build(deps): bump the maven-plugins group across 1 directory with 7 updates

[dependabot]

Bumps the maven-plugins group with 7 updates in the / directory:

Package	From	To
org.apache.maven.shared:maven-dependency-analyzer	1.16.0	1.17.0
com.puppycrawl.tools:checkstyle	12.3.0	13.2.0
org.apache.maven.plugins:maven-dependency-plugin	3.9.0	3.10.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5
org.apache.maven.plugins:maven-compiler-plugin	3.14.1	3.15.0
org.codehaus.mojo:buildnumber-maven-plugin	3.2.1	3.3.0
org.sonatype.central:central-publishing-maven-plugin	0.9.0	0.10.0

Updates org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0

Release notes

Sourced from org.apache.maven.shared:maven-dependency-analyzer's releases.

1.17.0

🚀 New features and improvements

• Recognize classes used in web.xml as main classes (#264) @​slawekjaranowski
• Introduced a DependencyClassesProvider service (#258) @​slawekjaranowski

👻 Maintenance

• Update site descriptor to 2.0 (#268) @​slawekjaranowski
• Fix badges in README (#267) @​slawekjaranowski
• Exclude slf4j 2.x and mockito 5.x from dependabot (#263) @​slawekjaranowski
• feat: enable prevent branch protection rules (#248) @​sebtiem
• Catch exceptions on all paths (#245) @​elharo
• Add Apache 2.0 LICENSE file (#246) @​Ndacyayisenga-droid
• Handle corrupt constant pools (#242) @​elharo
• Remove redundant code (#144) @​elharo
• move default to end (#143) @​elharo

🔧 Build

• Build on GH also by Maven 4 (#266) @​slawekjaranowski

📦 Dependency updates

• Bump org.assertj:assertj-bom from 3.27.6 to 3.27.7 (#265) @dependabot[bot]
• Bump org.apache.maven.shared:maven-shared-components from 46 to 47 (#262) @dependabot[bot]
• Bump org.apache.maven.shared:maven-shared-components from 45 to 46 (#257) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#256) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#255) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#252) @dependabot[bot]
• Update Invoker Plugin and Plugin tools to support Java 25 (#253) @​Bukama
• Bump org.assertj:assertj-bom from 3.27.5 to 3.27.6 (#250) @dependabot[bot]
• Bump org.assertj:assertj-bom from 3.27.4 to 3.27.5 (#249) @dependabot[bot]
• Bump org.assertj:assertj-bom from 3.27.3 to 3.27.4 (#247) @dependabot[bot]
• Bump mavenVersion from 3.9.10 to 3.9.11 (#244) @dependabot[bot]
• Bump org.apache.maven.shared:maven-shared-components from 44 to 45 (#240) @dependabot[bot]
• Bump mavenVersion from 3.9.9 to 3.9.10 (#146) @dependabot[bot]

Commits

• 26aa306 [maven-release-plugin] prepare release maven-dependency-analyzer-1.17.0
• 2f3ed8e Update site descriptor to 2.0
• c3d832a Build on GH also by Maven 4
• 9c60c02 Fix badges in README
• a1a1f98 Recognize classes used in web.xml as main classes (#264)
• c8d8482 Bump org.assertj:assertj-bom from 3.27.6 to 3.27.7
• 3f70343 Exclude slf4j 2.x and mockito 5.x from dependabot
• cfa81cd Bump org.apache.maven.shared:maven-shared-components from 46 to 47 (#262)
• 1779cf3 Introduced a DependencyClassesProvider service
• c96ab1e Bump org.apache.maven.shared:maven-shared-components from 45 to 46 (#257)
• Additional commits viewable in compare view

Updates com.puppycrawl.tools:checkstyle from 12.3.0 to 13.2.0

Release notes

Sourced from com.puppycrawl.tools:checkstyle's releases.

checkstyle-13.2.0

Checkstyle 13.2.0 - https://checkstyle.org/releasenotes.html#Release_13.2.0

New:

#16678 - new Check: NumericalPrefixesInfixesSuffixesCharacterCaseCheck numerical prefixes, infixes, and suffixes should be lowercase, except for "L"

Bug fixes:

#18653 - False-negative: HexLiteralCase does not throw violation on Hex float literals #18486 - False positive: JavadocParagraph reports violation when <`p`> is after tags

checkstyle-13.1.0

Checkstyle 13.1.0 - https://checkstyle.org/releasenotes.html#Release_13.1.0

Breaking backward compatibility:

#12556 - Remove deprecated method CheckstyleAntTask:createClasspath()

New:

#18329 - ImportControl: add module attribute to allow/disallow module imports #18368 - New check: MissingOverrideOnRecordAccessor to require Override on record component accessor methods

Bug fixes:

#16087 - false positive invalid tag JavadocType #18790 - IllegalTokenText reports false positives for Unicode whitespace characters without escape sequences #18118 - Inconsistent behaviour of Indentation check #13038 - VariableDeclarationUsageDistanceCheck doesn't handle method definition properly

... (truncated)

Commits

• 4dd3be8 [maven-release-plugin] prepare release checkstyle-13.2.0
• 84fa874 doc: release notes for 13.2.0
• 48dfde0 Issue #18809: removed xdocs section markers
• 8ffb662 Issue #17882: Add STRING_LITERAL token Javadoc with AST example
• d0dcddf Issue #18612: Remove redundant tokens property from CustomImportOrder in goog...
• a6594e0 Issue #18599: Disable InlineMeSuggester as Error Prone annotations are forbid...
• c1f7520 Issue #18843: Indentation Check Handlers should not have reference to check i...
• 6a0b1ed Issue #18856: Split openrewrite-refaster-rules ci job into two jobs
• 66b1f61 Issue #18836: Enable pitest EXPERIMENTAL_MEMBER_VARIABLE and exclude optimiza...
• c7da3ee dependency: Update Google Java Format version to 1.34.0
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-dependency-plugin from 3.9.0 to 3.10.0

Release notes

Sourced from org.apache.maven.plugins:maven-dependency-plugin's releases.

3.10.0

🚀 New features and improvements

• Introduce graphRoots for dependencyFilter based mojos (#1571) @​rfscholte

🐛 Bug Fixes

• Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins (#1583) @​slawekjaranowski
• Only log dependency classpath when no property/file output is specified (#1551) @​mwalser
• [MDEP-974] - strip ansi codes when writing to a file (#1564) @​elharo

📝 Documentation updates

• Add analyze-only to usage page (#1587) @​slawekjaranowski
• Move doc comment to correct location (#1568) @​elharo
• Focus on most recent version (#1537) @​elharo

👻 Maintenance

• Fix Jenkin bages in README (#1586) @​slawekjaranowski
• Improve dependencies filtering in AbstractAnalyzeMojo (#1579) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1574) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1569) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1563) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#1562) @​slawekjaranowski
• Migration to JUnit 5 (#1558) @​slawekjaranowski
• JUnit Jupiter best practices (#1548) @​slachiewicz
• Migrate JUnit3 based Tests to JUnit 5 (#1541) @​sparsick

📦 Dependency updates

• Bump org.apache.maven.shared:maven-dependency-analyzer from 1.16.0 to 1.17.0 (#1584) @dependabot[bot]
• Bump org.assertj:assertj-core from 2.9.1 to 3.27.7 in /src/it/projects/analyze-testDependencyWithNonTestScope (#1581) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1578) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#1576) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1573) @dependabot[bot]
• Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 (#1572) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1570) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1559) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1552) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#1553) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#1554) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#1555) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#1550) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (#1538) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#1539) @dependabot[bot]

Commits

• 4127c33 [maven-release-plugin] prepare release maven-dependency-plugin-3.10.0
• 68b5e47 Add analyze-only to usage page
• 09d5860 Fix Jenkin bages in README
• 4308f6c Bump org.apache.maven.shared:maven-dependency-analyzer
• ba3c570 Apply excludeReactor to plugin dependencies in go-offline and resolve-plugins
• 0d88b66 Only log dependency classpath when no property/file output is specified
• 0075e31 Bump org.assertj:assertj-core (#1581)
• 65d53bb Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#1582)
• eaf54f0 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#1580)
• ece9a38 Improve dependencies filtering in AbstractAnalyzeMojo
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.14.1 to 3.15.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.15.0

🐛 Bug Fixes

• Fix Java 25 compatibility during integration tests (#1020) @​desruisseaux
• [MCOMPILER-540] - useIncrementalCompilation=false may add generated sources to the sources list (#192) @​mensinda

👻 Maintenance

• Bump org.apache.maven.plugins:maven-plugins from 45 to 46 (#1015) @​slachiewicz
• Remove declaration of "plexus-snapshots" repository (#1010) @​desruisseaux
• Works only with Maven 4.0.0 rc4 (#996) @​slachiewicz
• Enable Java 25 and Maven 4 in CI (#975) @​slachiewicz

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#1016) @dependabot[bot]
• Bump plexusCompilerVersion from 2.16.1 to 2.16.2 (#1021) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 46 to 47 (#1019) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#1008) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.9 to 9.9.1 (#1005) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#1007) @dependabot[bot]
• Bump maven-plugin-testing-harness to 3.4.0 (#1001) @​slawekjaranowski
• Bump plexusCompilerVersion from 2.16.0 to 2.16.1 (#999) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#993) @dependabot[bot]
• Bump plexusCompilerVersion from 2.15.0 to 2.16.0 (#992) @dependabot[bot]
• Bump org.ow2.asm:asm from 9.8 to 9.9 (#981) @dependabot[bot]

Commits

• 9290cb3 [maven-release-plugin] prepare release maven-compiler-plugin-3.15.0
• 3657d40 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 7bbf805 Bump plexusCompilerVersion from 2.16.1 to 2.16.2
• 57fa938 Bump org.apache.maven.plugins:maven-plugins from 46 to 47
• 385e3f2 Fix Java 25 compatibility during integration tests (#1020)
• 6b34423 Bump org.apache.maven.plugins:maven-plugins from 45 to 46
• aaeb9c6 [MCOMPILER-540] useIncrementalCompilation=false may add generated sources to ...
• 6e3db9d Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2
• 0fe9b84 Remove declaration of "plexus-snapshots" repository (#1010)
• 35f6800 Bump org.ow2.asm:asm from 9.9 to 9.9.1
• Additional commits viewable in compare view

Updates org.codehaus.mojo:buildnumber-maven-plugin from 3.2.1 to 3.3.0

Release notes

Sourced from org.codehaus.mojo:buildnumber-maven-plugin's releases.

3.3.0

Changes

• #237 useLastCommittedRevision on git returns Revision (#260) @​ky0n
• #208 property failTheBuild=false also ignore general scm failure (#259) @​ky0n
• Upgrade maven-scm to 2.2.1 and add compatibility fixes (#257) @copilot-swe-agent[bot]

📦 Dependency updates

• Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#262) @dependabot[bot]
• Bump org.codehaus.mojo:extra-enforcer-rules from 1.10.0 to 1.11.0 (#256) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#255) @dependabot[bot]
• Bump com.google.code.gson:gson from 2.13.1 to 2.13.2 (#253) @dependabot[bot]
• Bump actions/stale from 9 to 10 (#252) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#251) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#248) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 87 to 91 (#247) @dependabot[bot]
• Bump com.google.code.gson:gson from 2.13.0 to 2.13.1 (#240) @dependabot[bot]
• Bump com.google.code.gson:gson from 2.12.1 to 2.13.0 (#239) @dependabot[bot]
• Bump org.codehaus.mojo:extra-enforcer-rules from 1.9.0 to 1.10.0 (#238) @dependabot[bot]
• Bump com.google.code.gson:gson from 2.11.0 to 2.12.1 (#235) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 86 to 87 (#236) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#230) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#233) @dependabot[bot]
• Bump org.codehaus.mojo:extra-enforcer-rules from 1.8.0 to 1.9.0 (#232) @dependabot[bot]

Commits

• d943f30 [maven-release-plugin] prepare release buildnumber-maven-plugin=3.3.0
• e279a77 Bump org.codehaus.mojo:mojo-parent from 94 to 95
• 565c244 #237 add fallback solution for git provider when using property useLastCommit...
• b7a5a5e #208 improve fail the build behavior
• becb596 Upgrade maven-scm to 2.2.1 and add compatibility fixes (#257)
• b920e60 Bump org.codehaus.mojo:extra-enforcer-rules from 1.10.0 to 1.11.0
• 2a33325 Bump org.codehaus.mojo:mojo-parent from 93 to 94
• fadf416 Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
• 16e6090 Bump actions/stale from 9 to 10
• ed4502a Bump org.codehaus.mojo:mojo-parent from 92 to 93
• Additional commits viewable in compare view

Updates org.sonatype.central:central-publishing-maven-plugin from 0.9.0 to 0.10.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions