Bump the maven-build-plugins group across 1 directory with 10 updates

[dependabot]

Bumps the maven-build-plugins group with 10 updates in the / directory:

Package	From	To
me.fabriciorby:maven-surefire-junit5-tree-reporter	1.4.0	1.5.1
org.apache.maven.plugins:maven-compiler-plugin	3.14.0	3.14.1
org.apache.maven.plugins:maven-enforcer-plugin	3.6.1	3.6.2
org.apache.maven.plugins:maven-dependency-plugin	3.8.1	3.9.0
org.apache.maven.plugins:maven-resources-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.11.3	3.12.0
org.owasp:dependency-check-maven	12.1.3	12.1.9
org.codehaus.mojo:exec-maven-plugin	3.5.1	3.6.2
org.sonatype.central:central-publishing-maven-plugin	0.8.0	0.9.0

Updates me.fabriciorby:maven-surefire-junit5-tree-reporter from 1.4.0 to 1.5.1

Release notes

Sourced from me.fabriciorby:maven-surefire-junit5-tree-reporter's releases.

v1.5.1

What's Changed

• Still not compatible with maven-surefire 3.5.4

• Fix: Node traversal nullpointers during printing phase by @​fabriciorby in fabriciorby/maven-surefire-junit5-tree-reporter#70
• Fix: Out of bounds by checking if nested test starts with the parent's name before cleaning it by @​fabriciorby in fabriciorby/maven-surefire-junit5-tree-reporter#71

Full Changelog: fabriciorby/maven-surefire-junit5-tree-reporter@v1.5.0...v1.5.1

v1.5.0

What's Changed

• Refactor the code to print the tests while traversing a tree by @​fabriciorby in fabriciorby/maven-surefire-junit5-tree-reporter#63

  • Improvements in the unit tests to copy maven surefire behaviour
  • Improvements in printing the name of the methods correctly
  • Improvements in making the tree reporter a bit nicer for nested classes and more fixes
  • Improvements in the SurefireEmulator
  • Fixes fabriciorby/maven-surefire-junit5-tree-reporter#62
  • Fixes fabriciorby/maven-surefire-junit5-tree-reporter#46

• Add Emoji Theme and delete deprecated JUnit5StatelessTestsetInfoTreeReporterUnicode by @​fabriciorby in fabriciorby/maven-surefire-junit5-tree-reporter#67

Full Changelog: fabriciorby/maven-surefire-junit5-tree-reporter@v1.4.0...v1.5.0

Commits

• 87a29ad bump version to 1.5.1
• ac3676c check if nested test starts with the parent's name before cleaning it (#71)
• 29593ec Fix Node traversal and cleanup during printing phase (#70)
• cdae8bb Enable maven-gpg-plugin
• 4565faf Update deploy action
• d72b36a Donwgrade JUnit to 5.14.0
• b2fb769 Maven Build on CI (#66)
• 7f9f9d5 Add Emoji Theme and remove deprecated JUnit5StatelessTestsetInfoTreeReporterU...
• 964e2d7 cleanup and version bump (#65)
• ab9b17a Print the tests while traversing an actual tree (#63)
• See full diff in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

• Improve DeltaList behavior for large projects (#335) @​gsmet
• Allow to not use --module-version for the Java compiler (#331) @​pzygielo

🐛 Bug Fixes

• Add generatedSourcesPath back to the maven project (#312) @​mensinda
• [MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @​mensinda

📦 Dependency updates

• Enforce asm version used here, to not depend on brittle transitive (#964) @​olamy
• Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

Commits

• 0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
• 1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
• f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
• 63846f1 Improve DeltaList behavior for large projects (#335)
• ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
• 164bad4 Allow to not use --module-version for the Java compiler
• 0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
• 5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
• 17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
• d44d1be Add generatedSourcesPath back to the maven project
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.6.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.2

🐛 Bug Fixes

• Use SessionData for cache storage (#930) @​slawekjaranowski

📝 Documentation updates

• Update Version Ranges link in site.xml (#926) @​ctubbsii
• Fix formatting typo in dependencyConvergence.apt.vm (#928) @​ascopes
• Correct support parameters documentation for banned repositories rule (#922) @​Harmelodic

👻 Maintenance

• Fixes #920 - Remove usage of Stack (#921) @​khmarbaise
• feat: enable prevent branch protection rules (#925) @​sebtiem
• Fixes #917 - Remove usage of Hashtable (#918) @​khmarbaise

📦 Dependency updates

• Bump m-invoker-p to 3.9.1 (#935) @​slawekjaranowski
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#933) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#932) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#923) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#919) @dependabot[bot]
• Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 (#915) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#914) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#912) @dependabot[bot]

Commits

• 82ba770 [maven-release-plugin] prepare release enforcer-3.6.2
• 5313c70 Bump m-invoker-p to 3.9.1
• ee5abee Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
• 6c5a152 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
• 89ccb70 Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931)
• 03ed82d Update Version Ranges link in site.xml (#926)
• d282dc4 Fixes #920 - Remove usage of Stack
• 27e1f46 Use SessionData for cache storage (#930)
• a1bac9b Fix formatting typo in dependencyConvergence.apt.vm
• 870a1ed Correct support parameters documentation for banned repositories rule
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.9.0

🚀 New features and improvements

• Use Resolver API in go-offline for dependencies resolving (#1533) @​slawekjaranowski
• Use Resolver API in go-offline for plugins resolving (#1532) @​slawekjaranowski
• Fixes #1522, add render-dependencies mojo (#1523) @​rmannibucau
• Use Resolver API in resolve-plugin (#1521) @​slawekjaranowski
• [MEDP-964] - unconditionally ignore dependencies known to be loaded by reflection (#1492) @​elharo
• Update maven-dependency-analyzer to support Java24 (#528) @​talios
• [MDEP-972] - copy-dependencies: copy signatures alongside artifacts (#514) @​Ndacyayisenga-droid
• [MDEP-776] - Warn when multiple dependencies have the same file name (#463) @​elharo
• [MDEP-966] - Migrate AnalyzeDepMgt to Sisu (#473) @​elharo
• [MDEP-957] - By default, don't report slf4j-simple as unused (#433) @​elharo

🐛 Bug Fixes

• ProjectBuildingRequest should not be modified (#1520) @​slawekjaranowski
• Fix - markersDirectory is not working when unpack goal is executed from command line (#537) @​vaibhavbatra15
• Fix broken link for analyze-exclusions-mojo on usage-page (#521) @​Bukama
• [MDEP-839] - Avoid extra blank lines in file (#495) @​elharo
• Update collect URL (#510) @​elharo
• [MDEP-689] - Fixes ignored dependency filtering in go-offline goal (#417) @​ldhardy
• [MDEP-960] - Repair silent logging (#447) @​elharo

📝 Documentation updates

• [MDEP-933] - Document dependency tree output formats (#535) @​Ndacyayisenga-droid
• Add additional comment to clarify the minimal supported version of ou… (#465) @​gluxhappy
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#511) @​Bukama
• Unix file separators (#507) @​elharo

👻 Maintenance

• Simplify usage of RepositoryManager and DependencyResolver (#1518) @​slawekjaranowski
• Use Resolver API in copy and unpack (#1514) @​slawekjaranowski
• Update site descriptor to 2.0.0 (#1508) @​slawekjaranowski
• Enable prevent branch protection rules (#1503) @​slawekjaranowski
• Fix [MDEP-931] - Replace PrintWriter with Writer in AbstractSerializing Visitor and subclasses (#530) @​Ndacyayisenga-droid
• Cleanups dependencies (#1496) @​slawekjaranowski
• Copy edit parameter descriptions (#1488) @​elharo
• Small Javadoc clarifications (#533) @​elharo
• [MDEP-967] - Change info to debug logging in AbstractFromConfigurationMojo (#529) @​Ndacyayisenga-droid
• fix: remove duplicate maven-resolver-api and maven-resolver-util dependencies in pom.xml (#526) @​Ndacyayisenga-droid
• Enable GH issues (#522) @​Bukama
• Remove redundant/unneeded code (#519) @​elharo
• Add PR Automation and Stale actions (#513) @​slawekjaranowski
• Keep files in temporary directory to be deleted after test (#508) @​pzygielo
• Drop unnecessary call (#509) @​pzygielo
• Avoid deprecated ArtifactFactory (#489) @​elharo

... (truncated)

Commits

• 826e5f0 [maven-release-plugin] prepare release maven-dependency-plugin-3.9.0
• 0db1acc Use Resolver API in go-offline for dependencies resolving (#1533)
• e50031a Use Resolver API in go-offline for plugins resolving
• 6ed4b1a Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
• 8776c61 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
• d2af78e Ignore Mockito 5.x and SLF4j 2.x by dependabot
• dcd4b7d Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
• 7523948 Strict check of dependencies usage
• 23186d4 Fixes #1522, add render-dependencies mojo (#1523)
• bc1893f Use Resolver API in resolve-plugin
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.4.0

🚀 New features and improvements

• Enable GitHub Issues (#98) @​slawekjaranowski

📝 Documentation updates

• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#89) @​Bukama
• [MRESOURCES-299] - Be more accurate on using filtering element (#80) @​pzygielo
• Don't bother with very old versions (#59) @​elharo

👻 Maintenance

• Migrate site to Doxia 2 (#440) @​slachiewicz
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz
• PlexusFileUtils Refaster recipes (#431) @​slachiewicz
• Add PR Automation action (#94) @​slawekjaranowski
• Improve release-drafter configuration (#93) @​slawekjaranowski
• Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#64) @dependabot[bot]
• Add dependency to slf4j-simple for test scope (#60) @​slachiewicz
• Use try with resources in integration test (#58) @​elharo
• reduce dependency scope of plexus-utils and commons-io (#57) @​elharo

📦 Dependency updates

• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439) @dependabot[bot]
• Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24 (#413) @dependabot[bot]
• Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @​slachiewicz
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#432) @dependabot[bot]
• Bump m-invoker-p to 3.9.1 (#433) @​slachiewicz
• Bump org.apache.maven.plugins:maven-plugins from 43 to 45 (#411) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#114) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#430) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#422) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#419) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#416) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#117) @dependabot[bot]
• Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 (#107) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.18.0 (#102) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (#104) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 43 (#101) @dependabot[bot]
• [MRESOURCES-305] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 (#65) @dependabot[bot]
• [MRESOURCES-304] - Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#66) @dependabot[bot]
• [MRESOURCES-303] - Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 (#68) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 (#62) @dependabot[bot]
• [MRESOURCES-302] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#69) @dependabot[bot]
• Bump apache/maven-gh-actions-shared from 3 to 4 (#67) @dependabot[bot]

Commits

• b07d56e [maven-release-plugin] prepare for next development iteration
• 21e646c [maven-release-plugin] prepare release maven-resources-plugin-3.4.0
• 61801af Migrate site to Doxia 2
• 146ebb8 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439)
• 5013682 Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24
• d7c4d28 Bump Maven to 3.9.11 while keep prerequisites on 3.6.3
• e33f1ec Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29
• ce77f50 Bump m-invoker-p to 3.9.1
• 726f429 Bump org.apache.maven.plugins:maven-plugins from 43 to 45
• a747bae PlexusFileUtils Refaster recipes
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.3 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

• remove fix mojo (#1263) @​elharo
• detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @​olamy

🐛 Bug Fixes

• Fix legacyMode (#1265) @​fridrich
• Fix package {...} does not exist in legacyMode (#1243) @​JackPGreen
• Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @​elharo
• Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @​perceptron8

👻 Maintenance

• protect 3.8.x branch (#1238) @​hboutemy
• feat: enable prevent branch protection rules (#1228) @​sparsick

📦 Dependency updates

• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

Commits

• 2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
• a71ecf9 bump version 3.12.0-SNAPSHOT
• 88f2b71 [maven-release-plugin] prepare for next development iteration
• 7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4
• c11b76c In legacyMode, don't use -sourcepath, unless excludePackageNames is not empty...
• bc9904b remove fix mojo (#1263)
• f310135 Fix package {...} does not exist in legacyMode (#1243)
• c8270f9 detectOfflineLinks is now false per default for all jar mojo issue #1258 ...
• 953e609 Delete flaky test (#1260)
• 2bba7a4 Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.3 to 12.1.9

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.9

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.8

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.7

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.6

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.5

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.9 (2025-11-11)

• fix: correct bundle audit gem in Dockerfile (#8121)
• fix: normalization during comparisons (#8046)
• docs: document multiple configurations for gradle (#8111)
• docs: fix typos in some files (#8106)
• docs: Update SBT plugin link; fix dead report link (#8086)
• chore: Replace deprecated lucene methods (#8079)
• docs: fix #8076 - Error in documentation "Suppressing False Positives" (#8077)
• fix(fp): Improve false positive suppression for matches against golang web_project (#8059)
• fix(fp): Consolidate/update icu4j suppressions for false positives (#8062)
• fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#8063)
• fix(fp): Suppress false positive CPEs for protobuf-java per #7854 (#8064)

See the full listing of changes

Version 12.1.8 (2025-10-13)

• fix: improve VulnerableSoftware comparison (#8031)
• build: fix flaky central test (#8039)
• docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#8036)
• docs: add note about central analyzer for gradle (#8038)

See the full listing of changes

Version 12.1.7 (2025-10-12)

• fix: disable central analyzer after failures (#7993)
• fix: Suppress JVM warnings from Lucene within CLI (#8003)
• fix: Clean up Apache Lucene logging via SLF4j redirect (#7979)
• fix: Correct Archive Analyzer behaviour on certain tgz archives (#7986)
• fix: Update NVD CPE search URLs in generated reports to match new search interface (#7970)
• fix: improve OSS Index Error Reporting (#7977)
• fix(fp): Consolidate false positive suppression for false positives on Redis client libs (#8017)
• fix(fp): Fix more common false positives for popular PHP/composer frameworks with generic names (#7994)
• docs: improve slack notification documentation (#8026)
• docs: Documentation artifactory settings fix (#7999)
• docs: Clarify Nexus Analyzer requirements and usage (#8000)
• build: Build amd64 and arm64 multi-platform Docker image (#7952)

See the full listing of changes

Version 12.1.6 (2025-09-24)

• fix: Disable OSS Index if its credentials are missing (#7963)
• fix: Correct CVSSv4 parsing for low precision OSSIndex values (#7935)
• fix(fp): Fix false positives for Redis Server against NPM/JS client libs (#7942)
• docs: Fix legacy GitHub links within docs and CHANGELOG (#7944)
• chore: fix version typo in security policy (#7936)

... (truncated)

Commits

• c709ca1 build: prepare release v12.1.9
• 25e3f13 docs: release 12.1.9
• cd7e8ab fix: correct bundle audit gem in Dockerfile (#8121)
• a663aa2 build(deps): bump us.springett:cpe-parser from 3.0.0 to 3.0.1 (#8120)
• e553277 docs: document multiple configurations for gradle (#8111)
• 3adb7f5 build(deps): bump org.apache.maven.plugins:maven-release-plugin from 3.1.1 to...
• 5f6e74a build(deps): bump commons-io:commons-io from 2.20.0 to 2.21.0 (#8110)
• 3717a9a build(deps): bump commons-io:commons-io from 2.20.0 to 2.21.0
• f765457 build(deps): bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 (#...
• 239e9bf build(deps): bump commons-codec:commons-codec from 1.19.0 to 1.20.0 (#8103)
• Additional commits viewable in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.2

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.2

🚀 New features and improvements

• Add JPMS ServiceLo...

  Description has been truncated