Bump the maven-dependencies group with 13 updates

[dependabot]

Bumps the maven-dependencies group with 13 updates:

Package	From	To
org.slf4j:slf4j-api	1.7.36	2.0.9
com.google.guava:guava	32.0.0-jre	32.1.2-jre
org.apache.commons:commons-lang3	3.12.0	3.13.0
org.junit.jupiter:junit-jupiter	5.8.2	5.10.0
org.apache.maven.plugins:maven-compiler-plugin	3.9.0	3.11.0
org.apache.maven.plugins:maven-surefire-plugin	3.0.0-M5	3.1.2
org.apache.maven.plugins:maven-enforcer-plugin	3.0.0	3.4.1
org.apache.maven.plugins:maven-source-plugin	3.2.1	3.3.0
org.apache.maven.plugins:maven-javadoc-plugin	3.3.1	3.6.0
org.owasp:dependency-check-maven	8.2.1	8.4.0
org.apache.maven.plugins:maven-gpg-plugin	3.0.1	3.1.0
org.sonatype.plugins:nexus-staging-maven-plugin	1.6.8	1.6.13
org.apache.maven.plugins:maven-deploy-plugin	3.1.0	3.1.1

Updates org.slf4j:slf4j-api from 1.7.36 to 2.0.9

Updates com.google.guava:guava from 32.0.0-jre to 32.1.2-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.1.2

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.2-jre</version>
  <!-- or, for Android: -->
  <version>32.1.2-android</version>
</dependency>

Jar files

• 32.1.2-jre.jar
• 32.1.2-android.jar

Guava requires one runtime dependency, which you can download here:

• failureaccess-1.0.1.jar

Javadoc

• 32.1.2-jre
• 32.1.2-android

JDiff

• 32.1.2-jre vs. 32.1.1-jre
• 32.1.2-android vs. 32.1.1-android
• 32.1.2-android vs. 32.1.2-jre

Changelog

• Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. (9ed0fa65ab)
• Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. (71a16d5a74)
• collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. (b41968f5f2)
• net: Optimized InternetDomainName construction. (3a1d18fbefa10218988a0fbbb6e1fada012397bf, eaa62eb09548a6f1b7a757e21d8852724b631cab)

32.1.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.1-jre</version>
  <!-- or, for Android: -->
  <version>32.1.1-android</version>
</tr></table> 

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0

Updates org.junit.jupiter:junit-jupiter from 5.8.2 to 5.10.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.10.0 = Platform 1.10.0 + Jupiter 5.10.0 + Vintage 5.10.0

See Release Notes.

Full Changelog: junit-team/junit5@r5.10.0-RC2...r5.10.0

JUnit 5.10.0-RC2 = Platform 1.10.0-RC2+ Jupiter 5.10.0-RC2 + Vintage 5.10.0-RC2

See Release Notes.

JUnit 5.10.0-RC1 = Platform 1.10.0-RC1 + Jupiter 5.10.0-RC1 + Vintage 5.10.0-RC1

See Release Notes.

JUnit 5.10.0-M1 = Platform 1.10.0-M1 + Jupiter 5.10.0-M1 + Vintage 5.10.0-M1

See Release Notes.

JUnit 5.9.3 = Platform 1.9.3 + Jupiter 5.9.3 + Vintage 5.9.3

See Release Notes.

JUnit 5.9.2 = Platform 1.9.2 + Jupiter 5.9.2 + Vintage 5.9.2

See Release Notes.

JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1

See Release Notes.

JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0

See Release Notes.

JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1

See Release Notes.

JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1

See Release Notes.

Commits

• 7f619ca Release 5.10
• 9899de4 Update Gradle Enterprise plugin to 3.14
• 45b970f Replace soon-to-be-deprecated usages of project.buildDir
• 463ae36 Prune Release Notes for 5.10 GA
• 893c64b Back to snapshots for further development
• e6ff0c5 Release 5.10.0-RC2
• b08a76b Add 5.10.0-RC2 release notes
• 2c278c7 Revert "Prune Release Notes for 5.10 GA"
• acb6e65 Provide access to source element annotations for TempDirFactory
• 73818a1 Bump org.gradle.toolchains:foojay-resolver from 0.5.0 to 0.6.0
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.9.0 to 3.11.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.11.0

🚀 New features and improvements

• [MCOMPILER-494] - Add a useModulePath switch to the testCompile mojo (#119) @​dmlloyd
• [MCOMPILER-395] - Allow dependency exclusions for 'annotationProcessorPaths' (#173) @​psiroky
• [MCOMPILER-522] - Use maven-resolver to resolve 'annotationProcessorPaths' dependencies (#169) @​psiroky
• [MCOMPILER-516] - upgrade plexus-compiler to improve compiling message (#164) @​hboutemy
• [MCOMPILER-501] - compileSourceRoots parameter should be writable (#159) @​gnodet
• [MCOMPILER-457] - Change showWarnings to true by default (#157) @​pzygielo
• [MCOMPILER-457] - Warn about warn-config conflicting values (#153) @​pzygielo
• [MCOMPILER-505] - Update default source/target from 1.7 to 1.8 (#149) @​jorsol
• [MCOMPILER-499] - display recompilation causes (#143) @​olamy
• [MCOMPILER-500] - add some parameter to pattern from stale source calculation (#141) @​olamy
• [MCOMPILER-488] - dedicated option for implicit javac flag (#102) @​pzygielo

🐛 Bug Fixes

• [MCOMPILER-525] - Incorrect detection of dependency change (#172) @​jorsol
• [MCOMPILER-523] - Test with Maven 3.9.0 and fix the failing IT (#176) @​gnodet
• [MCOMPILER-503] - Resolve all annotation processor dependencies together (#170) @​psiroky
• [MCOMPILER-512] - Defining maven.compiler.release as empty string end… (#158) @​project25o1
• [MCOMPILER-495] - Fixes missing dirs in createMissingPackageInfoClasses (#121) @​jmax01
• [MCOMPILER-347] - Set Xcludes in config passed to actual compiler (#101) @​pzygielo

📦 Dependency updates

• Bump apache/maven-gh-actions-shared from 2 to 3 (#182) @​dependabot
• Bump maven-invoker-plugin from 3.4.0 to 3.5.0 (#179) @​dependabot
• [MCOMPILER-527] - Upgrade plexus-java to 1.1.2 (#177) @​gnodet
• [MCOMPILER-526] - Upgrade to parent 39 (#175) @​gnodet
• Bump junit from 4.12 to 4.13.1 in /src/it/multirelease-patterns/packaging-plugin (#115) @​dependabot
• [MCOMPILER-519] - Upgrade maven-invoker-plugin from 3.3.0 to 3.4.0 (#166) @​psiroky
• Bump qdox from 2.0.2 to 2.0.3 (#152) @​dependabot
• Bump maven-jxr-plugin from 3.2.0 to 3.3.0 (#146) @​dependabot
• Bump maven-jxr-plugin from 3.1.1 to 3.2.0 (#105) @​dependabot
• Bump junit from 4.10 to 4.13.1 in /src/it/MCOMPILER-203-processorpath/annotation-user (#114) @​dependabot
• Bump plexusCompilerVersion from 2.12.0 to 2.12.1 (#139) @​dependabot
• Bump maven-shared-utils from 0.1 to 3.3.3 in /src/it/MCOMPILER-157/annotation-verify (#127) @​dependabot
• Bump maven-shared-utils from 0.1 to 3.3.3 in /src/it/MCOMPILER-203-processorpath/annotation-verify (#128) @​dependabot
• Bump mockito-core from 4.6.0 to 4.6.1 (#132) @​dependabot
• Bump maven-release-plugin from 3.0.0-M5 to 3.0.0-M6 (#133) @​dependabot
• Bump mockito-core from 4.5.1 to 4.6.0 (#130) @​dependabot
• Bump maven-invoker-plugin from 3.2.2 to 3.3.0 (#131) @​dependabot
• Bump junit from 4.8.2 to 4.13.1 in /src/it/groovy-project-with-new-plexus-compiler (#124) @​dependabot
• Bump junit from 4.12 to 4.13.1 in /src/it/MCOMPILER-298 (#125) @​dependabot
• Bump plexusCompilerVersion from 2.11.2-SNAPSHOT to 2.12.0 (#122) @​dependabot
• Bump junit from 4.12 to 4.13.1 in /src/it/multirelease-patterns/singleproject-runtime (#110) @​dependabot
• Bump junit from 4.12 to 4.13.1 in /src/it/multirelease-patterns/multiproject/multirelease-nine (#112) @​dependabot
• Bump junit from 4.12 to 4.13.1 in /src/it/multirelease-patterns/multimodule/multirelease-base (#111) @​dependabot

... (truncated)

Commits

• eeda628 [maven-release-plugin] prepare release maven-compiler-plugin-3.11.0
• 82b799f [MCOMPILER-527] Upgrade plexus-java to 1.1.2 (#177)
• f9c2350 [MCOMPILER-526] Fix IT (#178)
• 4022bd0 [MCOMPILER-494] - Add a useModulePath switch to the testCompile mojo (#119)
• f4a8a54 [MCOMPILER-525] Incorrect detection of dependency change (#172)
• 86b9f59 [MCOMPILER-395] Allow dependency exclusions for 'annotationProcessorPaths' (#...
• e304ceb [MCOMPILER-526] Ignore reformat commit for git blame
• f7a4613 [MCOMPILER-526] Reformat
• cc78aee [MCOMPILER-526] Upgrade to parent 39
• 3dca82f [MCOMPILER-526] Add packages to please the formatter
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.0.0-M5 to 3.1.2

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.1.2

Release Notes - Maven Surefire - Version 3.1.2

• update commons compress to 1.23.0 (#655) @​elharo
• Drop unused commons-lang 2.6 from management (#661) @​elilja
• Remove old junittoolbox dependency no longer used (#658) @​elharo
• update test libraries (#657) @​elharo
• update commons-io to 2.12.0 (#653) @​elharo
• remove descriptions of Maven 2.x and very old versions (#647) @​elharo
• Remove more details about Maven 2 and old versions (#654) @​elharo
• Simplify method (#651) @​michael-o
• Update Sufefire (#646) @​michael-o
• Backport (#635) @​michael-o
• [SUREFIRE-2166] - Use ChoiceFormat to selective render percentage and elapsed time in SurefireReportRenderer (#639) @​michael-o
• Simplify serialization/deserialization of elapsed time (SUREFIRE-2164 + SUREFIRE-2167) (#645) @​michael-o
• [SUREFIRE-2169] - Potential NPE in WrappedReportEntry when #getElapsed(… (#643) @​michael-o
• fix SAX bug (#642) @​michael-o
• [MNG-6829] - Replace StringUtils#isEmpty(String) & #isNotEmpty(String) (#641) @​timtebeek
• Fixes (#636) @​michael-o

📦 Dependency updates

• Bump animal-sniffer-maven-plugin from 1.21 to 1.23 (#624) @​dependabot

👻 Maintenance

• [SUREFIRE-2173] - Pass build and tests with Java 20 (#648) @​slachiewicz

3.1.0

Release Notes - Maven Surefire - Version 3.1.0 Sub-task

• [SUREFIRE-2162] - Document upcoming mojo and file names change

Bug

• [SUREFIRE-2140] - Cannot release Surefire on Windows

Improvement

• [SUREFIRE-2153] - Replace SurefireReportGenerator with a new SurefireReportRenderer
• [SUREFIRE-2160] - Replace LocalizedProperties with (Custom)I18N approach from MPIR

Task

... (truncated)

Commits

• 5e097b5 [maven-release-plugin] prepare release surefire-3.1.2
• 255bb51 Update commons compress to 1.23.0
• a77dfb2 Drop unused commons-lang 2.6 from management (#661)
• 95e8e95 [SUREFIRE-2157] Upgrade junit-jupiter to 5.9.3/junit-platform to 1.9.2
• 9092b5e [SUREFIRE-2157] Upgrade surefire IT to 3.1.0
• 1af92f5 Remove old junittoolbox dependency no longer used (#658)
• 8878ed5 update test libraries (#657)
• a6613a8 Remove redundant space
• e0e89e4 update commons-io to 2.12.0
• d8ac134 [MNGSITE-393] remove descriptions of Maven 2.x and very old versions
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.0.0 to 3.4.1

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.4.1

🐛 Bug Fixes

• [MENFORCER-491] - Fix plugin documentation generation (#286) @​slawekjaranowski

👻 Maintenance

• [MENFORCER-490] - Declare maven-enforcer-plugin dependencies (#285) @​elharo
• [MENFORCER-490] - Declare org.eclipse.sisu.plexus dependencies (#283) @​elharo
• [MENFORCER-490] - Declare maven-enforcer-extension dependencies (#284) @​elharo
• [MENFORCER-490] - Declare maven-enforcer-extension dependencies (#282) @​elharo

3.4.0

🚀 New features and improvements

• [MENFORCER-488] - Add EnforcerLogger.isEnabled() (#279) @​kwin

🐛 Bug Fixes

• [MENFORCER-393] - Extend IT for dependencyConvergence and no standard protocol in repository (#271) @​slawekjaranowski
• [MENFORCER-426] - DependencyConvergence transitive dependencies with version range (#259) @​slawekjaranowski
• [MENFORCER-480] - BanDynamicVersions: fix ignores parameter (#269) @​Stephan202
• [MENFORCER-481] - BanDynamicVersions: make excludedScopes optional (#270) @​Stephan202

📦 Dependency updates

• [MENFORCER-489] - Bump commons-lang3 from 3.12.0 to 3.13.0 (#281) @​slawekjaranowski
• Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#280) @​dependabot
• [MENFORCER-487] - Bump commons-codec from 1.15 to 1.16.0 (#277) @​slawekjaranowski
• [MENFORCER-486] - Bump commons-codec from 1.15 to 1.16.0 (#276) @​slawekjaranowski
• [MENFORCER-485] - Upgrade Parent to 40 (#275) @​slawekjaranowski
• Bump guava from 30.1.1-jre to 32.0.0-jre in /maven-enforcer-plugin/src/it/projects/dependency-convergence-cycle (#274) @​dependabot
• Bump snappy-java from 1.1.8.3 to 1.1.10.1 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#273) @​dependabot
• Bump junit-bom from 5.9.2 to 5.9.3 (#268) @​dependabot

📝 Documentation updates

• Clarify availability of AbstractEnforcerRule (#278) @​kwin

👻 Maintenance

• Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#280) @​dependabot
• Bump snappy-java from 1.1.8.3 to 1.1.10.1 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#273) @​dependabot
• [MNG-6829] - Replace StringUtils#isEmpty(String) and #isNotEmpty(String) (#272) @​timtebeek

3.3.0

... (truncated)

Commits

• d8a21ee [maven-release-plugin] prepare release enforcer-3.4.1
• 66250c0 [MENFORCER-491] Fix plugin documentation generation
• 5d32e6c [MENFORCER-490] Declare maven-enforcer-plugin dependencies (#285)
• d258109 [MENFORCER-490] Declare org.eclipse.sisu.plexus dependencies (#283)
• 2aa71e7 [MENFORCER-490] Declare maven-enforcer-extension dependencies (#284)
• d4ec8e1 [MENFORCER-490] Declare maven-enforcer-extension dependencies (#282)
• b35e4a0 [maven-release-plugin] prepare for next development iteration
• 3d365f7 [maven-release-plugin] prepare release enforcer-3.4.0
• 5feb93a [MENFORCER-489] Bump commons-lang3 from 3.12.0 to 3.13.0
• 8f2de47 Bump org.junit:junit-bom from 5.9.3 to 5.10.0
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.0

Commits

• 02a9847 [maven-release-plugin] prepare release maven-source-plugin-3.3.0
• f186993 [MSOURCES-135] Cleanup project code
• 021af55 [MSOURCES-134] Refresh download page
• b11a457 Use shared GitHub actions v3
• 7caf2b0 [MSOURCES-133] Upgrade Parent to 39 - ignore git blame
• dee4c10 [MSOURCES-133] Upgrade Parent to 39
• 452111f Add dependabot configuration
• e691ac3 s/MSOURCE/MSOURCES/
• 1ddffd8 Auto-link MSOURCE Jira
• 37ffefe Add pull request template
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.3.1 to 3.6.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.0

🚀 New features and improvements

• [MJAVADOC-642] - Make offline mode configurable (#238) @​hgschmie
• [MJAVADOC-642] - Make offline mode configurable (#232) @​hgschmie
• [MJAVADOC-770] - Implement legacy mode for Java 9+ (#228) @​hgschmie
• [MJAVADOC-743] - Drop deprecated mojo parameter (#185) @​cstamas

🐛 Bug Fixes

• [MJAVADOC-742] - Fix resolution of docletArtifacts (#186) @​cstamas
• [MJAVADOC-758] - correct exception in JavadocUtil (#230) @​hgschmie
• [MJAVADOC-769] - fix for transitive filename based modules (#227) @​hgschmie
• [MJAVADOC-767] - javadoc creates invalid --patch-module statements (#225) @​hgschmie
• [MJAVADOC-763] - remove test that doesn't test what it claims (#219) @​elharo
• [MJAVADOC-757] - fix Javadoc warnings (#212) @​elharo
• Fix UmlGraph link in site example (#198) @​ParkerM

📦 Dependency updates

• [JAVADOC-771] - Upgrade Parent to 40 (#234) @​hgschmie
• Bump org.apache.maven:maven-core from 3.6.0 to 3.8.1 in /src/it/projects/MJAVADOC-568_manifest-splitpackage/mojo (#226) @​dependabot
• Bump com.google.guava:guava from 31.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-769 (#229) @​dependabot
• [MJAVADOC-766] - Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 (#222) @​dependabot
• Bump hamcrest-core from 1.3 to 2.2 (#221) @​dependabot
• Bump guava from 27.0.1-jre to 32.0.0-jre in /src/it/projects/MJAVADOC-555_link-automatic-modules (#207) @​dependabot
• Bump javax.servlet-api from 3.1.0 to 4.0.1 (test dependency) (#220) @​dependabot
• [MJAVADOC-761] - commons-io 2.13.0 (#215) @​elharo
• Bump plexus-utils from 3.5.0 to 3.5.1 (#201) @​dependabot
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot

👻 Maintenance

• fix jenkins link (#237) @​hgschmie
• Fix build on jenkins (#236) @​slawekjaranowski
• [MJAVADOC-772] - Refresh download page (#235) @​slawekjaranowski
• Use 3.6.0 as release version (#233) @​hgschmie
• Remove superflous whitespace from PR template (#231) @​hgschmie
• Bump jetty from 9.4.50.v20221201 to 9.4.51.v20230217 (#224) @​slachiewicz
• [MJAVADOC-765] - Fix build with Java 20 (#223) @​slachiewicz
• [MJAVADOC-760] - declare test dependencies (#217) @​elharo
• [MJAVADOC-760] - explicitly declare shared utility dependencies (#216) @​elharo
• remove unused private method (#213) @​elharo
• replace plexus with maven shared utils (#211) @​elharo
• [MJAVADOC-755] - replace IOUtil.close with try with resources (#209) @​elharo
• [MJAVADOC-755] - Use java.lang.String instead of StringUtils (#208) @​elharo
• [MNG-6829] - Replace StringUtils#isEmpty(String) and #isNotEmpty(String) (#205) @​timtebeek
• Bump mockito-core from 4.4.0 to 4.11.0 (#196) @​dependabot
• [MNG-6825] - Replace Maven shared StringUtils with Commons Lang3 (#199) @​timtebeek

... (truncated)

Commits

• 7548066 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.0
• 77adc47 [MJAVADOC-642] Make offline mode configurable (#238)
• 24362d2 [MJAVADOC-742] Fix resolution of docletArtifacts (#186)
• bee4197 fix jenkins link (#237)
• 9830bdc Fix build on jenkins
• 6f30bed [MJAVADOC-642] Make offline mode configurable (#232)
• e4023d0 [JAVADOC-771] Upgrade Parent to 40 (#234)
• 7904e45 [MJAVADOC-772] Refresh download page
• 87c2424 Bump org.apache.maven:maven-core (#226)
• 83ab01b Use 3.6.0 as release version (#233)
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 8.2.1 to 8.4.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 8.4.0

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

Version 8.3.1

Re-release of 8.3.0 as 8.3.1.

v8.3.0

Added

• Add LibmanAnalyzer (#5652)
• Update HTML report Dependencies header based on display settings (#5619)
• Add link to suppressed vulnerabilities header in HTML report (#5620)
• Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

• Fix npm alias present in requires of dependencies (#5703)
• Make Central URL configurable via CLI (#5667)
• Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 8.4.0 (2023-08-19)

Added

• feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

• fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• chore: switch to sha1-pinning as suggested by Semgrep
• fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
• fix: use curl with -L to follow github redirect (#5808)
• fix: use curl with -L to follow github redirect
• fix: #5671 out of memory error (#5789)
• fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

See the full listing of changes.

Version 8.3.1 (2023-06-12)

Re-release of 8.3.0 as 8.3.1.

Version 8.3.0 (2023-06-12)

Added

• Add LibmanAnalyzer (#5652)
• Update HTML report Dependencies header based on display settings (#5619)
• Add link to suppressed vulnerabilities header in HTML report (#5620)
• Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

• Fix npm alias present in requires of dependencies (#5703)
• Make Central URL configurable via CLI (#5667)
• Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Commits

• cc2db4c build: prepare release v8.4.0
• 17c5081 chore: prepare release (#5891)
• d1e5736 build(deps): bump com.google.guava:guava from 32.0.1-jre to 32.1.2-jre (#5850)
• e685b80 feat: Add support for Nexus v3 to NexusAnalyzer (#5849)
• a29afc4 fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
• 49c6591 build(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#5889)
• 0f4553a build(deps): bump actions/setup-node from 3.8.0 to 3.8.1
• 8ee8214 build(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (#5877)
• d71f038 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0 (#5878)
• 5a55c81 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.0.1 to 3.1.0

Commits

• 699e2ad [maven-release-plugin] prepare release maven-gpg-plugin-3.1.0
• f314f8e [MGPG-97] use gpgverify plugin to check dependencies signatures
• bad6b57 [MGPG-96] add INFO message
• 0498a82 [MGPG-95] don't GPG-sign .sigstore signatures
• 09b5be9 Auto-link MGPG Jira
• 1e0472f extract FilesCollector
• af9ccfd [MGPG-94] Ignore reformatting
• 5e51734 [MGPG-94] Integration tests - convert and reformat bsh to groovy
• 955ea0e [MGPG-94] Reformat code
• e160f43 [MGPG-94] Bump maven-plugins from 36 to 39
• Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.8 to 1.6.13

Updates org.apache.maven.plugins:maven-deploy-plugin from 3.1.0 to 3.1.1

Release notes

Sourced from org.apache.maven.plugins:maven-deploy-plugin's releases.

3.1.1

• [MDEPLOY-308] - Add parameter to lax project validation (#39) @​cstamas

Commits

• 43aaa63 [maven-release-plugin] prepare release maven-deploy-plugin-3.1.1
• 04f5e88 [MDEPLOY-308] Add parameter to lax project validation (#39)

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.