Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the maven-dependencies group with 13 updates #31

Merged
merged 1 commit into from
Sep 25, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 25, 2023

Bumps the maven-dependencies group with 13 updates:

Package From To
org.slf4j:slf4j-api 1.7.36 2.0.9
com.google.guava:guava 32.0.0-jre 32.1.2-jre
org.apache.commons:commons-lang3 3.12.0 3.13.0
org.junit.jupiter:junit-jupiter 5.8.2 5.10.0
org.apache.maven.plugins:maven-compiler-plugin 3.9.0 3.11.0
org.apache.maven.plugins:maven-surefire-plugin 3.0.0-M5 3.1.2
org.apache.maven.plugins:maven-enforcer-plugin 3.0.0 3.4.1
org.apache.maven.plugins:maven-source-plugin 3.2.1 3.3.0
org.apache.maven.plugins:maven-javadoc-plugin 3.3.1 3.6.0
org.owasp:dependency-check-maven 8.2.1 8.4.0
org.apache.maven.plugins:maven-gpg-plugin 3.0.1 3.1.0
org.sonatype.plugins:nexus-staging-maven-plugin 1.6.8 1.6.13
org.apache.maven.plugins:maven-deploy-plugin 3.1.0 3.1.1

Updates org.slf4j:slf4j-api from 1.7.36 to 2.0.9

Updates com.google.guava:guava from 32.0.0-jre to 32.1.2-jre

Release notes

Sourced from com.google.guava:guava's releases.

32.1.2

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.2-jre</version>
  <!-- or, for Android: -->
  <version>32.1.2-android</version>
</dependency>

Jar files

Guava requires one runtime dependency, which you can download here:

Javadoc

JDiff

Changelog

  • Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. (9ed0fa65ab)
  • Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. (71a16d5a74)
  • collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. (b41968f5f2)
  • net: Optimized InternetDomainName construction. (3a1d18fbefa10218988a0fbbb6e1fada012397bf, eaa62eb09548a6f1b7a757e21d8852724b631cab)

32.1.1

Maven

<dependency>
  <groupId>com.google.guava</groupId>
  <artifactId>guava</artifactId>
  <version>32.1.1-jre</version>
  <!-- or, for Android: -->
  <version>32.1.1-android</version>
</tr></table> 

... (truncated)

Commits

Updates org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0

Updates org.junit.jupiter:junit-jupiter from 5.8.2 to 5.10.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.10.0 = Platform 1.10.0 + Jupiter 5.10.0 + Vintage 5.10.0

See Release Notes.

Full Changelog: junit-team/junit5@r5.10.0-RC2...r5.10.0

JUnit 5.10.0-RC2 = Platform 1.10.0-RC2+ Jupiter 5.10.0-RC2 + Vintage 5.10.0-RC2

See Release Notes.

JUnit 5.10.0-RC1 = Platform 1.10.0-RC1 + Jupiter 5.10.0-RC1 + Vintage 5.10.0-RC1

See Release Notes.

JUnit 5.10.0-M1 = Platform 1.10.0-M1 + Jupiter 5.10.0-M1 + Vintage 5.10.0-M1

See Release Notes.

JUnit 5.9.3 = Platform 1.9.3 + Jupiter 5.9.3 + Vintage 5.9.3

See Release Notes.

JUnit 5.9.2 = Platform 1.9.2 + Jupiter 5.9.2 + Vintage 5.9.2

See Release Notes.

JUnit 5.9.1 = Platform 1.9.1 + Jupiter 5.9.1 + Vintage 5.9.1

See Release Notes.

JUnit 5.9.0 = Platform 1.9.0 + Jupiter 5.9.0 + Vintage 5.9.0

See Release Notes.

JUnit 5.9.0-RC1 = Platform 1.9.0-RC1 + Jupiter 5.9.0-RC1 + Vintage 5.9.0-RC1

See Release Notes.

JUnit 5.9.0-M1 = Platform 1.9.0-M1 + Jupiter 5.9.0-M1 + Vintage 5.9.0-M1

See Release Notes.

Commits
  • 7f619ca Release 5.10
  • 9899de4 Update Gradle Enterprise plugin to 3.14
  • 45b970f Replace soon-to-be-deprecated usages of project.buildDir
  • 463ae36 Prune Release Notes for 5.10 GA
  • 893c64b Back to snapshots for further development
  • e6ff0c5 Release 5.10.0-RC2
  • b08a76b Add 5.10.0-RC2 release notes
  • 2c278c7 Revert "Prune Release Notes for 5.10 GA"
  • acb6e65 Provide access to source element annotations for TempDirFactory
  • 73818a1 Bump org.gradle.toolchains:foojay-resolver from 0.5.0 to 0.6.0
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.9.0 to 3.11.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.11.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

... (truncated)

Commits
  • eeda628 [maven-release-plugin] prepare release maven-compiler-plugin-3.11.0
  • 82b799f [MCOMPILER-527] Upgrade plexus-java to 1.1.2 (#177)
  • f9c2350 [MCOMPILER-526] Fix IT (#178)
  • 4022bd0 [MCOMPILER-494] - Add a useModulePath switch to the testCompile mojo (#119)
  • f4a8a54 [MCOMPILER-525] Incorrect detection of dependency change (#172)
  • 86b9f59 [MCOMPILER-395] Allow dependency exclusions for 'annotationProcessorPaths' (#...
  • e304ceb [MCOMPILER-526] Ignore reformat commit for git blame
  • f7a4613 [MCOMPILER-526] Reformat
  • cc78aee [MCOMPILER-526] Upgrade to parent 39
  • 3dca82f [MCOMPILER-526] Add packages to please the formatter
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.0.0-M5 to 3.1.2

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.1.2

Release Notes - Maven Surefire - Version 3.1.2

📦 Dependency updates

👻 Maintenance

3.1.0

Release Notes - Maven Surefire - Version 3.1.0 Sub-task

Bug

Improvement

  • [SUREFIRE-2153] - Replace SurefireReportGenerator with a new SurefireReportRenderer
  • [SUREFIRE-2160] - Replace LocalizedProperties with (Custom)I18N approach from MPIR

Task

... (truncated)

Commits
  • 5e097b5 [maven-release-plugin] prepare release surefire-3.1.2
  • 255bb51 Update commons compress to 1.23.0
  • a77dfb2 Drop unused commons-lang 2.6 from management (#661)
  • 95e8e95 [SUREFIRE-2157] Upgrade junit-jupiter to 5.9.3/junit-platform to 1.9.2
  • 9092b5e [SUREFIRE-2157] Upgrade surefire IT to 3.1.0
  • 1af92f5 Remove old junittoolbox dependency no longer used (#658)
  • 8878ed5 update test libraries (#657)
  • a6613a8 Remove redundant space
  • e0e89e4 update commons-io to 2.12.0
  • d8ac134 [MNGSITE-393] remove descriptions of Maven 2.x and very old versions
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.0.0 to 3.4.1

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.4.1

🐛 Bug Fixes

👻 Maintenance

3.4.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

📝 Documentation updates

  • Clarify availability of AbstractEnforcerRule (#278) @​kwin

👻 Maintenance

  • Bump org.junit:junit-bom from 5.9.3 to 5.10.0 (#280) @​dependabot
  • Bump snappy-java from 1.1.8.3 to 1.1.10.1 in /maven-enforcer-plugin/src/it/projects/dependency-convergence_transitive_provided/module1 (#273) @​dependabot
  • [MNG-6829] - Replace StringUtils#isEmpty(String) and #isNotEmpty(String) (#272) @​timtebeek

3.3.0

... (truncated)

Commits
  • d8a21ee [maven-release-plugin] prepare release enforcer-3.4.1
  • 66250c0 [MENFORCER-491] Fix plugin documentation generation
  • 5d32e6c [MENFORCER-490] Declare maven-enforcer-plugin dependencies (#285)
  • d258109 [MENFORCER-490] Declare org.eclipse.sisu.plexus dependencies (#283)
  • 2aa71e7 [MENFORCER-490] Declare maven-enforcer-extension dependencies (#284)
  • d4ec8e1 [MENFORCER-490] Declare maven-enforcer-extension dependencies (#282)
  • b35e4a0 [maven-release-plugin] prepare for next development iteration
  • 3d365f7 [maven-release-plugin] prepare release enforcer-3.4.0
  • 5feb93a [MENFORCER-489] Bump commons-lang3 from 3.12.0 to 3.13.0
  • 8f2de47 Bump org.junit:junit-bom from 5.9.3 to 5.10.0
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.3.0

Commits
  • 02a9847 [maven-release-plugin] prepare release maven-source-plugin-3.3.0
  • f186993 [MSOURCES-135] Cleanup project code
  • 021af55 [MSOURCES-134] Refresh download page
  • b11a457 Use shared GitHub actions v3
  • 7caf2b0 [MSOURCES-133] Upgrade Parent to 39 - ignore git blame
  • dee4c10 [MSOURCES-133] Upgrade Parent to 39
  • 452111f Add dependabot configuration
  • e691ac3 s/MSOURCE/MSOURCES/
  • 1ddffd8 Auto-link MSOURCE Jira
  • 37ffefe Add pull request template
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.3.1 to 3.6.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.6.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

... (truncated)

Commits
  • 7548066 [maven-release-plugin] prepare release maven-javadoc-plugin-3.6.0
  • 77adc47 [MJAVADOC-642] Make offline mode configurable (#238)
  • 24362d2 [MJAVADOC-742] Fix resolution of docletArtifacts (#186)
  • bee4197 fix jenkins link (#237)
  • 9830bdc Fix build on jenkins
  • 6f30bed [MJAVADOC-642] Make offline mode configurable (#232)
  • e4023d0 [JAVADOC-771] Upgrade Parent to 40 (#234)
  • 7904e45 [MJAVADOC-772] Refresh download page
  • 87c2424 Bump org.apache.maven:maven-core (#226)
  • 83ab01b Use 3.6.0 as release version (#233)
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 8.2.1 to 8.4.0

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 8.4.0

Added

  • feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

  • fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
  • chore: switch to sha1-pinning as suggested by Semgrep
  • fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
  • fix: use curl with -L to follow github redirect (#5808)
  • fix: use curl with -L to follow github redirect
  • fix: #5671 out of memory error (#5789)
  • fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

Version 8.3.1

Re-release of 8.3.0 as 8.3.1.

v8.3.0

Added

  • Add LibmanAnalyzer (#5652)
  • Update HTML report Dependencies header based on display settings (#5619)
  • Add link to suppressed vulnerabilities header in HTML report (#5620)
  • Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

  • Fix npm alias present in requires of dependencies (#5703)
  • Make Central URL configurable via CLI (#5667)
  • Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 8.4.0 (2023-08-19)

Added

  • feat: Add support for Nexus v3 to NexusAnalyzer (#5849)

Fixed

  • fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
  • chore: switch to sha1-pinning as suggested by Semgrep
  • fix: OSS Index Analyzer SocketTimeoutException exception handling based on warn only parameter (#5845)
  • fix: use curl with -L to follow github redirect (#5808)
  • fix: use curl with -L to follow github redirect
  • fix: #5671 out of memory error (#5789)
  • fix: #5671 Exit method as soon as we detect a loop to prevent an infinite loop leading to an OutOfMemoryError

See the full listing of changes.

Version 8.3.1 (2023-06-12)

Re-release of 8.3.0 as 8.3.1.

Version 8.3.0 (2023-06-12)

Added

  • Add LibmanAnalyzer (#5652)
  • Update HTML report Dependencies header based on display settings (#5619)
  • Add link to suppressed vulnerabilities header in HTML report (#5620)
  • Enable local proxy configuration in maven plugin configuration (#5696)

Fixed

  • Fix npm alias present in requires of dependencies (#5703)
  • Make Central URL configurable via CLI (#5667)
  • Ensure support of CVSSv3.1 (#5602)

See the full listing of changes.

Commits
  • cc2db4c build: prepare release v8.4.0
  • 17c5081 chore: prepare release (#5891)
  • d1e5736 build(deps): bump com.google.guava:guava from 32.0.1-jre to 32.1.2-jre (#5850)
  • e685b80 feat: Add support for Nexus v3 to NexusAnalyzer (#5849)
  • a29afc4 fix: Hint Analyzer should run before VersionFilter Analyzer (#5818)
  • 49c6591 build(deps): bump actions/setup-node from 3.8.0 to 3.8.1 (#5889)
  • 0f4553a build(deps): bump actions/setup-node from 3.8.0 to 3.8.1
  • 8ee8214 build(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (#5877)
  • d71f038 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0 (#5878)
  • 5a55c81 build(deps): bump org.semver4j:semver4j from 5.0.0 to 5.1.0
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.0.1 to 3.1.0

Commits
  • 699e2ad [maven-release-plugin] prepare release maven-gpg-plugin-3.1.0
  • f314f8e [MGPG-97] use gpgverify plugin to check dependencies signatures
  • bad6b57 [MGPG-96] add INFO message
  • 0498a82 [MGPG-95] don't GPG-sign .sigstore signatures
  • 09b5be9 Auto-link MGPG Jira
  • 1e0472f extract FilesCollector
  • af9ccfd [MGPG-94] Ignore reformatting
  • 5e51734 [MGPG-94] Integration tests - convert and reformat bsh to groovy
  • 955ea0e [MGPG-94] Reformat code
  • e160f43 [MGPG-94] Bump maven-plugins from 36 to 39
  • Additional commits viewable in compare view

Updates org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.8 to 1.6.13

Updates org.apache.maven.plugins:maven-deploy-plugin from 3.1.0 to 3.1.1

Release notes

Sourced from org.apache.maven.plugins:maven-deploy-plugin's releases.

3.1.1

Commits
  • 43aaa63 [maven-release-plugin] prepare release maven-deploy-plugin-3.1.1
  • 04f5e88 [MDEPLOY-308] Add parameter to lax project validation (#39)

Bumps the maven-dependencies group with 13 updates:

| Package | From | To |
| --- | --- | --- |
| org.slf4j:slf4j-api | `1.7.36` | `2.0.9` |
| [com.google.guava:guava](https://github.com/google/guava) | `32.0.0-jre` | `32.1.2-jre` |
| org.apache.commons:commons-lang3 | `3.12.0` | `3.13.0` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) | `5.8.2` | `5.10.0` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.9.0` | `3.11.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.0.0-M5` | `3.1.2` |
| [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.0.0` | `3.4.1` |
| [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.2.1` | `3.3.0` |
| [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.3.1` | `3.6.0` |
| [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) | `8.2.1` | `8.4.0` |
| [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.0.1` | `3.1.0` |
| org.sonatype.plugins:nexus-staging-maven-plugin | `1.6.8` | `1.6.13` |
| [org.apache.maven.plugins:maven-deploy-plugin](https://github.com/apache/maven-deploy-plugin) | `3.1.0` | `3.1.1` |


Updates `org.slf4j:slf4j-api` from 1.7.36 to 2.0.9

Updates `com.google.guava:guava` from 32.0.0-jre to 32.1.2-jre
- [Release notes](https://github.com/google/guava/releases)
- [Commits](https://github.com/google/guava/commits)

Updates `org.apache.commons:commons-lang3` from 3.12.0 to 3.13.0

Updates `org.junit.jupiter:junit-jupiter` from 5.8.2 to 5.10.0
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.8.2...r5.10.0)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.9.0 to 3.11.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.9.0...maven-compiler-plugin-3.11.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.0.0-M5 to 3.1.2
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.0.0-M5...surefire-3.1.2)

Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.0.0 to 3.4.1
- [Release notes](https://github.com/apache/maven-enforcer/releases)
- [Commits](apache/maven-enforcer@enforcer-3.0.0...enforcer-3.4.1)

Updates `org.apache.maven.plugins:maven-source-plugin` from 3.2.1 to 3.3.0
- [Commits](apache/maven-source-plugin@maven-source-plugin-3.2.1...maven-source-plugin-3.3.0)

Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.3.1 to 3.6.0
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.3.1...maven-javadoc-plugin-3.6.0)

Updates `org.owasp:dependency-check-maven` from 8.2.1 to 8.4.0
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](jeremylong/DependencyCheck@v8.2.1...v8.4.0)

Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.0.1 to 3.1.0
- [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.0.1...maven-gpg-plugin-3.1.0)

Updates `org.sonatype.plugins:nexus-staging-maven-plugin` from 1.6.8 to 1.6.13

Updates `org.apache.maven.plugins:maven-deploy-plugin` from 3.1.0 to 3.1.1
- [Release notes](https://github.com/apache/maven-deploy-plugin/releases)
- [Commits](apache/maven-deploy-plugin@maven-deploy-plugin-3.1.0...maven-deploy-plugin-3.1.1)

---
updated-dependencies:
- dependency-name: org.slf4j:slf4j-api
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: maven-dependencies
- dependency-name: com.google.guava:guava
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.commons:commons-lang3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-enforcer-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-source-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-gpg-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven-dependencies
- dependency-name: org.sonatype.plugins:nexus-staging-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
- dependency-name: org.apache.maven.plugins:maven-deploy-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Sep 25, 2023
@overheadhunter
Copy link
Member

@dependabot squash and merge

@dependabot dependabot bot merged commit bb85ace into develop Sep 25, 2023
3 checks passed
@dependabot dependabot bot deleted the dependabot/maven/maven-dependencies-120753c4ac branch September 25, 2023 08:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant