Skip to content

chore(deps-dev): bump the maven-plugins group across 1 directory with 3 updates#71

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/maven-plugins-ce58f1135f
Open

chore(deps-dev): bump the maven-plugins group across 1 directory with 3 updates#71
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/maven-plugins-ce58f1135f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps the maven-plugins group with 3 updates in the / directory: org.apache.maven.plugins:maven-enforcer-plugin, com.diffplug.spotless:spotless-maven-plugin and org.graalvm.buildtools:native-maven-plugin.

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.2 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

  • Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @​hvoynov
  • Add enforceBytecodeVersion rule based on mojohaus (#968) @​cstamas
  • Improve formatting of deprecated API warning (#951) @​mthmulders

🐛 Bug Fixes

📝 Documentation updates

  • Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @​rpkrajewski

👻 Maintenance

📦 Dependency updates

Commits
  • c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
  • ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
  • 0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
  • 8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
  • fd4b148 Add fix for 21.0.10.0.1 issue (#967)
  • f32d597 Deps: Parent POM 48 and align deps (#979)
  • df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
  • 2da7a68 Add null checks for modelId in PluginWrapper
  • 91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
  • b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
  • Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.4.0 to 3.5.1

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v3.5.1

Fixed

  • <licenseHeader> with <yearMode>SET_FROM_GIT</yearMode> no longer runs git log through a shell, eliminating a shell-injection vector when formatting files whose names contain shell metacharacters.
  • Bump transitive plexus-utils 4.0.2 -> 4.0.3 to address CVE-2025-67030. (#2919)

Maven Plugin v3.5.0

Added

  • <scalafmt> now reads the version from the version field in the scalafmt config file when no <version> is explicitly set, falling back to the built-in default only if neither is available. (#2922)
  • Add <toml> format type with <versionCatalog> step for formatting and sorting Gradle version catalog files. (#2916)
  • Add <javaparserVersion> option to <cleanthat>, allowing users to override the JavaParser version pulled in transitively by Cleanthat. (#2903)
  • Add a expandWildcardImports API for java (#2829)

Fixed

  • Preserve case of JDBI named bind params that collide with SQL keywords (e.g. :limit, :offset) in the DBeaver SQL formatter. (#2899)
  • The -Dspotless.ratchetFrom=... user property now takes priority over <ratchetFrom> configured in the plugin or in individual formatters, instead of being overridden by them. (#2896, fixes #2842)
  • Fix non-idempotent formatting when importOrder() is combined with greclipse(): a single catch-all group no longer strips blank lines that greclipse() independently inserted between import groups. (#2914)

Changes

  • Fix expandWildcardImports failing on JDK XML types such as org.xml.sax.InputSource. (#2921)
  • Use Eclipse JDT's collator-based comparison when sorting Java members to better match Eclipse save actions. (#2920)
  • Bump default cleanthat version 2.24 -> 2.25. (#2903)
  • Bump default eclipse-jdt version from 4.35 to 4.39. (#2912)
Commits

Updates org.graalvm.buildtools:native-maven-plugin from 0.11.5 to 1.1.0

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

1.1.0

What's Changed

Full Changelog: graalvm/native-build-tools@1.0.0...1.1.0

1.0.0

Breaking Changes

  • Native Build Tools 1.0.0 moves to the 1.0-M1 release of the reachability metadata repository, which uses the new reachability-metadata.json metadata format and no longer uses the global metadata/index.json.
  • This may require dependency and metadata updates in downstream projects; some stacks can regress until they adapt.

What's Changed

Full Changelog: graalvm/native-build-tools@0.11.5...1.0.0

Commits
  • 84cc046 Release 1.1.0
  • 95512d0 Add listLibrariesMissingMetadata task/goal for Gradle and Maven (#877)
  • 0dcda78 Merge pull request #879 from jormundur00/bump-metadata-repository-1.0.0
  • e5b90f0 Bump reachability metadata version to 1.0.0
  • 05f45d3 Fix early classpath resolution in GenerateDynamicAccessMetadata (#868)
  • 4d614c7 Update latest docs symlink and improve 1.0.0 release notes (#866)
  • ee1351d Reduce CI usage by running CI only on "pull_request" and running only the lat...
  • c6f3674 Add class introduced in 5.14.1/6.0.1 (#794)
  • 5bc69bd Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.132.Final in /sample...
  • 395f3b2 Use a safer way to create the temporary access filter file (#852)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the maven-plugins group across 1 directory with…
9cbe73d 
… 3 updates

Bumps the maven-plugins group with 3 updates in the / directory: [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer), [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) and [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools).


Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.6.2 to 3.6.3
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.6.2...enforcer-3.6.3)

Updates `com.diffplug.spotless:spotless-maven-plugin` from 3.4.0 to 3.5.1
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/3.4.0...maven/3.5.1)

Updates `org.graalvm.buildtools:native-maven-plugin` from 0.11.5 to 1.1.0
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@0.11.5...1.1.0)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-version: 3.6.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-plugins
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-version: 3.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-plugins
- dependency-name: org.graalvm.buildtools:native-maven-plugin
  dependency-version: 1.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: maven-plugins
...

Signed-off-by: dependabot[bot] <support@github.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 19, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants