From f98c38bad688caf6077dccd8a00b5241f1d702ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 08:08:53 +0100
Subject: [PATCH 01/13] chore(ci): bump org.apache.maven:maven-api-meta (#902)

Bumps org.apache.maven:maven-api-meta from 4.0.0-beta-5 to 4.0.0-rc-1.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-api-meta
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6f3e9c9e..dbca67ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -142,7 +142,7 @@
             <dependency>
                 <groupId>org.apache.maven</groupId>
                 <artifactId>maven-api-meta</artifactId>
-                <version>4.0.0-beta-5</version>
+                <version>4.0.0-rc-1</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>

From 7b43e0f07c03f04e3d8bbf830220a682016c88d3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Dec 2024 08:09:06 +0100
Subject: [PATCH 02/13] chore(ci): bump org.apache.maven:maven-api-xml (#903)

Bumps org.apache.maven:maven-api-xml from 4.0.0-beta-5 to 4.0.0-rc-1.

---
updated-dependencies:
- dependency-name: org.apache.maven:maven-api-xml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index dbca67ce..e3479b60 100644
--- a/pom.xml
+++ b/pom.xml
@@ -148,7 +148,7 @@
             <dependency>
                 <groupId>org.apache.maven</groupId>
                 <artifactId>maven-api-xml</artifactId>
-                <version>4.0.0-beta-5</version>
+                <version>4.0.0-rc-1</version>
                 <scope>provided</scope>
             </dependency>
             <dependency>

From 3a2a8031b9bb0db9ae2ac76f418b068ddab6a850 Mon Sep 17 00:00:00 2001
From: Tim te Beek <tim@moderne.io>
Date: Tue, 3 Dec 2024 19:35:06 +0100
Subject: [PATCH 03/13] Update ConfigurableRewriteMojo.java to parse .lock
 files as plaintext

---
 src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java b/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java
index c9af3381..32cda2aa 100644
--- a/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java
+++ b/src/main/java/org/openrewrite/maven/ConfigurableRewriteMojo.java
@@ -142,6 +142,7 @@ protected Set<String> getPlainTextMasks() {
                 "**/*.jelly",
                 "**/*.jsp",
                 "**/*.ksh",
+                "**/*.lock",
                 "**/lombok.config",
                 "**/*.md",
                 "**/*.mf",

From cc727021547f347278cff7de941f4f6c9939d406 Mon Sep 17 00:00:00 2001
From: Tim te Beek <tim@moderne.io>
Date: Fri, 6 Dec 2024 16:29:59 +0100
Subject: [PATCH 04/13] Update pom.xml to target 5.46.2 next

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e3479b60..af9e95e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>org.openrewrite.maven</groupId>
     <artifactId>rewrite-maven-plugin</artifactId>
-    <version>5.47.0-SNAPSHOT</version>
+    <version>5.46.2-SNAPSHOT</version>
     <packaging>maven-plugin</packaging>
 
     <name>rewrite-maven-plugin</name>

From ceefa39e0713f9915dfa8c408de1d8b257a7863e Mon Sep 17 00:00:00 2001
From: "team-moderne[bot]" <team@moderne.io>
Date: Fri, 6 Dec 2024 15:30:33 +0000
Subject: [PATCH 05/13] Bump rewrite.version properties

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index af9e95e9..d77a310c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,8 +62,8 @@
 
     <properties>
         <!-- Pinned versions, as RELEASE would make it into the published pom.xml -->
-        <rewrite.version>8.42.0-SNAPSHOT</rewrite.version>
-        <rewrite.kotlin.version>1.24.0-SNAPSHOT</rewrite.kotlin.version>
+        <rewrite.version>8.41.2</rewrite.version>
+        <rewrite.kotlin.version>1.23.1</rewrite.kotlin.version>
 
         <!-- using 'ssh' url scheme by default, which assumes a human is performing git operations leveraging an ssh key -->
         <developerConnectionUrl>scm:git:ssh://git@github.com/openrewrite/rewrite-maven-plugin.git

From 15681db60f27afd13a0fc6181569d94baeffe3a2 Mon Sep 17 00:00:00 2001
From: "team-moderne[bot]" <team@moderne.io>
Date: Fri, 6 Dec 2024 15:31:00 +0000
Subject: [PATCH 06/13] [maven-release-plugin] prepare release v5.46.2

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index d77a310c..557a5181 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>org.openrewrite.maven</groupId>
     <artifactId>rewrite-maven-plugin</artifactId>
-    <version>5.46.2-SNAPSHOT</version>
+    <version>5.46.2</version>
     <packaging>maven-plugin</packaging>
 
     <name>rewrite-maven-plugin</name>
@@ -41,7 +41,7 @@
         <connection>scm:git:https://github.com/openrewrite/rewrite-maven-plugin.git</connection>
         <developerConnection>${developerConnectionUrl}</developerConnection>
         <url>https://github.com/openrewrite/rewrite-maven-plugin/tree/main</url>
-        <tag>HEAD</tag>
+        <tag>v5.46.2</tag>
     </scm>
 
     <issueManagement>

From 8ff61d6ab7de203890b0e1e37a9b037e4ef98368 Mon Sep 17 00:00:00 2001
From: "team-moderne[bot]" <team@moderne.io>
Date: Fri, 6 Dec 2024 15:31:01 +0000
Subject: [PATCH 07/13] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 557a5181..66b340c9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>org.openrewrite.maven</groupId>
     <artifactId>rewrite-maven-plugin</artifactId>
-    <version>5.46.2</version>
+    <version>5.47.0-SNAPSHOT</version>
     <packaging>maven-plugin</packaging>
 
     <name>rewrite-maven-plugin</name>
@@ -41,7 +41,7 @@
         <connection>scm:git:https://github.com/openrewrite/rewrite-maven-plugin.git</connection>
         <developerConnection>${developerConnectionUrl}</developerConnection>
         <url>https://github.com/openrewrite/rewrite-maven-plugin/tree/main</url>
-        <tag>v5.46.2</tag>
+        <tag>HEAD</tag>
     </scm>
 
     <issueManagement>

From 127c1d2e124c8dfc3b92616374b177fa9b84d050 Mon Sep 17 00:00:00 2001
From: "team-moderne[bot]" <team@moderne.io>
Date: Fri, 6 Dec 2024 15:32:43 +0000
Subject: [PATCH 08/13] Bump rewrite.version properties

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 66b340c9..e3479b60 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,8 +62,8 @@
 
     <properties>
         <!-- Pinned versions, as RELEASE would make it into the published pom.xml -->
-        <rewrite.version>8.41.2</rewrite.version>
-        <rewrite.kotlin.version>1.23.1</rewrite.kotlin.version>
+        <rewrite.version>8.42.0-SNAPSHOT</rewrite.version>
+        <rewrite.kotlin.version>1.24.0-SNAPSHOT</rewrite.kotlin.version>
 
         <!-- using 'ssh' url scheme by default, which assumes a human is performing git operations leveraging an ssh key -->
         <developerConnectionUrl>scm:git:ssh://git@github.com/openrewrite/rewrite-maven-plugin.git

From ab0ed4b0a21fbc689b76966bf8a9daa5468ccc45 Mon Sep 17 00:00:00 2001
From: Philippe GRANET <philippe.granet@gmail.com>
Date: Sat, 7 Dec 2024 22:54:46 +0100
Subject: [PATCH 09/13] Ignore generated pom by maven-shade-plugin and
 ci-friendly-flatten-maven-plugin (#908)

* Ignore generated pom by maven-shade-plugin and ci-friendly-flatten-maven-plugin

* Collapse handling into a single `if`

---------

Co-authored-by: Tim te Beek <tim@moderne.io>
---
 .../org/openrewrite/maven/MavenMojoProjectParser.java  | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java b/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java
index 068de35f..20e5eead 100644
--- a/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java
+++ b/src/main/java/org/openrewrite/maven/MavenMojoProjectParser.java
@@ -646,12 +646,10 @@ private void collectPoms(MavenProject project, Set<Path> paths, MavenExecutionCo
 
     private static Path pomPath(MavenProject mavenProject) {
         Path pomPath = mavenProject.getFile().toPath();
-        // org.codehaus.mojo:flatten-maven-plugin produces a synthetic pom unsuitable for our purposes, use the regular pom instead
-        if (pomPath.endsWith(".flattened-pom.xml")) {
-            return mavenProject.getBasedir().toPath().resolve("pom.xml");
-        }
-        // org.eclipse.tycho:tycho-packaging-plugin:update-consumer-pom produces a synthetic pom
-        if (pomPath.endsWith(".tycho-consumer-pom.xml")) {
+        if (pomPath.endsWith(".flattened-pom.xml") ||// org.codehaus.mojo:flatten-maven-plugin
+                pomPath.endsWith("dependency-reduced-pom.xml") || // org.apache.maven.plugins:maven-shade-plugin
+                pomPath.endsWith(".ci-friendly-pom.xml") || // com.outbrain.swinfra:ci-friendly-flatten-maven-plugin
+                pomPath.endsWith(".tycho-consumer-pom.xml")) { // org.eclipse.tycho:tycho-packaging-plugin:update-consumer-pom
             Path normalPom = mavenProject.getBasedir().toPath().resolve("pom.xml");
             // check for the existence of the POM, since Tycho can work pom-less
             if (Files.isReadable(normalPom) && Files.isRegularFile(normalPom)) {

From 0461e146f931f6d8878dfe2f0528989ff7a438fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 08:18:50 +0100
Subject: [PATCH 10/13] chore(ci): bump
 org.apache.maven.plugins:maven-javadoc-plugin (#910)

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.11.1...maven-javadoc-plugin-3.11.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e3479b60..5b87898a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -449,7 +449,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.11.1</version>
+                <version>3.11.2</version>
                 <executions>
                     <execution>
                         <phase>prepare-package</phase>

From ae7fc301feff2a31be95f5a660b328a3b536f061 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 08:19:49 +0100
Subject: [PATCH 11/13] chore(ci): bump org.owasp:dependency-check-maven from
 11.1.0 to 11.1.1 (#911)

Bumps [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/jeremylong/DependencyCheck/releases)
- [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jeremylong/DependencyCheck/compare/v11.1.0...v11.1.1)

---
updated-dependencies:
- dependency-name: org.owasp:dependency-check-maven
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5b87898a..376ea0f6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -538,7 +538,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>11.1.0</version>
+                <version>11.1.1</version>
                 <configuration>
                     <nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
                     <failBuildOnCVSS>9</failBuildOnCVSS>

From 3bdfd97d7898a48d4bc2148616ba38a352617f0a Mon Sep 17 00:00:00 2001
From: Kyle Scully <scullykns@gmail.com>
Date: Wed, 11 Dec 2024 10:47:13 -0800
Subject: [PATCH 12/13] refactor: Remove expired suppressions (#906)

Use this link to re-run the recipe: https://app.moderne.io/recipes/org.openrewrite.java.dependencies.RemoveExpiredSuppressions?organizationId=T3BlblJld3JpdGU%3D

Co-authored-by: Moderne <team@moderne.io>
---
 suppressions.xml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/suppressions.xml b/suppressions.xml
index c6d18814..4d1ba437 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -43,13 +43,6 @@
         <cve>CVE-2023-2976</cve>
         <cve>CVE-2020-8908</cve>
     </suppress>
-    <suppress until="2024-10-27Z">
-        <notes><![CDATA[
-            file name: snappy-java-1.1.10.1.jar
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.xerial\.snappy/snappy\-java@.*$</packageUrl>
-        <cve>CVE-2023-43642</cve>
-    </suppress>
     <suppress until="2024-12-13Z">
         <notes><![CDATA[
             file name: rewrite-core-8.6.0-SNAPSHOT.jar (shaded: org.eclipse.jgit:org.eclipse.jgit:5.13.2.202306221912-r)

From eb07e2edcf4d8bca8696ff1ae4d6a044f4b99215 Mon Sep 17 00:00:00 2001
From: Tim te Beek <tim@moderne.io>
Date: Wed, 11 Dec 2024 19:53:21 +0100
Subject: [PATCH 13/13] Drop Jackson Kotlin module and dependency management
 for now (#907)

---
 pom.xml | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/pom.xml b/pom.xml
index 376ea0f6..eac60de9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -117,13 +117,6 @@
                 <scope>import</scope>
                 <type>pom</type>
             </dependency>
-            <dependency>
-                <groupId>org.jetbrains.kotlin</groupId>
-                <artifactId>kotlin-bom</artifactId>
-                <version>${kotlin.version}</version>
-                <scope>import</scope>
-                <type>pom</type>
-            </dependency>
             <dependency>
                 <groupId>io.rsocket</groupId>
                 <artifactId>rsocket-bom</artifactId>
@@ -223,10 +216,6 @@
             <artifactId>plexus-xml</artifactId>
             <version>4.0.4</version>
         </dependency>
-        <dependency>
-            <groupId>com.fasterxml.jackson.module</groupId>
-            <artifactId>jackson-module-kotlin</artifactId>
-        </dependency>
         <dependency>
             <groupId>io.micrometer.prometheus</groupId>
             <artifactId>prometheus-rsocket-client</artifactId>