build: bump the maven group with 2 updates

[dependabot]

Bumps the maven group with 2 updates: com.diffplug.spotless:spotless-maven-plugin and dev.sigstore:sigstore-maven-plugin.

Updates com.diffplug.spotless:spotless-maven-plugin from 3.0.0 to 3.1.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.1.0

Added

• Support forclang-format on maven-plugin (#2406)
• Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

Maven Plugin v3.1.0

Changes

• Bump default ktfmt version to latest 0.58 -> 0.59. (#2681
• Bump default jackson version to latest 2.20.0 -> 2.20.1. (#2730)
• Bump default cleanthat version to latest 2.23 -> 2.24. (#2620)
• POTENTIALLY BREAKING Removed support for ktlint versions below 1.0. (#2711)

Fixed

• Use absolute path in the git pre push hook
• palantirJavaFormat is no longer arbitrarily set to outdated versions on Java 17, latest available version is always used (#2686 fixes #2685)

Added

• <forbidModuleImports> API for java (#2679)

Lib v3.0.2

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

Lib v3.0.1

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.1.0] - 2025-02-20

Added

• Support forclang-format on maven-plugin (#2406)
• Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

[3.0.2] - 2025-01-14

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

Commits

• 62eff17 Published lib/3.1.0
• d88a76e feat: allow overriding JarSate classloader (to enable cli) (#2427)
• 06c6ca8 chore: insert created PR#
• 8ee1dfe chore: provide test to make sure overriding classloader works
• 88d3c31 chore: update changelog for reflecting overridable classLoader in JarState
• f519ed3 feat: allow overriding classLoader for jarstate
• a410e9f adopt maven plugin development from gradle x (#2423 closes #2395)
• fd5970c chore(deps): update plugin com.gradle.develocity to v3.19.2 (#2425)
• cdb609e added changelog info in the right place
• d6154e3 added changelog info
• Additional commits viewable in compare view

Updates dev.sigstore:sigstore-maven-plugin from 1.3.0 to 2.0.0

Release notes

Sourced from dev.sigstore:sigstore-maven-plugin's releases.

v2.0.0

See CHANGELOG.md for more details.

What's Changed

• Add repo info to create release by @​loosebazooka in sigstore/sigstore-java#908
• Update dependency dev.sigstore:protobuf-specs to v0.4.0 by @​renovate[bot] in sigstore/sigstore-java#903
• Update after v1.3.0 release by @​loosebazooka in sigstore/sigstore-java#909
• Update conformance.yml to 0.0.17 by @​loosebazooka in sigstore/sigstore-java#910
• Update dependency commons-codec:commons-codec to v1.18.0 by @​renovate[bot] in sigstore/sigstore-java#902
• Update sigstore/community digest to f1c21e9 by @​renovate[bot] in sigstore/sigstore-java#894
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.1 by @​renovate[bot] in sigstore/sigstore-java#895
• Update actions/upload-artifact action to v4.6.1 by @​renovate[bot] in sigstore/sigstore-java#911
• Update dependency com.google.oauth-client:google-oauth-client-bom to v1.38.0 by @​renovate[bot] in sigstore/sigstore-java#913
• Update dependency com.google.http-client:google-http-client-bom to v1.46.3 by @​renovate[bot] in sigstore/sigstore-java#912
• chore: bump junit to 5.12 by @​vlsi in sigstore/sigstore-java#915
• Update dependency org.junit:junit-bom to v5.12.0 by @​renovate[bot] in sigstore/sigstore-java#914
• chore(deps): update gradle/actions action to v4.3.0 by @​renovate[bot] in sigstore/sigstore-java#916
• fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7 by @​renovate[bot] in sigstore/sigstore-java#919
• fix(deps): update dependency org.jetbrains.dokka:org.jetbrains.dokka.gradle.plugin to v2 by @​renovate[bot] in sigstore/sigstore-java#921
• chore(deps): update dependency gradle to v8.13 by @​renovate[bot] in sigstore/sigstore-java#807
• Gradle plugin: Replace findProperty with Isolated Project compatible … by @​hfhbd in sigstore/sigstore-java#811
• fix: add workaround for providers.gradleProperty for pre-7.4 Gradle versions by @​vlsi in sigstore/sigstore-java#924
• Make token string oidc client available outside of cli by @​loosebazooka in sigstore/sigstore-java#925
• chore: use Gradle Java toolchains for the build and test execution by @​vlsi in sigstore/sigstore-java#923
• tuf: use cached targets when available by @​loosebazooka in sigstore/sigstore-java#926
• chore: do not require Java 17 for launching Gradle yet by @​vlsi in sigstore/sigstore-java#927
• fix(deps): update dependency com.google.errorprone:error_prone_core to v2.36.0 by @​renovate[bot] in sigstore/sigstore-java#820
• fix(deps): update dependency org.mockito:mockito-bom to v5.16.0 by @​renovate[bot] in sigstore/sigstore-java#918
• chore(deps): update theupdateframework/tuf-conformance action to v2.3.0 by @​renovate[bot] in sigstore/sigstore-java#917
• chore(deps): update sigstore/community digest to 61b77fe by @​renovate[bot] in sigstore/sigstore-java#928
• fix(deps): update dependency org.junit:junit-bom to v5.12.1 by @​renovate[bot] in sigstore/sigstore-java#932
• fix(deps): update dependency org.mockito:mockito-bom to v5.16.1 by @​renovate[bot] in sigstore/sigstore-java#933
• chore(deps): update actions/upload-artifact action to v4.6.2 by @​renovate[bot] in sigstore/sigstore-java#929
• chore(deps): update dependency go to 1.24.x by @​renovate[bot] in sigstore/sigstore-java#935
• fix(deps): update dependency com.google.guava:guava to v33.4.6-jre by @​renovate[bot] in sigstore/sigstore-java#930
• fix(deps): update dependency com.google.errorprone:error_prone_core to v2.37.0 by @​renovate[bot] in sigstore/sigstore-java#936
• fix(deps): update protobuf_grpc by @​renovate[bot] in sigstore/sigstore-java#938
• fix(deps): update dependency com.google.oauth-client:google-oauth-client-bom to v1.39.0 by @​renovate[bot] in sigstore/sigstore-java#937
• chore(deps): update actions/setup-go action to v5.4.0 by @​renovate[bot] in sigstore/sigstore-java#934
• chore(deps): update sigstore/community digest to b9f2e38 by @​renovate[bot] in sigstore/sigstore-java#939
• chore(deps): update actions/setup-java action to v4.7.1 by @​renovate[bot] in sigstore/sigstore-java#940
• fix(deps): update dependency com.google.guava:guava to v33.4.8-jre by @​renovate[bot] in sigstore/sigstore-java#943
• fix(deps): update dependency dev.sigstore:protobuf-specs to v0.4.1 - autoclosed by @​renovate[bot] in sigstore/sigstore-java#944
• fix(deps): update dependency org.junit:junit-bom to v5.12.2 by @​renovate[bot] in sigstore/sigstore-java#945
• fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v7.0.3 by @​renovate[bot] in sigstore/sigstore-java#942
• chore(deps): update gradle/actions action to v4.3.1 by @​renovate[bot] in sigstore/sigstore-java#941
• chore(deps): update dependency gradle to v8.14 by @​renovate[bot] in sigstore/sigstore-java#949
• chore(deps): update sigstore/sigstore-conformance action to v0.0.18 - autoclosed by @​renovate[bot] in sigstore/sigstore-java#947
• chore(deps): update sigstore/community digest to ab62b20 by @​renovate[bot] in sigstore/sigstore-java#946
• fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.2.0 by @​renovate[bot] in sigstore/sigstore-java#955

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-maven-plugin's changelog.

[2.0.0] - 2025-11-20

Added

• GA support for Rekor V2 based logs
• Add support for creating and uploading DSSE attestations: sigstore/sigstore-java#1084

Changed

• Json operations wrapped to produce checked exceptions: sigstore/sigstore-java#1115

[2.0.0-rc2] - 2025-10-21

Fixed

• Fix TUF snapshot version rollback case: sigstore/sigstore-java#1061
• Fix userAgent string in requests: sigstore/sigstore-java#1066
• Handle parsing/format failures: sigstore/sigstore-java#1063, sigstore/sigstore-java#1064, sigstore/sigstore-java#1073, sigstore/sigstore-java#1074, sigstore/sigstore-java#1075

Changed

• Remove oidc config from gradle plugin: sigstore/sigstore-java#1076

[2.0.0-rc1] - 2025-08-14

Added

• Add support for rekor v2 logs sigstore/sigstore-java#990, sigstore/sigstore-java#1016, sigstore/sigstore-java#1017, sigstore/sigstore-java#1008, sigstore/sigstore-java#1031, sigstore/sigstore-java#1040
• Add support for timestamps sigstore/sigstore-java#960, sigstore/sigstore-java#975, sigstore/sigstore-java#977, sigstore/sigstore-java#978, sigstore/sigstore-java#979
• Library support for token string auth sigstore/sigstore-java#925
• ED25519 support in trusted_root sigstore/sigstore-java#983

Fixed

• Fixed windows support sigstore/sigstore-java#974
• Parsing json with unknown fields sigstore/sigstore-java#966

Changed

• Users can no longer specify signer object in KeylessSigner, use Algorithm Registry instead sigstore/sigstore-java#1027
• Users with custom sigstore infrastructure deployments must specify a SigningConfig to configure the KeylessSigner, individual urls for infrastructure pieces are removed sigstore/sigstore-java#956, sigstore/sigstore-java#965, sigstore/sigstore-java#981

Commits

• 411721f Merge pull request #1117 from sigstore/prep200
• 735ab10 Prepare for 2.0.0
• 69cbe67 Merge pull request #1010 from sigstore/renovate/maven
• f90015d Merge pull request #1115 from sigstore/fix-funky-exception
• b81ab3e Wrap json operations for checked exceptions
• e2f2f2b Merge pull request #1114 from sigstore/maven-badge
• 0ffa58e docs: Update Maven Central badge URL in README
• da48db2 Merge pull request #1109 from jku/run-tuf-conformance-in-parallel
• 6c19413 workflows: Run conformance in parallel
• 11c2d22 Merge pull request #1111 from sigstore/jetty-12
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.