes

Sourced from org.apache.maven.plugins:maven-assembly-plugin's releases.

3.7.1

Release Notes - Maven Assembly Plugin - Version 3.7.1

What's Changed

[MASSEMBLY-1023] Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 by @dependabot in apache/maven-assembly-plugin#192

[MASSEMBLY-1024] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.1 by @dependabot in apache/maven-assembly-plugin#191

[MASSEMBLY-1025] Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 by @dependabot in apache/maven-assembly-plugin#195

[MASSEMBLY-1022] Unresolved artifacts should be not processed by @slawekjaranowski in apache/maven-assembly-plugin#194

Full Changelog: apache/maven-assembly-plugin@maven-assembly-plugin-3.7.0...maven-assembly-plugin-3.7.1

3.7.0

Release Notes - Maven Assembly Plugin - Version 3.7.0

... (truncated)

Commits

0afbb3e [maven-release-plugin] prepare release maven-assembly-plugin-3.7.1
74e858a [MASSEMBLY-1022] Unresolved artifacts should be not processed
cb56382 [MASSEMBLY-1025] Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2...
86bbed0 [MASSEMBLY-1024] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26...
bdcc4d0 [MASSEMBLY-1023] Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3...
74fe92e [maven-release-plugin] prepare for next development iteration
9be6e87 [maven-release-plugin] prepare release maven-assembly-plugin-3.7.0
e8630dc Bump apache/maven-gh-actions-shared from 3 to 4
98f97a5 Bump org.postgresql:postgresql in /src/it/projects/bugs/massembly-730
c84e110 [MASSEMBLY-1019] Maven 3.6.3 as minimum requirements
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.13.0

🚀 New features and improvements

[MCOMPILER-574] - Propagate cause of exception in AbstractCompilerMojo (#232) @slawekjaranowski

[MCOMPILER-582] - Automatic detection of release option for JDK < 9 (#228) @slawekjaranowski

[MCOMPILER-583] - Require Maven 3.6.3 (#229) @slawekjaranowski

[MCOMPILER-577] - Rename parameter "forceJavacCompilerUse" (#225) @kwin

[MCOMPILER-570] - Add links to javac documentation of JDK17 (#224) @kwin

[MCOMPILER-576] - Deprecate parameter "compilerVersion" (#223) @kwin

📦 Dependency updates

[MCOMPILER-575] - Bump plexusCompilerVersion from 2.14.2 to 2.15.0 (#227) @dependabot

Bump apache/maven-gh-actions-shared from 3 to 4 (#226) @dependabot

📝 Documentation updates

[MCOMPILER-548] - JDK 21 throws annotations processing warning that can not be turned off (#200) @hgschmie

👻 Maintenance

[MCOMPILER-584] - Refresh page - Using Non-Javac Compilers (#231) @slawekjaranowski

[MCOMPILER-585] - Refresh plugins versions in ITs (#230) @slawekjaranowski

subject verb agreement (#221) @elharo

Commits

a1415aa [maven-release-plugin] prepare release maven-compiler-plugin-3.13.0
b2b9196 [MCOMPILER-574] Propagate cause of exception in AbstractCompilerMojo
6d2ce5a [MCOMPILER-584] Refresh page - Using Non-Javac Compilers
eebad60 [MCOMPILER-585] Refresh plugins versions in ITs
ceacf68 [MCOMPILER-582] Automatic detection of release option for JDK < 9
110293f [MCOMPILER-583] Require Maven 3.6.3
90131df [MCOMPILER-575] Bump plexusCompilerVersion from 2.14.2 to 2.15.0 (#227)
74cfc72 [MCOMPILER-548] JDK 21 throws annotations processing warning that can not be ...
f85aa27 Bump apache/maven-gh-actions-shared from 3 to 4
d59ef49 extract Maven 3.3.1 specific method call
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0

Commits

d0b96a4 [maven-release-plugin] prepare release surefire-3.3.0
71796af Bump org.codehaus.plexus:plexus-component-annotations
afb2d4e Bump org.codehaus.plexus:plexus-interpolation from 1.25 to 1.27
e6287dd [SUREFIRE-2232] [REGRESSION] StatelessXmlReporter fails to process failed res...
57b7837 Bump org.htmlunit:htmlunit from 3.11.0 to 4.2.0
fd440c4 Bump org.xmlunit:xmlunit-core from 2.9.1 to 2.10.0
5c34c43 Bump org.assertj:assertj-core from 3.25.3 to 3.26.0
680fb00 Bump org.apache.commons:commons-compress from 1.26.1 to 1.26.2
cad0931 [SUREFIRE-2248] Make "type" attribute on failures and errors in (surefire|fai...
a88d786 [SUREFIRE-2047] Upgrade to maven-common-artifact-filters 3.4.0
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.0.1 to 3.1.0

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.1.0

🚀 New features and improvements

[MRELEASE-1145] - Upgrade to Maven 3.6.3 (#217) @michael-o

[MRELEASE-1139] - Improve logging of sources for used credentials (#209) @kwin

[MRELEASE-1134] - Pass interactive flag to SCM provider (#197) @kwin

🐛 Bug Fixes

[MRELEASE-1064] - [REGRESSION] release:branch uses @releaseLabel instea… (#221) @michael-o

[MRELEASE-1147] - @junitVersion@ never replaced in UTs (make explicit) (#220) @michael-o

[MRELEASE-1148] - Release Manage pulls in transitive dependencies (#219) @michael-o

[MRELEASE-1146] - maven-release-plugin tests do not properly check for … (#218) @michael-o

[MRELEASE-1109] - patch JDomModel (#201) @mkolesnikov

[MRELEASE-1109] - Support CI friendly versions (#198) @kwin

📦 Dependency updates

Bump scmVersion from 2.0.1 to 2.1.0 (#213) @dependabot

Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0 (#215) @dependabot

Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3 (#210) @dependabot

Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#206) @dependabot

Bump org.xmlunit:xmlunit-core from 2.9.1 to 2.10.0 (#214) @dependabot

[MRELEASE-1144] - Upgrade to Parent 42 (#216) @michael-o

Bump apache/maven-gh-actions-shared from 3 to 4 (#212) @dependabot

Bump org.codehaus.plexus:plexus-interactivity-api from 1.1 to 1.2 (#207) @dependabot

Bump org.codehaus.mojo:mrm-maven-plugin from 1.5.0 to 1.6.0 (#200) @dependabot

Bump org.apache.maven.plugins:maven-invoker-plugin from 3.5.1 to 3.6.0 (#204) @dependabot

Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 (#205) @dependabot

[MRELEASE-1128] - update maven-scm to 2.0.1 (#192) @elharo

👻 Maintenance

Bump release-drafter/release-drafter from 5 to 6 (#211) @dependabot

[MRELEASE-1136] - Upgrade parent pom to 41 (#208) @slachiewicz

fixup hamcrest dependencies (#194) @elharo

prefer JDK String replace methods to Plexus ones (#193) @elharo

Commits

f2f9f4e [maven-release-plugin] prepare release maven-release-3.1.0
e109d3b Bump scmVersion from 2.0.1 to 2.1.0
5f794a1 Bump org.apache.maven.shared:maven-invoker from 3.2.0 to 3.3.0
28201bb Bump org.codehaus.plexus:plexus-interactivity-api from 1.2 to 1.3
8547606 Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27
adf6aaf Bump org.xmlunit:xmlunit-core from 2.9.1 to 2.10.0
f3bbb77 [MRELEASE-1064] [REGRESSION] release:branch uses @releaseLabel instead of @br...
fa6c3db [MRELEASE-1145] Upgrade to Maven 3.6.3
167db81 [MRELEASE-1147] @junitVersion@ never replaced in UTs (make explicit)
7249d1f [MRELEASE-1148] Release Manager pulls in transitive dependencies
Additional commits viewable in compare view

Updates ch.qos.logback:logback-classic from 1.5.0 to 1.5.6

Commits

7812a55 prepare release 1.5.6
759fc25 fix issues/805 i.e. LOGBACK-1768, included file with inner conditional
3d55638 start work on 1.5.6-SNAPSHOT
a91d2b6 notes about javadocs
c7c5e89 prepare release 1.5.5
7db8797 upgrade build to slf4j 2.0.13
f9c04d2 test inclusion with conditionals
f32ed30 remove support for metaannotations for NoAutoStart annotation
4476edd Search for @NoAutoStart annotations in ancestor hierarchy, implemented interf...
a649c60 rename IncludeActionTest as IncludeModelHandlerTest
Additional commits viewable in compare view

Updates org.slf4j:jul-to-slf4j from 2.0.12 to 2.0.13

Updates org.slf4j:slf4j-api from 2.0.12 to 2.0.13

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.7.0

[MDEP-941] - Deprecate dependency:sources in favor of dependency:resolv… (#411) @michael-o

[MDEP-838] - "Artifact has not been packaged yet" error message is not … (#412) @michael-o

[MDEP-939] - Lock down classifier in dependency:sources goal (#409) @michael-o

Revert "Fix sources goal for multimodule projects" (#408) @michael-o

[MDEP-923] - Move methods in place where are used (#407) @slawekjaranowski

MDEP-938] Correct invalid property name and add deprecated old one (#404) @hazendaz

[MDEP-835] - Add optional dependency for tree IT (#403) @slawekjaranowski

Add missing dependency (#401) @michael-o

🚀 New features and improvements

[MDEP-799] - tree: add optional output type json (#391) @LogFlames

[MDEP-928] - Allow excluding classes from dependency:analyze (#393) @slawekjaranowski

[MDEP-924] - Get rid of maven-artifact-transfer from list-classes goal (#382) @slawekjaranowski

[MDEP-925] - Require Maven 3.6.3 (#381) @slawekjaranowski

[MDEP-922] - dependency:analyze-exclusions - should report issue only in current project (#378) @slawekjaranowski

[MDEP-917] - dependency:analyze-exclusions - use Resolver API instead of ProjectBuilder (#374) @slawekjaranowski

[MDEP-317] - add mojo to analyze invalid exclusions (#362) @vbreivik

[MDEP-894] - Use @Component only - fix tests (#360) @michael-o

🐛 Bug Fixes

[MDEP-914] - Fix link in collect goal description (#380) @slawekjaranowski

[MDEP-895] - dependency:sources fails for multi-module project (#349) @jmle

[MDEP-771] - Remove broken 404 link (#344) @elharo

📦 Dependency updates

[MDEP-936] - Bump org.apache.maven.shared:maven-dependency-tree from 3.2.1 to 3.3.0 (#397) @dependabot

[MDEP-920] - Bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#395) @dependabot

[MDEP-929] - Bump org.apache.maven.shared:maven-dependency-analyzer from 1.14.0 to 1.14.1 (#394) @dependabot

Bump org.apache.maven.shared:maven-dependency-analyzer from 1.13.2 to 1.14.0 (#392) @dependabot

[MDEP-921] - Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 (#376) @dependabot

Bump org.apache.maven.plugins:maven-plugins from 41 to 42 (#377) @dependabot

[MDEP-920] - Bump org.assertj:assertj-core from 3.24.2 to 3.25.3 (#373) @dependabot

[MDEP-915] - Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#370) @dependabot

Bump jettyVersion from 9.4.53.v20231009 to 9.4.54.v20240208 (#364) @dependabot

[MDEP-915] - Bump commons-io:commons-io from 2.15.1 to 2.16.0 (#369) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#366) @dependabot

Bump apache/maven-gh-actions-shared from 3 to 4 (#365) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.9.0 to 4.9.1 (#358) @dependabot

Bump org.codehaus.plexus:plexus-io from 3.4.1 to 3.4.2 (#359) @dependabot

Bump org.jsoup:jsoup from 1.17.1 to 1.17.2 (#361) @dependabot

Bump ch.qos.logback:logback-classic from 1.2.3 to 1.2.13 in /src/it/projects/mdep-204-go-offline-resolve-intermodule/module-2 (#354) @dependabot

Bump org.apache.commons:commons-text from 1.10.0 to 1.11.0 (#357) @dependabot

Bump org.codehaus.plexus:plexus-archiver from 4.8.0 to 4.9.0 (#348) @dependabot

Bump org.jsoup:jsoup from 1.16.2 to 1.17.1 (#350) @dependabot

Bump commons-io:commons-io from 2.14.0 to 2.15.1 (#352) @dependabot

... (truncated)

Commits

f975bcb [maven-release-plugin] prepare release maven-dependency-plugin-3.7.0
Description has been truncated

Bumps the dependencies group with 36 updates in the / directory: | Package | From | To | | --- | --- | --- | | [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `9.0.9` | `9.2.0` | | [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.11` | `0.8.12` | | [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.0` | `3.3.1` | | [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.6.3` | `3.7.0` | | [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.1.0` | `3.2.4` | | org.sonatype.plugins:nexus-staging-maven-plugin | `1.6.13` | `1.7.0` | | [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) | `3.6.0` | `3.7.1` | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.12.1` | `3.13.0` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.2.5` | `3.3.0` | | [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `3.0.1` | `3.1.0` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.0` | `1.5.6` | | org.slf4j:jul-to-slf4j | `2.0.12` | `2.0.13` | | org.slf4j:slf4j-api | `2.0.12` | `2.0.13` | | [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.6.1` | `3.7.0` | | [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc) | `42.7.2` | `42.7.3` | | [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.16.1` | `2.17.1` | | [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) | `2.16.1` | `2.17.1` | | [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.16.1` | `2.17.1` | | org.apache.commons:commons-text | `1.11.0` | `1.12.0` | | [de.fraunhofer.iosb.ilt:Configurable](https://github.com/FraunhoferIOSB/Configurable) | `0.34` | `0.35` | | [org.codehaus.mojo:javacc-maven-plugin](https://github.com/mojohaus/javacc-maven-plugin) | `3.0.1` | `3.1.0` | | [io.github.git-commit-id:git-commit-id-maven-plugin](https://github.com/git-commit-id/git-commit-id-maven-plugin) | `7.0.0` | `9.0.0` | | org.apache.commons:commons-dbcp2 | `2.11.0` | `2.12.0` | | org.jooq:jooq | `3.16.23` | `3.19.10` | | org.jooq:jooq-meta | `3.16.23` | `3.19.10` | | org.jooq:jooq-codegen | `3.16.23` | `3.19.10` | | org.keycloak:keycloak-servlet-filter-adapter | `23.0.6` | `24.0.5` | | commons-io:commons-io | `2.15.1` | `2.16.1` | | [org.apache.commons:commons-csv](https://github.com/apache/commons-csv) | `1.10.0` | `1.11.0` | | [de.fraunhofer.iosb.ilt:FROST-Client](https://github.com/FraunhoferIOSB/FROST-Client) | `0.44` | `0.45` | | [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.5.1` | `3.6.0` | | [org.testcontainers:junit-jupiter](https://github.com/testcontainers/testcontainers-java) | `1.19.5` | `1.19.8` | | [com.google.guava:guava](https://github.com/google/guava) | `33.0.0-jre` | `33.2.1-jre` | | org.eclipse.jetty:jetty-servlet | `10.0.20` | `10.0.21` | | [org.json:json](https://github.com/douglascrockford/JSON-java) | `20240205` | `20240303` | | [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) | `3.3.0` | `3.4.1` | Updates `org.owasp:dependency-check-maven` from 9.0.9 to 9.2.0 - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v9.0.9...v9.2.0) Updates `org.jacoco:jacoco-maven-plugin` from 0.8.11 to 0.8.12 - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.11...v0.8.12) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.0 to 3.3.1 - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.0...maven-source-plugin-3.3.1) Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.6.3 to 3.7.0 - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.6.3...maven-javadoc-plugin-3.7.0) Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.1.0 to 3.2.4 - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.1.0...maven-gpg-plugin-3.2.4) Updates `org.sonatype.plugins:nexus-staging-maven-plugin` from 1.6.13 to 1.7.0 Updates `org.apache.maven.plugins:maven-assembly-plugin` from 3.6.0 to 3.7.1 - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.6.0...maven-assembly-plugin-3.7.1) Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.12.1 to 3.13.0 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.12.1...maven-compiler-plugin-3.13.0) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.2.5 to 3.3.0 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.2.5...surefire-3.3.0) Updates `org.apache.maven.plugins:maven-release-plugin` from 3.0.1 to 3.1.0 - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](apache/maven-release@maven-release-3.0.1...maven-release-3.1.0) Updates `ch.qos.logback:logback-classic` from 1.5.0 to 1.5.6 - [Commits](qos-ch/logback@v_1.5.0...v_1.5.6) Updates `org.slf4j:jul-to-slf4j` from 2.0.12 to 2.0.13 Updates `org.slf4j:slf4j-api` from 2.0.12 to 2.0.13 Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.6.1 to 3.7.0 - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.6.1...maven-dependency-plugin-3.7.0) Updates `org.postgresql:postgresql` from 42.7.2 to 42.7.3 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.2...REL42.7.3) Updates `org.slf4j:slf4j-api` from 2.0.12 to 2.0.13 Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.16.1 to 2.17.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.core:jackson-core` from 2.16.1 to 2.17.1 - [Commits](FasterXML/jackson-core@jackson-core-2.16.1...jackson-core-2.17.1) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.16.1 to 2.17.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `com.fasterxml.jackson.core:jackson-core` from 2.16.1 to 2.17.1 - [Commits](FasterXML/jackson-core@jackson-core-2.16.1...jackson-core-2.17.1) Updates `org.apache.commons:commons-text` from 1.11.0 to 1.12.0 Updates `de.fraunhofer.iosb.ilt:Configurable` from 0.34 to 0.35 - [Changelog](https://github.com/FraunhoferIOSB/Configurable/blob/master/CHANGELOG.md) - [Commits](FraunhoferIOSB/Configurable@v0.34...v0.35) Updates `com.fasterxml.jackson.core:jackson-databind` from 2.16.1 to 2.17.1 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `org.codehaus.mojo:javacc-maven-plugin` from 3.0.1 to 3.1.0 - [Release notes](https://github.com/mojohaus/javacc-maven-plugin/releases) - [Commits](mojohaus/javacc-maven-plugin@javacc-maven-plugin-3.0.1...3.1.0) Updates `io.github.git-commit-id:git-commit-id-maven-plugin` from 7.0.0 to 9.0.0 - [Release notes](https://github.com/git-commit-id/git-commit-id-maven-plugin/releases) - [Commits](git-commit-id/git-commit-id-maven-plugin@v7.0.0...v9.0.0) Updates `org.apache.commons:commons-dbcp2` from 2.11.0 to 2.12.0 Updates `org.jooq:jooq` from 3.16.23 to 3.19.10 Updates `org.jooq:jooq-meta` from 3.16.23 to 3.19.10 Updates `org.jooq:jooq-codegen` from 3.16.23 to 3.19.10 Updates `org.jooq:jooq-codegen` from 3.16.23 to 3.19.10 Updates `org.keycloak:keycloak-servlet-filter-adapter` from 23.0.6 to 24.0.5 Updates `commons-io:commons-io` from 2.15.1 to 2.16.1 Updates `org.apache.commons:commons-csv` from 1.10.0 to 1.11.0 - [Changelog](https://github.com/apache/commons-csv/blob/master/RELEASE-NOTES.txt) - [Commits](apache/commons-csv@rel/commons-csv-1.10.0...rel/commons-csv-1.11.0) Updates `de.fraunhofer.iosb.ilt:FROST-Client` from 0.44 to 0.45 - [Changelog](https://github.com/FraunhoferIOSB/FROST-Client/blob/master/CHANGELOG.md) - [Commits](FraunhoferIOSB/FROST-Client@v0.44...v0.45) Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.5.1 to 3.6.0 - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.5.1...maven-shade-plugin-3.6.0) Updates `org.testcontainers:junit-jupiter` from 1.19.5 to 1.19.8 - [Release notes](https://github.com/testcontainers/testcontainers-java/releases) - [Changelog](https://github.com/testcontainers/testcontainers-java/blob/main/CHANGELOG.md) - [Commits](testcontainers/testcontainers-java@1.19.5...1.19.8) Updates `com.google.guava:guava` from 33.0.0-jre to 33.2.1-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `org.eclipse.jetty:jetty-servlet` from 10.0.20 to 10.0.21 Updates `org.json:json` from 20240205 to 20240303 - [Release notes](https://github.com/douglascrockford/JSON-java/releases) - [Changelog](https://github.com/stleary/JSON-java/blob/master/docs/RELEASES.md) - [Commits](https://github.com/douglascrockford/JSON-java/commits) Updates `org.apache.maven.plugins:maven-jar-plugin` from 3.3.0 to 3.4.1 - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.3.0...maven-jar-plugin-3.4.1) --- updated-dependencies: - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.jacoco:jacoco-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.sonatype.plugins:nexus-staging-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ch.qos.logback:logback-classic dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.slf4j:jul-to-slf4j dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.postgresql:postgresql dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.slf4j:slf4j-api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.commons:commons-text dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: de.fraunhofer.iosb.ilt:Configurable dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.codehaus.mojo:javacc-maven-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: io.github.git-commit-id:git-commit-id-maven-plugin dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: org.apache.commons:commons-dbcp2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.jooq:jooq dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.jooq:jooq-meta dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.jooq:jooq-codegen dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.jooq:jooq-codegen dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.keycloak:keycloak-servlet-filter-adapter dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.commons:commons-csv dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: de.fraunhofer.iosb.ilt:FROST-Client dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.testcontainers:junit-jupiter dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: com.google.guava:guava dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: org.eclipse.jetty:jetty-servlet dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: org.json:json dependency-type: direct:development update-type: version-update:semver-major dependency-group: dependencies - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-06-24T06:15:49Z

Superseded by #1950.

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jun 17, 2024

dependabot bot closed this Jun 24, 2024

dependabot bot deleted the dependabot/maven/v2.0.x/dependencies-dc48f3c6ec branch June 24, 2024 06:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group across 1 directory with 36 updates #1944

Bump the dependencies group across 1 directory with 36 updates #1944

dependabot bot commented on behalf of github Jun 17, 2024 •

edited

Loading

dependabot bot commented on behalf of github Jun 24, 2024

Bump the dependencies group across 1 directory with 36 updates #1944

Bump the dependencies group across 1 directory with 36 updates #1944

Conversation

dependabot bot commented on behalf of github Jun 17, 2024 • edited Loading

Version 9.2.0

Version 9.1.0

Version 9.0.10

Version 9.2.0 (2024-05-15)

Version 9.1.0 (2024-03-31)

Version 9.0.10 (2024-03-15)

0.8.12

New Features

Fixed bugs

Non-functional Changes

3.7.0

📦 Dependency updates

📝 Documentation updates

👻 Maintenance

🔧 Build

3.2.4

📦 Dependency updates

3.2.3

3.7.1

Release Notes - Maven Assembly Plugin - Version 3.7.1

What's Changed

3.7.0

Release Notes - Maven Assembly Plugin - Version 3.7.0

3.13.0

🚀 New features and improvements

📦 Dependency updates

📝 Documentation updates

👻 Maintenance

3.1.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

3.7.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

dependabot bot commented on behalf of github Jun 24, 2024

dependabot bot commented on behalf of github Jun 17, 2024 •

edited

Loading