Bump the maven-build-plugins group across 1 directory with 11 updates #98

dependabot · 2025-12-02T01:51:17Z

Bumps the maven-build-plugins group with 11 updates in the / directory:

Package	From	To
org.apache.maven.plugins:maven-enforcer-plugin	`3.5.0`	`3.6.2`
org.apache.maven.plugins:maven-compiler-plugin	`3.14.0`	`3.14.1`
org.apache.maven.plugins:maven-shade-plugin	`3.6.0`	`3.6.1`
org.codehaus.mojo:exec-maven-plugin	`3.5.1`	`3.6.2`
org.apache.maven.plugins:maven-surefire-plugin	`3.5.3`	`3.5.4`
org.apache.maven.plugins:maven-jar-plugin	`3.4.2`	`3.5.0`
org.apache.maven.plugins:maven-source-plugin	`3.3.1`	`3.4.0`
org.apache.maven.plugins:maven-javadoc-plugin	`3.11.2`	`3.12.0`
org.owasp:dependency-check-maven	`12.1.1`	`12.1.9`
org.jacoco:jacoco-maven-plugin	`0.8.13`	`0.8.14`
org.apache.maven.plugins:maven-gpg-plugin	`3.2.7`	`3.2.8`

Updates org.apache.maven.plugins:maven-enforcer-plugin from 3.5.0 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-enforcer-plugin's releases.

3.6.2

🐛 Bug Fixes

Use SessionData for cache storage (#930) @slawekjaranowski

📝 Documentation updates

Update Version Ranges link in site.xml (#926) @ctubbsii

Fix formatting typo in dependencyConvergence.apt.vm (#928) @ascopes

Correct support parameters documentation for banned repositories rule (#922) @Harmelodic

👻 Maintenance

Fixes #920 - Remove usage of Stack (#921) @khmarbaise

feat: enable prevent branch protection rules (#925) @sebtiem

Fixes #917 - Remove usage of Hashtable (#918) @khmarbaise

📦 Dependency updates

Bump m-invoker-p to 3.9.1 (#935) @slawekjaranowski

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#933) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.5 to 3.27.6 (#932) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931) @dependabot[bot]

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#923) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#919) @dependabot[bot]

Bump commons-codec:commons-codec from 1.18.0 to 1.19.0 (#915) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#914) @dependabot[bot]

Bump mavenVersion from 3.9.10 to 3.9.11 (#912) @dependabot[bot]

3.6.1

🚀 New features and improvements

Improve performance of transitive dependency checks (#904) @harrisric

🐛 Bug Fixes

Fix NPE when a classifier part is specified in bannedDependencies (#905) @harrisric

📝 Documentation updates

Move contributing information into README (#911) @slawekjaranowski

Rewrite CONTRIBUTING.md to use the Github issue tracker instead of JIRA (#898) @elharo

👻 Maintenance

Remove unused javax.annotations dependency (#899) @elharo

Remove unused methods (#900) @elharo

Remove the from parameter names (#901) @elharo

... (truncated)

Commits

82ba770 [maven-release-plugin] prepare release enforcer-3.6.2
5313c70 Bump m-invoker-p to 3.9.1
ee5abee Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0
6c5a152 Bump org.assertj:assertj-core from 3.27.5 to 3.27.6
89ccb70 Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#931)
03ed82d Update Version Ranges link in site.xml (#926)
d282dc4 Fixes #920 - Remove usage of Stack
27e1f46 Use SessionData for cache storage (#930)
a1bac9b Fix formatting typo in dependencyConvergence.apt.vm
870a1ed Correct support parameters documentation for banned repositories rule
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.0 to 3.14.1

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.1

🚀 New features and improvements

Improve DeltaList behavior for large projects (#335) @gsmet

Allow to not use --module-version for the Java compiler (#331) @pzygielo

🐛 Bug Fixes

Add generatedSourcesPath back to the maven project (#312) @mensinda

[MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @mensinda

📦 Dependency updates

Enforce asm version used here, to not depend on brittle transitive (#964) @olamy

Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]

Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

Commits

0df6940 [maven-release-plugin] prepare release maven-compiler-plugin-3.14.1
1bf9e5a Enforce asm version used here, to not depend on brittle transitive (#964)
f5161c4 Bump mavenVersion from 3.9.10 to 3.9.11 (#952)
63846f1 Improve DeltaList behavior for large projects (#335)
ab3f845 Bump org.apache.maven.plugins:maven-plugins from 44 to 45
164bad4 Allow to not use --module-version for the Java compiler
0b76ccd Bump mavenVersion from 3.9.9 to 3.9.10
5dbc9c3 Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0
17949d1 Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316)
d44d1be Add generatedSourcesPath back to the maven project
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-shade-plugin from 3.6.0 to 3.6.1

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.1

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#250) @Bukama

👻 Maintenance

Enable prevent branch protection rules (#746) @sparsick

Enable GH issues (#253) @Bukama

Add missing @Override annotations (#246) @elharo

Merge ApacheLicenseResourceTransformer tests (#245) @Goooler

Add test cases for .md supports in the Apache License and Notice transformers (#243) @Goooler

[MSHADE-479] - Make the mojo much less noisy (#233) @elharo

📦 Dependency updates

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#748) @dependabot[bot]

Bump org.hamcrest:hamcrest-core from 2.2 to 3.0 (#235) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#738) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.26.2 to 1.28.0 (#743) @dependabot[bot]

Bump org.xmlunit:xmlunit-legacy from 2.10.0 to 2.10.3 (#745) @dependabot[bot]

Bump ASM 9.8 to support JDK 25 bytecode (#744) @pan3793

Bump commons-io:commons-io from 2.13.0 to 2.14.0 in /src/it/projects/MSHADE-105/shaded-jar (#241) @dependabot[bot]

Commits

06902bd [maven-release-plugin] prepare release maven-shade-plugin-3.6.1
29e9a9d add .git
844e61a use github
43101f9 [maven-release-plugin] prepare release maven-shade-plugin-3.6.1
2ffb28d use release drafter v4 and dependabot to updade gha as well (#750)
f5b590e Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
eee0319 Bump org.hamcrest:hamcrest-core from 2.2 to 3.0
0d5a7a4 fix upgrade, remove those useless final
6e5f0f3 Bump org.apache.maven.plugins:maven-plugins from 42 to 45
35febed Bump org.apache.commons:commons-compress from 1.26.2 to 1.28.0
Additional commits viewable in compare view

Updates org.codehaus.mojo:exec-maven-plugin from 3.5.1 to 3.6.2

Release notes

Sourced from org.codehaus.mojo:exec-maven-plugin's releases.

3.6.2

🚀 New features and improvements

Add JPMS ServiceLoader Support with Multi-Release JAR (#500) @ascheman

📦 Dependency updates

Bump asm.version from 9.8 to 9.9 (#498) @dependabot[bot]

3.6.1

🐛 Bug Fixes

Revert change from #480 - plugin dependencies must be resolved from plugin repositories (#496) @slawekjaranowski

📦 Dependency updates

Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#495) @dependabot[bot]

3.6.0

🚀 New features and improvements

[ExecMojo]Add getShebang method to correctly set the command line executable name (#487) @uchenily

JEP 512 Support (#484) @cayhorstmann

🐛 Bug Fixes

fix inheritIo option (#488) @dernasherbrezon

Fix for #479 - Wrong repositories used to collect deps (#480) @cstamas

👻 Maintenance

Use JSR-330 for component injection (#493) @slawekjaranowski

Re-run failed tests (#491) @slawekjaranowski

Restore default matrix build (#486) @slawekjaranowski

📦 Dependency updates

Use Maven 3.9.11 in dependencies, still requires 3.6.3 as minimum (#492) @slawekjaranowski

Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#483) @dependabot[bot]

Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#478) @dependabot[bot]

Bump org.codehaus.mojo:mojo-parent from 90 to 91 (#477) @dependabot[bot]

Bump org.codehaus.mojo:mojo-parent from 89 to 90 (#476) @dependabot[bot]

Commits

416fdf1 [maven-release-plugin] prepare release 3.6.2
712e21d [maven-release-plugin] prepare release 3.1.2
9d265a2 Add JPMS ServiceLoader Support with Multi-Release JAR (#500)
1c26293 Bump asm.version from 9.8 to 9.9
6525169 [maven-release-plugin] prepare for next development iteration
53087eb [maven-release-plugin] prepare release 3.6.1
02e72e2 Revert change from #480 - plugin dependencies must be resolved from plugin re...
18a21ea Bump org.codehaus.mojo:mojo-parent from 93 to 94
3b6b9c5 [maven-release-plugin] prepare for next development iteration
febfc6f [maven-release-plugin] prepare release 3.6.0
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.4

🚀 New features and improvements

Name the shutdown hook (#3170) @cstamas

Implement fail-fast behavior for JUnit Platform provider (#3155) @marcphilipp

Create a single LauncherSession for invocations of JUnitPlatformProvider (#863) @marcphilipp

🐛 Bug Fixes

[SUREFIRE-2298] - fix xml output with junit 5 nested classes (fix integration with Cucumber and Archunit) (#828) @olamy

👻 Maintenance

feat: enable prevent branch protection rules (#3168) @sparsick

Get rid of plexus-annotations (#3163) @olamy

Remove maven-changes-plugin (#861) @sparsick

Enable GitHub Issues (#831) @Bukama

📦 Dependency updates

Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173) @dependabot[bot]

Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171) @dependabot[bot]

Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#3165) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#3161) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#3158) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.12.0 to 4.13.0 (#856) @dependabot[bot]

Bump org.xmlunit:xmlunit-core from 2.10.2 to 2.10.3 (#860) @dependabot[bot]

Bump commons-beanutils:commons-beanutils from 1.7.0 to 1.11.0 in /surefire-its/src/test/resources/webapp (#851) @dependabot[bot]

Bump org.htmlunit:htmlunit from 4.11.1 to 4.12.0 (#844) @dependabot[bot]

Bump org.fusesource.jansi:jansi from 2.4.1 to 2.4.2 (#836) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#833) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#829) @dependabot[bot]

Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#830) @dependabot[bot]

Bump jacocoVersion from 0.8.12 to 0.8.13 (#827) @dependabot[bot]

Commits

88513d8 [maven-release-plugin] prepare release surefire-3.5.4
9c48828 Simplify cuncumber IT configuration and make windows build working again (#3174)
74b2d8c Bump org.htmlunit:htmlunit from 4.15.0 to 4.16.0 (#3173)
6c30bf1 [SUREFIRE-2298] fix xml output with junit 5 nested classes (#828)
9f49866 Bump org.codehaus.plexus:plexus-i18n from 1.0-beta-10 to 1.0.0 (#3172)
fb96954 Bump org.htmlunit:htmlunit from 4.13.0 to 4.15.0 (#3171)
1e63159 Name the shutdown hook (#3170)
76e806a feat: enable prevent branch protection rules (#3168)
0fbfb27 Implement fail-fast behavior for JUnit Platform provider (#3155)
98d081e Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#3167)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-jar-plugin from 3.4.2 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-jar-plugin's releases.

3.5.0

🚀 New features and improvements

Add new "attach" configuration parameter (3.x port of #482) (#483) @hgschmie

add Java-Version to MANIFEST.MF (#465) @hboutemy

🐛 Bug Fixes

Fix detecting java version for toolchains and JDK 1.8 (#500) @slawekjaranowski

Ignore stderr when parsing javac version from toolchain (#471) @jaredstehler

👻 Maintenance

Update site descriptor to 2.0.0 (#501) @slawekjaranowski

chore: remove junit3 references (#494) @slawekjaranowski

Migrate component injection to JSR-330 (#492) @slawekjaranowski

Add PR Automation to 3.x (#132) @slawekjaranowski

Improve release-drafter configuration (#128) @slawekjaranowski

Fix for Maven 4.0.0-rc-3 (#130) @slawekjaranowski

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#119) @Bukama

🔧 Build

Bump m-invoker-p to 3.9.1 for Java 25 (#480) @hboutemy

📦 Dependency updates

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#499) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#498) @dependabot[bot]

Use maven-plugin-testing-harness version 3.4.0 (#491) @slawekjaranowski

Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#488) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#478) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#464) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 42 to 45 (#452) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.4 (#461) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#457) @dependabot[bot]

Bump mavenVersion from 3.9.10 to 3.9.11 (#456) @dependabot[bot]

Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]

Bump org.apache.maven.shared:file-management from 3.1.0 to 3.2.0 (#143) @dependabot[bot]

Bump mavenVersion from 3.6.3 to 3.9.9 (#107) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#140) @dependabot[bot]

Bump commons-io:commons-io from 2.16.1 to 2.18.0 (#114) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#109) @dependabot[bot]

Commits

68d00f1 [maven-release-plugin] prepare release maven-jar-plugin-3.5.0
357b9bf Update site descriptor to 2.0.0
340249c Fix detecting java version for toolchains and JDK 1.8
06a6245 chore: remove junit3 references
d302b2c Bump commons-io:commons-io from 2.20.0 to 2.21.0
6081bdb Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
ef8ed4c Migrate component injection to JSR-330
704a35c Ignore stderr when parsing javac version from toolchain (#471)
0beb969 Use maven-plugin-testing-harness version 3.4.0
c2624c8 Bump org.apache.maven.plugin-tools:maven-plugin-annotations (#488)
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

[MSOURCES-140] - fail only if re-attach different files (#24) @hboutemy

👻 Maintenance

Bump m-invoker-p to 3.9.1 (#251) @slachiewicz

Allow to manually execute release drafter (#58) @slawekjaranowski

GH Issues (Maven 3 branch) (#57) @Bukama

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @Bukama

📦 Dependency updates

Use plexus-utils version from parent (#252) @slachiewicz

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]

Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]

Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]

Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]

Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]

[MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]

[MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]

[MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
7a9a770 [maven-release-plugin] prepare for next development iteration
292c1ce Use plexus-utils version from parent
bf79b71 Bump m-invoker-p to 3.9.1
4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.11.2 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

remove fix mojo (#1263) @elharo

detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @olamy

🐛 Bug Fixes

Fix legacyMode (#1265) @fridrich

Fix package {...} does not exist in legacyMode (#1243) @JackPGreen

Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @elharo

Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @perceptron8

👻 Maintenance

protect 3.8.x branch (#1238) @hboutemy

feat: enable prevent branch protection rules (#1228) @sparsick

📦 Dependency updates

Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

Remove workaround for long patched CVE in javadoc (#388) @elharo

🚀 New features and improvements

Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @olamy

🐛 Bug Fixes

Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @fridrich

[MJAVADOC-826] - Don't try to modify project source roots (#358) @oehme

📝 Documentation updates

Correct javadoc-no-fork description on index-page (#368) @Bukama

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @Bukama

(doc) Close links tag in links parameter javadoc example (#355) @sixcorners

👻 Maintenance

Be consistent about data encoding when copying files (#1215) @fridrich

Clean up JavadocUtilTest (#1210) @elharo

Use Java 7 relativization instead of hand-rolled code (#385) @elharo

Rephrase source code fix interactive messages for clarity (#390) @elharo

... (truncated)

Commits

2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
a71ecf9 bump version 3.12.0-SNAPSHOT
88f2b71 [maven-release-plugin] prepare for next development iteration
7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4
c11b76c In legacyMode, don't use -sourcepath, unless excludePackageNames is not empty...
bc9904b remove fix mojo (#1263)
f310135 Fix package {...} does not exist in legacyMode (#1243)
c8270f9 detectOfflineLinks is now false per default for all jar mojo issue #1258 ...
953e609 Delete flaky test (#1260)
2bba7a4 Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0
Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.1.1 to 12.1.9

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.1.9

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.8

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.7

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.6

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.5

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.3

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.1.2

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.1.9 (2025-11-11)

fix: correct bundle audit gem in Dockerfile (#8121)

fix: normalization during comparisons (#8046)

docs: document multiple configurations for gradle (#8111)

docs: fix typos in some files (#8106)

docs: Update SBT plugin link; fix dead report link (#8086)

chore: Replace deprecated lucene methods (#8079)

docs: fix #8076 - Error in documentation "Suppressing False Positives" (#8077)

fix(fp): Improve false positive suppression for matches against golang web_project (#8059)

fix(fp): Consolidate/update icu4j suppressions for false positives (#8062)

fix(fp): Correct GRPC java suppressions for newer C/C++/native false positives (#8063)

fix(fp): Suppress false positive CPEs for protobuf-java per #7854 (#8064)

See the full listing of changes

Version 12.1.8 (2025-10-13)

fix: improve VulnerableSoftware comparison (#8031)

build: fix flaky central test (#8039)

docs: Improve Gradle docs wrt experimental analyzers, use of Central and Proxy configuration (#8036)

docs: add note about central analyzer for gradle (#8038)

See the full listing of changes

Version 12.1.7 (20...
Description has been truncated

Bumps the maven-build-plugins group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [org.apache.maven.plugins:maven-enforcer-plugin](https://github.com/apache/maven-enforcer) | `3.5.0` | `3.6.2` | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.14.1` | | [org.apache.maven.plugins:maven-shade-plugin](https://github.com/apache/maven-shade-plugin) | `3.6.0` | `3.6.1` | | [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) | `3.5.1` | `3.6.2` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.4` | | [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) | `3.4.2` | `3.5.0` | | [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) | `3.3.1` | `3.4.0` | | [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) | `3.11.2` | `3.12.0` | | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.1.1` | `12.1.9` | | [org.jacoco:jacoco-maven-plugin](https://github.com/jacoco/jacoco) | `0.8.13` | `0.8.14` | | [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) | `3.2.7` | `3.2.8` | Updates `org.apache.maven.plugins:maven-enforcer-plugin` from 3.5.0 to 3.6.2 - [Release notes](https://github.com/apache/maven-enforcer/releases) - [Commits](apache/maven-enforcer@enforcer-3.5.0...enforcer-3.6.2) Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.14.1 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.14.1) Updates `org.apache.maven.plugins:maven-shade-plugin` from 3.6.0 to 3.6.1 - [Release notes](https://github.com/apache/maven-shade-plugin/releases) - [Commits](apache/maven-shade-plugin@maven-shade-plugin-3.6.0...maven-shade-plugin-3.6.1) Updates `org.codehaus.mojo:exec-maven-plugin` from 3.5.1 to 3.6.2 - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](mojohaus/exec-maven-plugin@3.5.1...3.6.2) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.4 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](apache/maven-surefire@surefire-3.5.3...surefire-3.5.4) Updates `org.apache.maven.plugins:maven-jar-plugin` from 3.4.2 to 3.5.0 - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](apache/maven-jar-plugin@maven-jar-plugin-3.4.2...maven-jar-plugin-3.5.0) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) Updates `org.apache.maven.plugins:maven-javadoc-plugin` from 3.11.2 to 3.12.0 - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.11.2...maven-javadoc-plugin-3.12.0) Updates `org.owasp:dependency-check-maven` from 12.1.1 to 12.1.9 - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](dependency-check/DependencyCheck@v12.1.1...v12.1.9) Updates `org.jacoco:jacoco-maven-plugin` from 0.8.13 to 0.8.14 - [Release notes](https://github.com/jacoco/jacoco/releases) - [Commits](jacoco/jacoco@v0.8.13...v0.8.14) Updates `org.apache.maven.plugins:maven-gpg-plugin` from 3.2.7 to 3.2.8 - [Release notes](https://github.com/apache/maven-gpg-plugin/releases) - [Commits](apache/maven-gpg-plugin@maven-gpg-plugin-3.2.7...maven-gpg-plugin-3.2.8) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-enforcer-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.14.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-shade-plugin dependency-version: 3.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: maven-build-plugins - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.1.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins - dependency-name: org.jacoco:jacoco-maven-plugin dependency-version: 0.8.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins - dependency-name: org.apache.maven.plugins:maven-gpg-plugin dependency-version: 3.2.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: maven-build-plugins ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Dec 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the maven-build-plugins group across 1 directory with 11 updates #98

Bump the maven-build-plugins group across 1 directory with 11 updates #98

Uh oh!

dependabot bot commented on behalf of github Dec 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the maven-build-plugins group across 1 directory with 11 updates #98

Are you sure you want to change the base?

Bump the maven-build-plugins group across 1 directory with 11 updates #98

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 2, 2025

3.6.2

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.6.1

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

3.14.1

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

3.6.1

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.6.2

🚀 New features and improvements

📦 Dependency updates

3.6.1

🐛 Bug Fixes

📦 Dependency updates

3.6.0

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.4

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.5.0

🚀 New features and improvements

🐛 Bug Fixes

👻 Maintenance

🔧 Build

📦 Dependency updates

3.4.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.12.0

💥 Breaking changes

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.11.3

🚨 Removed

🚀 New features and improvements

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

Version 12.1.9

Version 12.1.8

Version 12.1.7

Version 12.1.6

Version 12.1.5

Version 12.1.3

Version 12.1.2

Version 12.1.9 (2025-11-11)

Version 12.1.8 (2025-10-13)

Version 12.1.7 (20... Description has been truncated

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Version 12.1.7 (20...
Description has been truncated