Skip to content

Bump the plugins group across 1 directory with 6 updates#741

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/plugins-de9c98c20f
Open

Bump the plugins group across 1 directory with 6 updates#741
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/plugins-de9c98c20f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 23, 2026
edited
Loading

Bumps the plugins group with 6 updates in the / directory:

Package From To
com.puppycrawl.tools:checkstyle 12.3.0 13.4.1
org.apache.maven.plugins:maven-compiler-plugin 3.14.1 3.15.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.5
org.apache.maven.plugins:maven-surefire-report-plugin 3.5.4 3.5.5
org.codehaus.mojo:properties-maven-plugin 1.2.1 1.3.0
org.owasp:dependency-check-maven 12.1.9 12.2.1

Updates com.puppycrawl.tools:checkstyle from 12.3.0 to 13.4.1

Commits
  • 2da95d8 [maven-release-plugin] prepare release checkstyle-13.4.1
  • 5dc79fb doc: release notes for 13.4.1
  • 2a504e4 dependency: bump pmd.version from 7.23.0 to 7.24.0
  • ac2e43f Issue #11440: add comment over testEqualsAndHashCode in XpathFilterElementTest
  • c32d6da Issue #11440: remove redundant tests in XpathFilterElementTest
  • cc58700 Issue #11440: remove tests from XpathFilterElementTest
  • 5489634 dependency: bump commons-io:commons-io from 2.21.0 to 2.22.0
  • 79f6c6c dependency: bump the rewrite group with 3 updates
  • e617f8c Issue #19739: Remove '//ok' comments from it Input files
  • 2cccddd Issue #5460: Fix false positive in ImportOrder for separator between static a...
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.4 to 3.5.5

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.codehaus.mojo:properties-maven-plugin from 1.2.1 to 1.3.0

Commits
  • 91a2ade [maven-release-plugin] prepare release properties-maven-plugin-1.3.0
  • bf56d32 Bump org.codehaus.mojo:mojo-parent from 94 to 95
  • 80e20be Bump org.codehaus.mojo:mojo-parent from 93 to 94
  • e8ae7a5 Bump org.yaml:snakeyaml from 2.4 to 2.5
  • bb39c3d Bump org.codehaus.mojo:mojo-parent from 92 to 93
  • b41267b Bump org.codehaus.mojo:mojo-parent from 91 to 92
  • bb548c5 Bump org.codehaus.mojo:mojo-parent from 87 to 91
  • 3ffa9cb Use Sisu plugin
  • 7adbe3b Require Maven 3.6.3
  • 407342f Bump org.yaml:snakeyaml from 2.3 to 2.4
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.9 to 12.2.1

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

  • build: improve GHA workflow experience for forks (#8285)
  • build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
  • chore: avoid use of parent pom and maven properties where unnecessary (#8322)
  • chore: bump java development to 25.0 (#8365)
  • chore: fix Charset warnings; preferring typed charsets (#8326)
  • chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
  • chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
  • chore: remove unused properties and schemas (#8378)
  • docs: define schema locations in XML examples (#8254)
  • docs: document external data sources and hostnames (#8219)
  • docs: ensure OSS Index URL override is consistently documented (#8338)
  • docs: fix minor typo in README (#8246)
  • fix(core): correct xml schema validation handling without needing external access (#8272)
  • fix(deps): upgrade slf4j and logback (#8306)
  • fix(test): disable pnpm analyzer during test (#8305)
  • fix: Correct published/hosted suppressions namespace header and indent (#8258)
  • fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
  • fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
  • fix: #8140 fix version resolution
  • fix: #8140 hint azure_identity_library_for_.net
  • fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
  • fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • fix: evidence source in Retire JS analyzer (#8303)
  • fix: exclude deprecations from Yarn Berry audit results (#8380)
  • fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
  • fix: improve configuration consistency (casing) (#8355)
  • fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
  • fix: raw type warning in ProcessReader (#8324)
  • fix: suppress false positives for zabbix-utils #8087 (#8218)
  • fix: update docs (#8405)
  • fix: warn if deprecated configs are used (#8366)
  • test: Make tests locale independent (#8328)
  • test: #8140 reproduce current behavior
  • test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Version 12.2.0 (2026-01-09)

  • feat: package and utilize generated suppression file (#8116)
  • feat: override pnpm audit registry parameter (#8158)
  • feat: support multiple cvssBelow thresholds per version (#2563) (#8024)
  • feat: usage telemetry via scarf (#8066)
  • feat: add new suppression xsd allowing grouping of suppressions (#7957)
  • fix(ant): resolve relative paths against basedir (#8202)
  • fix: add hint for Elastic APM Java agent CPE mapping (#8200)
  • fix: Allow NVD data feed metadata downloads to fail on 1st Jan while logging correct errors (#8205)
  • fix(ant): resolve paths relative to basedir for suppression and output

... (truncated)

Commits
  • bda36b8 build: prepare release v12.2.1
  • ef83e7b docs: prepare release 12.2.1
  • 09af10d fix: update docs (#8405)
  • 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
  • 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
  • ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...
  • 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401)
  • 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394)
  • 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-report-plugin from 3.5.4 to 3.5.5

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Feb 23, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/plugins-de9c98c20f branch from dbc6720 to 67ca3d6 Compare March 23, 2026 13:51
@dependabot dependabot Bot force-pushed the dependabot/maven/plugins-de9c98c20f branch from 67ca3d6 to b810d54 Compare April 6, 2026 13:42
@dependabot dependabot Bot force-pushed the dependabot/maven/plugins-de9c98c20f branch from b810d54 to 9d28d86 Compare April 20, 2026 16:02
@dependabot
Bump the plugins group across 1 directory with 6 updates
49cb41a 
Bumps the plugins group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [com.puppycrawl.tools:checkstyle](https://github.com/checkstyle/checkstyle) | `12.3.0` | `13.4.1` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.1` | `3.15.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.apache.maven.plugins:maven-surefire-report-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.codehaus.mojo:properties-maven-plugin](https://github.com/mojohaus/properties-maven-plugin) | `1.2.1` | `1.3.0` |
| [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.1.9` | `12.2.1` |



Updates `com.puppycrawl.tools:checkstyle` from 12.3.0 to 13.4.1
- [Commits](checkstyle/checkstyle@checkstyle-12.3.0...checkstyle-13.4.1)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.1 to 3.15.0
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.apache.maven.plugins:maven-surefire-report-plugin` from 3.5.4 to 3.5.5
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.codehaus.mojo:properties-maven-plugin` from 1.2.1 to 1.3.0
- [Commits](mojohaus/properties-maven-plugin@1.2.1...properties-maven-plugin-1.3.0)

Updates `org.owasp:dependency-check-maven` from 12.1.9 to 12.2.1
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.1.9...v12.2.1)

Updates `org.apache.maven.plugins:maven-surefire-report-plugin` from 3.5.4 to 3.5.5
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

---
updated-dependencies:
- dependency-name: com.puppycrawl.tools:checkstyle
  dependency-version: 13.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: plugins
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: plugins
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: plugins
- dependency-name: org.apache.maven.plugins:maven-surefire-report-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: plugins
- dependency-name: org.apache.maven.plugins:maven-surefire-report-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: plugins
- dependency-name: org.codehaus.mojo:properties-maven-plugin
  dependency-version: 1.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: plugins
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: plugins
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/plugins-de9c98c20f branch from 9d28d86 to 49cb41a Compare April 27, 2026 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants