chore(deps): bump the maven-minor-patch group with 27 updates

[dependabot]

Bumps the maven-minor-patch group with 27 updates:

Package	From	To
org.assertj:assertj-core	3.25.1	3.27.7
com.github.spotbugs:spotbugs	4.8.2	4.9.8
org.pitest:pitest-junit5-plugin	1.2.1	1.2.3
org.apache.maven.plugins:maven-compiler-plugin	3.12.1	3.15.0
org.apache.maven.plugins:maven-surefire-plugin	3.2.5	3.5.6
org.apache.maven.plugins:maven-failsafe-plugin	3.2.5	3.5.6
org.apache.maven.plugins:maven-source-plugin	3.3.0	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.6.3	3.12.0
org.apache.maven.plugins:maven-jar-plugin	3.3.0	3.5.0
org.apache.maven.plugins:maven-install-plugin	3.1.1	3.1.4
org.apache.maven.plugins:maven-deploy-plugin	3.1.1	3.1.4
org.apache.maven.plugins:maven-clean-plugin	3.3.2	3.5.0
org.apache.maven.plugins:maven-resources-plugin	3.3.1	3.5.0
org.apache.maven.plugins:maven-checkstyle-plugin	3.3.1	3.6.0
com.github.spotbugs:spotbugs-maven-plugin	4.8.2.0	4.9.8.3
com.h3xstream.findsecbugs:findsecbugs-plugin	1.12.0	1.14.0
org.jacoco:jacoco-maven-plugin	0.8.11	0.8.14
org.pitest:pitest-maven	1.22.0	1.25.3
org.codehaus.mojo:flatten-maven-plugin	1.6.0	1.7.3
org.apache.maven.plugins:maven-project-info-reports-plugin	3.5.0	3.9.0
org.apache.maven.plugins:maven-gpg-plugin	3.1.0	3.2.8
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.10.0
org.apache.maven.plugins:maven-shade-plugin	3.5.1	3.6.2
org.codehaus.mojo:exec-maven-plugin	3.1.1	3.6.3
com.fasterxml.jackson.core:jackson-databind	2.18.2	2.21.4
com.code-intelligence:jazzer-api	0.22.1	0.30.0
com.code-intelligence:jazzer-junit	0.22.1	0.30.0

Updates org.assertj:assertj-core from 3.25.1 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs from 4.8.2 to 4.9.8

Release notes

Sourced from com.github.spotbugs:spotbugs's releases.

4.9.8

SpotBugs 4.9.8

CHANGELOG

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

CHECKSUM

file	checksum (sha256)
spotbugs-4.9.8-javadoc.jar	06fb742e3170087983c5855d7d8d846d7cdab9badfdf4b3564b424deb1dc0b28
spotbugs-4.9.8-sources.jar	cbee8358dd239e81fdcf37c32d1e6bedf148d25638b0c8d1b687d97c3061ecd9
spotbugs-4.9.8.tgz	2eb8e0f2b223c22ffa2ce0c1cf1be4127dde19d240b8f7ce69a5fd3ad5c36ff3
spotbugs-4.9.8.zip	e13d476403cf69074f415e35ebcc2f865f7a1ea444c1e659516bc0260e74dfa5
spotbugs-annotations-4.9.8-javadoc.jar	aecf15bb27a4d067e9b5a1c85b5d3aeefc5026a66e93040995804662e285d679
spotbugs-annotations-4.9.8-sources.jar	075b2eed660c2fe2fb1ad1de028f8fdff5f358e25c1318706b95ab17bb28be44
spotbugs-annotations.jar	6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
spotbugs-ant-4.9.8-javadoc.jar	025b2fb90e089dab1875068397736003bbf9e66bcac287ecb9e512dd0d387748
spotbugs-ant-4.9.8-sources.jar	91477d93b1fd1bebae35d318427b5238fb458e726478dc1a8ac41ce74838a1e6
spotbugs-ant.jar	22f2fa397e86663adcd4828cc1c91e63aa6cc2bfc56832885b749a86fac5c784
spotbugs.jar	4469bc080afe7cd2290a20bf63e28392b80abcc7c7ace33c8f55da52a17c7ca5
test-harness-4.9.8-javadoc.jar	81677f77441af941613c99a4f04b3cb2f6b1950be589afdec03905d8e2917824
test-harness-4.9.8-sources.jar	805d2d124b0d4ea513ee9262d4ad6027c3471d45defd80fd7d20e23425d17df7
test-harness-4.9.8.jar	0076a3bc9602c78d73edb048e625a96ee6a182fa3dd39300aa739af67b954189
test-harness-core-4.9.8-javadoc.jar	e3e64a5fd96be16eec8b832e87da703e5eae910b3abd7bda9ff81a10363e5c7f
test-harness-core-4.9.8-sources.jar	043a55d99a517c0d9cf702b0c183b4afd3f03af9eff4a86d59bb37df1b35b532
test-harness-core-4.9.8.jar	4e439df3b499660d91a659d7c523fcdc4945c932dfc7fee68e796193f9dff6bb
test-harness-jupiter-4.9.8-javadoc.jar	ae8ddee06796757be0526af1adf5969fbc149c0cf83542e6641405e69a044496
test-harness-jupiter-4.9.8-sources.jar	17144f315686bfd01c02fa4ae7c916060c41de8eed58d5b8470416fa08f46ced
test-harness-jupiter-4.9.8.jar	9e1bc39da08c6c80091f34f1fd92ec092109d0cdfd8009910bc22772df06eea7

4.9.7

SpotBugs 4.9.7

CHANGELOG

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

... (truncated)

Changelog

Sourced from com.github.spotbugs:spotbugs's changelog.

4.9.8 - 2025-10-18

Fixed

• Maven plugin reporting issue if -adjustPriority is not set (#3774)

4.9.7 - 2025-10-14

Fixed

• Fix Eclipse not always using latest preferences file state (#3740)
• Fix exception throw when singleton implementing Cloneable has no clone() method (#3727)
• Fix for missing -adjustPriority parameter in Eclipse preferences (#3687)
• Documentation of -adjustPriority parameter
• Functionality from DetectorFactory setEnabledButNonReporting(), getPriorityAdjustment() methods and BugInstance.adjustForDetector() is deprecated and moved to PriorityAdjuster (#3753)
• Improved FindNakedNotify to handle the case when the lock is loaded from a field (#3634)

Changed

• Support for fully qualified class names for detectors in -adjustPriority parameter
• Support for numerical and absolute priority adjustments
• Bump up Apache Commons BCEL to the version 6.11.0 (#3569)

Deprecated

• Add back and deprecate edu.umd.cs.findbugs.io.IO.close(InputStream) method. (#3756)

Build

• Allow our GA builds to work with JDK 25 (and drop support for JDK 24) (#3564)

4.9.6 - 2025-09-16

Fixed

• Fix exception throw when analyzing jakarta.servlet.http.HttpServletRequest method calls (#3711)

4.9.5 - 2025-09-14

Fixed

• Fix for an error when a record method has the @SuppressFBWarnings annotation (#3622)
• Fix SF_SWITCH_FALLTHROUGH false positive when continuing a loop (#3617)
• CWO_CLOSED_WITHOUT_OPENED false positive (#3616)
• SF_SWITCH_NO_DEFAULT false positive fix for switch-arrow (#3645)
• Fix the issue with BCEL logging Duplicating value: ... (#3621)
• Add missing jakarta support for servlets / pre/post destroy (#3694)

Added

• Add 'java.nio.file.Path.of' to known types for path traversal checks (#3699)

Cleanup

• S1481: Unused local variables should be removed (#3654)
• Moved test libraries to jakarta namespace including switching off jsr305 where possible for jakarta.annotation (#3695)

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

... (truncated)

Commits

• c1fa7f2 release v4.9.8
• 023f8dd fix(deps): update dependency org.apache.groovy:groovy-all to v5.0.2 (#3782)
• 423f1d1 Unconditional while loops no raising IL_INFINITE_LOOP (#3537)
• 9125bee Fix priority adjustment code
• 183da6c fix(deps): update dependency org.springframework:spring-core to v6.2.12 (#3779)
• a499f2e chore(deps): update dependency com.diffplug.gradle:goomph to v4.4.1 (#3776)
• b339bc1 Unconditionally initialize PriorityAdjuster for AbstractBugReporter
• 96891fe chore(deps): update plugin com.github.spotbugs to v6.4.3 (#3773)
• a3667d7 chore(docs): Updated supported versions
• 333a96a prepare for next release
• Additional commits viewable in compare view

Updates org.pitest:pitest-junit5-plugin from 1.2.1 to 1.2.3

Release notes

Sourced from org.pitest:pitest-junit5-plugin's releases.

1.2.2

What's Changed

• #109 Set junit-platform-launcher to provided scope

The pitest maven and gradle plugins now automatically resolve the correct version of platform launcher at runtime. The built against version of platform-launcher was however being included as a transitive dependency sometimes causing a conflict at runtime, particularly with 1.12.0.

Commits

• e05e0f1 Merge pull request #111 from pitest/bug/quarkus_3_22_x
• f9cf268 update for central publishing
• c4b2642 support quarkus 3.22.x
• 00210df remove duplication
• 8e14b9d Merge pull request #99 from Wolf2323/emptyGroups
• 9010488 Merge branch 'master' into emptyGroups
• 1b6cf24 bump version numbers
• a67b85c update for 1.2.2
• 3f50ef2 Merge pull request #109 from pitest/bug/junit_platform
• 3316987 set junit-platform-launcher to provided scope
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

3.14.1

🚀 New features and improvements

• Improve DeltaList behavior for large projects (#335) @​gsmet
• Allow to not use --module-version for the Java compiler (#331) @​pzygielo

🐛 Bug Fixes

• Add generatedSourcesPath back to the maven project (#312) @​mensinda
• [MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @​mensinda

📦 Dependency updates

• Enforce asm version used here, to not depend on brittle transitive (#964) @​olamy
• Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

3.14.0

... (truncated)

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.5.6

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.6

🚀 New features and improvements

• Introduce reportTestTimestamp option and include timestamp for test sets and test cases (#3261) (#3302) @​olamy

🐛 Bug Fixes

• Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_socket at address' is not displayed anymore when using maven.surefire.debug (#3353) (#3354) @​olamy
• Ensure that the statistics filename is calculated only once. (#3326) (#3327) @​olamy
• Add flakes attribute to use in testsuite report (#3306) (#3308) @​olamy
• [BACKPORT 3.5.x] [SUREFIRE-2049] - Fix SHUTDOWN type lost during command serialization. (#3270) (#3289) @​olamy
• fix: null guard for context map (#3269) (#3272) @​olamy

👻 Maintenance

• 3.5.x/bug/cherry pick embedded mode its (#3328) @​olamy
• Use surefire 3.5.5 by project itself for testing (#3324) @​slawekjaranowski
• Follow Oracle javadoc guidelines (#3177) @​elharo

📦 Dependency updates

• Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3 (#3334) @dependabot[bot]
• Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#3350) @dependabot[bot]

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

... (truncated)

Commits

• 25ea054 [maven-release-plugin] prepare release surefire-3.5.6
• e5f374c Bump org.fusesource.jansi:jansi from 2.4.2 to 2.4.3
• dadd55b Issue #2613 Debugging failsafe tests: Message 'Listening for transport dt_soc...
• 39dd250 Bump commons-io:commons-io from 2.21.0 to 2.22.0
• 2774273 Ensure that the statistics filename is calculated only once. (#3326) (#3327)
• 0d5df8a 3.5.x/bug/cherry pick embedded mode its (#3328)
• 04ad9a2 Use surefire 3.5.5 by project itself for testing
• 37e8f69 Add flakes attribute to use in testsuite report (#3306) (#3308)
• a970fef Introduce reportTestTimestamp option and include timestamp for test sets and ...
• e838393 deploy 3.5.x branch to nexus
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

3.3.1

What's Changed

• [MSOURCES-139] Fix typo in AbstractSourceJarMojo exception by @​NotMyFault in apache/maven-source-plugin#11
• [MSOURCES-142]Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 by @​dependabot in apache/maven-source-plugin#12
• Fix typos in AbstractSourceJarMojo exception by @​sabi0 in apache/maven-source-plugin#13
• Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.1 by @​dependabot in apache/maven-source-plugin#21
• Bump org.codehaus.plexus:plexus-archiver from 4.8.0 to 4.9.1 by @​dependabot in apache/maven-source-plugin#20
• Bump org.apache.maven.plugins:maven-plugins from 39 to 41 by @​dependabot in apache/maven-source-plugin#18
• Bump apache/maven-gh-actions-shared from 3 to 4 by @​dependabot in apache/maven-source-plugin#22

New Contributors

• @​NotMyFault made their first contribution in apache/maven-source-plugin#11
• @​sabi0 made their first contribution in apache/maven-source-plugin#13

Full Changelog: apache/maven-source-plugin@maven-source-plugin-3.3.0...maven-source-plugin-3.3.1

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

• remove fix mojo (#1263) @​elharo
• detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @​olamy

🐛 Bug Fixes

• Fix legacyMode (#1265) @​fridrich
• Fix package {...} does not exist in legacyMode (#1243) @​JackPGreen
• Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @​elharo
• Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @​perceptron8

👻 Maintenance

• protect 3.8.x branch (#1238) @​hboutemy
• feat: enable prevent branch protection rules (#1228) @​sparsick

📦 Dependency updates

• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

• Remove workaround for long patched CVE in javadoc (#388) @​elharo

🚀 New features and improvements

• Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @​olamy

🐛 Bug Fixes

• Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @​fridrich
• [MJAVADOC-826] - Don't try to modify project source roots (#358) @​oehme

📝 Documentation updates

• Correct javadoc-no-fork description on index-page (#368) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @​Bukama
• (doc) Close links tag in links parameter javadoc example (#355) @​sixcorners

👻 Maintenance

• Be consistent about data encoding when copying files (#1215) @​fridrich
• Clean up JavadocUtilTest (#1210) @​elharo
• Use Java 7 relativization instead of hand-rolled code (#385) @​elharo
• Rephrase source code fix interactive messages for clarity (Description has been truncated

[dependabot]

Labels

The following labels could not be found: dependencies, java. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.