chore: [DevOps] bump the test group with 4 updates by dependabot[bot] · Pull Request #1176 · SAP/cloud-sdk-java

dependabot · 2026-05-19T07:16:24Z

Bumps the test group with 4 updates: org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-simple, org.slf4j:slf4j-ext and org.apache.maven.plugins:maven-enforcer-plugin.

Updates org.slf4j:jcl-over-slf4j from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-simple from 2.0.17 to 2.0.18

Updates org.slf4j:slf4j-ext from 2.0.17 to 2.0.18

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @hvoynov

Add enforceBytecodeVersion rule based on mojohaus (#968) @cstamas

Improve formatting of deprecated API warning (#951) @mthmulders

🐛 Bug Fixes

Fix handling of Java versions like 21.0.10.0.1 (#967) @parttimenerd

Add null checks for modelId in PluginWrapper (#974) @cpfeiffer

📝 Documentation updates

Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @rpkrajewski

👻 Maintenance

PlexusStringUtils Refaster recipes (#943) @slachiewicz

JUnit Jupiter migration from JUnit 4.x (#941) @slachiewicz

📦 Dependency updates

Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /maven-enforcer-plugin/src/it/projects/MENFORCER-434 (#970) @dependabot[bot]

Deps: Parent POM 48 and align deps (#979) @cstamas

Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975) @dependabot[bot]

Bump mavenVersion from 3.9.14 to 3.9.15 (#973) @dependabot[bot]

Bump mavenVersion from 3.9.13 to 3.9.14 (#965) @dependabot[bot]

Bump mavenVersion from 3.9.12 to 3.9.13 (#964) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#963) @dependabot[bot]

Update log4j in test to avoid CVE (#961) @Bukama

Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 (#962) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#960) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#959) @dependabot[bot]

Bump org.apache.maven:maven-parent from 46 to 47 (#958) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#957) @dependabot[bot]

Update to 46 including fixes (#955) @Bukama

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.5.0 (#956) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#948) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#947) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#946) @dependabot[bot]

Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#945) @dependabot[bot]

Commits

c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
fd4b148 Add fix for 21.0.10.0.1 issue (#967)
f32d597 Deps: Parent POM 48 and align deps (#979)
df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
2da7a68 Add null checks for modelId in PluginWrapper
91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the test group with 4 updates: org.slf4j:jcl-over-slf4j, org.slf4j:slf4j-simple, org.slf4j:slf4j-ext and [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer). Updates `org.slf4j:jcl-over-slf4j` from 2.0.17 to 2.0.18 Updates `org.slf4j:slf4j-simple` from 2.0.17 to 2.0.18 Updates `org.slf4j:slf4j-ext` from 2.0.17 to 2.0.18 Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.2 to 3.6.3 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3) --- updated-dependencies: - dependency-name: org.slf4j:jcl-over-slf4j dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test - dependency-name: org.slf4j:slf4j-simple dependency-version: 2.0.18 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: test - dependency-name: org.slf4j:slf4j-ext dependency-version: 2.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: test - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: test ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 19, 2026

sap-cloud-sdk-bot Bot enabled auto-merge (squash) May 19, 2026 11:19

sap-cloud-sdk-bot Bot approved these changes May 19, 2026

View reviewed changes

sap-cloud-sdk-bot Bot merged commit e71f134 into main May 19, 2026
13 checks passed

sap-cloud-sdk-bot Bot deleted the dependabot/maven/main/test-567f20e7d0 branch May 19, 2026 11:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: [DevOps] bump the test group with 4 updates#1176

chore: [DevOps] bump the test group with 4 updates#1176
sap-cloud-sdk-bot[bot] merged 1 commit into
mainfrom
dependabot/maven/main/test-567f20e7d0

dependabot Bot commented on behalf of github May 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 19, 2026

3.6.3

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants