Bump com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.2.0

[dependabot]

Bumps com.diffplug.spotless:spotless-maven-plugin from 3.1.0 to 3.2.0.

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.2.0

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

Maven Plugin v3.2.0

Added

• Add the ability to specify a wildcard version (*) for external formatter executables. (#2757)

Changes

• Dramatic (~100x) performance improvement when using git ratchetFrom. (#2805)

Fixed

• [fix] NPE due to workingTreeIterator being null for git ignored files. #911 (#2771)
• Prevent race conditions when multiple npm-based formatters launch the server process simultaneously while sharing the same node_modules directory. (#2786)

Changes

• Bump default ktfmt version to latest 0.59 -> 0.61. (2804)
• Bump default ktlint version to latest 1.7.1 -> 1.8.0. (2763)
• Bump default gherkin-utils version to latest 9.2.0 -> 10.0.0. (#2619)

Lib v3.1.2

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

Changed

• Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
• Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

Lib v3.1.1

Changed

• Use palantir-java-format 2.57.0 on Java 21. (#2447)
• Re-try npm install with --prefer-online after ERESOLVE error. (#2448)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.2.0] - 2025-07-07

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

[3.1.2] - 2025-05-27

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

Changed

• Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
• Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

[3.1.1] - 2025-04-07

Changed

• Use palantir-java-format 2.57.0 on Java 21. (#2447)
• Re-try npm install with --prefer-online after ERESOLVE error. (#2448)
• Allow multiple npm-based formatters having the same module dependencies, to share a node_modules dir without race conditions. #2462)

Commits

• 10c6069 Published lib/3.2.0
• 5a7f075 Publish to Central Portal (#2539)
• 2f4ef38 Revert "Use palantir-java-format as default formatter in RemoveUnused. (#2546)
• 62b12ca spotlessApply
• cb202b1 Revert "Use palantir-java-format as default formatter in RemoveUnusedImportsS...
• 86d65b0 feat: Disable expandEmptyElements, to avoid empty body warnings (#2520)
• 694eb30 Add the changes to the plugin-maven/CHANGES.md
• 34be7eb Merge branch 'main' into patch-1
• 38989da Update for biome 2.x (#2538 fixes #2537)
• dc969c1 Merge branch 'main' into update-for-biome-2.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[manandbytes]

@cstamas do you have an automagic soultion for this?

Error:  Plugin com.diffplug.spotless:spotless-maven-plugin:3.2.0 or one of its dependencies could not be resolved:
Error:  	The following artifacts could not be resolved: com.diffplug.spotless:spotless-maven-plugin:pom:3.2.0 (absent): Missing from summaryFile trusted checksum(s) [SHA-512] for artifact com.diffplug.spotless:spotless-maven-plugin:pom:3.2.0

#269

to update anything in the build (any plugin or dependency) one needs to maintain checksums as well: one can do it by using -Daether.artifactResolver.postProcessor.trustedChecksums.record user property in a trusted environment

[cstamas]

Sadly no. This is the "price" of fully locked down build: if anything changes, checksum must follow, otherwise you end up broken...

[manandbytes]

Sadly no

So for PRs from @dependabot and alike, someone should run PR branch locally with mvn -Daether.artifactResolver.postProcessor.trustedChecksums.record ... and add commit with new checksums to PR branch. If you have no commit rights. the only option is to create new PR but it would create more noise 🤔

[cstamas]

Right. I followed @ianopolous wish, but am also for "laxing" the checksum lock down. Problem with TC in Maven 3 is that they are not robust: it is either "fail if not found" like now, or "do not fail if not found" where key checksums can be kept and are validated. But the problem with latter approach is that it is too easy to "drift away", forget to update "key artifact checksums" and they become useless.

We need to improve Maven in this respect, as it is really all or nothing currently.