Bump the dependabot-dependency-updates group across 1 directory with 8 updates

[dependabot]

Bumps the dependabot-dependency-updates group with 8 updates in the / directory:

Package	From	To
org.bouncycastle:bcprov-jdk18on	1.79	1.80
org.bouncycastle:bcpkix-jdk18on	1.79	1.80
com.fasterxml.jackson.core:jackson-databind	2.18.1	2.18.2
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml	2.18.1	2.18.2
org.apache.maven.plugins:maven-surefire-plugin	3.5.1	3.5.2
org.apache.maven.plugins:maven-javadoc-plugin	3.10.1	3.11.2
com.diffplug.spotless:spotless-maven-plugin	2.43.0	2.44.2
org.cyclonedx:cyclonedx-maven-plugin	2.9.0	2.9.1

Updates org.bouncycastle:bcprov-jdk18on from 1.79 to 1.80

Changelog

Sourced from org.bouncycastle:bcprov-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      2025, 14th January.

... (truncated)

Commits

• See full diff in compare view

Updates org.bouncycastle:bcpkix-jdk18on from 1.79 to 1.80

Changelog

Sourced from org.bouncycastle:bcpkix-jdk18on's changelog.

2.1.1 Version Release: 1.80 Date:      2025, 14th January.

... (truncated)

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.1 to 2.18.2

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-yaml from 2.18.1 to 2.18.2

Commits

• c7edd07 [maven-release-plugin] prepare release jackson-dataformats-text-2.18.2
• 967f11f Prep for 2.18.2
• e045611 Merge branch '2.17' into 2.18
• 1e7c628 Back to snapshot dep
• 1223dac [maven-release-plugin] prepare for next development iteration
• b3771f9 [maven-release-plugin] prepare release jackson-dataformats-text-2.17.3
• 683310e Prep for 2.17.3
• 2c4830a Back to snapshot deps
• 065f6f2 [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.1 to 3.5.2

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.2

🚀 New features and improvements

• [SUREFIRE-2278] - Don't say please. (#792) @​elharo

📦 Dependency updates

• [SUREFIRE-2281] - Doxia 2.0.0 ga (#794) @​michael-o
• Bump commons-io:commons-io from 2.2 to 2.14.0 in /surefire-its/src/test/resources/surefire-979-smartStackTrace-wrongClassloader/module1 (#789) @​dependabot

👻 Maintenance

• [SUREFIRE-2282] - surefire-report-plugin: Update Introduction documenta… (#796) @​michael-o
• Reduce cyclomatic complexity (#793) @​elharo

Full Changelog: apache/maven-surefire@surefire-3.5.1...surefire-3.5.2

Commits

• ea9f049 [maven-release-plugin] prepare release surefire-3.5.2
• e1f94a0 [SUREFIRE-2276] JUnit5's TestTemplate failures treated as flakes with retries
• d24adb4 [SUREFIRE-2277] RunResult#getFlakes() is lost during serialisation/deserialis...
• 4385e94 Remove links to non-existing report
• 8881971 Remove outdated FAQ
• 0121834 [SUREFIRE-2283] FAQ site contains broken link to failsafe-plugin
• 91d16c3 Fix formatting of XML schema files
• 6cb417a Add .xsd to .gitattributes
• 9ce5221 [SUREFIRE-2282] surefire-report-plugin: Update Introduction documentation page
• 620b983 [SUREFIRE-2281] Upgrade to Doxia 2.0.0 GA Stack
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.10.1 to 3.11.2

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.11.2

🚀 New features and improvements

• [MJAVADOC-823] - legacyMode keeps using module-info.java (-sourcedirectory still use as well as java files input) (#343) @​olamy
• [MJAVADOC-814] - handle parameters such packages with multi lines (#337) @​olamy
• [MJAVADOC-822] - skippedModules should be more scalable and support regex (#336) @​olamy

📦 Dependency updates

• Bump com.thoughtworks.qdox:qdox from 2.1.0 to 2.2.0 (#344) @​dependabot
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#342) @​dependabot
• Bump org.codehaus.mojo:l10n-maven-plugin from 1.0.0 to 1.1.0 (#335) @​dependabot

👻 Maintenance

• refactor: Replace Plexus AbstractLogEnabled with SLF4J (#338) @​timtebeek

maven-javadoc-plugin-3.11.1

What's Changed

• [MJAVADOC-821] Align toolchain discovery code with Maven Compiler Plugin by @​michael-o in apache/maven-javadoc-plugin#334

Full Changelog: apache/maven-javadoc-plugin@maven-javadoc-plugin-3.11.0...maven-javadoc-plugin-3.11.1

Commits

• 44cbab7 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.2
• 3de45d8 use github for scm
• 45ccf06 Bump com.thoughtworks.qdox:qdox from 2.1.0 to 2.2.0
• 530fa01 [MJAVADOC-823] legacyMode keeps using module-info.java (-sourcedirectory stil...
• 3a16d92 Bump commons-io:commons-io from 2.17.0 to 2.18.0
• 69c1ba7 Migrate from Plexus to Sisu Guice (#341)
• 39857ea Remove usages of deprecated ReaderFactory class (#339)
• 314203a [MJAVADOC-814] handle parameters such packages with multi lines (#337)
• 3bb982d refactor: Replace Plexus AbstractLogEnabled with SLF4J (#338)
• 76826c8 [MJAVADOC-822] skippedModules should be more scalable and support regex (#336)
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.43.0 to 2.44.2

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.44.2

• Eclipse-based tasks can now handle parallel configuration (#2389)

Maven Plugin v2.44.1

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

Maven Plugin v2.44.0

Headline changes

• The long 2.44.0.BETAX period is finally over (sorry, there was a problem in Gradle land).
• Spotless now supports linting in addition to formatting.
  • help wanted: maven api to suppress lints

Changed

• Bump default ktlint version to latest 1.3.0 -> 1.4.0. (#2314)
• Bump default jackson version to latest 2.18.0 -> 2.18.1. (#2319)
• Bump default ktfmt version to latest 0.52 -> 0.53. (#2320)
• Bump default ktlint version to latest 1.4.0 -> 1.5.0. (#2354)
• Bump minimum eclipse-cdt version to 11.0 (removed support for 10.7). (#2373)
• Bump default eclipse version to latest 4.32 -> 4.34. (#2381)

Fixed

• You can now use removeUnusedImports and googleJavaFormat at the same time again. (fixes #2159)
• The default list of type annotations used by formatAnnotations now includes Jakarta Validation's Valid and constraints validations (fixes #2334)

Maven Plugin v2.44.0.BETA4

Added

• Support for line ending policy PRESERVE which just takes the first line ending of every given file as setting (no matter if \n, \r\n or \r) (#2304)

Fixed

• ktlint steps now read from the string instead of the file so they don't clobber earlier steps. (fixes #1599)

Maven Plugin v2.44.0.BETA3

Added

• Support for rdf (#2261)
• Support for buf (#2291)

Changed

• Leverage local repository for Equo P2 cache. (#2238)
• Add explicit support for CSS via biome. Formatting CSS via biome was already supported as a general formatting step. Biome supports formatting CSS as of 1.8.0 (experimental, opt-in) and 1.9.0 (stable). (#2259)
• Bump default google-java-format version to latest 1.23.0 -> 1.24.0. (#2294)
• Bump default jackson version to latest 2.17.2 -> 2.18.0. (#2279)
• Bump default cleanthat version to latest 2.21 -> 2.22. (#2296)

Fixed

• Java import order, ignore duplicate group entries. (#2293)

Maven Plugin v2.44.0.BETA2

Changed

• Support toning down sortPom logging. (#2185)
• Bump default ktlint version to latest 1.2.1 -> 1.3.0. (#2165)
• Bump default ktfmt version to latest 0.49 -> 0.52. (#2172, #2231)
• Rename property ktfmt option removeUnusedImport -> removeUnusedImports to match ktfmt. (#2172)

... (truncated)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[3.0.2] - 2025-01-14

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

[3.0.0] - 2025-01-06

Headline changes

• All steps now support roundtrip serialization (end of #987).
• Spotless now supports linting in addition to formatting.

Changed

• Allow setting Eclipse config from a string, not only from files (#2337)
• Bump default ktlint version to latest 1.3.0 -> 1.4.0. (#2314)
• Add Sort Members feature based on Eclipse JDT implementation. (#2312)
• Bump default jackson version to latest 2.18.0 -> 2.18.1. (#2319)
• Bump default ktfmt version to latest 0.52 -> 0.53. (#2320)
• Bump default ktlint version to latest 1.4.0 -> 1.5.0. (#2354)
• Bump minimum eclipse-cdt version to 11.0 (removed support for 10.7). (#2373)
• Bump default eclipse version to latest 4.32 -> 4.34. (#2381)

Fixed

• You can now use removeUnusedImports and googleJavaFormat at the same time again. (fixes #2159)
• The default list of type annotations used by formatAnnotations now includes Jakarta Validation's Valid and constraints validations (fixes #2334)

[3.0.0.BETA4] - 2024-10-24

Added

• APIs to support linting. (implemented in #2148, #2149, #2307)
  • Spotless is still primarily a formatter, not a linter. But when formatting fails, it's more flexible to model those failures as lints so that the formatting can continue and ideally we can also capture the line numbers causing the failure.
  • Lint models a single change. A FormatterStep can create a lint by:
    • throwing an exception during formatting, ideally throw Lint.atLine(127, "code", "Well what happened was...")
    • or by implementing the List<Lint> lint(String content, File file) method to create multiple of them
• Support for line ending policy PRESERVE which just takes the first line ending of every given file as setting (no matter if \n, \r\n or \r) (#2304)

Changed

... (truncated)

Commits

• 6d03aed Published maven/2.44.2
• 20e2f5a Published gradle/7.0.2
• 37c85b8 Published lib/3.0.2
• b8b4efc Fix eclipse-based parallel downloads (#2396 fixes #2389)
• b401228 Update changelogs.
• 3727dfa Fix deprecations in the Spotless build.
• 77c480e Bump equo versions to latest, which fixes parallel downloads.
• b50fcaf fix: workaround for NPM configuration cache (#2390 fixes #2372)
• f77aead Update plugin com.github.spotbugs to v6.1.0 (#2393)
• 4c9e39a Update plugin com.github.spotbugs to v6.1.0
• Additional commits viewable in compare view

Updates org.cyclonedx:cyclonedx-maven-plugin from 2.9.0 to 2.9.1

Release notes

Sourced from org.cyclonedx:cyclonedx-maven-plugin's releases.

2.9.1

🚀 New features and improvements

• Make log output more easy to understand by sorting (#542) @​Bananeweizen
• simplify code (#577) @​hboutemy
• share isBlank(String) (#575) @​hboutemy
• don't generate invalid SBOM on blank license: ignore instead (#573) @​fupgang

🐛 Bug Fixes

• Fix incorrect component type in aggregated SBOM (Multi-module project) (#522) @​lonewalker0

📦 Dependency updates

• Bump actions/checkout from 4.2.0 to 4.2.1 (#565) @​dependabot

🔧 Build

• upgrade github-pages-deploy-action (#584) @​hboutemy
• Bump org.apache.maven.plugins:maven-project-info-reports-plugin from 3.6.2 to 3.8.0 (#570) @​dependabot
• Bump actions/checkout from 4.2.1 to 4.2.2 (#571) @​dependabot
• Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.7 (#561) @​dependabot
• Bump org.junit:junit-bom from 5.10.3 to 5.11.2 (#563) @​dependabot

Commits

• f5ac98a [maven-release-plugin] prepare release cyclonedx-maven-plugin-2.9.1
• b8e2442 upgrade github-pages-deploy-action
• 2c95cf2 Bump org.apache.maven.plugins:maven-project-info-reports-plugin
• f988a79 Bump actions/checkout from 4.2.1 to 4.2.2
• db2a35b Make log output more easy to understand by sorting dependencies
• 6429094 simplify code
• 4450f3b Fix incorrect component type in aggregated SBOM
• c02b50f share isBlank(String)
• 0bef0d0 fixes CycloneDX/cyclonedx-maven-plugin#382
• cf7d300 Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.4 to 3.2.7
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions