deps(deps): bump the maven-plugins group with 10 updates by dependabot[bot] · Pull Request #74 · aether-framework/aether-datafixers

dependabot · 2026-02-02T05:33:06Z

Bumps the maven-plugins group with 10 updates:

Package	From	To
org.apache.maven.plugins:maven-compiler-plugin	`3.11.0`	`3.15.0`
org.apache.maven.plugins:maven-enforcer-plugin	`3.4.1`	`3.6.2`
org.apache.maven.plugins:maven-site-plugin	`3.20.0`	`3.21.0`
org.apache.maven.plugins:maven-source-plugin	`3.3.1`	`3.4.0`
org.apache.maven.plugins:maven-javadoc-plugin	`3.10.1`	`3.12.0`
org.apache.maven.plugins:maven-gpg-plugin	`3.2.6`	`3.2.8`
org.apache.maven.plugins:maven-surefire-plugin	`3.1.2`	`3.5.4`
org.apache.maven.plugins:maven-failsafe-plugin	`3.1.2`	`3.5.4`
org.apache.maven.plugins:maven-shade-plugin	`3.5.1`	`3.6.1`
org.codehaus.mojo:exec-maven-plugin	`3.1.0`	`3.6.3`

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.11.0 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

Fix Java 25 compatibility during integration tests (#1020) @desruisseaux

[MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @mensinda

👻 Maintenance

Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @slachiewicz

Remove declaration of "plexus-snapshots" repository (#1010) @desruisseaux

Works only with Maven 4.0.0 rc4 (#996) @slachiewicz

Enable Java 25 and Maven 4 in CI (#975) @slachiewicz

📦 Dependency updates

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]

Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]

Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]

Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]

Bump maven-plugin-testing-harness to 3.4.0 (#1001) @slawekjaranowski

Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]

Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]

Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

3.14.1

🚀 New features and improvements

Improve DeltaList behavior for large projects (#335) @gsmet

Allow to not use --module-version for the Java compiler (#331) @pzygielo

🐛 Bug Fixes

Add generatedSourcesPath back to the maven project (#312) @mensinda

[MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @mensinda

📦 Dependency updates

Enforce asm version used here, to not depend on brittle transitive (#964) @olamy

Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]

Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

3.14.0

... (truncated)

Commits

9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
385e3f2 Fix Java 25 compatibility during integration tests (#1020)
6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.2

🐛 Bug Fixes

Use SessionData for cache storage (#930) @slawekjaranowski

📝 Documentation updates

Update Version Ranges link in site.xml (#926) @ctubbsii

Fix formatting typo in dependencyConvergence.apt.vm (#928) @ascopes

Correct support parameters documentation for banned repositories rule (#922) @Harmelodic

👻 Maintenance

Fixes #920 - Remove usage of Stack (#921) @khmarbaise

feat: enable prevent branch protection rules (#925) @sebtiem

Fixes #917 - Remove usage of Hashtable (#918) @khmarbaise

📦 Dependency updates

Bump m-invoker-p to 3.9.1 (#935) @slawekjaranowski

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#933) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#932) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#923) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#919) @dependabot[bot]

Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 (#915) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#914) @dependabot[bot]

Bump mavenVersion from 3.9.10 to 3.9.11 (#912) @dependabot[bot]

3.6.1

🚀 New features and improvements

Improve performance of transitive dependency checks (#904) @harrisric

🐛 Bug Fixes

Fix NPE when a classifier part is specified in bannedDependencies (#905) @harrisric

📝 Documentation updates

Move contributing information into README (#911) @slawekjaranowski

Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @elharo

👻 Maintenance

Remove unused javax.annotations dependency (#899) @elharo

Remove unused methods (#900) @elharo

Remove the from parameter names (#901) @elharo

... (truncated)

Commits

82ba770 [maven-release-plugin] prepare release enforcer-3.6.2
5313c70 Bump m-invoker-p to 3.9.1
ee5abee Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
6c5a152 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
89ccb70 Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931)
03ed82d Update Version Ranges link in site.xml (#926)
d282dc4 Fixes #920 - Remove usage of Stack
27e1f46 Use SessionData for cache storage (#930)
a1bac9b Fix formatting typo in dependencyConvergence.apt.vm
870a1ed Correct support parameters documentation for banned repositories rule
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-site-plugin from 3.20.0 to 3.21.0

Release notes

Sourced from org.apache.maven.plugins:maven-site-plugin's releases.

3.21.0

Commits

43f73ec [maven-release-plugin] prepare release maven-site-plugin-3.21.0
a2880fb [MSITE-1024] Remove IT for MSITE-901
6171e7d [MSITE-1023] Upgrade plugins and components (in ITs)
efd8a57 [MSITE-1022] Upgrade to Maven Reporting Exec 2.0.0
f5c5fc9 Fix typos in history.apt and faq.fml
64c4035 [MSITE-1021] Bump doxiaSitetoolsVersion from 2.0.0-M19 to 2.0.0
e26765c [MSITE-1020] Bump org.apache.maven.reporting:maven-reporting-api from 4.0.0-M...
354cf19 [MSITE-1019] Bump doxiaVersion from 2.0.0-M12 to 2.0.0
67b568a Use '@project.' instead of '@pom.' expression prefix
fdfd807 Add version 3.20.0 to plugin history
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

[MSOURCES-140] - fail only if re-attach different files (#24) @hboutemy

👻 Maintenance

Bump m-invoker-p to 3.9.1 (#251) @slachiewicz

Allow to manually execute release drafter (#58) @slawekjaranowski

GH Issues (Maven 3 branch) (#57) @Bukama

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @Bukama

📦 Dependency updates

Use plexus-utils version from parent (#252) @slachiewicz

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]

Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]

Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]

Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]

Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]

[MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]

[MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]

[MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
7a9a770 [maven-release-plugin] prepare for next development iteration
292c1ce Use plexus-utils version from parent
bf79b71 Bump m-invoker-p to 3.9.1
4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

remove fix mojo (#1263) @elharo

detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @olamy

🐛 Bug Fixes

Fix legacyMode (#1265) @fridrich

Fix package {...} does not exist in legacyMode (#1243) @JackPGreen

Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @elharo

Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @perceptron8

👻 Maintenance

protect 3.8.x branch (#1238) @hboutemy

feat: enable prevent branch protection rules (#1228) @sparsick

📦 Dependency updates

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

Remove workaround for long patched CVE in javadoc (#388) @elharo

🚀 New features and improvements

Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @olamy

🐛 Bug Fixes

Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @fridrich

[MJAVADOC-826] - Don't try to modify project source roots (#358) @oehme

📝 Documentation updates

Correct javadoc-no-fork description on index-page (#368) @Bukama

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @Bukama

(doc) Close links tag in links parameter javadoc example (#355) @sixcorners

👻 Maintenance

Be consistent about data encoding when copying files (#1215) @fridrich

Clean up JavadocUtilTest (#1210) @elharo

Use Java 7 relativization instead of hand-rolled code (#385) @elharo

Rephrase source code fix interactive messages for clarity (#390) @elharo

... (truncated)

Commits

2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
a71ecf9 bump version 3.12.0-SNAPSHOT
88f2b71 [maven-release-plugin] prepare for next development iteration
7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4
c11b76c In legacyMode, don't use -sourcepath, unless excludePackageNames is not empty...
bc9904b remove fix mojo (#1263)
f310135 Fix package {...} does not exist in legacyMode (#1243)
c8270f9 detectOfflineLinks is now false per default for all jar mojo issue #1258 ...
953e609 Delete flaky test (#1260)
2bba7a4 Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-gpg-plugin from 3.2.6 to 3.2.8

Release notes

Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases.

3.2.8

🐛 Bug Fixes

Make empty classifier null (not empty string) (#287) @cstamas

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#129) @Bukama

Describe how to prime a specific GPG key (#128) @kwin

👻 Maintenance

Enable GitHub issues (#134) @Bukama

Prefer Guice constructor injection (#126) @elharo

📦 Dependency updates

Update parent POM to 45 (#284) @cstamas

Bump bouncycastleVersion from 1.78.1 to 1.80 (#127) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]

Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125) @dependabot[bot]

Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1 (#131) @dependabot[bot]

Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#124) @dependabot[bot]

3.2.7

Fixes a lingering issue affecting whole 3.2.x lineage, that resulted in "bad passphrase" on Windows OS with GPG signer (see MGPG-136 for details).

What's Changed

[MGPG-136] Windows passphrase corruption by @cstamas in apache/maven-gpg-plugin#120

Bump com.kohlschutter.junixsocket:junixsocket-core from 2.10.0 to 2.10.1 by @dependabot in apache/maven-gpg-plugin#121

Bump commons-io:commons-io from 2.16.1 to 2.17.0 by @dependabot in apache/maven-gpg-plugin#119

Full Changelog: apache/maven-gpg-plugin@maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.7

Commits

8a46455 [maven-release-plugin] prepare release maven-gpg-plugin-3.2.8
7012821 Fix issueManagement, ciManagement system and url
a9a8c84 Make empty classifier null (not empty string) (#287)
a8368b0 Add .mvn
f0e45e0 Update parent POM to 45 (#284)
cb1236c Bump bouncycastleVersion from 1.78.1 to 1.80 (#127)
5377a10 Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133)
8b63932 Bump org.apache.maven.plugins:maven-invoker-plugin from 3.8.0 to 3.9.0 (#125)
54ea518 Bump org.simplify4u.plugins:pgpverify-maven-plugin from 1.18.2 to 1.19.1
a6a412d Remove old JIRA issue link
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

Name the shutdown hook (#3170) @cstamas

Implement fail-fast behavior for JUnit Platform provider (#3155) @marcphilipp

Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @marcphilipp

🐛 Bug Fixes

[SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @olamy

👻 Maintenance

feat: enable prevent branch protection rules (#3168) @sparsick

Get rid of plexus-annotations (#3163) @olamy

Remove maven-changes-plugin (#861) @sparsick

Enable GitHub Issues (#831) @Bukama

📦 Dependency updates

Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]

Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]

Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]

Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]

Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

[SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @slawekjaranowski

[SUREFIRE-1643] - surefire junit5 parallel tests (#815) @olamy

[SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @elharo

👻 Maintenance

surefire shared utils version current version (#825) @olamy

Update site descriptors (#821) @slawekjaranowski

... (truncated)

Commits

88513d8 [maven-release-plugin] prepare release surefire-3.5.4
9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
1e63159 Name the shutdown hook (#3170)
76e806a feat: enable prevent branch protection rules (#3168)
0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.1.2 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.4

🚀 New features and improvements

Name the shutdown hook (#3170) @cstamas

Implement fail-fast behavior for JUnit Platform provider (#3155) @marcphilipp

Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @marcphilipp

🐛 Bug Fixes

[SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @olamy

👻 Maintenance

feat: enable prevent branch protection rules (#3168) @sparsick

Get rid of plexus-annotations (#3163) @olamy

Remove maven-changes-plugin (#861) @sparsick

Enable GitHub Issues (#831) @Bukama

📦 Dependency updates

Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]

Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]

Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]

Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]

Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

3.5.3

🐛 Bug Fixes

[SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @slawekjaranowski

[SUREFIRE-1643] - surefire junit5 parallel tests (#815) @olamy

[SUREFIRE-2289] - Make exceptions more appropriate to context (#798) @elharo

👻 Maintenance

surefire shared utils version current version (#825) @olamy

Update site descriptors (#821) @slawekjaranowski

... (truncated)

Commits

88513d8 [maven-release-plugin] prepare release surefire-3.5.4
9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
1e63159 Name the shutdown hook (#3170)
76e806a feat: enable prevent branch protection rules (#3168)
0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.5.1 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.1

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#250) @Bukama

👻 Maintenance

Enable prevent branch protection rules (#746) @sparsick

Enable GH issues (#253) @Bukama

Add missing @Override annotations (#246) @elharo

Merge ApacheLicenseResourceTransformer tests (#245) @Goooler

Add test cases for .md supports in the Apache License and Notice transformers (#243) @Goooler

[MSHADE-479] - Make the mojo much less noisy (#233) @elharo

📦 Dependency updates

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#748) @dependabot[bot]

Bump org.hamcrest:hamcrest-core from 2.2 to 3.0 (

Bumps the maven-plugins group with 10 updates: | Package | From | To | | --- | --- | --- | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.11.0` | `3.15.0` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.4.1` | `3.6.2` | | [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) | `3.20.0` | `3.21.0` | | [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.1` | `3.4.0` | | [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.10.1` | `3.12.0` | | [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.2.6` | `3.2.8` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.1.2` | `3.5.4` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.1.2` | `3.5.4` | | [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.5.1` | `3.6.1` | | [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) | `3.1.0` | `3.6.3` | Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.11.0 to 3.15.0 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.11.0...maven-compiler-plugin-3.15.0) Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.4.1 to 3.6.2 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.4.1...enforcer-3.6.2) Updates `org.apache.maven.plugins:maven-site-plugin` from 3.20.0 to 3.21.0 - [Release notes](https://github.com/apache/maven-site-plugin/releases) - [Commits](apache/maven-site-plugin@maven-site-plugin-3.20.0...maven-site-plugin-3.21.0) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.10.1 to 3.12.0 - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.10.1...maven-javadoc-plugin-3.12.0) Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.2.6 to 3.2.8 - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.6...maven-gpg-plugin-3.2.8) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.1.2 to 3.5.4 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.1.2...surefire-3.5.4) Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.1.2 to 3.5.4 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.1.2...surefire-3.5.4) Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.5.1 to 3.6.1 - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.5.1...maven-shade-plugin-3.6.1) Updates `org.codehaus.mojo:exec-maven-plugin` from 3.1.0 to 3.6.3 - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](mojohaus/exec-maven-plugin@exec-maven-plugin-3.1.0...3.6.3) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-version: 3.21.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-version: 3.12.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-version: 3.2.8 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-version: 3.6.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: maven-plugins - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-plugins ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-02T05:33:06Z

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-02-02T05:34:06Z

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

pom.xml

Package	Version	License	Issue Type
org.apache.maven.plugins:maven-failsafe-plugin	3.5.4	Null	Unknown License

Denied Licenses:
GPL-3.0-only, GPL-3.0-or-later, AGPL-3.0-only, AGPL-3.0-or-later

OpenSSF Scorecard

Package

Version

Score

Details

maven/org.codehaus.mojo:exec-maven-plugin

3.6.3

Unknown

maven/org.codehaus.mojo:exec-maven-plugin

3.6.3

Unknown

maven/org.apache.maven.plugins:maven-compiler-plugin

3.15.0

🟢 5.7

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Maintained	🟢 10	17 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 12/17 approved changesets -- score normalized to 7
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	🟢 5	5 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.apache.maven.plugins:maven-enforcer-plugin

3.6.2

Unknown

maven/org.apache.maven.plugins:maven-failsafe-plugin

3.5.4

🟢 5

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 6/12 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

maven/org.apache.maven.plugins:maven-gpg-plugin

3.2.8

Unknown

maven/org.apache.maven.plugins:maven-javadoc-plugin

3.12.0

🟢 4.8

Details

Check	Score	Reason
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 10	14 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	packaging workflow not detected
Code-Review	🟢 4	Found 8/17 approved changesets -- score normalized to 4
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Binary-Artifacts	🟢 9	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
Vulnerabilities	⚠️ 0	22 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.apache.maven.plugins:maven-site-plugin

3.21.0

🟢 5.3

Details

Check	Score	Reason
Maintained	🟢 10	12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 4	Found 5/12 approved changesets -- score normalized to 4
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 4	6 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

maven/org.apache.maven.plugins:maven-source-plugin

3.4.0

Unknown

maven/org.apache.maven.plugins:maven-surefire-plugin

3.5.4

🟢 5

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 5	Found 6/12 approved changesets -- score normalized to 5
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

Scanned Files

aether-datafixers-cli/pom.xml
aether-datafixers-examples/pom.xml
pom.xml

dependabot · 2026-02-02T17:56:03Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot requested a review from a team as a code owner February 2, 2026 05:33

github-actions bot changed the base branch from main to develop February 2, 2026 05:34

Splatcrafter self-requested a review February 2, 2026 17:55

Splatcrafter closed this Feb 2, 2026

dependabot bot deleted the dependabot/maven/maven-plugins-429f5a43ee branch February 2, 2026 17:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(deps): bump the maven-plugins group with 10 updates#74

deps(deps): bump the maven-plugins group with 10 updates#74
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/maven-plugins-429f5a43ee

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

github-actions bot commented Feb 2, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Feb 2, 2026

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

3.14.0

3.6.2

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.6.1

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

3.21.0

3.4.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.12.0

💥 Breaking changes

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.11.3

🚨 Removed

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

3.2.8

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.2.7

What's Changed

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.3

🐛 Bug Fixes

👻 Maintenance

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.3

🐛 Bug Fixes

👻 Maintenance

3.6.1

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Labels

Uh oh!

github-actions bot commented Feb 2, 2026

Dependency Review

License Issues

pom.xml

OpenSSF Scorecard

Scanned Files

Uh oh!

dependabot bot commented on behalf of github Feb 2, 2026

Uh oh!

Reviewers

Assignees

Labels