Dependabot: Bump the maven-patch-and-minor group with 21 updates by dependabot[bot] · Pull Request #58 · open-eid/SiVa

dependabot · 2026-05-21T07:53:48Z

Bumps the maven-patch-and-minor group with 21 updates:

Package	From	To
org.apache.maven.plugins:maven-pmd-plugin	`3.26.0`	`3.28.0`
org.codehaus.mojo:license-maven-plugin	`2.5.0`	`2.7.1`
org.apache.maven.plugins:maven-compiler-plugin	`3.14.0`	`3.15.0`
org.jacoco:jacoco-maven-plugin	`0.8.13`	`0.8.14`
org.apache.maven.plugins:maven-release-plugin	`3.1.1`	`3.3.1`
org.apache.maven.plugins:maven-surefire-plugin	`3.5.3`	`3.5.5`
org.apache.maven.plugins:maven-enforcer-plugin	`3.5.0`	`3.6.3`
org.springframework.boot:spring-boot-dependencies	`3.4.5`	`3.5.14`
org.springframework.boot:spring-boot-maven-plugin	`3.4.5`	`3.5.14`
org.bouncycastle:bcpkix-jdk18on	`1.80`	`1.84`
org.bouncycastle:bcprov-jdk18on	`1.80`	`1.84`
org.bouncycastle:bcutil-jdk18on	`1.80`	`1.84`
commons-io:commons-io	`2.19.0`	`2.22.0`
org.cryptacular:cryptacular	`1.2.7`	`1.3.0`
org.jetbrains:annotations	`26.0.2`	`26.1.0`
org.apache.maven.plugins:maven-jar-plugin	`3.4.2`	`3.5.0`
com.google.guava:guava	`33.4.8-jre`	`33.6.0-jre`
com.sun.xml.ws:jaxws-ri	`4.0.3`	`4.0.4`
co.elastic.logging:logback-ecs-encoder	`1.7.0`	`1.8.0`
org.codehaus.mojo:build-helper-maven-plugin	`3.6.0`	`3.6.1`
com.jcabi:jcabi-manifests	`2.1.0`	`2.2.0`

Updates org.apache.maven.plugins:maven-pmd-plugin from 3.26.0 to 3.28.0

Release notes

Sourced from org.apache.maven.plugins:maven-pmd-plugin's releases.

3.28.0

🚀 New features and improvements

Bump pmdVersion from 7.16.0 to 7.17.0 (#661) @timpeeters

Bump pmdVersion from 7.15.0 to 7.16.0 (#652) @dependabot[bot]

Bump pmdVersion from 7.14.0 to 7.15.0 (#643) @dependabot[bot]

📝 Documentation updates

Update historical PMD version in docs (#662) @slawekjaranowski

Document that excludes takes priority over includes (#645) @elharo

👻 Maintenance

feat: enable prevent branch protection rules (#653) @sparsick

Add Apache 2.0 LICENSE file (#650) @Ndacyayisenga-droid

Prefer JDK built-in methods for string joining (#646) @elharo

[MPMD-412] - More specific catch blocks (#642) @elharo

📦 Dependency updates

Bump org.apache.commons:commons-lang3 from 3.8.1 to 3.18.0 in ITs (#648) @dependabot[bot]

Bump pmdVersion from 7.16.0 to 7.17.0 (#661) @timpeeters

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#658) @dependabot[bot]

Bump org.codehaus.plexus:plexus-resources from 1.3.0 to 1.3.1 (#654) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#655) @dependabot[bot]

Bump pmdVersion from 7.15.0 to 7.16.0 (#652) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#651) @dependabot[bot]

Bump mavenVersion from 3.9.10 to 3.9.11 (#649) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#647) @dependabot[bot]

Bump resolverVersion from 1.9.23 to 1.9.24 (#644) @dependabot[bot]

Bump pmdVersion from 7.14.0 to 7.15.0 (#643) @dependabot[bot]

3.27.0

🚀 New features and improvements

Use constant 3.6.3 in prerequisites/maven as minimal Maven version (#640) @slawekjaranowski

Bump pmdVersion from 7.12.0 to 7.14.0 (#213) @dependabot[bot]

Allow plugin execute with Maven 4 (#209) @slawekjaranowski

Upgrade to PMD 7.12 (#196) @elharo

[MPMD-411] - Implement getOutputPath and identify getOutputName as deprecated, (#179) @elharo

🐛 Bug Fixes

[MPMD-410] - Number agreement (#181) @elharo

📝 Documentation updates

... (truncated)

Commits

f152a3a [maven-release-plugin] prepare release maven-pmd-plugin-3.28.0
0678fd1 Update historical PMD version in docs
41d5069 Bump org.apache.commons:commons-lang3 from 3.8.1 to 3.18.0 in ITs (#648)
3ef805b Bump pmdVersion from 7.16.0 to 7.17.0
592d703 Add hacktoberfest label to project
ced9373 Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#658)
3cf5bc1 Bump org.codehaus.plexus:plexus-resources from 1.3.0 to 1.3.1 (#654)
9077c3b Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#655)
12ed57a feat: enable prevent branch protection rules (#653)
fff2b95 Bump pmdVersion from 7.15.0 to 7.16.0 (#652)
Additional commits viewable in compare view

Updates org.codehaus.mojo:license-maven-plugin from 2.5.0 to 2.7.1

Release notes

Sourced from org.codehaus.mojo:license-maven-plugin's releases.

2.7.1

💥 Breaking changes

Bump LibreOffice library odfdom-java to 0.12.0, require JDK 11+ for generating Calc file ODS (#684) @slawekjaranowski

🚀 New features and improvements

Bump LibreOffice library odfdom-java to 0.12.0, require JDK 11+ for generating Calc file ODS (#684) @slawekjaranowski

Fix for issues/533 (dual licensed dependency with one license on whitelist and the other on blacklist) (#670) @wuwu2000

Make Mojos thread-safe and improve concurrent cache handling (#674) @shaikhu

👻 Maintenance

Add PR automation workflow (#682) @slawekjaranowski

📦 Dependency updates

Bump org.apache.commons:commons-lang3 from 3.8.1 to 3.18.0 in /src/it/ISSUE-345 (#691) @dependabot[bot]

Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#690) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.8.1 to 3.18.0 in /src/it/ISSUE-508 (#677) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.5 to 3.6.6 (#689) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-to-slf4j from 2.25.2 to 2.25.3 (#688) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#687) @dependabot[bot]

Bump org.apache.poi:poi-ooxml from 5.5.0 to 5.5.1 (#683) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.9 to 3.18.0 in /src/it/ISSUE-312/child2 (#681) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#679) @dependabot[bot]

Bump org.apache.poi:poi-ooxml from 5.4.1 to 5.5.0 (#680) @dependabot[bot]

Bump org.wiremock:wiremock-standalone from 3.13.1 to 3.13.2 (#678) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#676) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#671) @dependabot[bot]

Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#669) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-to-slf4j from 2.25.1 to 2.25.2 (#667) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#668) @dependabot[bot]

2.7.0

🚀 New features and improvements

Check project license goal (#650) @sewerwal

🐛 Bug Fixes

Adding missing @Inject to LicenseListMojo class (#656) @jhonnymertz

🔧 Build

Disable fail-fast build in matrix, skip download-licenses-configured IT (#657) @slawekjaranowski

📦 Dependency updates

... (truncated)

Commits

0b4fe61 [maven-release-plugin] prepare release 2.7.1
53caf42 Bump LibreOffice library odfdom-java to 0.12.0, require JDK 11+ for generatin...
ee4cefd Bump org.apache.commons:commons-lang3 in /src/it/ISSUE-345
d25151b Bump org.codehaus.mojo:mojo-parent from 94 to 95
d5941c4 Bump org.apache.commons:commons-lang3 in /src/it/ISSUE-508 (#677)
448c1f6 Bump org.apache.maven:maven-archiver from 3.6.5 to 3.6.6
c8db9e4 Bump org.apache.logging.log4j:log4j-to-slf4j from 2.25.2 to 2.25.3
bc9c5a6 Bump mavenVersion from 3.9.11 to 3.9.12
d8cb983 Fix for issues/533 (dual licensed dependency with one license on whitelist an...
903de29 Bump org.apache.poi:poi-ooxml from 5.5.0 to 5.5.1
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

Fix Java 25 compatibility during integration tests (#1020) @desruisseaux

[MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @mensinda

👻 Maintenance

Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @slachiewicz

Remove declaration of "plexus-snapshots" repository (#1010) @desruisseaux

Works only with Maven 4.0.0 rc4 (#996) @slachiewicz

Enable Java 25 and Maven 4 in CI (#975) @slachiewicz

📦 Dependency updates

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]

Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]

Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]

Bump maven-plugin-testing-harness to 3.4.0 (#1001) @slawekjaranowski

Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]

Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]

Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

3.14.1

🚀 New features and improvements

Improve DeltaList behavior for large projects (#335) @gsmet

Allow to not use --module-version for the Java compiler (#331) @pzygielo

🐛 Bug Fixes

Add generatedSourcesPath back to the maven project (#312) @mensinda

[MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @mensinda

📦 Dependency updates

Enforce asm version used here, to not depend on brittle transitive (#964) @olamy

Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]

Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

Commits

9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
385e3f2 Fix Java 25 compatibility during integration tests (#1020)
6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.14

New Features

JaCoCo now officially supports Java 25 (GitHub #1950).

Experimental support for Java 26 class files (GitHub #1870).

Branches added by the Kotlin compiler for default argument number 33 or higher are filtered out during generation of report (GitHub #1655).

Part of bytecode generated by the Kotlin compiler for elvis operator that follows safe call operator is filtered out during generation of report (GitHub #1814, #1954).

Part of bytecode generated by the Kotlin compiler for more cases of chained safe call operators is filtered out during generation of report (GitHub #1956).

Part of bytecode generated by the Kotlin compiler for invocations of suspendCoroutineUninterceptedOrReturn intrinsic is filtered out during generation of report (GitHub #1929).

Part of bytecode generated by the Kotlin compiler for suspending lambdas with parameters is filtered out during generation of report (GitHub #1945).

Part of bytecode generated by the Kotlin compiler for suspending functions and lambdas with suspension points that return inline value class is filtered out during generation of report (GitHub #1871).

Part of bytecode generated by the Kotlin Compose compiler plugin for pausable composition is filtered out during generation of report (GitHub #1911).

Methods generated by the Kotlin serialization compiler plugin are filtered out (GitHub #1885, #1970, #1971).

Fixed bugs

Fixed handling of implicit else clause of when with String subject in Kotlin (GitHub #1813, #1940).

Fixed handling of implicit default clause of switch by String in Java when compiled by ECJ (GitHub #1813, #1940). Fixed handling of exceptions in chains of safe call operators in Kotlin (GitHub #1819).

Non-functional Changes

JaCoCo now depends on ASM 9.9 (GitHub #1965).

Commits

2eb2483 Prepare release v0.8.14
de76181 KotlinSerializableFilter should filter more methods (#1971)
89c4bd5 Fix NPE in KotlinSerializableFilter (#1970)
0981128 Migrate release staging to the Central Publisher Portal (#1968)
d07bc6b Add filter for bytecode generated by Kotlin serialization compiler plugin (#1...
5e35fd5 Upgrade maven-dependency-plugin to 3.9.0 (#1966)
c2fe5cc Upgrade ASM to 9.9 (#1965)
b0f8e23 KotlinSafeCallOperatorFilter should filter "unoptimized" safe call followed b...
c7bd3f4 Upgrade spotless-maven-plugin to 3.0.0 (#1961)
faa289d KotlinSafeCallOperatorFilter should not be affected by presence of pseudo ins...
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-release-plugin from 3.1.1 to 3.3.1

Release notes

Sourced from org.apache.maven.plugins:maven-release-plugin's releases.

3.3.1

💥 Breaking changes

Revert inclusion of ci skip in release commit msg (#1445) @rvesse

🐛 Bug Fixes

Revert inclusion of ci skip in release commit msg (#1445) @rvesse

📦 Dependency updates

Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444) @dependabot[bot]

3.3.0

💥 Breaking changes

Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @kwin

🚀 New features and improvements

Fixed #1426 : Replace archived org.semver:api with custom SemVer implementation (#1430) @HarshMehta112

Introduce new SemVer policies (#1424) @slawekjaranowski

Include "[ci skip]" by default in scmReleaseCommitComment (#1423) @kwin

🐛 Bug Fixes

Check all project parents for SCM information. (#1421) @slawekjaranowski

👻 Maintenance

Fix license header in xml files (#1443) @slawekjaranowski

Make implementation of new SemVer policies private for project (#1440) @slawekjaranowski

Resolve todo that led to pointless asserts (#1442) @elharo

Prefer JDK join method (#1434) @elharo

Remove old-style plexus annotation (#1432) @elharo

Clean up exceptions (#1433) @elharo

Replace deprecated classes (#1438) @elharo

Simplify code (#1429) @elharo

Fix spelling typo (#1431) @elharo

Prefer JDK join method (#1428) @elharo

Fixed #1410 [DOCS] Update Javadoc return tags in ReleaseDescriptor.java (#1427) @HarshMehta112

Remove manual configuration for plugin requirementsHistories (#1425) @slawekjaranowski

Correct misleading @return descriptions in Javadoc (#1413) @HarshMehta112

Migrate JUnit 3/4 to JUnit 5 (#1414) @slawekjaranowski

Add tag-template to release-drafter configuration (#1415) @slawekjaranowski

Fix assertions and cleanups in Mojo Tests (#1412) @slawekjaranowski

Fix Javadoc issues per Oracle conventions (#1408) @elharo

Migrate JUnit 3/4 to JUnit 5 (#1411) @slawekjaranowski

... (truncated)

Commits

7e8ebac [maven-release-plugin] prepare release maven-release-3.3.1
f0f28e5 Revert inclusion of ci skip in release commit msg
2a82901 Bump org.codehaus.plexus:plexus-testing from 2.0.1 to 2.0.2 (#1444)
c8613d2 [maven-release-plugin] prepare for next development iteration
2b8adaa [maven-release-plugin] prepare release maven-release-3.3.0
88630f9 Fixed #1426 : Replace archived org.semver:api with custom SemVer implemen...
7af8ace Fix license header in xml files
8914b84 Make implementation of new SemVer policies private for project
7e861f0 Resolve todo that led to pointless asserts (#1442)
422f895 Prefer JDK join method (#1434)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @olamy

Pass slf4j context to spawned thread (#3241) @scottrw93

[SUREFIRE-3239] - allow override of statistics file checksum (#3247) @XN137

Reduce log level for skipped tests result to info (#3232) @strangelookingnerd

🐛 Bug Fixes

Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)

Properly work with test failures caused during beforeAll phase (#3194) @Frawless

📝 Documentation updates

Clarify how late placeholder replacement (@{...}) deals with (#3208) @kwin

👻 Maintenance

Fix Jenkin badges in README (#3254) @slawekjaranowski

Use JUnit5 in failsafe ITs (#3251) @slawekjaranowski

Remove long-deprecated unused encoding property from VerifyMojo (#3198) @Tomlincoln

Add IT and deal with corner cases of handling beforeAll failures (#3200) @Frawless

Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @Frawless

🔧 Build

Missing many files in the GH Artifacts of CI ex-post. (#3219) @Tibor17

📦 Dependency updates

Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]

Bump parent from 44 to 47 (#3253) @slawekjaranowski

Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]

Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]

Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

968cb38 [maven-release-plugin] prepare release surefire-3.5.5
8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
e5c01a6 Build only by the latest Maven on Jenkins (#3255)
9c99e97 Fix Jenkin badges in README (#3254)
20930ea Bump parent from 44 to 47 (#3253)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.3

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.3

🚀 New features and improvements

Make bannedDependencies report root and transitive dependency in case both are banned. (#940) @hvoynov

Add enforceBytecodeVersion rule based on mojohaus (#968) @cstamas

Improve formatting of deprecated API warning (#951) @mthmulders

🐛 Bug Fixes

Fix handling of Java versions like 21.0.10.0.1 (#967) @parttimenerd

Add null checks for modelId in PluginWrapper (#974) @cpfeiffer

📝 Documentation updates

Document the banMavenDefaults option for the requirePluginVersions rule. (#936) @rpkrajewski

👻 Maintenance

PlexusStringUtils Refaster recipes (#943) @slachiewicz

JUnit Jupiter migration from JUnit 4.x (#941) @slachiewicz

📦 Dependency updates

Bump org.apache.logging.log4j:log4j-core from 2.25.3 to 2.25.4 in /maven-enforcer-plugin/src/it/projects/MENFORCER-434 (#970) @dependabot[bot]

Deps: Parent POM 48 and align deps (#979) @cstamas

Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976) @dependabot[bot]

Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975) @dependabot[bot]

Bump mavenVersion from 3.9.14 to 3.9.15 (#973) @dependabot[bot]

Bump mavenVersion from 3.9.13 to 3.9.14 (#965) @dependabot[bot]

Bump mavenVersion from 3.9.12 to 3.9.13 (#964) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#963) @dependabot[bot]

Update log4j in test to avoid CVE (#961) @Bukama

Bump commons-codec:commons-codec from 1.20.0 to 1.21.0 (#962) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#960) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#959) @dependabot[bot]

Bump org.apache.maven:maven-parent from 46 to 47 (#958) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#957) @dependabot[bot]

Update to 46 including fixes (#955) @Bukama

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.5.0 (#956) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#948) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#947) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#946) @dependabot[bot]

Bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#945) @dependabot[bot]

3.6.2

🐛 Bug Fixes

Use SessionData for cache storage (#930) @slawekjaranowski

... (truncated)

Commits

c7daff3 [maven-release-plugin] prepare release enforcer-3.6.3
ee46e78 Make bannedDependencies report root and transitive dependency in case both ar...
0806924 Document the banMavenDefaults option for the requirePluginVersions rule. (#936)
8e4f5b9 Add better enforceBytecodeVersion rule based on mojohaus (#968)
fd4b148 Add fix for 21.0.10.0.1 issue (#967)
f32d597 Deps: Parent POM 48 and align deps (#979)
df0f2a6 Bump commons-codec:commons-codec from 1.21.0 to 1.22.0 (#976)
2da7a68 Add null checks for modelId in PluginWrapper
91eb4d9 Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#975)
b622245 Bump mavenVersion from 3.9.14 to 3.9.15 (#973)
Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-dependencies from 3.4.5 to 3.5.14

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.14

🐞 Bug Fixes

ApplicationPidFileWriter does not handle symlinks correctly #50173

RandomValuePropertySource is not suitable for secrets #50172

Cassandra auto-configuration misconfigures CqlSessionBuilder #50171

ApplicationTemp does not handle symlinks correctly #50170

Remote DevTools performs comparison incorrectly #50169

spring.rabbitmq.ssl.verify-hostname is applied inconsistently #50168

EnversRevisionRepositoriesRegistrar should reuse @EnableEnversRepositories rather than configuring the JPA counterpart #50035

Annotations like @Ssl don't work on @Bean methods when using @ServiceConnection #50033

Whole number values are ignored when configuring min and max expected values and SLO boundaries for a distribution summary meter #50021

WebFlux Cloud Foundry links endpoint includes query string from received request in resolved links #50008

500 response from env endpoint when supplied pattern is invalid #49942

HTTP method is lost when configuring excludes...
Description has been truncated

Bumps the maven-patch-and-minor group with 21 updates: | Package | From | To | | --- | --- | --- | | [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) | `3.26.0` | `3.28.0` | | [org.codehaus.mojo:license-maven-plugin](https://github.com/mojohaus/license-maven-plugin) | `2.5.0` | `2.7.1` | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.15.0` | | [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.13` | `0.8.14` | | [org.apache.maven.plugins:maven-release-plugin](https://github.com/apache/maven-release) | `3.1.1` | `3.3.1` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.5` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.5.0` | `3.6.3` | | [org.springframework.boot:spring-boot-dependencies](https://github.com/spring-projects/spring-boot) | `3.4.5` | `3.5.14` | | [org.springframework.boot:spring-boot-maven-plugin](https://github.com/spring-projects/spring-boot) | `3.4.5` | `3.5.14` | | [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) | `1.80` | `1.84` | | [org.bouncycastle:bcprov-jdk18on](https://github.com/bcgit/bc-java) | `1.80` | `1.84` | | [org.bouncycastle:bcutil-jdk18on](https://github.com/bcgit/bc-java) | `1.80` | `1.84` | | commons-io:commons-io | `2.19.0` | `2.22.0` | | [org.cryptacular:cryptacular](https://github.com/vt-middleware/cryptacular) | `1.2.7` | `1.3.0` | | [org.jetbrains:annotations](https://github.com/JetBrains/java-annotations) | `26.0.2` | `26.1.0` | | [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) | `3.4.2` | `3.5.0` | | [com.google.guava:guava](https://github.com/google/guava) | `33.4.8-jre` | `33.6.0-jre` | | com.sun.xml.ws:jaxws-ri | `4.0.3` | `4.0.4` | | [co.elastic.logging:logback-ecs-encoder](https://github.com/elastic/ecs-logging-java) | `1.7.0` | `1.8.0` | | [org.codehaus.mojo:build-helper-maven-plugin](https://github.com/mojohaus/build-helper-maven-plugin) | `3.6.0` | `3.6.1` | | [com.jcabi:jcabi-manifests](https://github.com/jcabi/jcabi-manifests) | `2.1.0` | `2.2.0` | Updates `org.apache.maven.plugins:maven-pmd-plugin` from 3.26.0 to 3.28.0 - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](apache/maven-pmd-plugin@maven-pmd-plugin-3.26.0...maven-pmd-plugin-3.28.0) Updates `org.codehaus.mojo:license-maven-plugin` from 2.5.0 to 2.7.1 - [Release notes](https://github.com/mojohaus/license-maven-plugin/releases) - [Commits](mojohaus/license-maven-plugin@2.5.0...2.7.1) Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.15.0 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.15.0) Updates `org.jacoco:jacoco-maven-plugin` from 0.8.13 to 0.8.14 - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.13...v0.8.14) Updates `org.apache.maven.plugins:maven-release-plugin` from 3.1.1 to 3.3.1 - [Release notes](https://github.com/apache/maven-release/releases) - [Commits](apache/maven-release@maven-release-3.1.1...maven-release-3.3.1) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.5 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.5) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.5.0 to 3.6.3 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.3) Updates `org.springframework.boot:spring-boot-dependencies` from 3.4.5 to 3.5.14 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.4.5...v3.5.14) Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.4.5 to 3.5.14 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.4.5...v3.5.14) Updates `org.bouncycastle:bcpkix-jdk18on` from 1.80 to 1.84 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcprov-jdk18on` from 1.80 to 1.84 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcutil-jdk18on` from 1.80 to 1.84 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcprov-jdk18on` from 1.80 to 1.84 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `org.bouncycastle:bcutil-jdk18on` from 1.80 to 1.84 - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) Updates `commons-io:commons-io` from 2.19.0 to 2.22.0 Updates `org.cryptacular:cryptacular` from 1.2.7 to 1.3.0 - [Release notes](https://github.com/vt-middleware/cryptacular/releases) - [Changelog](https://github.com/vt-middleware/cryptacular/blob/main/release) - [Commits](vt-middleware/cryptacular@v1.2.7...v1.3.0) Updates `org.jetbrains:annotations` from 26.0.2 to 26.1.0 - [Release notes](https://github.com/JetBrains/java-annotations/releases) - [Changelog](https://github.com/JetBrains/java-annotations/blob/master/CHANGELOG.md) - [Commits](JetBrains/java-annotations@26.0.2...26.1.0) Updates `org.apache.maven.plugins:maven-jar-plugin` from 3.4.2 to 3.5.0 - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.4.2...maven-jar-plugin-3.5.0) Updates `com.google.guava:guava` from 33.4.8-jre to 33.6.0-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `com.sun.xml.ws:jaxws-ri` from 4.0.3 to 4.0.4 Updates `co.elastic.logging:logback-ecs-encoder` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/elastic/ecs-logging-java/releases) - [Commits](elastic/ecs-logging-java@v1.7.0...v1.8.0) Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.4.5 to 3.5.14 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v3.4.5...v3.5.14) Updates `org.codehaus.mojo:build-helper-maven-plugin` from 3.6.0 to 3.6.1 - [Release notes](https://github.com/mojohaus/build-helper-maven-plugin/releases) - [Commits](mojohaus/build-helper-maven-plugin@3.6.0...3.6.1) Updates `com.jcabi:jcabi-manifests` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/jcabi/jcabi-manifests/releases) - [Commits](jcabi/jcabi-manifests@2.1.0...2.2.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-version: 3.28.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.codehaus.mojo:license-maven-plugin dependency-version: 2.7.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.jacoco:jacoco-maven-plugin dependency-version: 0.8.14 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-patch-and-minor - dependency-name: org.apache.maven.plugins:maven-release-plugin dependency-version: 3.3.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-patch-and-minor - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.springframework.boot:spring-boot-dependencies dependency-version: 3.5.14 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.springframework.boot:spring-boot-maven-plugin dependency-version: 3.5.14 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.bouncycastle:bcpkix-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.bouncycastle:bcutil-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.bouncycastle:bcprov-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.bouncycastle:bcutil-jdk18on dependency-version: '1.84' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: commons-io:commons-io dependency-version: 2.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.cryptacular:cryptacular dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.jetbrains:annotations dependency-version: 26.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: com.google.guava:guava dependency-version: 33.6.0-jre dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: com.sun.xml.ws:jaxws-ri dependency-version: 4.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-patch-and-minor - dependency-name: co.elastic.logging:logback-ecs-encoder dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.springframework.boot:spring-boot-maven-plugin dependency-version: 3.5.14 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-patch-and-minor - dependency-name: org.codehaus.mojo:build-helper-maven-plugin dependency-version: 3.6.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-patch-and-minor - dependency-name: com.jcabi:jcabi-manifests dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-patch-and-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels May 21, 2026

github-actions Bot merged commit e3a3e48 into master-dependency-update May 21, 2026
1 check passed

dependabot Bot deleted the dependabot/maven/master-dependency-update/maven-patch-and-minor-10657f6957 branch May 21, 2026 07:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot: Bump the maven-patch-and-minor group with 21 updates#58

Dependabot: Bump the maven-patch-and-minor group with 21 updates#58
github-actions[bot] merged 1 commit into
master-dependency-updatefrom
dependabot/maven/master-dependency-update/maven-patch-and-minor-10657f6957

dependabot Bot commented on behalf of github May 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 21, 2026

3.28.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.27.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

2.7.1

💥 Breaking changes

🚀 New features and improvements

👻 Maintenance

📦 Dependency updates

2.7.0

🚀 New features and improvements

🐛 Bug Fixes

🔧 Build

📦 Dependency updates

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

0.8.14

New Features

Fixed bugs

Non-functional Changes

3.3.1

💥 Breaking changes

🐛 Bug Fixes

📦 Dependency updates

3.3.0

💥 Breaking changes

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

🔧 Build

📦 Dependency updates

3.6.3

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.6.2

🐛 Bug Fixes

v3.5.14

🐞 Bug Fixes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants