Skip to content

chore(deps): bump the all-maven-dependencies group across 1 directory with 6 updates#100

Merged
jorsol merged 1 commit intomainfrom
dependabot/maven/all-maven-dependencies-7a211e0671
May 2, 2026
Merged

chore(deps): bump the all-maven-dependencies group across 1 directory with 6 updates#100
jorsol merged 1 commit intomainfrom
dependabot/maven/all-maven-dependencies-7a211e0671

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the all-maven-dependencies group with 6 updates in the / directory:

Package From To
com.google.errorprone:error_prone_core 2.48.0 2.49.0
com.puppycrawl.tools:checkstyle 13.4.0 13.4.1
net.sourceforge.pmd:pmd-core 7.23.0 7.24.0
net.sourceforge.pmd:pmd-java 7.23.0 7.24.0
org.sonarsource.scanner.maven:sonar-maven-plugin 5.5.0.6356 5.6.0.6792
org.apache.maven.plugins:maven-invoker-plugin 3.9.1 3.10.0

Updates com.google.errorprone:error_prone_core from 2.48.0 to 2.49.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.49.0

This release includes several changes to Matcher APIs, and removed some deprecated or problematic APIs:

  • Remove deprecated MethodMatchers.withSignature API, which relies on fragile toString behaviour. Alternatives for matching on method signatures with varargs and type parameters were added in google/error-prone@a98a1c5.
  • Removed variableType(Matcher) API. Matchers.variableType(Matcher) uses VariableTree#getType to match variable types, which own't work for lambda parameters with inferred types after JDK-8268850. The recommended replacement is variableType(TypePredicate).
  • Make enclosingPackage return an optional. Module elements are not enclosed by a package, checks using enclosingPackage shouldn't assume an enclosing package exists when processing arbitrary elements.
  • New FieldMatchers API, similar to MethodMatchers (google/error-prone@1dd9c3a).

New checks:

Closed issues: #2283, #3503, #5210, #5289, #5548, #5548, #5554, #5609, #5614, #5656

Full changelog: google/error-prone@v2.48.0...v2.49.0

Commits
  • 89d75c1 Release Error Prone 2.49.0
  • 0b7b03b Fix up some javadoc on `ModifySourceCollectionInStream.isStreamApiInvocationO...
  • fe5a7b1 Remove old FieldMatchers API
  • d54a1d1 Fix up some Finally javadocs.
  • d93b319 [RefactorSwitch] bugfix comment handling
  • ff59782 [IfChainToSwitch] cleanup redundant conditions in ternary. No functional cha...
  • 43b6df6 Generalise DuplicateAssertion to handle check* methods.
  • 2c4346f Fix a bug in BooleanLiteral: it currently suggests replacing `Boolean.FALSE...
  • 559039b [IfChainToSwitch] doc-only change. fix typo in code comments.
  • 393c61c [IfChainToSwitch] enhance code generation to emit unnamed variables, when sup...
  • Additional commits viewable in compare view

Updates com.puppycrawl.tools:checkstyle from 13.4.0 to 13.4.1

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.4.1

Checkstyle 13.4.1 - https://checkstyle.org/releasenotes.html#Release_13.4.1

Bug fixes:

#5460 - ImportOrder: option=under; doesn't allow empty line between 'import' and 'import static'. #19641 - Add checks for OpenJDK Style §3.10 - Variable Declarations. #19620 - Add checks for OpenJDK Style §3.14 - Literals. #19619 - Add checks for OpenJDK Style §3.7 - Indentation. #19617 - Add checks for OpenJDK Style §2 - Java Source Files. #19662 - Add checks for OpenJDK Style §3.12 - Lambda Expressions. #19559 - AnnotationLocation allows same-line parameterless annotation on class declarations (violates Google Style §4.8.5.2). #19608 - False negative: VariableDeclarationUsageDistance does not flag variable usage inside try blocks. #19682 - Add RECORD_DEF and COMPACT_CTOR_DEF to AtclauseOrder target in google_checks.xml.

Commits
  • 2da95d8 [maven-release-plugin] prepare release checkstyle-13.4.1
  • 5dc79fb doc: release notes for 13.4.1
  • 2a504e4 dependency: bump pmd.version from 7.23.0 to 7.24.0
  • ac2e43f Issue #11440: add comment over testEqualsAndHashCode in XpathFilterElementTest
  • c32d6da Issue #11440: remove redundant tests in XpathFilterElementTest
  • cc58700 Issue #11440: remove tests from XpathFilterElementTest
  • 5489634 dependency: bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 79f6c6c dependency: bump the rewrite group with 3 updates
  • e617f8c Issue #19739: Remove '//ok' comments from it Input files
  • 2cccddd Issue #5460: Fix false positive in ImportOrder for separator between static a...
  • Additional commits viewable in compare view

Updates net.sourceforge.pmd:pmd-core from 7.23.0 to 7.24.0

Release notes

Sourced from net.sourceforge.pmd:pmd-core's releases.

PMD 7.24.0 (24-April-2026)

24-April-2026 - 7.24.0

The PMD team is pleased to announce PMD 7.24.0.

This is a minor release.

Table Of Contents

🌟️ New Rules

  • The new Apex rule AvoidInterfaceAsMapKey reports Map declarations (fields, variables, parameters) whose key type is an interface that has at least one abstract implementing class defining equals or hashCode. Using such maps results in potentially duplicated map entries or not being able to get entries by key.
  • The new Java rule OverridingThreadRun finds overridden Thread::run methods. This is not recommended. Instead, implement Runnable and pass an instance to the thread constructor.

🐛️ Fixed Issues

  • apex
    • #5386: [apex] Apex files ending in "Test" are skipped with a number of rules
  • apex-errorprone
    • #6492: [apex] New rule: Prevent use of interface -> abstract class with equals/hashCode as key in Map
  • apex-security
    • #5385: [apex] ApexCRUDViolation not reported even if SOQL doesn't have permissions check on it
  • java-bestpractices
    • #4272: [java] JUnitTestsShouldIncludeAssert: False positive with assert in lambda
  • java-multithreading
    • #595: [java] New rule: Implement Runnable instead of extending Thread
  • kotlin
    • #6003: [kotlin] Support multidollar interpolation (Kotlin 2.2)

✨️ Merged pull requests

... (truncated)

Commits

Updates net.sourceforge.pmd:pmd-java from 7.23.0 to 7.24.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.24.0 (24-April-2026)

24-April-2026 - 7.24.0

The PMD team is pleased to announce PMD 7.24.0.

This is a minor release.

Table Of Contents

🌟️ New Rules

  • The new Apex rule AvoidInterfaceAsMapKey reports Map declarations (fields, variables, parameters) whose key type is an interface that has at least one abstract implementing class defining equals or hashCode. Using such maps results in potentially duplicated map entries or not being able to get entries by key.
  • The new Java rule OverridingThreadRun finds overridden Thread::run methods. This is not recommended. Instead, implement Runnable and pass an instance to the thread constructor.

🐛️ Fixed Issues

  • apex
    • #5386: [apex] Apex files ending in "Test" are skipped with a number of rules
  • apex-errorprone
    • #6492: [apex] New rule: Prevent use of interface -> abstract class with equals/hashCode as key in Map
  • apex-security
    • #5385: [apex] ApexCRUDViolation not reported even if SOQL doesn't have permissions check on it
  • java-bestpractices
    • #4272: [java] JUnitTestsShouldIncludeAssert: False positive with assert in lambda
  • java-multithreading
    • #595: [java] New rule: Implement Runnable instead of extending Thread
  • kotlin
    • #6003: [kotlin] Support multidollar interpolation (Kotlin 2.2)

✨️ Merged pull requests

... (truncated)

Commits

Updates net.sourceforge.pmd:pmd-java from 7.23.0 to 7.24.0

Release notes

Sourced from net.sourceforge.pmd:pmd-java's releases.

PMD 7.24.0 (24-April-2026)

24-April-2026 - 7.24.0

The PMD team is pleased to announce PMD 7.24.0.

This is a minor release.

Table Of Contents

🌟️ New Rules

  • The new Apex rule AvoidInterfaceAsMapKey reports Map declarations (fields, variables, parameters) whose key type is an interface that has at least one abstract implementing class defining equals or hashCode. Using such maps results in potentially duplicated map entries or not being able to get entries by key.
  • The new Java rule OverridingThreadRun finds overridden Thread::run methods. This is not recommended. Instead, implement Runnable and pass an instance to the thread constructor.

🐛️ Fixed Issues

  • apex
    • #5386: [apex] Apex files ending in "Test" are skipped with a number of rules
  • apex-errorprone
    • #6492: [apex] New rule: Prevent use of interface -> abstract class with equals/hashCode as key in Map
  • apex-security
    • #5385: [apex] ApexCRUDViolation not reported even if SOQL doesn't have permissions check on it
  • java-bestpractices
    • #4272: [java] JUnitTestsShouldIncludeAssert: False positive with assert in lambda
  • java-multithreading
    • #595: [java] New rule: Implement Runnable instead of extending Thread
  • kotlin
    • #6003: [kotlin] Support multidollar interpolation (Kotlin 2.2)

✨️ Merged pull requests

... (truncated)

Commits

Updates org.sonarsource.scanner.maven:sonar-maven-plugin from 5.5.0.6356 to 5.6.0.6792

Release notes

Sourced from org.sonarsource.scanner.maven:sonar-maven-plugin's releases.

5.6.0.6792

Release notes - Sonar Scanner for Maven - 5.6

Maintenance

SCANMAVEN-318 Update Orchestrator and fix e2e matrix SCANMAVEN-324 Convert e2e tests to invoker SCANMAVEN-346 Fix CI failure SCANMAVEN-347 Automate detection of sonar:sonar shorthand failure SCANMAVEN-348 Bump org.assertj:assertj-core from 3.26.3 to 3.27.7 in /sonar-maven-plugin SCANMAVEN-349 Remove Maven 4 e2e tests from promotion requirements SCANMAVEN-356 Add automated release workflow SCANMAVEN-357 Licence packaging standard - Maven Scanner SCANMAVEN-358 Create SonarUpdateCenterRelease.yml SCANMAVEN-361 Add issue-categories in automated release SCANMAVEN-363 Fix e2e tests with Maven 4 SCANMAVEN-364 Do not run nightly builds on weekends SCANMAVEN-365 Set up orchestrator cache SCANMAVEN-366 Update sonar-scanner-java-library to 4.1.0.1619 SCANMAVEN-367 Update sonar-scanner-java-library to 4.1.1.1633 SCANMAVEN-369 Update parent pom to 87.0.0.3057

Feature

SCANMAVEN-281 Irrelevant encrypted properties are not filtered out in multi-module project with "sonar" in the name

Commits
  • 8f1042a SCANMAVEN-369 Update parent pom to 87.0.0.3057 (#391)
  • 2d9bed3 SCANMAVEN-367 Update sonar-scanner-java-library to 4.1.1.1633 (#390)
  • b15e1f8 SCANMAVEN-366 Update sonar-scanner-java-library to 4.1.0.1619 (#389)
  • 733ae23 SCANMAVEN-364 Do not run nightly builds on weekends (#387)
  • 90299f7 SCANMAVEN-365 Set up orchestrator cache (#388)
  • 029bc20 SCANMAVEN-363 Fix e2e test failure with Maven 4 (#386)
  • f0a39d1 BUILD-10765 Update gh-action_release to v6.4.0 (#385)
  • 046fc66 SCANMAVEN-281 Irrelevant encrypted properties are not filtered out in multi-m...
  • c3a5129 Bump version using automated release and Maven (#382)
  • 8f6a9b1 SCANMAVEN-361 Add issue-categories in automated release (#381)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-invoker-plugin's releases.

3.10.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

... (truncated)

Commits
  • 2c9e5f8 [maven-release-plugin] prepare release maven-invoker-plugin-3.10.0
  • 3d2112e Implement simply retry mechanism for failed build jobs (#723)
  • 037c5f5 Override plexus-utils version to 4.0.3 due to security fix
  • 261cd42 Bump org.apache.maven.shared:maven-script-interpreter from 1.6 to 1.7 (#727)
  • ddc3123 Bump mavenVersion from 3.9.14 to 3.9.15 (#726)
  • 1cd272e Cleanups - Remove outdated invoker properties configurations in ITs
  • 3cc9406 Add support for disabling project cloning with "none" value in `cloneProjects...
  • 1b371bd Support for multiple pre-build and post-build scripts for one test
  • 099ca83 Bump org.apache.groovy:groovy-bom from 4.0.30 to 4.0.31 (#719)
  • 1620499 Remove old incompatibility notice about report file name from site documentation
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the all-maven-dependencies group across 1 directory…
72cd9b7 
… with 6 updates

Bumps the all-maven-dependencies group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.google.errorprone:error_prone_core](https://github.com/google/error-prone) | `2.48.0` | `2.49.0` |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `13.4.0` | `13.4.1` |
| [net.sourceforge.pmd:pmd-core](https://github.com/pmd/pmd) | `7.23.0` | `7.24.0` |
| [net.sourceforge.pmd:pmd-java](https://github.com/pmd/pmd) | `7.23.0` | `7.24.0` |
| [org.sonarsource.scanner.maven:sonar-maven-plugin](https://github.com/SonarSource/sonar-scanner-maven) | `5.5.0.6356` | `5.6.0.6792` |
| [org.apache.maven.plugins:maven-invoker-plugin](https://github.com/apache/maven-invoker-plugin) | `3.9.1` | `3.10.0` |



Updates `com.google.errorprone:error_prone_core` from 2.48.0 to 2.49.0
- [Release notes](https://github.com/google/error-prone/releases)
- [Commits](google/error-prone@v2.48.0...v2.49.0)

Updates `com.puppycrawl.tools:checkstyle` from 13.4.0 to 13.4.1
- [Release notes](https://github.com/checkstyle/checkstyle/releases)
- [Commits](checkstyle/checkstyle@checkstyle-13.4.0...checkstyle-13.4.1)

Updates `net.sourceforge.pmd:pmd-core` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

Updates `net.sourceforge.pmd:pmd-java` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

Updates `net.sourceforge.pmd:pmd-java` from 7.23.0 to 7.24.0
- [Release notes](https://github.com/pmd/pmd/releases)
- [Commits](pmd/pmd@pmd_releases/7.23.0...pmd_releases/7.24.0)

Updates `org.sonarsource.scanner.maven:sonar-maven-plugin` from 5.5.0.6356 to 5.6.0.6792
- [Release notes](https://github.com/SonarSource/sonar-scanner-maven/releases)
- [Commits](SonarSource/sonar-scanner-maven@5.5.0.6356...5.6.0.6792)

Updates `org.apache.maven.plugins:maven-invoker-plugin` from 3.9.1 to 3.10.0
- [Release notes](https://github.com/apache/maven-invoker-plugin/releases)
- [Commits](apache/maven-invoker-plugin@maven-invoker-plugin-3.9.1...maven-invoker-plugin-3.10.0)

---
updated-dependencies:
- dependency-name: com.google.errorprone:error_prone_core
  dependency-version: 2.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 13.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-maven-dependencies
- dependency-name: net.sourceforge.pmd:pmd-core
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
- dependency-name: net.sourceforge.pmd:pmd-java
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
- dependency-name: net.sourceforge.pmd:pmd-java
  dependency-version: 7.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
- dependency-name: org.sonarsource.scanner.maven:sonar-maven-plugin
  dependency-version: 5.6.0.6792
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-invoker-plugin
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-maven-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 1, 2026
@jorsol jorsol merged commit b9f0480 into main May 2, 2026
4 checks passed
@jorsol jorsol deleted the dependabot/maven/all-maven-dependencies-7a211e0671 branch May 2, 2026 05:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorsol jorsol jorsol approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jorsol