Bump the dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the dependencies group with 9 updates in the / directory:

Package	From	To
com.github.dasniko:testcontainers-keycloak	3.5.1	3.6.0
org.apache.commons:commons-csv	1.12.0	1.13.0
org.jooq:jooq	3.19.16	3.19.18
org.jooq:jooq-codegen	3.19.16	3.19.18
org.jooq:jooq-meta	3.19.16	3.19.18
org.liquibase:liquibase-core	4.30.0	4.31.0
org.postgresql:postgresql	42.7.4	42.7.5
com.diffplug.spotless:spotless-maven-plugin	2.43.0	2.44.2
org.owasp:dependency-check-maven	11.1.1	12.0.1

Updates com.github.dasniko:testcontainers-keycloak from 3.5.1 to 3.6.0

Release notes

Sourced from com.github.dasniko:testcontainers-keycloak's releases.

v3.6.0

What's Changed

• Add configuration to disable bootstrap of admin account by @​marioschlipf in dasniko/testcontainers-keycloak#165

New Contributors

• @​marioschlipf made their first contribution in dasniko/testcontainers-keycloak#165

Full Changelog: dasniko/testcontainers-keycloak@3.5.1...3.6.0

Commits

• 2ef9fe9 [maven-release-plugin] prepare release 3.6.0
• 6e64806 adjust readme to new version
• f50a84b upgrade to Keycloak 26.1
• be484a4 chore: update deps
• 2b0deaa exclude slf4j impl collision
• db1cb62 Add configuration to disable bootstrap of admin account (#165)
• 6221e6d improve info about version compatibility
• 8989201 improve info about version compatibility
• 96cb12d update readme
• 9fd1300 exclude javax.* dependencies introduced by shrinkwrap update
• Additional commits viewable in compare view

Updates org.apache.commons:commons-csv from 1.12.0 to 1.13.0

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV Version 1.13.0 Release Notes

This document contains the release notes for the 1.13.0 version of Apache Commons CSV. Commons CSV reads and writes files in variations of the Comma Separated Value (CSV) format.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version include:

New Features

• CSV-313: Add CSVPrinter.getRecordCount(). Thanks to Gary Gregory.

•       Add and use CSVParser.Builder and builder() and deprecate CSVParser constructors. Thanks to Gary Gregory.
  

•       CSVFormat.Builder implements Supplier<CSVFormat>. Thanks to Gary Gregory.
  

•       Deprecate CSVFormat.Builder.build() for get(). Thanks to Gary Gregory.
  

• CSV-196: Track byte position #502. Thanks to Yuzhan Jiang, Gary Gregory.

Fixed Bugs

• CSV-314: Required OSGi Import-Package version numbers in MANIFEST.MF #504. Thanks to Gary Gregory.
• CSV-314: CSVParser.nextRecord() should throw CSVException (an IOException subclass) instead of IOException and IllegalStateException, no method signature changes needed. Thanks to Gary Gregory.

Changes

•       Bump org.apache.commons:commons-parent from 76 to 78 [#486](https://github.com/apache/commons-csv/issues/486), [#495](https://github.com/apache/commons-csv/issues/495). Thanks to Gary Gregory, Dependabot.
  

•       Bump org.codehaus.mojo:taglist-maven-plugin from 3.1.0 to 3.2.1 [#493](https://github.com/apache/commons-csv/issues/493). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.17.0 to 2.18.0 [#505](https://github.com/apache/commons-csv/issues/505). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-codec:commons-codec from 1.17.1 to 1.17.2. Thanks to Gary Gregory.
  

•       Bump org.apache.commons:commons-parent from 78 to 79. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CSV website:

https://commons.apache.org/proper/commons-csv/

Download page: https://commons.apache.org/proper/commons-csv/download_csv.cgi

Have fun! -Apache Commons CSV team

... (truncated)

Commits

• f2f1cff Prepare for the next release candidate
• 732c2f8 Prepare for the next release candidate
• 02b398d Add Checstyle UnnecessaryParentheses
• 947c514 Add Checstyle SuperFinalize
• 4579bd3 Add Checstyle SuperClone
• a0ff618 Add Checstyle StringLiteralEquality
• f69526c Add Checstyle SimplifyBooleanReturn
• 81f9044 Add Checstyle SimplifyBooleanExpression
• 6afa33c Add Checstyle MultipleVariableDeclarations
• 114118c Add Checstyle IllegalInstantiation
• Additional commits viewable in compare view

Updates org.jooq:jooq from 3.19.16 to 3.19.18

Updates org.jooq:jooq-codegen from 3.19.16 to 3.19.18

Updates org.jooq:jooq-meta from 3.19.16 to 3.19.18

Updates org.jooq:jooq-codegen from 3.19.16 to 3.19.18

Updates org.jooq:jooq-meta from 3.19.16 to 3.19.18

Updates org.liquibase:liquibase-core from 4.30.0 to 4.31.0

Release notes

Sourced from org.liquibase:liquibase-core's releases.

Liquibase v4.31.0

Liquibase 4.31.0 is a major release

[!IMPORTANT] Liquibase 4.31.0 contains an expanded Checks Extension, and so the artifact size has increased.

[!NOTE] See the Liquibase 4.31.0 Release Notes for the complete set of release information.

Notable Changes

[PRO]

New Checks extension delivered in the box

• Policy Checks are undoubtedly one of Liquibase Pro's stickiest capabilities, for which we continually add database platforms, new checks, and customizations. But to get these developments, users would need to download and upgrade to the latest Liquibase. Not any more! With this new checks extension, you can deploy the latest Policy Checks powers by optionally upgrading just the Check Extension on your cadence. Conveniently, this extension is delivered "in the box" at /internal/extensions, so you do not have to change anything about your current Policy Checks workflow.
• Learn more https://docs.liquibase.com/pro-extensions

Other Checks Enhancements

• Pro users can suppress sql in reports with the new global property: --reports-suppress-sql=true
• New checks-settings files can be created without CLI prompts by adding --force to checks show command
• By popular demand, checks reports now show all checks run, including those not triggered.
• We simplified the custom python check creation flow by removing the single-answer prompts/
• Learn more https://docs.liquibase.com/policy-checks

[OSS]

Liquibase capability enhancements

• Changesets with entirely blank IDs will fail validation. This is a breaking change.
  • NOTE: Validation should not fail for changes that have already been ran. Changes that have been ran with an empty changeset id that are marked as runOnChange or runAlways WILL fail validation.
• Added changeset execution time to output and logs
• Added calculated checksum to output of calculate-checksum command
• Added two new command parameters to history command so users can better see tagged deployments without having to directly examine the DATABASECHANGELOG table
  • show-tags will return only tagged deployment history
  • tag-filter will return deployment history for a specific tag or group of tags
• If an XML changelog is generate-changelog and fails to validate, Liquibase will indicate where the codepoint where the XML failure is located.
• Added new Spring properties for Pro license key and to disable analytics

Java API Changes

• Added missing changeLogParameters argument to generateChangeLog, calculateCheckSum, doChangeLogSyncSql, and changeLogSync

[PRO] Changelog

🚀 New Features

... (truncated)

Changelog

Sourced from org.liquibase:liquibase-core's changelog.

Liquibase 4.31.0 is a major release

[!NOTE] See the Liquibase 4.31.0 Release Notes for the complete set of release information.

[PRO] Changelog

New Features

• DAT-19388 [DevOps] Fix terraform executable in GH in liquibase/liquibase-pro#2109 by @​jandroav
• DAT-18519: Reverting cloneTable generic changeType in liquibase/liquibase-pro#2068 by @​SvampX
• DAT-19302: combined dependabot PRs in liquibase/liquibase-pro#2093 by @​StevenMassaro
• feat: light build script to be triggered by liquibase oss builds in liquibase/liquibase-pro#2082 by @​filipelautert
• DAT-19268 Remove stubs and test associated test files in liquibase/liquibase-pro#2083 by @​wwillard7800
• DAT-19242: Update error messaging for stub checks commands in liquibase/liquibase-pro#2081 by @​abrackx
• DAT-19049 Complete work to move all checks-related code to a new extension in liquibase/liquibase-pro#2066 by @​wwillard7800
• DAT-19000: added 'cloneTable' changetype with no supported databases in liquibase/liquibase-pro#2064 by @​SvampX
• DAT-17940: optionally suppress SQL in reports in liquibase/liquibase-pro#2036 by @​StevenMassaro
• add PRO_LICENSE_KEY to liquibase-aws-extension in liquibase/liquibase-pro#2058 by @​sayaliM0412
• DAT-18892: create checks show files without prompting in liquibase/liquibase-pro#2050 by @​StevenMassaro
• DAT-18129: update checks run output for checks that are disabled but requested to be run in liquibase/liquibase-pro#2049 by @​StevenMassaro
• DAT-18777 Add a snippet of the matching SQL to the console output in liquibase/liquibase-pro#2020 by @​wwillard7800
• DAT-18868: Include successful checks in checks run report "Details by Check" section in liquibase/liquibase-pro#2048 by @​abrackx
• DAT-17901 Pass the database instance in the scope for changelog parsing in liquibase/liquibase-pro#2042 by @​wwillard7800
• DAT-18780: Add messaging for scripts that cannot execute when using MaxAffected checks in liquibase/liquibase-pro#2039 by @​abrackx
• DAT-18793: replace slf4j-simple with slf4j-nop in liquibase/liquibase-pro#2038 by @​StevenMassaro
• [PRO license rotation] Fixed typo for yugabyte repo in liquibase/liquibase-pro#2047 by @​jandroav
• DAT-18836 - CPC: database scope checks should not ask "requires snapshot" in liquibase/liquibase-pro#2041 by @​filipelautert
• DAT-15504: Migrate init project to core in liquibase/liquibase-pro#2004 by @​abrackx
• DAT-18328 Update to match core for stripComments in modifyChangeSets in liquibase/liquibase-pro#1981 by @​wwillard7800
• DAT-18841 Do not prompt for script type with CPC in liquibase/liquibase-pro#2027 by @​wwillard7800
• DAT-10610 Added a flag to help trim down exception logging in liquibase/liquibase-pro#1997 by @​wwillard7800

Bug Fixes

• DAT-19045: fix string wrapping when it contains newlines in liquibase/liquibase-pro#2104 by @​StevenMassaro
• DAT-19241 Help fixes for the stubs in liquibase/liquibase-pro#2077 by @​wwillard7800
• DAT-18842 Fix issue where we were passing the wrong argument to the executor in liquibase/liquibase-pro#2006 by @​wwillard7800

Security, Driver and Other Updates

• Bump actions/setup-python from 5.1.0 to 5.3.0 in liquibase/liquibase-pro#2008 by @​dependabot bot
• Bump com.github.jsqlparser:jsqlparser from 4.9 to 5.0 in liquibase/liquibase-pro#1866 by @​dependabot bot
• Revert "Bump com.github.jsqlparser:jsqlparser from 4.9 to 5.0" in liquibase/liquibase-pro#2044 by @​StevenMassaro

[OSS] Changelog

New Features

... (truncated)

Commits

• 11ef37b DAT-19398 DevOps :: Fix Liquibase Checks versioning in the tarball to match t...
• 9ff9bef chore: FILES FOR 4.31.0 RELEASE (#6637)
• 509e575 Handle @ symbol when executing PostgreSQL SET SEARCH_PATH (#6630)
• 26b1294 DAT-18331 PRO: integrate checks extension into tarball/zip, not mac os dmg in...
• d4250c0 undo UUID-ing of deployment ID (DAT-19367) (#6629)
• 4cd3509 liquibase-maven-plugin: Allow null arguments to `ConfiguredValueModifierFac...
• e68abdc DAT-19082: Fix issue with losing changed datatype attributes when one datatyp...
• 40ef1af chore: rollback test count changes as they are failing for master (#6624)
• 4ac1250 fix: test counts in master (#6623)
• 2f474fb Implement logic to selectively include/exclude columns in generate-changelog ...
• Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.4 to 42.7.5

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.5

Changes

• update changelogs and increment version in gradle.properties for release @​davecramer (#3478)
• regression: revert change in pgjdbc/pgjdbc@fc60537 @​davecramer (#3476)
• Fix PgDatabaseMetaData implementation of catalog as param and return value @​SophiahHo (#3390)
• Support default GSS credentials in the Java Postgres client @​nrhall (#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover @​vlsi (#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 (#3432) @​damienb-opt (#3446)
• fix: exclude "include columns" from the list of primary keys @​priteshranjan01 (#3434)
• Enhance the meta query performance by specifying the oid. @​dh-cloud (#3427)
• feat: support getObject(int, byte[].class) for bytea @​anesterenok (#3274)
• docs: document infinity and some minor edits @​davecramer (#3407)
• Added way to check for major server version, fixed check for RULE @​davecramer (#3402)
• fixed remaining paragraphs @​Zopsss (#3398)
• fixed paragraphs in javadoc comments @​Zopsss (#3397)
• Reuse buffers and reduce allocations in GSSInputStream addresses Issue #3251 @​davecramer (#3255)
• chore: Update Gradle to 8.10.2 @​jorsol (#3388)
• ci: Test with Java 23 @​jorsol (#3381)
• Fix getSchemas() @​SophiahHo (#3386)
• Update rpm postgresql-jdbc.spec.tpl with scram-client @​jorsol (#3324)
• Clearing thisRow and rowBuffer on close() of ResultSet @​reallyinsane (#3384)
• Package was renamed to maven-bundle-plugin @​ljavorsk (#3382)
• As of version 18 the RULE privilege has been removed @​davecramer (#3378)
• fix: use buffered inputstream to create GSSInputStream @​Sasasu (#3373)
• get rid of 8.4, 9.0 pg versions and use >= jdk version 17 @​davecramer (#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name @​MohanadKh03 (#3363)
• Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest @​nvanbenschoten (#3364)
• try to categorize dependencies @​davecramer (#3362)

⬆️ Dependencies

• chore(deps): update dependency gradle to v8.12 @​renovate-bot (#3473)
• chore(deps): update codecov/codecov-action digest to adfacf2 @​renovate-bot (#3468)
• chore(deps): update dependency sbt/sbt to v1.10.7 @​renovate-bot (#3470)
• fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15 @​renovate-bot (#3471)
• fix(deps): update junit5 monorepo to v5.11.4 @​renovate-bot (#3472)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.0 @​renovate-bot (#3469)
• chore(deps): update plugin biz.aqute.bnd.builder to v7.1.0 @​renovate-bot (#3455)
• chore(deps): update dependency gradle to v8.11.1 @​renovate-bot (#3454)
• chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.6 @​renovate-bot (#3452)
• chore(deps): update dependency sbt/sbt to v1.10.6 @​renovate-bot (#3453)
• chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.0 @​renovate-bot (#3456)
• chore(deps): update codecov/codecov-action digest to 015f24e @​renovate-bot (#3438)
• chore(deps): update dependency sbt/sbt to v1.10.5 @​renovate-bot (#3439)
• chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.4 @​renovate-bot (#3440)
• fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.0.26 @​renovate-bot (#3441)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.5] (2025-01-14 08:00:00 -0400)

Added

• ci: Test with Java 23 [PR #3381](pgjdbc/pgjdbc#3381)

Fixed

• regression: revert change in fc60537 [PR #3476](pgjdbc/pgjdbc#3476)
• fix: PgDatabaseMetaData implementation of catalog as param and return value [PR #3390](pgjdbc/pgjdbc#3390)
• fix: Support default GSS credentials in the Java Postgres client [PR #3451](pgjdbc/pgjdbc#3451)
• fix: return only the transactions accessible by the current_user in XAResource.recover [PR #3450](pgjdbc/pgjdbc#3450)
• feat: don't force send extra_float_digits for PostgreSQL >= 12 fix [Issue #3432](pgjdbc/pgjdbc#3432) [PR #3446](pgjdbc/pgjdbc#3446)
• fix: exclude "include columns" from the list of primary keys [PR #3434](pgjdbc/pgjdbc#3434)
• perf: Enhance the meta query performance by specifying the oid. [PR #3427](pgjdbc/pgjdbc#3427)
• feat: support getObject(int, byte[].class) for bytea [PR #3274](pgjdbc/pgjdbc#3274)
• docs: document infinity and some minor edits [PR #3407](pgjdbc/pgjdbc#3407)
• fix: Added way to check for major server version, fixed check for RULE [PR #3402](pgjdbc/pgjdbc#3402)
• docs: fixed remaining paragraphs [PR #3398](pgjdbc/pgjdbc#3398)
• docs: fixed paragraphs in javadoc comments [PR #3397](pgjdbc/pgjdbc#3397)
• fix: Reuse buffers and reduce allocations in GSSInputStream addresses [Issue #3251](pgjdbc/pgjdbc#3251) [PR #3255](pgjdbc/pgjdbc#3255)
• chore: Update Gradle to 8.10.2 [PR #3388](pgjdbc/pgjdbc#3388)
• fix: getSchemas() [PR #3386](pgjdbc/pgjdbc#3386)
• fix: Update rpm postgresql-jdbc.spec.tpl with scram-client [PR #3324](pgjdbc/pgjdbc#3324)
• fix: Clearing thisRow and rowBuffer on close() of ResultSet [Issue #3383](pgjdbc/pgjdbc#3383) [PR #3384](pgjdbc/pgjdbc#3384)
• fix: Package was renamed to maven-bundle-plugin [PR #3382](pgjdbc/pgjdbc#3382)
• fix: As of version 18 the RULE privilege has been removed [PR #3378](pgjdbc/pgjdbc#3378)
• fix: use buffered inputstream to create GSSInputStream [PR #3373](pgjdbc/pgjdbc#3373)
• test: get rid of 8.4, 9.0 pg versions and use >= jdk version 17 [PR #3372](pgjdbc/pgjdbc#3372)
• Changed docker-compose version and renamed script file in instructions to match the real file name [PR #3363](pgjdbc/pgjdbc#3363)
• test:Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest [PR #3364](pgjdbc/pgjdbc#3364)
• try to categorize dependencies [PR #3362](pgjdbc/pgjdbc#3362)

Commits

• 94a1693 update changelogs and increment version in gradle.properties for release (#3478)
• ce54dfd chore: replace deprecated kotlinOptions with a replacement API
• 398029e chore: avoid failure in osgi-test/onlyIf if -PjdkBuildVersion is missing at t...
• 7245443 test: skip :pgjdbc-osgi-test:test when runnning tests with Java 8
• 7747527 chore(deps): update dependency gradle to v8.12
• bb07a4b chore(deps): update codecov/codecov-action digest to adfacf2
• f545514 chore(deps): update dependency sbt/sbt to v1.10.7
• 45df56c fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15
• b87e106 fix(deps): update junit5 monorepo to v5.11.4
• 5603477 fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.p...
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 2.43.0 to 2.44.2

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.44.2

• Eclipse-based tasks can now handle parallel configuration (#2389)

Maven Plugin v2.44.1

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

Maven Plugin v2.44.0

Headline changes

• The long 2.44.0.BETAX period is finally over (sorry, there was a problem in Gradle land).
• Spotless now supports linting in addition to formatting.
  • help wanted: maven api to suppress lints

Changed

• Bump default ktlint version to latest 1.3.0 -> 1.4.0. (#2314)
• Bump default jackson version to latest 2.18.0 -> 2.18.1. (#2319)
• Bump default ktfmt version to latest 0.52 -> 0.53. (#2320)
• Bump default ktlint version to latest 1.4.0 -> 1.5.0. (#2354)
• Bump minimum eclipse-cdt version to 11.0 (removed support for 10.7). (#2373)
• Bump default eclipse version to latest 4.32 -> 4.34. (#2381)

Fixed

• You can now use removeUnusedImports and googleJavaFormat at the same time again. (fixes #2159)
• The default list of type annotations used by formatAnnotations now includes Jakarta Validation's Valid and constraints validations (fixes #2334)

Maven Plugin v2.44.0.BETA4

Added

• Support for line ending policy PRESERVE which just takes the first line ending of every given file as setting (no matter if \n, \r\n or \r) (#2304)

Fixed

• ktlint steps now read from the string instead of the file so they don't clobber earlier steps. (fixes #1599)

Maven Plugin v2.44.0.BETA3

Added

• Support for rdf (#2261)
• Support for buf (#2291)

Changed

• Leverage local repository for Equo P2 cache. (#2238)
• Add explicit support for CSS via biome. Formatting CSS via biome was already supported as a general formatting step. Biome supports formatting CSS as of 1.8.0 (experimental, opt-in) and 1.9.0 (stable). (#2259)
• Bump default google-java-format version to latest 1.23.0 -> 1.24.0. (#2294)
• Bump default jackson version to latest 2.17.2 -> 2.18.0. (#2279)
• Bump default cleanthat version to latest 2.21 -> 2.22. (#2296)

Fixed

• Java import order, ignore duplicate group entries. (#2293)

Maven Plugin v2.44.0.BETA2

Changed

• Support toning down sortPom logging. (#2185)
• Bump default ktlint version to latest 1.2.1 -> 1.3.0. (#2165)
• Bump default ktfmt version to latest 0.49 -> 0.52. (#2172, #2231)
• Rename property ktfmt option removeUnusedImport -> removeUnusedImports to match ktfmt. (#2172)

... (truncated)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

spotless-lib and spotless-lib-extra releases

If you are a Spotless user (as opposed to developer), then you are probably looking for:

• https://github.com/diffplug/spotless/blob/main/plugin-gradle/CHANGES.md
• https://github.com/diffplug/spotless/blob/main/plugin-maven/CHANGES.md

This document is intended for Spotless developers.

We adhere to the keepachangelog format (starting after version 1.27.0).

[Unreleased]

[3.0.2] - 2025-01-14

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

[3.0.0] - 2025-01-06

Headline changes

• All steps now support roundtrip serialization (end of #987).
• Spotless now supports linting in addition to formatting.

Changed

• Allow setting Eclipse config from a string, not only from files (#2337)
• Bump default ktlint version to latest 1.3.0 -> 1.4.0. (#2314)
• Add Sort Members feature based on Eclipse JDT implementation. (#2312)
• Bump default jackson version to latest 2.18.0 -> 2.18.1. (#2319)
• Bump default ktfmt version to latest 0.52 -> 0.53. (#2320)
• Bump default ktlint version to latest 1.4.0 -> 1.5.0. (#2354)
• Bump minimum eclipse-cdt version to 11.0 (removed support for 10.7). (#2373)
• Bump default eclipse version to latest 4.32 -> 4.34. (#2381)

Fixed

• You can now use removeUnusedImports and googleJavaFormat at the same time again. (fixes #2159)
• The default list of type annotations used by formatAnnotations now includes Jakarta Validation's Valid and constraints validations (fixes #2334)

[3.0.0.BETA4] - 2024-10-24

Added

• APIs to support linting. (implemented in #2148, #2149, #2307)
  • Spotless is still primarily a formatter, not a linter. But when formatting fails, it's more flexible to model those failures as lints so that the formatting can continue and ideally we can also capture the line numbers causing the failure.
  • Lint models a single change. A FormatterStep can create a lint by:
    • throwing an exception during formatting, ideally throw Lint.atLine(127, "code", "Well what happened was...")
    • or by implementing the List<Lint> lint(String content, File file) method to create multiple of them
• Support for line ending policy PRESERVE which just takes the first line ending of every given file as setting (no matter if \n, \r\n or \r) (#2304)

Changed

... (truncated)

Commits

• 6d03aed Published maven/2.44.2
• 20e2f5a Published gradle/7.0.2
• 37c85b8 Published lib/3.0.2
• b8b4efc Fix eclipse-based parallel downloads (#2396 fixes #2389)
• b401228 Update changelogs.
• 3727dfa Fix deprecations in the Spotless build.
• 77c480e Bump equo versions to latest, which fixes parallel downloads.
• b50fcaf fix: workaround for NPM configuration cache (#2390 fixes #2372)
• f77aead Update plugin com.github.spotbugs to v6.1.0 (#2393)
• 4c9e39a Update plugin com.github.spotbugs to v6.1.0
• Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 11.1.1 to 12.0.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.0.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Version 12.0.0

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.0.1 (2025-01-19)

• docs: Fix OSS Index Maven config documentation (#7322)
• Fix OSS Index Maven config documentation
• chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule (#7307)
• chore(docs): Correct analyzers config example to use Gradle dot-syntax (#7305)
• fix: improve error message on improperly configured serverId credentials in settings.xml (#7313)
• fix: Lower Basic serverId when Bearer was expected to a warning
• fix: improve error message on improperly configured serverId credentials
• fix: Correct nonProxyHosts support when no sys properties set (#7306)
• core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration
• core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support
• fix: Correct nonProxyHosts support when no sys properties set
• chore(docs): Correct analyzers config example to use Gradle dot-syntax

See the full listing of changes.

Version 12.0.0 (2025-01-11)

• feat: report on CVSS v4 (#7204)
• feat: show from which dependency the CVE comes in failure report (#7224)
• feat: Use Maven settings decryption API for decrypting secrets from settings.xml (#7284)
• feat: Extend authentication to support Bearer token for many resources (#7277)
• feat: Add a flag to fail when one or more suppression rules are not used (#7244)
• fix: add product evidence as vendor to reduce FN (#7295)
• fix: Make the HTTP-Client use pre-emptive authentication (#7255)
• fix: Add the missing proxy credentials for suppressionFileUser/Password authentication scenario
• fix: increase max retry count (#7252)
• fix: Make the HTTP-Client use pre-emptive authentication for configured server credentials and extend HTTPClient usage to Nexus search
• fix: Tranform into UTC the last modified date from database (#7222)

See the full listing of changes.

Commits

• eee5b46 build: prepare release v12.0.1
• 8f76b42 docs: prepare release
• 9424f85 build(deps): bump org.sonatype.goodies:package-url-java from 1.1.1 to 1.2.0 (...
• c5e6bce build(deps): bump org.apache.maven.plugins:maven-artifact-plugin from 3.5.3 t...
• 7181e6a build(deps): bump joda-time:joda-time from 2.10.4 to 2.13.0 (#7300)
• 2c7b19b build(deps-dev): bump io.netty:netty-codec-http from 4.1.115.Final to 4.1.117...
• 9502f82 build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine (#7323)
• eb6be01 docs: Fix OSS Index Maven config documentation (#7322)
• 7485f9f build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine
• d883343 Fix OSS Index Maven config documentation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[hylkevds]

@dependabot rebase