Skip to content

build: bump the maven group across 1 directory with 4 updates #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ObserverOfTime merged 1 commit into from
Dec 10, 2025
Merged

build: bump the maven group across 1 directory with 4 updates #168

ObserverOfTime merged 1 commit into from
Dec 10, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 29, 2025
edited
Loading

Bumps the maven group with 4 updates in the / directory: com.diffplug.spotless:spotless-maven-plugin, com.github.spotbugs:spotbugs-maven-plugin, org.apache.maven.plugins:maven-source-plugin and dev.sigstore:sigstore-maven-plugin.

Updates com.diffplug.spotless:spotless-maven-plugin from 3.0.0 to 3.1.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.1.0

Added

  • Support forclang-format on maven-plugin (#2406)
  • Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

Maven Plugin v3.1.0

Changes

  • Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
  • Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
  • Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)
  • POTENTIALLY BREAKING Removed support for ktlint versions below 1.0. (#2711)

Fixed

  • Use absolute path in the git pre push hook
  • palantirJavaFormat is no longer arbitrarily set to outdated versions on Java 17, latest available version is always used (#2686 fixes #2685)

Added

  • <forbidModuleImports> API for java (#2679)

Lib v3.0.2

Fixed

  • Node.JS-based tasks now work with the configuration cache (#2372)
  • Eclipse-based tasks can now handle parallel configuration (#2389)

Lib v3.0.1

Fixed

  • Deployment was missing part of the CDT formatter, now fixed. (#2384)
Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.1.0] - 2025-02-20

Added

  • Support forclang-format on maven-plugin (#2406)
  • Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

[3.0.2] - 2025-01-14

Fixed

  • Node.JS-based tasks now work with the configuration cache (#2372)
  • Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

  • Deployment was missing part of the CDT formatter, now fixed. (#2384)
Commits
  • 62eff17 Published lib/3.1.0
  • d88a76e feat: allow overriding JarSate classloader (to enable cli) (#2427)
  • 06c6ca8 chore: insert created PR#
  • 8ee1dfe chore: provide test to make sure overriding classloader works
  • 88d3c31 chore: update changelog for reflecting overridable classLoader in JarState
  • f519ed3 feat: allow overriding classLoader for jarstate
  • a410e9f adopt maven plugin development from gradle x (#2423 closes #2395)
  • fd5970c chore(deps): update plugin com.gradle.develocity to v3.19.2 (#2425)
  • cdb609e added changelog info in the right place
  • d6154e3 added changelog info
  • Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.1 to 4.9.8.2

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.8.2

Commits
  • a03feda [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.2
  • 1c8063d [gha] Update actions
  • f59d628 Merge pull request #1265 from spotbugs/renovate/actions-checkout-6.x
  • 1c232fb chore(deps): update actions/checkout action to v6
  • 436be13 Merge pull request #1263 from spotbugs/renovate/actions-checkout-digest
  • 0708203 Merge pull request #1264 from spotbugs/renovate/github-codeql-action-digest
  • fcd2d1b chore(deps): update github/codeql-action digest to e12f017
  • 7c54b5b chore(deps): update actions/checkout digest to 93cb6ef
  • 79d724e Merge pull request #1262 from spotbugs/renovate/lang3.version
  • b9bbed3 fix(deps): update dependency org.apache.commons:commons-lang3 to v3.20.0
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 844a6f6 [maven-release-plugin] prepare for next development iteration
  • ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
  • 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
  • 7a9a770 [maven-release-plugin] prepare for next development iteration
  • 292c1ce Use plexus-utils version from parent
  • bf79b71 Bump m-invoker-p to 3.9.1
  • 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
  • a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
  • 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
  • 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
  • Additional commits viewable in compare view

Updates dev.sigstore:sigstore-maven-plugin from 1.3.0 to 2.0.0

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.0.0

See CHANGELOG.md for more details.

What's Changed

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.0.0] - 2025-11-20

Added

Changed

[2.0.0-rc2] - 2025-10-21

Fixed

Changed

[2.0.0-rc1] - 2025-08-14

Added

Fixed

Changed

Commits
  • 411721f Merge pull request #1117 from sigstore/prep200
  • 735ab10 Prepare for 2.0.0
  • 69cbe67 Merge pull request #1010 from sigstore/renovate/maven
  • f90015d Merge pull request #1115 from sigstore/fix-funky-exception
  • b81ab3e Wrap json operations for checked exceptions
  • e2f2f2b Merge pull request #1114 from sigstore/maven-badge
  • 0ffa58e docs: Update Maven Central badge URL in README
  • da48db2 Merge pull request #1109 from jku/run-tuf-conformance-in-parallel
  • 6c19413 workflows: Run conformance in parallel
  • 11c2d22 Merge pull request #1111 from sigstore/jetty-12
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build: bump the maven group across 1 directory with 4 updates
e7e5d4d 
Bumps the maven group with 4 updates in the / directory: [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless), [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin), [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) and [dev.sigstore:sigstore-maven-plugin](https://github.com/sigstore/sigstore-java).


Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@lib/3.0.0...lib/3.1.0)

Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.8.1 to 4.9.8.2
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.1...spotbugs-maven-plugin-4.9.8.2)

Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0
- [Release notes](https://github.com/apache/maven-source-plugin/releases)
- [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...v3.4.0)

Updates `dev.sigstore:sigstore-maven-plugin` from 1.3.0 to 2.0.0
- [Release notes](https://github.com/sigstore/sigstore-java/releases)
- [Changelog](https://github.com/sigstore/sigstore-java/blob/main/CHANGELOG.md)
- [Commits](sigstore/sigstore-java@v1.3.0...v2.0.0)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-version: 4.9.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-source-plugin
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: dev.sigstore:sigstore-maven-plugin
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Dependency updates label Nov 29, 2025
@ObserverOfTime ObserverOfTime merged commit 1e2e9e9 into master Dec 10, 2025
3 checks passed
@dependabot dependabot bot deleted the dependabot/maven/maven-2b66a92abf branch December 10, 2025 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ObserverOfTime