Skip to content

Bump the maven-build-plugins group across 1 directory with 5 updates#103

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/maven-build-plugins-0ea1c9ace5
Open

Bump the maven-build-plugins group across 1 directory with 5 updates#103
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/maven/maven-build-plugins-0ea1c9ace5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the maven-build-plugins group with 5 updates in the / directory:

Package From To
org.apache.maven.plugins:maven-resources-plugin 3.4.0 3.5.0
org.apache.maven.plugins:maven-dependency-plugin 3.9.0 3.10.0
org.apache.maven.plugins:maven-compiler-plugin 3.14.1 3.15.0
org.apache.maven.plugins:maven-surefire-plugin 3.5.4 3.5.5
org.owasp:dependency-check-maven 12.2.0 12.2.1

Updates org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

🚀 New features and improvements

👻 Maintenance

📦 Dependency updates

Commits
  • ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
  • bfadfff Use maven-filtering 3.5.0 (staged)
  • 3f74ba2 Drop commons-io; unused
  • caefcde Bug: use change detecton strategies (#462)
  • 38534e3 Cleanup deps (#463)
  • 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
  • e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
  • a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
  • 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
  • ad31b55 Add IT for #444 issue
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Commits
  • 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
  • 68b5e47 Add analyze-only to usage page
  • 09d5860 Fix Jenkin bages in README
  • 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
  • ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
  • 0d88b66 Only log dependency classpath when no property/file output is specified
  • 0075e31 Bump org.assertj:assertj-core (#1581)
  • 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
  • eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
  • ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

Commits
  • 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
  • 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
  • 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
  • 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
  • 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
  • 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
  • aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
  • 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
  • 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
  • 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

🐛 Bug Fixes

  • Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
  • Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

  • Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

🔧 Build

📦 Dependency updates

... (truncated)

Commits
  • 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
  • 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
  • 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
  • 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
  • 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
  • 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
  • 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
  • e5c01a6 Build only by the latest Maven on Jenkins (#3255)
  • 9c99e97 Fix Jenkin badges in README (#3254)
  • 20930ea Bump parent from 44 to 47 (#3253)
  • Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.2.0 to 12.2.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.2.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.2.1 (2026-04-11)

  • build: improve GHA workflow experience for forks (#8285)
  • build: use maven jdk toolchains to build with Java 25; test against Java 11/17/21/25 (#8292)
  • chore: avoid use of parent pom and maven properties where unnecessary (#8322)
  • chore: bump java development to 25.0 (#8365)
  • chore: fix Charset warnings; preferring typed charsets (#8326)
  • chore: fix Maven scm tags after 12.2.1-SNAPSHOT bump (#8265)
  • chore: pin GitHub actions to specific SHAs rather than mutable tags (#8381)
  • chore: remove unused properties and schemas (#8378)
  • docs: define schema locations in XML examples (#8254)
  • docs: document external data sources and hostnames (#8219)
  • docs: ensure OSS Index URL override is consistently documented (#8338)
  • docs: fix minor typo in README (#8246)
  • fix(core): correct xml schema validation handling without needing external access (#8272)
  • fix(deps): upgrade slf4j and logback (#8306)
  • fix(test): disable pnpm analyzer during test (#8305)
  • fix: Correct published/hosted suppressions namespace header and indent (#8258)
  • fix: Suppress noisy WARN logging from Apache Lucene within Maven and Ant plugins (#8248)
  • fix: #8140 AssemblyAnalyzer version resolution issue (#8352)
  • fix: #8140 fix version resolution
  • fix: #8140 hint azure_identity_library_for_.net
  • fix: #8356 narrow down VersionFilterAnalyzer scope to JAR files (#8358)
  • fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • fix: evidence source in Retire JS analyzer (#8303)
  • fix: exclude deprecations from Yarn Berry audit results (#8380)
  • fix: improve PEAnalyzer reliability by migrating to maintained PE/COFF 4J library fork (#8245)
  • fix: improve configuration consistency (casing) (#8355)
  • fix: improve logging of unexpected Java Errors during processing of NVD (#8250)
  • fix: raw type warning in ProcessReader (#8324)
  • fix: suppress false positives for zabbix-utils #8087 (#8218)
  • fix: update docs (#8405)
  • fix: warn if deprecated configs are used (#8366)
  • test: Make tests locale independent (#8328)
  • test: #8140 reproduce current behavior
  • test: avoid polluting test classpaths with sample dependencies to be scanned (#8267)

See the full listing of changes

Commits
  • bda36b8 build: prepare release v12.2.1
  • ef83e7b docs: prepare release 12.2.1
  • 09af10d fix: update docs (#8405)
  • 3562775 build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine (#8403)
  • 9ef93be build(deps): bump golang from 1.26.1-alpine to 1.26.2-alpine
  • ca79bd5 build(deps-dev): bump com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.2 ...
  • 6b58069 build(deps): bump apache.ant.version from 1.10.15 to 1.10.16 (#8401)
  • 91c6972 fix: correct parsing for CVSSv4 strings with Provider Urgency (#8377)
  • 267e7eb build(deps): bump the actions-deps group with 2 updates (#8394)
  • 53f58ab build(deps): bump org.codehaus.plexus:plexus-utils from 4.0.2 to 4.0.3 (#8389)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the maven-build-plugins group across 1 directory with 5 updates
261df86 
Bumps the maven-build-plugins group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin) | `3.4.0` | `3.5.0` |
| [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) | `3.9.0` | `3.10.0` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.1` | `3.15.0` |
| [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.4` | `3.5.5` |
| [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.2.0` | `12.2.1` |



Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/apache/maven-resources-plugin/releases)
- [Commits](apache/maven-resources-plugin@v3.4.0...maven-resources-plugin-3.5.0)

Updates `org.apache.maven.plugins:maven-dependency-plugin` from 3.9.0 to 3.10.0
- [Release notes](https://github.com/apache/maven-dependency-plugin/releases)
- [Commits](apache/maven-dependency-plugin@maven-dependency-plugin-3.9.0...maven-dependency-plugin-3.10.0)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.1 to 3.15.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.1...maven-compiler-plugin-3.15.0)

Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.4 to 3.5.5
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.4...surefire-3.5.5)

Updates `org.owasp:dependency-check-maven` from 12.2.0 to 12.2.1
- [Release notes](https://github.com/dependency-check/DependencyCheck/releases)
- [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](dependency-check/DependencyCheck@v12.2.0...v12.2.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-resources-plugin
  dependency-version: 3.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-build-plugins
- dependency-name: org.apache.maven.plugins:maven-dependency-plugin
  dependency-version: 3.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-build-plugins
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-version: 3.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven-build-plugins
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-version: 3.5.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-build-plugins
- dependency-name: org.owasp:dependency-check-maven
  dependency-version: 12.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: maven-build-plugins
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants