Bump the java-patch-and-minor group with 12 updates

[dependabot]

Bumps the java-patch-and-minor group with 12 updates:

Package	From	To
com.microsoft.signalr:signalr	8.0.12	8.0.27
org.apache.httpcomponents.client5:httpclient5	5.4.3	5.6.1
com.fasterxml.jackson.core:jackson-databind	2.18.3	2.21.3
org.slf4j:slf4j-api	2.0.17	2.0.18
com.google.code.gson:gson	2.11.0	2.14.0
org.apache.maven.plugins:maven-compiler-plugin	3.13.0	3.15.0
org.sonatype.central:central-publishing-maven-plugin	0.7.0	0.10.0
org.codehaus.mojo:flatten-maven-plugin	1.6.0	1.7.3
com.github.spotbugs:spotbugs-maven-plugin	4.8.6.6	4.9.8.3
org.apache.maven.plugins:maven-source-plugin	3.3.0	3.4.0
org.apache.maven.plugins:maven-javadoc-plugin	3.5.0	3.12.0
org.apache.maven.plugins:maven-gpg-plugin	3.1.0	3.2.8

Updates com.microsoft.signalr:signalr from 8.0.12 to 8.0.27

Release notes

Sourced from com.microsoft.signalr:signalr's releases.

.NET 8.0.27

Release

What's Changed

• [release/8.0] Update branding to 8.0.27 by @​vseanreesermsft in dotnet/aspnetcore#66205
• [release/8.0] Update NPM dependencies by @​wtgodbe in dotnet/aspnetcore#66052
• [release/8.0] Move off of dead-lettered Windows preview helix queue by @​wtgodbe in dotnet/aspnetcore#66220
• [release/8.0] (deps): Bump src/submodules/googletest from 73a63ea to d72f9c8 by @​dependabot[bot] in dotnet/aspnetcore#66087
• [release/8.0] Replace dn-bot-dnceng-build-rw-code-rw PAT with WIF service connection in mirror-within-azdo by @​missymessa in dotnet/aspnetcore#66115
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro[bot] in dotnet/aspnetcore#66216
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in dotnet/aspnetcore#66081
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro[bot] in dotnet/aspnetcore#66131
• [release/8.0] Update @​azure/msal-browser from 2.x to 4.x by @​wtgodbe in dotnet/aspnetcore#66236
• [release/8.0] Use source-build-assets repo by @​NikolaMilosavljevic in dotnet/aspnetcore#66276
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#66317

Full Changelog: dotnet/aspnetcore@v8.0.26...v8.0.27

.NET 8.0.26

Release

What's Changed

• [release/8.0] Update branding to 8.0.26 by @​vseanreesermsft in dotnet/aspnetcore#65635
• [release/8.0] (deps): Bump src/submodules/googletest from 56efe39 to 73a63ea by @​dependabot[bot] in dotnet/aspnetcore#65586
• [release/8.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in dotnet/aspnetcore#65581
• [release/8.0] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro[bot] in dotnet/aspnetcore#65621
• [release/8.0] Update dependencies from dotnet/source-build-externals by @​dotnet-maestro[bot] in dotnet/aspnetcore#65615
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#65730

Full Changelog: dotnet/aspnetcore@v8.0.25...v8.0.26

.NET 8.0.25

Release

What's Changed

• Update branding to 8.0.25 by @​vseanreesermsft in dotnet/aspnetcore#65293
• [release/8.0] (deps): Bump src/submodules/googletest from 9156d4c to 56efe39 by @​dependabot[bot] in dotnet/aspnetcore#65289
• [release/8.0] Add support for hotfix branding by @​mmitche in dotnet/aspnetcore#65252
• [release/8.0] Remove package baseline infrastructure by @​Copilot in dotnet/aspnetcore#65209
• [release/8.0] Set network isolation policy for aspnetcore-ci by @​github-actions[bot] in dotnet/aspnetcore#65173
• [release/8.0] Fix URL format for JDK download on linux by @​github-actions[bot] in dotnet/aspnetcore#65076
• [release/8.0] Disable parallel restore for Grpc JsonTranscoding by @​github-actions[bot] in dotnet/aspnetcore#65073
• [release/8.0] Update Ubuntu queue to 22.04 by @​github-actions[bot] in dotnet/aspnetcore#65299
• [release/8.0] Re-enable Nuget Audit by @​wtgodbe in dotnet/aspnetcore#65328
• [release/8.0] Don't use netcoreapp2.1 in dotnet-getdocument by @​wtgodbe in dotnet/aspnetcore#65331
• [release/8.0] Update AzureIdentityVersion to 1.11.4 by @​wtgodbe in dotnet/aspnetcore#65332
• [release/8.0] Disable parallel restore for linker tests by @​wtgodbe in dotnet/aspnetcore#65375
• Merging internal commits for release/8.0 by @​vseanreesermsft in dotnet/aspnetcore#65382

... (truncated)

Commits

• be2530c Merged PR 60636: [internal/release/8.0] Update dependencies from dnceng/inter...
• 383ca84 Merged PR 60622: [internal/release/8.0] Update dependencies from dnceng/inter...
• 17022fc Merged PR 60567: [internal/release/8.0] Update dependencies from dnceng/inter...
• ab1539f Merged PR 60559: [internal/release/8.0] Update dependencies from dnceng/inter...
• 168e721 Merged PR 60239: [internal/release/8.0] Update dependencies from dnceng/inter...
• ee417e0 Merged PR 60227: [internal/release/8.0] Update dependencies from dnceng/inter...
• 3d60b49 Merged PR 60163: [internal/release/8.0] Update dependencies from dnceng/inter...
• a24cb2a Merged PR 59727: [internal/release/8.0] Update dependencies from dnceng/inter...
• 598768b Update dependencies from https://dev.azure.com/dnceng/internal/_git/dotnet-ef...
• 1f8ca3d Merge commit 'be01d75530269d3fabeb14bf89aec22348068f4e'
• Additional commits viewable in compare view

Updates org.apache.httpcomponents.client5:httpclient5 from 5.4.3 to 5.6.1

Changelog

Sourced from org.apache.httpcomponents.client5:httpclient5's changelog.

Release 5.6.1

This is a maintenance release disables experimental SCRAM auth scheme by default and fixes SCRAM final response handling. The SCRAM auth scheme can be re-enabled by choosing a custom auth scheme preference sequence that explicitly includes SCRAM auth.

Change Log

• Fix SCRAM final response handling. Contributed by Arturo Bernal

• Auth challenge parsing code improvement. Contributed by Oleg Kalnichevski

• Add missing Javadoc for ConnectionConfig (#820). Contributed by Gary Gregory

• Bug fix: Corrected async message exchange cancellation logic in InternalHttpAsyncExecRuntime. Contributed by Oleg Kalnichevski

• HTTPCLIENT-2417: Honor TlsConfig attachment in async connect path. Contributed by Arturo Bernal

• HTTPCLIENT-2414: Fix Basic auth cache scoping across path prefixes (#802). Contributed by Arturo Bernal

• HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803). Contributed by Arturo Bernal

• Bug fix: Corrected sleep time calculation in IdleConnectionEvictor; use 1 minute sleep time by default. Contributed by Oleg Kalnichevski

• DefaultManagedHttpClientConnection: Restore original socket timeout. Contributed by Ryan Schmitt

• HTTPCLIENT-2411: Use standard HTTP-date format for synthesized Date header (#775). Contributed by Arturo Bernal

• Fix NPE in connection evictor setup (#774). Contributed by Arturo Bernal

Release 5.6

... (truncated)

Commits

• 4f86ca6 HttpClient 5.6.1 release
• 1b2bafe Updated release notes for HttpClient 5.6.1 release
• 1acf00b Fix SCRAM final response handling
• 49549ab Auth challenge parsing code improvement
• fa6b6d7 Add missing Javadoc for ConnectionConfig (#820)
• 3de8ad5 Fixed DefaultClientTlsStrategy test failures on MacOS
• c69f38f Bug-fix: corrects message exchange cancellation logic in InternalHttpAsyncExe...
• 30386d3 HTTPCLIENT-2417 Honor TlsConfig attachment in async connect path
• 9cc45f6 HTTPCLIENT-2414 - Fix Basic auth cache scoping across path prefixes (#802)
• 1e01a48 HTTPCLIENT-2415: Normalize CookieOrigin path for cookie matching (#803)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.3 to 2.21.3

Commits

• See full diff in compare view

Updates org.slf4j:slf4j-api from 2.0.17 to 2.0.18

Updates com.google.code.gson:gson from 2.11.0 to 2.14.0

Release notes

Sourced from com.google.code.gson:gson's releases.

Gson 2.14.0

What's Changed

• Add type adapters for java.time classes by @​eamonnmcmanus in google/gson#2948

  When the java.time API is available, Gson automatically can read and write instances of classes like Instant and Duration. The format it uses essentially freezes the JSON representation that ReflectiveTypeAdapterFactory established by default, based on the private fields of java.time classes. That's not a great representation, but it is understandable. Changing it to anything else would break compatibility with systems that are expecting the current format.

  With this change, Gson no longer tries to access private fields of these classes using reflection. So it is no longer necessary to run with --add-opens for these classes on recent JDKs.

• Remove com.google.gson.graph by @​eamonnmcmanus in google/gson#2990.

  This package was not part of any released artifact and depended on Gson internals in potentially problematic ways.

• Validate that strings being parsed as integers consist of ASCII characters by @​eamonnmcmanus in google/gson#2995

  Previously, strings could contain non-ASCII Unicode digits and still be parsed as integers. That's inconsistent with how JSON numbers are treated.

• Fix duplicate key detection when first value is null by @​andrewstellman in google/gson#3006

  This could potentially break code that was relying on the incorrect behaviour. For example, this JSON string was previously accepted but will no longer be: {"foo": null, "foo": bar}.

• Remove Serializable from internal Type implementation classes. by @​eamonnmcmanus in google/gson#3011

  The nested classes ParameterizedTypeImpl, GenericArrayTypeImpl, and WildcardTypeImpl in GsonTypes are implementations of the corresponding types (without Impl) in java.lang.reflect. For some reason, they were serializable, even though the java.lang.reflect implementations are not. Having unnecessarily serializable classes could conceivably have been a security problem if they were part of a larger exploit using serialization. (We do not consider this a likely scenario and do not suggest that you need to update Gson just to get this change.)

• Add LegacyProtoTypeAdapterFactory. by @​eamonnmcmanus in google/gson#3014

  This is not part of any released artifact, but may be of use when trying to fix code that is currently accessing the internals of protobuf classes via reflection.

• Make AppendableWriter do flush and close if delegation object supports by @​MukjepScarlet in google/gson#2925

Other less visible changes

• Add default capacity to EnumTypeAdapter maps by @​MukjepScarlet in google/gson#2959
• refactor: move derived adapters from Gson to TypeAdapters by @​MukjepScarlet in google/gson#2951
• Optimize new Gson() by @​MukjepScarlet in google/gson#2864

New Contributors

• @​ThirdGoddess made their first contribution in google/gson#2944
• @​lmj798 made their first contribution in google/gson#2988
• @​Eng-YasminKotb made their first contribution in google/gson#3005
• @​andrewstellman made their first contribution in google/gson#3006

Full Changelog: google/gson@gson-parent-2.13.2...gson-parent-2.14.0

Gson 2.13.2

The main changes in this release are just newer dependencies.

... (truncated)

Commits

• 3ff35d6 [maven-release-plugin] prepare release gson-parent-2.14.0
• a3024fd Bump the maven group with 13 updates (#3002)
• 5689ffe Bump the github-actions group across 1 directory with 3 updates (#3018)
• 48db33c Add LegacyProtoTypeAdapterFactory. (#3014)
• 53d703e Update outdated comment regarding serializable types (#3012)
• 0189b72 Remove Serializable from internal Type implementation classes. (#3011)
• f4d371d Fix duplicate key detection when first value is null (#3006)
• 27d9ba1 Fix typo in README (JPMS dependencies section) (#3005)
• 1fa9b7a Validate that strings being parsed as integers consist of ASCII characters (#...
• b7d5954 Add iterator fail-fast tests for LinkedTreeMap.clear() (#2992)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

3.14.1

🚀 New features and improvements

• Improve DeltaList behavior for large projects (#335) @​gsmet
• Allow to not use --module-version for the Java compiler (#331) @​pzygielo

🐛 Bug Fixes

• Add generatedSourcesPath back to the maven project (#312) @​mensinda
• [MCOMPILER-538] - Do not add target/generated-sources/annotations to the source roots (#191) @​mensinda

📦 Dependency updates

• Enforce asm version used here, to not depend on brittle transitive (#964) @​olamy
• Bump mavenVersion from 3.9.10 to 3.9.11 (#952) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#935) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#336) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.4.0 to 1.5.0 (#324) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 43 to 44 (#316) @dependabot[bot]

3.14.0

... (truncated)

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.7.0 to 0.10.0

Commits

• See full diff in compare view

Updates org.codehaus.mojo:flatten-maven-plugin from 1.6.0 to 1.7.3

Release notes

Sourced from org.codehaus.mojo:flatten-maven-plugin's releases.

1.7.3

🐛 Bug Fixes

• Fixes condition-activated profiles not considered in effective model (#481) @​oldhen

📦 Dependency updates

• Bump org.assertj:assertj-core from 3.27.4 to 3.27.5 (#482) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#480) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 (#479) @dependabot[bot]

1.7.2

🐛 Bug Fixes

• Create missing target directories, use NIO for file block operations (#471) @​slawekjaranowski

📝 Documentation updates

• Clarify example in usage about updatePomFile behavior (#477) @​slawekjaranowski

👻 Maintenance

• Add stale GitHub Action (#476) @​slawekjaranowski
• Add Maven 4 to build matrix on GitHub Actions (#474) @​slawekjaranowski
• Improve assertions in no-overwrite tests (#475) @​slawekjaranowski
• Add a missing plugin version in ITS (#473) @​slawekjaranowski
• Add integration test for install and deploy flattened pom (#472) @​slawekjaranowski

📦 Dependency updates

• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#470) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#467) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.3.3 to 2.15.0 in /src/it/projects/bom-flattenMode/bom (#464) @dependabot[bot]
• Bump com.fasterxml.jackson.core:jackson-core from 2.13.0 to 2.15.0 in /src/it/projects/bom-pomElements/bom (#463) @dependabot[bot]

1.7.1

🐛 Bug Fixes

• Fix #400 - Preserve POM content ordering (and formatting) on resolveCiFriendliesOnly flattenMode (#446) @​stechio
• Fix FilteringValueSourceWrapper for a newer version of plexus-interpolation, Maven 3.9.10 (#453) @​slawekjaranowski

📝 Documentation updates

• Use resolveCiFriendliesOnly in examples instead of minimum for flattenMode (#460) @​slawekjaranowski
• Remove a dead link to MOJO-2030 from documentation (#459) @​slawekjaranowski
• Rename 'Goals' to 'Plugin Documentation' in site manu (#456) @​slawekjaranowski

... (truncated)

Commits

• bd7c560 [maven-release-plugin] prepare release 1.7.3
• aee23ca Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
• 7da52c3 Fixes condition-activated profiles not considered in effective model (#481)
• 7680ed4 Bump org.codehaus.mojo:mojo-parent from 92 to 93
• deae474 Bump org.assertj:assertj-core from 3.27.3 to 3.27.4
• 3189718 [maven-release-plugin] prepare for next development iteration
• 9d80041 [maven-release-plugin] prepare release 1.7.2
• 6c62863 Clarify example in usage about updatePomFile behavior
• fc35f4c Add stale GitHub Action
• 0fb1ea0 Add Maven 4 to build matrix on GitHub Actions (#474)
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.8.6.6 to 4.9.8.3

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.9.8.3

Consumer

• Fix support for noClassOk
• Fix xref links
• library updates

Build

• Update actions
• Plugin updates
• Restore spock test runs
• Update copyright date on files from 2025 to 2026 to keep java 8 release in line with master

Spotbugs Maven Plugin 4.9.8.2

• Fixed generate site reports to include all site variations, thanks to @​bradleylarrick
• Add support for source jar/zip, thanks to @​cortlepp

Spotbugs Maven Plugin 4.9.8.1

Bug fix with SpotbugsInfo.EOF error (was meant to be SpotbugsInfo.EOL).

Spotbugs Maven Plugin 4.9.8.0

Bug fix release supporting spotbugs 4.9.8.

Spotbugs Maven Plugin 4.9.7.0

• Supports 4.9.7 of spotbugs
• Build updates
• Fixes spotbugs/spotbugs-maven-plugin#1215

Spotbugs Maven Plugin 4.9.6.0

• Supports spotbugs 4.9.6
• note: 4.9.5 had a defect with detection of jakarta in servlets that was unexpected and quickly patched for this release.

Spotbugs Maven Plugin 4.9.5.0

• Support spotbugs 4.9.5

Spotbugs Maven Plugin 4.9.4.2

Consumer

• Add support for 'chooseVisitors'
• Minor code cleanup
• Still supports spotbugs 4.9.4

Producer

• Remove add opens from jvm.config as no longer needed

Spotbugs Maven Plugin 4.9.4.1

Consumer

• Cleanup readme to better support plugin
• Dropped direct usage of plexus utils and commons io
• Groovy 5 now run engine
• Correct issue since 4.9.2.0 resulting in most runs getting spotbugs.html file incorrectly. This has been refactored to restore doxia 1 overrides to produce xml report only when not running in site lifecycle
• Correct defects with handling of various files on disk such as exclusion filters that were introduced into 4.9.4.0. Integration tests have been applied to prevent future regression.

... (truncated)

Commits

• 60c97f8 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.3
• 5579b86 Merge pull request #1350 from hazendaz/master
• e8d6344 [ci] formatting
• cb28317 [pom] Update byte buddy to 1.18.7 (no jdk5)
• 29ec1fe Update README.md
• 1405d03 Merge pull request #1344 from spotbugs/hazendaz-patch-1
• a761466 Update Java version requirements in README
• 62594b3 Merge pull request #1342 from hazendaz/master
• adcc2e3 [ci] Formatting
• 0b53c1d Merge pull request #1338 from spotbugs/renovate/github-codeql-action-digest
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

• [MSOURCES-140] - fail only if re-attach different files (#24) @​hboutemy

👻 Maintenance

• Bump m-invoker-p to 3.9.1 (#251) @​slachiewicz
• Allow to manually execute release drafter (#58) @​slawekjaranowski
• GH Issues (Maven 3 branch) (#57) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @​Bukama

📦 Dependency updates

• Use plexus-utils version from parent (#252) @​slachiewicz
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]
• Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]
• Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]
• [MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]
• [MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]
• [MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

3.3.1

What's Changed

• [MSOURCES-139] Fix typo in AbstractSourceJarMojo exception by @​NotMyFault in apache/maven-source-plugin#11
• [MSOURCES-142]Bump org.codehaus.plexus:plexus-archiver from 4.7.1 to 4.8.0 by @​dependabot in apache/maven-source-plugin#12
• Fix typos in AbstractSourceJarMojo exception by @​sabi0 in apache/maven-source-plugin#13
• Bump org.apache.maven:maven-archiver from 3.6.0 to 3.6.1 by @​dependabot in apache/maven-source-plugin#21
• Bump org.codehaus.plexus:plexus-archiver from 4.8.0 to 4.9.1 by @​dependabot in apache/maven-source-plugin#20
• Bump org.apache.maven.plugins:maven-plugins from 39 to 41 by @​dependabot in apache/maven-source-plugin#18
• Bump apache/maven-gh-actions-shared from 3 to 4 by @​dependabot in apache/maven-source-plugin#22

New Contributors

• @​NotMyFault made their first contribution in apache/maven-source-plugin#11
• @​sabi0 made their first contribution in apache/maven-source-plugin#13

Full Changelog: apache/maven-source-plugin@maven-source-plugin-3.3.0...maven-source-plugin-3.3.1

Commits

• ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
• 95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
• 7a9a770 [maven-release-plugin] prepare for next development iteration
• 292c1ce Use plexus-utils version from parent
• bf79b71 Bump m-invoker-p to 3.9.1
• 4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
• a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• 51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
• 267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
• ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-javadoc-plugin from 3.5.0 to 3.12.0

Release notes

Sourced from org.apache.maven.plugins:maven-javadoc-plugin's releases.

3.12.0

💥 Breaking changes

• remove fix mojo (#1263) @​elharo
• detectOfflineLinks is now false per default for all jar mojo issue #1258 (#1259) @​olamy

🐛 Bug Fixes

• Fix legacyMode (#1265) @​fridrich
• Fix package {...} does not exist in legacyMode (#1243) @​JackPGreen
• Ensure UTF-8 charset is used to avoid IllegalArgumentException: Null charset name (#1245) @​elharo
• Remove Javadoc 1.4+ / -1.1 switch related warning (#1240) @​perceptron8

👻 Maintenance

• protect 3.8.x branch (#1238) @​hboutemy
• feat: enable prevent branch protection rules (#1228) @​sparsick

📦 Dependency updates

• Bump org.codehaus.mojo:mrm-maven-plugin from 1.6.0 to 1.7.0 (#1257) @dependabot[bot]

3.11.3

🚨 Removed

• Remove workaround for long patched CVE in javadoc (#388) @​elharo

🚀 New features and improvements

• Issue #369 Support --no-fonts option per default for jdk 23+ (#375) @​olamy

🐛 Bug Fixes

• Make the legacyMode consistent (Filter out all of the module-info.java files in legacy mode, do not use --source-path in legacy mode) (#1217) @​fridrich
• [MJAVADOC-826] - Don't try to modify project source roots (#358) @​oehme

📝 Documentation updates

• Correct javadoc-no-fork description on index-page (#368) @​Bukama
• [MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#360) @​Bukama
• (doc) Close links tag in links parameter javadoc example (#355) @​sixcorners

👻 Maintenance

• Be consistent about data encoding when copying files (#1215) @​fridrich
• Clean up JavadocUtilTest (#1210) @​elharo
• Use Java 7 relativization instead of hand-rolled code (#385) @​elharo
• Rephrase source code fix interactive messages for clarity (#390) @​elharo

... (truncated)

Commits

• 2a06bed [maven-release-plugin] prepare release maven-javadoc-plugin-3.12.0
• a71ecf9 bump version 3.12.0-SNAPSHOT
• 88f2b71 [maven-release-plugin] prepare for next development iteration
• 7e18956 [maven-release-plugin] prepare release maven-javadoc-plugin-3.11.4

[dependabot]

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[petrsnd]

LGTM — all 12 dependency bumps validated against a live appliance. Full regression: 59 passed, 0 failed. Build and SpotBugs clean.