Bump the build-dependencies group with 6 updates #3864

dependabot · 2023-12-12T02:14:31Z

Bumps the build-dependencies group with 6 updates:

Package	From	To
org.codehaus.plexus:plexus-compiler-api	`2.13.0`	`2.14.0`
org.codehaus.plexus:plexus-compiler-manager	`2.13.0`	`2.14.0`
org.codehaus.plexus:plexus-compiler-eclipse	`2.13.0`	`2.14.0`
org.eclipse.jdt:ecj	`3.35.0`	`3.36.0`
io.github.gitflow-incremental-builder:gitflow-incremental-builder	`4.5.1`	`4.5.2`
org.owasp:dependency-check-maven	`9.0.2`	`9.0.4`

Updates org.codehaus.plexus:plexus-compiler-api from 2.13.0 to 2.14.0

Release notes

Sourced from org.codehaus.plexus:plexus-compiler-api's releases.

2.14.0

❗ Requirements for plexus compilers

plexus-compiler-aspectj - JDK 17+, Maven 3.9.6

plexus-compiler-eclipse - JDK 17+, Maven 3.9.6

plexus-compiler-javac - JDK 8+

plexus-compiler-javac-errorprone - JDK 11+

🚨 Removed

Drop J2ObjC compiler (#325) @slawekjaranowski

🚀 New features and improvements

Update AspectJ Compiler to 1.9.21 to support Java 21 (#330) @slachiewicz

Require JDK 17 for build (#327) @slawekjaranowski

Improve locking on JavacCompiler (#315) @gnodet

Include 'parameter' and 'preview' describe log (#319) @jorsol

Switch to SISU annotations and plugin, fixes #217 (#313) @gnodet

Support jdk 21 (#311) @gnodet

Require Maven 3.5.4+ (#283) @slachiewicz

Require Java 11 for plexus-compiler-eclipse an javac-errorprone and aspectj compilers (#279) @slachiewicz

Add support to run its with Java 20 (#277) @slachiewicz

🐛 Bug Fixes

Fix javac memory leak (#309) @gnodet

Validate zip file names before extracting (Zip Slip) (#291) @slachiewicz

📦 Dependency updates

Update AspectJ Compiler to 1.9.21 to support Java 21 (#330) @slachiewicz

Bump org.codehaus.plexus:plexus from 15 to 16 (#328) @dependabot

Bump org.eclipse.jdt:ecj from 3.33.0 to 3.36.0 (#326) @dependabot

Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.2.0 (#317) @dependabot

Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#320) @dependabot

Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.1 to 3.2.2 (#321) @dependabot

Upgrade parent and reformat using spotless (#314) @gnodet

Bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.1 (#310) @dependabot

Bump com.google.errorprone:error_prone_core from 2.22.0 to 2.23.0 (#308) @dependabot

Bump com.google.errorprone:error_prone_core from 2.21.1 to 2.22.0 (#306) @dependabot

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.0 to 3.4.1 (#304) @dependabot

Bump maven-surefire-plugin from 3.1.0 to 3.1.2 (#290) @dependabot

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.0 (#301) @dependabot

Bump com.google.errorprone:error_prone_core from 2.21.0 to 2.21.1 (#300) @dependabot

Bump com.google.errorprone:error_prone_core from 2.20.0 to 2.21.0 (#299) @dependabot

Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#298) @dependabot

Bump error_prone_core from 2.19.1 to 2.20.0 (#295) @dependabot

Bump maven-invoker-plugin from 3.5.1 to 3.6.0 (#294) @dependabot

... (truncated)

Commits

c25664b [maven-release-plugin] prepare release plexus-compiler-2.14.0
391fc13 Bump project version to 2.14.0-SNAPSHOT
2dcea6b Document a requirements for plexus compilers (#329)
4bc179f Injecting beans compiled for Java 17 works only with Maven 3.9.6+ thanks to E...
d744dd5 Update AspectJ Compiler to 1.9.21 to support Java 21
307d99d Bump org.codehaus.plexus:plexus from 15 to 16 (#328)
4759a5d Bump org.eclipse.jdt:ecj from 3.33.0 to 3.36.0
750d934 Require JDK 17 for build (#327)
3316707 Reuse plexus-pom action for CI
4d098da Drop J2ObjC compiler
Additional commits viewable in compare view

Updates org.codehaus.plexus:plexus-compiler-manager from 2.13.0 to 2.14.0

Release notes

Sourced from org.codehaus.plexus:plexus-compiler-manager's releases.

2.14.0

❗ Requirements for plexus compilers

plexus-compiler-aspectj - JDK 17+, Maven 3.9.6

plexus-compiler-eclipse - JDK 17+, Maven 3.9.6

plexus-compiler-javac - JDK 8+

plexus-compiler-javac-errorprone - JDK 11+

🚨 Removed

Drop J2ObjC compiler (#325) @slawekjaranowski

🚀 New features and improvements

Update AspectJ Compiler to 1.9.21 to support Java 21 (#330) @slachiewicz

Require JDK 17 for build (#327) @slawekjaranowski

Improve locking on JavacCompiler (#315) @gnodet

Include 'parameter' and 'preview' describe log (#319) @jorsol

Switch to SISU annotations and plugin, fixes #217 (#313) @gnodet

Support jdk 21 (#311) @gnodet

Require Maven 3.5.4+ (#283) @slachiewicz

Require Java 11 for plexus-compiler-eclipse an javac-errorprone and aspectj compilers (#279) @slachiewicz

Add support to run its with Java 20 (#277) @slachiewicz

🐛 Bug Fixes

Fix javac memory leak (#309) @gnodet

Validate zip file names before extracting (Zip Slip) (#291) @slachiewicz

📦 Dependency updates

Update AspectJ Compiler to 1.9.21 to support Java 21 (#330) @slachiewicz

Bump org.codehaus.plexus:plexus from 15 to 16 (#328) @dependabot

Bump org.eclipse.jdt:ecj from 3.33.0 to 3.36.0 (#326) @dependabot

Bump org.codehaus.plexus:plexus-testing from 1.1.0 to 1.2.0 (#317) @dependabot

Bump org.junit:junit-bom from 5.10.0 to 5.10.1 (#320) @dependabot

Bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.1 to 3.2.2 (#321) @dependabot

Upgrade parent and reformat using spotless (#314) @gnodet

Bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.1 (#310) @dependabot

Bump com.google.errorprone:error_prone_core from 2.22.0 to 2.23.0 (#308) @dependabot

Bump com.google.errorprone:error_prone_core from 2.21.1 to 2.22.0 (#306) @dependabot

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.0 to 3.4.1 (#304) @dependabot

Bump maven-surefire-plugin from 3.1.0 to 3.1.2 (#290) @dependabot

Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.4.0 (#301) @dependabot

Bump com.google.errorprone:error_prone_core from 2.21.0 to 2.21.1 (#300) @dependabot

Bump com.google.errorprone:error_prone_core from 2.20.0 to 2.21.0 (#299) @dependabot

Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#298) @dependabot

Bump error_prone_core from 2.19.1 to 2.20.0 (#295) @dependabot

Bump maven-invoker-plugin from 3.5.1 to 3.6.0 (#294) @dependabot

... (truncated)

Commits

c25664b [maven-release-plugin] prepare release plexus-compiler-2.14.0
391fc13 Bump project version to 2.14.0-SNAPSHOT
2dcea6b Document a requirements for plexus compilers (#329)
4bc179f Injecting beans compiled for Java 17 works only with Maven 3.9.6+ thanks to E...
d744dd5 Update AspectJ Compiler to 1.9.21 to support Java 21
307d99d Bump org.codehaus.plexus:plexus from 15 to 16 (#328)
4759a5d Bump org.eclipse.jdt:ecj from 3.33.0 to 3.36.0
750d934 Require JDK 17 for build (#327)
3316707 Reuse plexus-pom action for CI
4d098da Drop J2ObjC compiler
Additional commits viewable in compare view

Updates org.codehaus.plexus:plexus-compiler-eclipse from 2.13.0 to 2.14.0

Updates org.eclipse.jdt:ecj from 3.35.0 to 3.36.0

Commits

See full diff in compare view

Updates io.github.gitflow-incremental-builder:gitflow-incremental-builder from 4.5.1 to 4.5.2

Release notes

Sourced from io.github.gitflow-incremental-builder:gitflow-incremental-builder's releases.

4.5.2

Most notable change is the update to JGit 6.8.0.

What's Changed

Bump version.jgit from 6.6.1.202309021850-r to 6.7.0.202309050840-r by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#727

Update Maven from 3.9.4 to 3.9.5 by @famod in gitflow-incremental-builder/gitflow-incremental-builder#745

Bump version.bytebuddy from 1.14.8 to 1.14.9 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#735

Bump version.mockito from 5.5.0 to 5.6.0 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#736

Bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#739

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.5 to 4.7.3.6 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#734

Bump version.jetty from 10.0.16 to 10.0.18 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#748

CI: replace JDK 20 with 21 (LTS), replace 21 EA with 22 EA by @famod in gitflow-incremental-builder/gitflow-incremental-builder#746

Bump version.spotbugs from 4.7.3 to 4.8.1 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#754

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.1.0 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#753

Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.0 to 3.6.1 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#744

Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#747

Bump org.junit.jupiter:junit-jupiter from 5.10.0 to 5.10.1 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#751

Bump version.maven-plugin from 3.9.0 to 3.10.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#752

Bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#755

Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.1.2 to 3.2.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#756

Bump version.spotbugs from 4.8.1 to 4.8.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#760

Bump org.codehaus.mojo:versions-maven-plugin from 2.16.0 to 2.16.2 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#758

Bump version.bytebuddy from 1.14.9 to 1.14.10 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#759

Bump actions/setup-java from 3 to 4 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#761

Bump com.tngtech.archunit:archunit-junit5 from 1.1.0 to 1.2.1 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#763

Bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.1.0 to 4.8.2.0 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#764

Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.0 to 3.6.3 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#762

Bump version.mockito from 5.6.0 to 5.8.0 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#765

Bump ch.qos.logback:logback-classic from 1.2.12 to 1.2.13 by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#766

Bump version.jgit from 6.7.0.202309050840-r to 6.8.0.202311291450-r by @dependabot in gitflow-incremental-builder/gitflow-incremental-builder#767

Update to Maven 3.9.6 by @famod in gitflow-incremental-builder/gitflow-incremental-builder#768

Full Changelog: gitflow-incremental-builder/gitflow-incremental-builder@v4.5.1...v4.5.2

Commits

dda640b [skip ci] prepare release v4.5.2
e1fbfff Update to Maven 3.9.6
bb563fd Merge pull request #767 from gitflow-incremental-builder/dependabot/maven/ver...
b51ce4e Merge pull request #766 from gitflow-incremental-builder/dependabot/maven/ch....
fa4f280 Merge pull request #765 from gitflow-incremental-builder/dependabot/maven/ver...
5d949a5 Merge pull request #762 from gitflow-incremental-builder/dependabot/maven/org...
1e7ad53 Merge pull request #764 from gitflow-incremental-builder/dependabot/maven/com...
6491abc Merge pull request #763 from gitflow-incremental-builder/dependabot/maven/com...
b6e918d Merge pull request #761 from gitflow-incremental-builder/dependabot/github_ac...
596f67a Merge pull request #759 from gitflow-incremental-builder/dependabot/maven/ver...
Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 9.0.2 to 9.0.4

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 9.0.4

fix: utilize maven proxy if present (#6255)

fix: allow api key in cli to be quoted (#6253)

fix: use correct maven plugin reporting plugin (#6244)

fix: correct trailing comma in JSON report (#6245)

See the full listing of changes.

Version 9.0.3

fix: use Java properties for proxy configuration (#6238)

docs: update proxy configuration documentation (#6237)

docs: add documentation on caching (#6204)

docs: Clarify H2 database caching strategy (#6220)

docs: Update list of supported report formats (#6224)

docs: example 5 with new nvdDatafeedUrl parameter (#6215)

fix: prevent NPEs (#6232 and #6206)

fix: check valid for hours for NVD API (#6225)

fix: correct NVD cache last checked logic (#6218)

fix: nvd datafeed should process current year (#6213)

fix: correct references to cvssv2 and cvssv3 fields in json and xml reports (#6212)

fix: correct name on reference links in report (#6205)

fix: flaws int the gitlab report (#6193)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 9.0.4 (2023-12-08)

fix: utilize maven proxy if present (#6255)

fix: allow api key in cli to be quoted (#6253)

fix: use correct maven plugin reporting plugin (#6244)

fix: correct trailing comma in JSON report (#6245)

See the full listing of changes.

Version 9.0.3 (2023-12-06)

fix: use Java properties for proxy configuration (#6238)

docs: update proxy configuration documentation (#6237)

docs: add documentation on caching (#6204)

docs: Clarify H2 database caching strategy (#6220)

docs: Update list of supported report formats (#6224)

docs: example 5 with new nvdDatafeedUrl parameter (#6215)

fix: prevent NPEs (#6232 and #6206)

fix: check valid for hours for NVD API (#6225)

fix: correct NVD cache last checked logic (#6218)

fix: nvd datafeed should process current year (#6213)

fix: correct references to cvssv2 and cvssv3 fields in json and xml reports (#6212)

fix: correct name on reference links in report (#6205)

fix: flaws int the gitlab report (#6193)

See the full listing of changes.

Commits

bce147d build: prepare release v9.0.4
e009336 chore: prepare release
d356656 fix: utilize maven proxy if present (#6255)
4734356 fix: allow api key in cli to be quoted (#6253)
d9f9c3d fix: use correct maven plugin reporting plugin (#6244)
e973c9a fix: correct trailing comma in JSON report (#6245)
cc4ece7 fix: correct trailing comma in JSON report
48cfd22 chore: release 9.0.3 (#6239)
684222c build: prepare for next development iteration
068b682 build: prepare release v9.0.3
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the build-dependencies group with 6 updates: | Package | From | To | | --- | --- | --- | | [org.codehaus.plexus:plexus-compiler-api](https://github.com/codehaus-plexus/plexus-compiler) | `2.13.0` | `2.14.0` | | [org.codehaus.plexus:plexus-compiler-manager](https://github.com/codehaus-plexus/plexus-compiler) | `2.13.0` | `2.14.0` | | org.codehaus.plexus:plexus-compiler-eclipse | `2.13.0` | `2.14.0` | | [org.eclipse.jdt:ecj](https://github.com/eclipse-jdt/eclipse.jdt.core) | `3.35.0` | `3.36.0` | | [io.github.gitflow-incremental-builder:gitflow-incremental-builder](https://github.com/gitflow-incremental-builder/gitflow-incremental-builder) | `4.5.1` | `4.5.2` | | [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `9.0.2` | `9.0.4` | Updates `org.codehaus.plexus:plexus-compiler-api` from 2.13.0 to 2.14.0 - [Release notes](https://github.com/codehaus-plexus/plexus-compiler/releases) - [Commits](codehaus-plexus/plexus-compiler@plexus-compiler-2.13.0...plexus-compiler-2.14.0) Updates `org.codehaus.plexus:plexus-compiler-manager` from 2.13.0 to 2.14.0 - [Release notes](https://github.com/codehaus-plexus/plexus-compiler/releases) - [Commits](codehaus-plexus/plexus-compiler@plexus-compiler-2.13.0...plexus-compiler-2.14.0) Updates `org.codehaus.plexus:plexus-compiler-eclipse` from 2.13.0 to 2.14.0 Updates `org.eclipse.jdt:ecj` from 3.35.0 to 3.36.0 - [Commits](https://github.com/eclipse-jdt/eclipse.jdt.core/commits) Updates `io.github.gitflow-incremental-builder:gitflow-incremental-builder` from 4.5.1 to 4.5.2 - [Release notes](https://github.com/gitflow-incremental-builder/gitflow-incremental-builder/releases) - [Commits](gitflow-incremental-builder/gitflow-incremental-builder@v4.5.1...v4.5.2) Updates `org.owasp:dependency-check-maven` from 9.0.2 to 9.0.4 - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v9.0.2...v9.0.4) --- updated-dependencies: - dependency-name: org.codehaus.plexus:plexus-compiler-api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-dependencies - dependency-name: org.codehaus.plexus:plexus-compiler-manager dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-dependencies - dependency-name: org.codehaus.plexus:plexus-compiler-eclipse dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-dependencies - dependency-name: org.eclipse.jdt:ecj dependency-type: direct:production update-type: version-update:semver-minor dependency-group: build-dependencies - dependency-name: io.github.gitflow-incremental-builder:gitflow-incremental-builder dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 12, 2023

dependabot bot assigned yrodiere Dec 12, 2023

yrodiere merged commit 9620e45 into main Dec 12, 2023
6 checks passed

dependabot bot deleted the dependabot/maven/build-dependencies-466a612a45 branch December 12, 2023 14:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the build-dependencies group with 6 updates #3864

Bump the build-dependencies group with 6 updates #3864

dependabot bot commented on behalf of github Dec 12, 2023

Bump the build-dependencies group with 6 updates #3864

Bump the build-dependencies group with 6 updates #3864

Conversation

dependabot bot commented on behalf of github Dec 12, 2023

2.14.0

❗ Requirements for plexus compilers

🚨 Removed

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

2.14.0

❗ Requirements for plexus compilers

🚨 Removed

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

4.5.2

What's Changed

Version 9.0.4

Version 9.0.3

Version 9.0.4 (2023-12-08)

Version 9.0.3 (2023-12-06)