Bump the build-dependencies group with 4 updates #4472

dependabot · 2025-01-21T02:52:53Z

Bumps the build-dependencies group with 4 updates: com.diffplug.spotless:spotless-maven-plugin, org.owasp:dependency-check-maven, org.assertj:assertj-core and org.postgresql:postgresql.

Updates com.diffplug.spotless:spotless-maven-plugin from 2.44.1 to 2.44.2

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Maven Plugin v2.44.2

Eclipse-based tasks can now handle parallel configuration (#2389)

Commits

6d03aed Published maven/2.44.2
20e2f5a Published gradle/7.0.2
37c85b8 Published lib/3.0.2
b8b4efc Fix eclipse-based parallel downloads (#2396 fixes #2389)
b401228 Update changelogs.
3727dfa Fix deprecations in the Spotless build.
77c480e Bump equo versions to latest, which fixes parallel downloads.
b50fcaf fix: workaround for NPM configuration cache (#2390 fixes #2372)
f77aead Update plugin com.github.spotbugs to v6.1.0 (#2393)
4c9e39a Update plugin com.github.spotbugs to v6.1.0
Additional commits viewable in compare view

Updates org.owasp:dependency-check-maven from 12.0.0 to 12.0.1

Release notes

Sourced from org.owasp:dependency-check-maven's releases.

Version 12.0.1

Refer to the CHANGELOG.md for information about improvements and upgrade notes.

Changelog

Sourced from org.owasp:dependency-check-maven's changelog.

Version 12.0.1 (2025-01-19)

docs: Fix OSS Index Maven config documentation (#7322)

Fix OSS Index Maven config documentation

chore(docs): Document Gradle plugin support for failBuildOnUnusedSuppressionRule (#7307)

chore(docs): Correct analyzers config example to use Gradle dot-syntax (#7305)

fix: improve error message on improperly configured serverId credentials in settings.xml (#7313)

fix: Lower Basic serverId when Bearer was expected to a warning

fix: improve error message on improperly configured serverId credentials

fix: Correct nonProxyHosts support when no sys properties set (#7306)

core(docs): Group failBuildOnUnusedSuppressionRule flag next to suppression file configuration

core(docs): Update Gradle plugin documentation for failBuildOnUnusedSuppressionRule support

fix: Correct nonProxyHosts support when no sys properties set

chore(docs): Correct analyzers config example to use Gradle dot-syntax

See the full listing of changes.

Commits

eee5b46 build: prepare release v12.0.1
8f76b42 docs: prepare release
9424f85 build(deps): bump org.sonatype.goodies:package-url-java from 1.1.1 to 1.2.0 (...
c5e6bce build(deps): bump org.apache.maven.plugins:maven-artifact-plugin from 3.5.3 t...
7181e6a build(deps): bump joda-time:joda-time from 2.10.4 to 2.13.0 (#7300)
2c7b19b build(deps-dev): bump io.netty:netty-codec-http from 4.1.115.Final to 4.1.117...
9502f82 build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine (#7323)
eb6be01 docs: Fix OSS Index Maven config documentation (#7322)
7485f9f build(deps): bump golang from 1.23.4-alpine to 1.23.5-alpine
d883343 Fix OSS Index Maven config documentation
Additional commits viewable in compare view

Updates org.assertj:assertj-core from 3.27.2 to 3.27.3

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.3

💥 Breaking Changes

Core

Revert "Propagate common basetype for the extracting method" #3737

The enhancement introduced with #3673 breaks existing code on Kotlin 1.9; therefore, it has been reverted.

As Spring Boot 3.4 currently supports Kotlin 1.9, we want to keep the same compatibility on AssertJ 3.x, while AssertJ 4.x will require Kotlin 2.x.

Existing code relying on the changes introduced with #3673 will no longer compile and should be refactored.

🐛 Bug Fixes

Core

Fix StandardRepresentation regression for unquoted strings #3735

⚡ Improvements

Core

Add Class info to class loading strategy failures #3746

❤️ Contributors

Thanks to all the contributors who worked on this release:

@ccrvincent

Commits

c928dd3 [maven-release-plugin] prepare release assertj-build-3.27.3
f308d95 Fix StandardRepresentation regression for unquoted strings (#3735)
e5959f4 Add Java and Kotlin release references
3eb809d Add Kotlin EAP reference
b39a8cf Add Kotlin 2.1.10-RC
e20e40d Add Class info to failure exception (#3746)
79b87f0 Revert "Propagate common basetype for the extracting method (#3673)" (#3737)
bf439b3 chore(deps): bump com.diffplug.spotless:spotless-maven-plugin from 2.43.0 to ...
30936ca Restructure Kotlin tests, add DisplayNameGenerator
b5b86cc Add Kotlin cross-version job (#3732)
Additional commits viewable in compare view

Updates org.postgresql:postgresql from 42.7.4 to 42.7.5

Release notes

Sourced from org.postgresql:postgresql's releases.

v42.7.5

Changes

update changelogs and increment version in gradle.properties for release @davecramer (#3478)

regression: revert change in pgjdbc/pgjdbc@fc60537 @davecramer (#3476)

Fix PgDatabaseMetaData implementation of catalog as param and return value @SophiahHo (#3390)

Support default GSS credentials in the Java Postgres client @nrhall (#3451)

fix: return only the transactions accessible by the current_user in XAResource.recover @vlsi (#3450)

feat: don't force send extra_float_digits for PostgreSQL >= 12 (#3432) @damienb-opt (#3446)

fix: exclude "include columns" from the list of primary keys @priteshranjan01 (#3434)

Enhance the meta query performance by specifying the oid. @dh-cloud (#3427)

feat: support getObject(int, byte[].class) for bytea @anesterenok (#3274)

docs: document infinity and some minor edits @davecramer (#3407)

Added way to check for major server version, fixed check for RULE @davecramer (#3402)

fixed remaining paragraphs @Zopsss (#3398)

fixed paragraphs in javadoc comments @Zopsss (#3397)

Reuse buffers and reduce allocations in GSSInputStream addresses Issue #3251 @davecramer (#3255)

chore: Update Gradle to 8.10.2 @jorsol (#3388)

ci: Test with Java 23 @jorsol (#3381)

Fix getSchemas() @SophiahHo (#3386)

Update rpm postgresql-jdbc.spec.tpl with scram-client @jorsol (#3324)

Clearing thisRow and rowBuffer on close() of ResultSet @reallyinsane (#3384)

Package was renamed to maven-bundle-plugin @ljavorsk (#3382)

As of version 18 the RULE privilege has been removed @davecramer (#3378)

fix: use buffered inputstream to create GSSInputStream @Sasasu (#3373)

get rid of 8.4, 9.0 pg versions and use >= jdk version 17 @davecramer (#3372)

Changed docker-compose version and renamed script file in instructions to match the real file name @MohanadKh03 (#3363)

Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest @nvanbenschoten (#3364)

try to categorize dependencies @davecramer (#3362)

⬆️ Dependencies

chore(deps): update dependency gradle to v8.12 @renovate-bot (#3473)

chore(deps): update codecov/codecov-action digest to adfacf2 @renovate-bot (#3468)

chore(deps): update dependency sbt/sbt to v1.10.7 @renovate-bot (#3470)

fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15 @renovate-bot (#3471)

fix(deps): update junit5 monorepo to v5.11.4 @renovate-bot (#3472)

fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.1.0 @renovate-bot (#3469)

chore(deps): update plugin biz.aqute.bnd.builder to v7.1.0 @renovate-bot (#3455)

chore(deps): update dependency gradle to v8.11.1 @renovate-bot (#3454)

chore(deps): update dependency com.typesafe.play:sbt-plugin to v2.9.6 @renovate-bot (#3452)

chore(deps): update dependency sbt/sbt to v1.10.6 @renovate-bot (#3453)

chore(deps): update plugin org.jetbrains.kotlin.jvm to v2.1.0 @renovate-bot (#3456)

chore(deps): update codecov/codecov-action digest to 015f24e @renovate-bot (#3438)

chore(deps): update dependency sbt/sbt to v1.10.5 @renovate-bot (#3439)

chore(deps): update plugin com.github.burrunan.s3-build-cache to v1.8.4 @renovate-bot (#3440)

fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.plugin to v6.0.26 @renovate-bot (#3441)

... (truncated)

Changelog

Sourced from org.postgresql:postgresql's changelog.

[42.7.5] (2025-01-14 08:00:00 -0400)

Added

ci: Test with Java 23 [PR #3381](pgjdbc/pgjdbc#3381)

Fixed

regression: revert change in fc60537 [PR #3476](pgjdbc/pgjdbc#3476)

fix: PgDatabaseMetaData implementation of catalog as param and return value [PR #3390](pgjdbc/pgjdbc#3390)

fix: Support default GSS credentials in the Java Postgres client [PR #3451](pgjdbc/pgjdbc#3451)

fix: return only the transactions accessible by the current_user in XAResource.recover [PR #3450](pgjdbc/pgjdbc#3450)

feat: don't force send extra_float_digits for PostgreSQL >= 12 fix [Issue #3432](pgjdbc/pgjdbc#3432) [PR #3446](pgjdbc/pgjdbc#3446)

fix: exclude "include columns" from the list of primary keys [PR #3434](pgjdbc/pgjdbc#3434)

perf: Enhance the meta query performance by specifying the oid. [PR #3427](pgjdbc/pgjdbc#3427)

feat: support getObject(int, byte[].class) for bytea [PR #3274](pgjdbc/pgjdbc#3274)

docs: document infinity and some minor edits [PR #3407](pgjdbc/pgjdbc#3407)

fix: Added way to check for major server version, fixed check for RULE [PR #3402](pgjdbc/pgjdbc#3402)

docs: fixed remaining paragraphs [PR #3398](pgjdbc/pgjdbc#3398)

docs: fixed paragraphs in javadoc comments [PR #3397](pgjdbc/pgjdbc#3397)

fix: Reuse buffers and reduce allocations in GSSInputStream addresses [Issue #3251](pgjdbc/pgjdbc#3251) [PR #3255](pgjdbc/pgjdbc#3255)

chore: Update Gradle to 8.10.2 [PR #3388](pgjdbc/pgjdbc#3388)

fix: getSchemas() [PR #3386](pgjdbc/pgjdbc#3386)

fix: Update rpm postgresql-jdbc.spec.tpl with scram-client [PR #3324](pgjdbc/pgjdbc#3324)

fix: Clearing thisRow and rowBuffer on close() of ResultSet [Issue #3383](pgjdbc/pgjdbc#3383) [PR #3384](pgjdbc/pgjdbc#3384)

fix: Package was renamed to maven-bundle-plugin [PR #3382](pgjdbc/pgjdbc#3382)

fix: As of version 18 the RULE privilege has been removed [PR #3378](pgjdbc/pgjdbc#3378)

fix: use buffered inputstream to create GSSInputStream [PR #3373](pgjdbc/pgjdbc#3373)

test: get rid of 8.4, 9.0 pg versions and use >= jdk version 17 [PR #3372](pgjdbc/pgjdbc#3372)

Changed docker-compose version and renamed script file in instructions to match the real file name [PR #3363](pgjdbc/pgjdbc#3363)

test:Do not assume "test" database in DatabaseMetaDataTransactionIsolationTest [PR #3364](pgjdbc/pgjdbc#3364)

try to categorize dependencies [PR #3362](pgjdbc/pgjdbc#3362)

Commits

94a1693 update changelogs and increment version in gradle.properties for release (#3478)
ce54dfd chore: replace deprecated kotlinOptions with a replacement API
398029e chore: avoid failure in osgi-test/onlyIf if -PjdkBuildVersion is missing at t...
7245443 test: skip :pgjdbc-osgi-test:test when runnning tests with Java 8
7747527 chore(deps): update dependency gradle to v8.12
bb07a4b chore(deps): update codecov/codecov-action digest to adfacf2
f545514 chore(deps): update dependency sbt/sbt to v1.10.7
45df56c fix(deps): update dependency org.ops4j.pax.url:pax-url-aether to v2.6.15
b87e106 fix(deps): update junit5 monorepo to v5.11.4
5603477 fix(deps): update dependency com.github.spotbugs:com.github.spotbugs.gradle.p...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the build-dependencies group with 4 updates: [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless), [org.owasp:dependency-check-maven](https://github.com/jeremylong/DependencyCheck), [org.assertj:assertj-core](https://github.com/assertj/assertj) and [org.postgresql:postgresql](https://github.com/pgjdbc/pgjdbc). Updates `com.diffplug.spotless:spotless-maven-plugin` from 2.44.1 to 2.44.2 - [Release notes](https://github.com/diffplug/spotless/releases) - [Changelog](https://github.com/diffplug/spotless/blob/main/CHANGES.md) - [Commits](diffplug/spotless@maven/2.44.1...maven/2.44.2) Updates `org.owasp:dependency-check-maven` from 12.0.0 to 12.0.1 - [Release notes](https://github.com/jeremylong/DependencyCheck/releases) - [Changelog](https://github.com/jeremylong/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](jeremylong/DependencyCheck@v12.0.0...v12.0.1) Updates `org.assertj:assertj-core` from 3.27.2 to 3.27.3 - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](assertj/assertj@assertj-build-3.27.2...assertj-build-3.27.3) Updates `org.postgresql:postgresql` from 42.7.4 to 42.7.5 - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.7.4...REL42.7.5) --- updated-dependencies: - dependency-name: com.diffplug.spotless:spotless-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies - dependency-name: org.owasp:dependency-check-maven dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies - dependency-name: org.assertj:assertj-core dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies - dependency-name: org.postgresql:postgresql dependency-type: direct:production update-type: version-update:semver-patch dependency-group: build-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Jan 21, 2025

dependabot bot assigned marko-bekhta Jan 21, 2025

marko-bekhta approved these changes Jan 21, 2025

View reviewed changes

marko-bekhta merged commit 001938a into main Jan 21, 2025
8 checks passed

dependabot bot deleted the dependabot/maven/build-dependencies-dceef0f1aa branch January 21, 2025 09:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the build-dependencies group with 4 updates #4472

Bump the build-dependencies group with 4 updates #4472

dependabot bot commented on behalf of github Jan 21, 2025

Bump the build-dependencies group with 4 updates #4472

Bump the build-dependencies group with 4 updates #4472

Conversation

dependabot bot commented on behalf of github Jan 21, 2025

Maven Plugin v2.44.2

Version 12.0.1

Version 12.0.1 (2025-01-19)

v3.27.3

💥 Breaking Changes

Core

🐛 Bug Fixes

Core

⚡ Improvements

Core

❤️ Contributors

v42.7.5

Changes

⬆️ Dependencies

[42.7.5] (2025-01-14 08:00:00 -0400)

Added

Fixed