Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the maven group with 8 updates #2818

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Bump the maven group with 8 updates #2818

wants to merge 2 commits into from
+9 −9

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2025

Bumps the maven group with 8 updates:

Package From To
com.diffplug.spotless:spotless-maven-plugin 2.44.2 2.44.3
org.apache.maven.plugins:maven-compiler-plugin 3.13.0 3.14.0
org.apache.maven.plugins:maven-install-plugin 3.1.3 3.1.4
org.apache.maven.plugins:maven-deploy-plugin 3.1.3 3.1.4
com.guardsquare:proguard-core 9.1.7 9.1.8
org.junit.jupiter:junit-jupiter 5.11.4 5.12.0
org.graalvm.buildtools:native-maven-plugin 0.10.4 0.10.5
com.fasterxml.jackson.core:jackson-databind 2.18.2 2.18.3

Updates com.diffplug.spotless:spotless-maven-plugin from 2.44.2 to 2.44.3

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.44.3

  • Support for clang-format (#2406)
  • Adopt new version of maven-plugin-development from GradleX (#2395)
Commits
  • 4dd0095 Published maven/2.44.3
  • 62eff17 Published lib/3.1.0
  • d88a76e feat: allow overriding JarSate classloader (to enable cli) (#2427)
  • 06c6ca8 chore: insert created PR#
  • 8ee1dfe chore: provide test to make sure overriding classloader works
  • 88d3c31 chore: update changelog for reflecting overridable classLoader in JarState
  • f519ed3 feat: allow overriding classLoader for jarstate
  • a410e9f adopt maven plugin development from gradle x (#2423 closes #2395)
  • fd5970c chore(deps): update plugin com.gradle.develocity to v3.19.2 (#2425)
  • cdb609e added changelog info in the right place
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0

Release notes

Sourced from org.apache.maven.plugins:maven-compiler-plugin's releases.

3.14.0

🚀 New features and improvements

🐛 Bug Fixes

📦 Dependency updates

👻 Maintenance

🔧 Build

Commits
  • b5e7d9b [maven-release-plugin] prepare release maven-compiler-plugin-3.14.0
  • 9134f12 Enable GitHub Issues
  • 19b8b12 Update scm tag according to branch
  • 09dce4e [MCOMPILER-579] allow module-version configuration (#273)
  • f7c3c5f Bump org.codehaus.plexus:plexus-java from 1.2.0 to 1.4.0
  • 764a54b [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
  • cfacbc1 PR Automation only on close event
  • 5c26bba Use JUnit version from parent
  • 5449407 [MCOMPILER-529] Update docs about version schema (Maven 3)
  • 01d5b88 Bump mavenVersion from 3.6.3 to 3.9.9 (#283)
  • Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-install-plugin from 3.1.3 to 3.1.4

Release notes

Sourced from org.apache.maven.plugins:maven-install-plugin's releases.

3.1.4

🚀 New features and improvements

📦 Dependency updates

👻 Maintenance

Commits
  • 29b220d [maven-release-plugin] prepare release maven-install-plugin-3.1.4
  • 0df7304 Enable GitHub Issues
  • 2fda8ce Bump resolverVersion from 1.9.18 to 1.9.22
  • 57b57dd [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
  • 6894c0d PR Automation only on close event
  • d97234c Bump org.mockito:mockito-core from 4.8.1 to 4.11.0
  • f8aa35e Bump mavenVersion from 3.9.6 to 3.9.9
  • e2c6c78 Add release-drafter, PR automation
  • ef37684 Remove unused method
  • dcf39a0 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates org.apache.maven.plugins:maven-deploy-plugin from 3.1.3 to 3.1.4

Release notes

Sourced from org.apache.maven.plugins:maven-deploy-plugin's releases.

3.1.4

🚀 New features and improvements

📦 Dependency updates

👻 Maintenance

Commits
  • 538c67c [maven-release-plugin] prepare release maven-deploy-plugin-3.1.4
  • 6dd30b3 Enable GitHub Issues
  • 39f204c Bump resolverVersion from 1.9.18 to 1.9.22
  • 65c05b7 PR Automation only on close event
  • 69b6824 [MNGSITE-529] Rename "Goals" to "Plugin Documentation"
  • 66b357b Bump mavenVersion from 3.9.6 to 3.9.9
  • 386fcf9 Release drafter configuration and PR Automation
  • 2173944 Fix IT deploy-bom for Maven rc-2
  • 424f215 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates com.guardsquare:proguard-core from 9.1.7 to 9.1.8

Release notes

Sourced from com.guardsquare:proguard-core's releases.

9.1.8

Improved

  • Improve runtime of BamTransferRelation.
  • Add a method signature and descriptor parser in the new package proguard.classfile.attribute.signature.

Kotlin support

  • Add support for processing Kotlin 2.1 metadata.

API changes for the dataflow analysis code

This is a continuation of the API changes started in release 9.1.7.

  • Remove JvmValueBamCpaRun in order to simplify the utility code to run the analysis. ValueAnalyzer is the direct replacement, this class has the same behavior as JvmValueBamCpaRun, as long as analyze is called only once.
  • Remove JvmTaintMemoryLocationBamCpaRun in order to simplify the utility code to run the analysis. TaintAnalyzer is the direct replacement, this class has the same behavior as JvmTaintMemoryLocationBamCpaRun, as long as analyze is called only once.
  • Remove the CpaRun infrastructure.
  • Remove MapAbstractStateFactory, WrapperTransferRelation, and other classes that were only used with the tree heap model.
  • Remove StateNames and getStateByName.
  • Refactor several classes taking generic parameters for CfaEdge, CfaNode, and Signature, to not use the generic parameters anymore. They now default to JvmCfaEdge, JvmCfaNode, and MethodSignature.
  • Refactor CPA reached set, waitlist, operators, and all their dependant classes to be parametrized by the type of abstract states of the dataflow analysis. This allows to make the code safe at compile time and avoid unnecessary casts.
  • Move AbortOperator from being a parameter of CpaAlgorithm#run to the ConfigurableProgramAnalysis interface.
  • Move functionalities of LatticeAbstractState to AbstractState. Remove AbstractDomain since the abstract states can now perform directly the isLessOrEqual and join operations without the need of delegation.

Bugfixes

  • Fix semi-lattice properties of MultiTypedReferenceValue's generalize() method
  • Fix integers potentially being used as reference identifier during interprocedural value analysis. This could result in the analysis not reaching a fixed point.
  • Fix JvmTaintTransferRelation#propagateExtraTaints propagating taint incorrectly if the stack contains more than one element.
Commits
  • f7a90c7 Update github workflow
  • b0bbdd0 Add option to ExecutingInvocationUnit for reading non-final constant values
  • f613383 Add null checks for KotlinPropertyMetadata class
  • 61f3489 Fix array initialization matcher crashing when processing unreachable code
  • e9e67ab Avoid using integer reference identifiers during value analysis also for arrays
  • 550d0cd Fix bug in constructor taint propagation if the stack contains more than one ...
  • fed4d93 Move release note to correct PGC version
  • 28856c2 Fix integers potentially being used as reference identifier during interproce...
  • e3097d7 Improve release notes
  • 70401e0 Clean up InvalidSignatureCleaner using the new signature parser
  • Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter from 5.11.4 to 5.12.0

Release notes

Sourced from org.junit.jupiter:junit-jupiter's releases.

JUnit 5.12.0 = Platform 1.12.0 + Jupiter 5.12.0 + Vintage 5.12.0

See Release Notes.

New Contributors

Full Changelog: junit-team/junit5@r5.11.4...r5.12.0

JUnit 5.12.0-RC2 = Platform 1.12.0-RC2 + Jupiter 5.12.0-RC2 + Vintage 5.12.0-RC2

See Release Notes.

Full Changelog: junit-team/junit5@r5.12.0-RC1...r5.12.0-RC2

JUnit 5.12.0-RC1 = Platform 1.12.0-RC1 + Jupiter 5.12.0-RC1 + Vintage 5.12.0-RC1

See Release Notes.

Full Changelog: junit-team/junit5@r5.12.0-M1...r5.12.0-RC1

JUnit 5.12.0-M1 = Platform 1.12.0-M1 + Jupiter 5.12.0-M1 + Vintage 5.12.0-M1

See Release Notes.

New Contributors

... (truncated)

Commits
  • 2750b04 Release 5.12.0
  • 9615490 Update log suppressions for tests
  • 0a8d65b Remove duplicated reference to SimpleArgumentConverter
  • cafbcdb Update open-test-reporting to 0.2.0
  • ed1773c Fix version references to be 1.x in Platform and 5.x in Jupiter
  • 1d2f982 Update open-test-reporting to 0.2.0-M3
  • 2b6bab5 Fix indentation
  • d1929bb Merge 5.12.0 release notes
  • 9b7a3c4 Back to snapshots for further development
  • a410c92 Release 5.12.0-RC2
  • Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 0.10.4 to 0.10.5

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.10.5

What's Changed

New Contributors

Full Changelog: graalvm/native-build-tools@0.10.4...0.10.5

Commits
  • 73a120a update NBT version
  • 4de061c Upgrade Maven dependencies
  • c09540e Add missing changelog entries
  • b33d4d1 Add missing changelog
  • aaf5a6a Update reachability metadata repository version
  • 1ca198d Fix build failure
  • e0200c1 Parse JSON with openjson
  • 650ec33 Merge pull request #681 from graalvm/bug/sbom-integration-test-jackson
  • 62ef1fe Fix type issue in SBOM integration test
  • d6697e5 Add warning about toolchains
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.18.2 to 2.18.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the maven group with 8 updates
a979b33 
Bumps the maven group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | `2.44.2` | `2.44.3` |
| [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.13.0` | `3.14.0` |
| [org.apache.maven.plugins:maven-install-plugin](https://github.com/apache/maven-install-plugin) | `3.1.3` | `3.1.4` |
| [org.apache.maven.plugins:maven-deploy-plugin](https://github.com/apache/maven-deploy-plugin) | `3.1.3` | `3.1.4` |
| [com.guardsquare:proguard-core](https://github.com/Guardsquare/proguard-core) | `9.1.7` | `9.1.8` |
| [org.junit.jupiter:junit-jupiter](https://github.com/junit-team/junit5) | `5.11.4` | `5.12.0` |
| [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools) | `0.10.4` | `0.10.5` |
| [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) | `2.18.2` | `2.18.3` |


Updates `com.diffplug.spotless:spotless-maven-plugin` from 2.44.2 to 2.44.3
- [Release notes](https://github.com/diffplug/spotless/releases)
- [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md)
- [Commits](diffplug/spotless@maven/2.44.2...maven/2.44.3)

Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.13.0 to 3.14.0
- [Release notes](https://github.com/apache/maven-compiler-plugin/releases)
- [Commits](apache/maven-compiler-plugin@maven-compiler-plugin-3.13.0...maven-compiler-plugin-3.14.0)

Updates `org.apache.maven.plugins:maven-install-plugin` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/apache/maven-install-plugin/releases)
- [Commits](apache/maven-install-plugin@maven-install-plugin-3.1.3...maven-install-plugin-3.1.4)

Updates `org.apache.maven.plugins:maven-deploy-plugin` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/apache/maven-deploy-plugin/releases)
- [Commits](apache/maven-deploy-plugin@maven-deploy-plugin-3.1.3...maven-deploy-plugin-3.1.4)

Updates `com.guardsquare:proguard-core` from 9.1.7 to 9.1.8
- [Release notes](https://github.com/Guardsquare/proguard-core/releases)
- [Commits](Guardsquare/proguard-core@v9.1.7...v9.1.8)

Updates `org.junit.jupiter:junit-jupiter` from 5.11.4 to 5.12.0
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](junit-team/junit5@r5.11.4...r5.12.0)

Updates `org.graalvm.buildtools:native-maven-plugin` from 0.10.4 to 0.10.5
- [Release notes](https://github.com/graalvm/native-build-tools/releases)
- [Commits](graalvm/native-build-tools@0.10.4...0.10.5)

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.18.2 to 2.18.3
- [Commits](https://github.com/FasterXML/jackson/commits)

---
updated-dependencies:
- dependency-name: com.diffplug.spotless:spotless-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-compiler-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-install-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.apache.maven.plugins:maven-deploy-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: com.guardsquare:proguard-core
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: org.junit.jupiter:junit-jupiter
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.graalvm.buildtools:native-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 1, 2025
eamonnmcmanus
eamonnmcmanus requested changes Mar 1, 2025
View reviewed changes
Copy link
Member

@eamonnmcmanus eamonnmcmanus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know what the test failure means, but apparently this PR is not safe to merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eamonnmcmanus eamonnmcmanus eamonnmcmanus requested changes

@Marcono1234 Marcono1234 Awaiting requested review from Marcono1234

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@eamonnmcmanus