chore(deps): bump the all-minor-and-patch-updates group across 1 directory with 11 updates

[dependabot]

Bumps the all-minor-and-patch-updates group with 11 updates in the / directory:

Package	From	To
org.springframework.boot:spring-boot-starter-parent	4.0.5	4.1.0
io.swagger.core.v3:swagger-core-jakarta	2.2.48	2.2.51
io.swagger.core.v3:swagger-annotations-jakarta	2.2.48	2.2.51
io.swagger.core.v3:swagger-models-jakarta	2.2.48	2.2.51
org.projectlombok:lombok	1.18.44	1.18.46
org.mapstruct:mapstruct	1.5.5.Final	1.6.3
org.mapstruct:mapstruct-processor	1.5.5.Final	1.6.3
io.swagger.parser.v3:swagger-parser	2.1.40	2.1.44
org.jacoco:jacoco-maven-plugin	0.8.14	0.8.15
org.codehaus.mojo:xml-maven-plugin	1.1.0	1.2.1
com.github.spotbugs:spotbugs-maven-plugin	4.9.8.3	4.10.2.0

Updates org.springframework.boot:spring-boot-starter-parent from 4.0.5 to 4.1.0

Release notes

Sourced from org.springframework.boot:spring-boot-starter-parent's releases.

v4.1.0

Full release notes for Spring Boot 4.1 are available on the wiki.

⭐ New Features

• Add public constructor to InvalidConfigurationPropertyValueException that accepts a cause #50211
• Reduce memory consumption when repeatedly calling WritableJson.toByteArray #49428

🐞 Bug Fixes

• MailSender auto-configuration does not enable hostname verification #50747
• Artemis auto-configuration uses a predictable default location for the embedded broker's data #50745
• Embedded LDAP SSL should not be enabled when its bundle is empty #50700
• InetAddressFilter.externalAddresses does not exclude special purpose addresses from RFC 6890 #50668
• NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket #50645
• SSL should not be enabled when a SSL bundle is overridden to an empty string #50635
• Test auto-configuration no longer integrates Spring Security with HtmlUnitDriver #50633
• Configuration property metadata includes incorrect class references #50632
• Docker Compose support does not restore thread interrupt flag when catching InterruptedException #50618
• RabbitProperties enables SSL even when spring.rabbitmq.ssl.bundle is overridden to an empty string #50612
• NullPointerException in reactor-netty SniProvider when SSL bundle uses client-auth or server truststore without server-name-bundles #50610
• SpringJtaPlatform should have been deprecated since 4.1.0-M3 #50592
• Layer written outside the output location of '//' exception is thrown when using extract layers in root directory #50510
• ConfigurationPropertiesReportEndpoint exposes AOP proxy internals #50417
• Created StackTracePrinter instances have no access to the Environment #50414
• MappingsEndpoint reports the context's own ID as parentId when a parent exists #50412
• Buildpack module does not validate long-to-int casts #50410
• Gradle gRPC support fails if protobuf-java dependency is used instead of protobuf-java-util #50405
• GraphQL WebSocket support does not configure allowed origins #50394
• Spring Boot Loader Does Not Support RSA and EC Signed Jars #50298
• Meter registries are not removed from the global registry when the context is closed #50287
• DataSourceBuilder cannot derive a DataSource from a lazy connection proxy #50271
• Nullable annotations from AbstractErrorController.getErrorAttributes are not aligned with implementation #50266
• Bean definitions can be added with an initializer before setAllowBeanDefinitionOverriding is called #50264
• EndpointRequest links matcher unnecessarily matches HTTP methods other than GET #50261
• Actuator's '/cloudfoundryapplication' endpoint does not work if restrictive CORS configuration is provided using a bean named corsConfigurationSource #50258
• ThreadPoolTaskScheduleBuilder unnecessarily loses precision when configuring await termination time #50234
• NimbusJwtDecoder silently accepts unknown values for spring.security.oauth2.resourceserver.jwt.jws-algorithms #50228
• Missing dependency management for spring-boot-web-server-test #50224
• Spring Batch support for MongoDB modules are not included in dependency management #50223
• Apply HTML escaping to timestamp attribute in Whitelabel error page #50216
• GrpcServerHealthScheduler is not started in servlet environments #50209
• Setting server.servlet.session.cookie.partitioned=true has no effect when using Tomcat #50204

📔 Documentation

• Fix reference to Gradle documentation for module replacement #50647
• Document SSL reloading with Let's Encrypt #50630
• Remove the use of Optional from Data Neo4j repository examples #50622
• Fix typos in documentation #50620

... (truncated)

Commits

• ac2cfe0 Release v4.1.0
• 1a5815c Upgrade to Spring Batch 6.0.4
• a8364ff Merge branch '4.0.x'
• 9755ff2 Upgrade to Spring Batch 6.0.4
• 6a6dedc Upgrade to Spring Integration 7.1.0
• db7b2b9 Merge branch '4.0.x'
• d549d07 Upgrade to Spring Integration 7.0.5
• 4d9e463 Merge branch '3.5.x' into 4.0.x
• b068647 Upgrade to Spring Integration 6.5.9
• 198af99 Merge branch '4.0.x'
• Additional commits viewable in compare view

Updates io.swagger.core.v3:swagger-core-jakarta from 2.2.48 to 2.2.51

Updates io.swagger.core.v3:swagger-annotations-jakarta from 2.2.48 to 2.2.51

Updates io.swagger.core.v3:swagger-models-jakarta from 2.2.48 to 2.2.51

Updates io.swagger.core.v3:swagger-annotations-jakarta from 2.2.48 to 2.2.51

Updates io.swagger.core.v3:swagger-models-jakarta from 2.2.48 to 2.2.51

Updates org.projectlombok:lombok from 1.18.44 to 1.18.46

Changelog

Sourced from org.projectlombok:lombok's changelog.

v1.18.46 (April 22nd, 2026)

• PLATFORM: JDK26 support added #4019.
• PLATFORM: Spring Tools Suite 5 supported #3985.
• BUGFIX: @Jacksonized no longer stops generating @JsonProperty once an explicit @JsonIgnore annotations is encountered #4022.
• BUGFIX: In eclipse, mixing @Jacksonized and fluent = true no longer causes the error com.fasterxml.jackson.annotation.JsonProperty is not a repeatable annotation interface. #3934.
• BUGFIX: Some finishing touches for v1.18.44's support of Jackson3 #4004.

Commits

• 936ca59 [build] lombok's launcher is still intended to be 1.4 compatible, or at least...
• fcdab3f [version] pre-release version bump
• 1cb7d49 [changelog]#4004 Mention Jackson3 final touches in changelog.
• 12a15b0 Fix: Bump EA_JDK to 27 (25 and 26 have been released)
• 2be766c Merge branch 'jackson3-final-touches'
• 290fa4c [trivial] constantize the warning we spit out for ambiguous jackson2/3, and m...
• e6567b6 test: Add Jackson 3 test cases and version ambiguity warnings
• 45e72e2 feat: Add Jackson 3 databind/dataformat annotations to HandlerUtil copy lists
• 184d423 feat: Add Jackson 3 support to @​Jacksonized handlers
• e027ad0 refactored to ShadowClassLoader use Collections::enumeration instead of Vector
• Additional commits viewable in compare view

Updates org.mapstruct:mapstruct from 1.5.5.Final to 1.6.3

Release notes

Sourced from org.mapstruct:mapstruct's releases.

1.6.3

Bugs

• Redundant if condition in Java record mapping with RETURN_DEFAULT strategy (#3747)
• Stackoverflow with Immutables custom builder (#3370)
• Unused import of java.time.LocalDate when mapping source LocalDateTime to target LocalDate (#3732)

Documentation

• Add section to README.md comparing mapstruct with Java Records (#3751)

1.6.2

Bugs

• Regression from 1.6.1: ClassCastException when using records (#3717)

1.6.1

Enhancements

• Use Java LinkedHashSet and LinkedHashMap new factory method with known capacity when on Java 19 or later (#3113)

Bugs

• Inverse Inheritance Strategy not working for ignored mappings only with target (#3652)
• Inconsistent ambiguous mapping method error when using SubclassMapping: generic vs raw types (#3668)
• Fix regression when using InheritInverseConfiguration with nested target properties and reversing target = "." (#3670)
• Deep mapping with multiple mappings broken in 1.6.0 (#3667)
• Two different constants are ignored in 1.6.0 (#3673)
• Inconsistent ambiguous mapping method error: generic vs raw types in 1.6.0 (#3668)
• Fix cross module records with interfaces not recognizing accessors (#3661)
• @AfterMapping methods are called twice when using target with builder (#3678)
• Compile error when using @AfterMapping method with Builder and TargetObject (#3703)

Behaviour change

Inverse Inheritance Strategy not working for ignored mappings only with target

Prior to this fix @Mapping(target = "myProperty", ignore = true) was being ignored when using @InheritInverseConfiguration.

e.g.

@Mapper
public interface ModelMapper {
@Mapping(target = "creationDate", ignore = true)
Entity toEntity(Model model);    
@InheritInverseConfiguration
Model toModel(Entity entity);

</tr></table>

... (truncated)

Commits

• b4e25e4 Releasing version 1.6.3
• 772fae4 Prepare release notes for 1.6.3
• efdf435 #3751 Improve readme to include support for Java 16+ records
• c2bd847 #3732 Do not generate obsolete imports for LocalDateTime <-> LocalDate conver...
• 21fdaa0 #3747 Do not generate redundant if condition with constructor mapping and RET...
• 32f1fea #3370 Prevent stack overflow error for Immutables with custom builder
• 26c5bcd Update readme with 1.6.2
• 4e0d73d Next version 1.7.0-SNAPSHOT
• 212607b Releasing version 1.6.2
• 4fd22d6 Prepare release notes for 1.6.2
• Additional commits viewable in compare view

Updates org.mapstruct:mapstruct-processor from 1.5.5.Final to 1.6.3

Release notes

Sourced from org.mapstruct:mapstruct-processor's releases.

1.6.3

Bugs

• Redundant if condition in Java record mapping with RETURN_DEFAULT strategy (#3747)
• Stackoverflow with Immutables custom builder (#3370)
• Unused import of java.time.LocalDate when mapping source LocalDateTime to target LocalDate (#3732)

Documentation

• Add section to README.md comparing mapstruct with Java Records (#3751)

1.6.2

Bugs

• Regression from 1.6.1: ClassCastException when using records (#3717)

1.6.1

Enhancements

• Use Java LinkedHashSet and LinkedHashMap new factory method with known capacity when on Java 19 or later (#3113)

Bugs

• Inverse Inheritance Strategy not working for ignored mappings only with target (#3652)
• Inconsistent ambiguous mapping method error when using SubclassMapping: generic vs raw types (#3668)
• Fix regression when using InheritInverseConfiguration with nested target properties and reversing target = "." (#3670)
• Deep mapping with multiple mappings broken in 1.6.0 (#3667)
• Two different constants are ignored in 1.6.0 (#3673)
• Inconsistent ambiguous mapping method error: generic vs raw types in 1.6.0 (#3668)
• Fix cross module records with interfaces not recognizing accessors (#3661)
• @AfterMapping methods are called twice when using target with builder (#3678)
• Compile error when using @AfterMapping method with Builder and TargetObject (#3703)

Behaviour change

Inverse Inheritance Strategy not working for ignored mappings only with target

Prior to this fix @Mapping(target = "myProperty", ignore = true) was being ignored when using @InheritInverseConfiguration.

e.g.

@Mapper
public interface ModelMapper {
@Mapping(target = "creationDate", ignore = true)
Entity toEntity(Model model);    
@InheritInverseConfiguration
Model toModel(Entity entity);

</tr></table>

... (truncated)

Commits

• b4e25e4 Releasing version 1.6.3
• 772fae4 Prepare release notes for 1.6.3
• efdf435 #3751 Improve readme to include support for Java 16+ records
• c2bd847 #3732 Do not generate obsolete imports for LocalDateTime <-> LocalDate conver...
• 21fdaa0 #3747 Do not generate redundant if condition with constructor mapping and RET...
• 32f1fea #3370 Prevent stack overflow error for Immutables with custom builder
• 26c5bcd Update readme with 1.6.2
• 4e0d73d Next version 1.7.0-SNAPSHOT
• 212607b Releasing version 1.6.2
• 4fd22d6 Prepare release notes for 1.6.2
• Additional commits viewable in compare view

Updates org.mapstruct:mapstruct-processor from 1.5.5.Final to 1.6.3

Release notes

Sourced from org.mapstruct:mapstruct-processor's releases.

1.6.3

Bugs

• Redundant if condition in Java record mapping with RETURN_DEFAULT strategy (#3747)
• Stackoverflow with Immutables custom builder (#3370)
• Unused import of java.time.LocalDate when mapping source LocalDateTime to target LocalDate (#3732)

Documentation

• Add section to README.md comparing mapstruct with Java Records (#3751)

1.6.2

Bugs

• Regression from 1.6.1: ClassCastException when using records (#3717)

1.6.1

Enhancements

• Use Java LinkedHashSet and LinkedHashMap new factory method with known capacity when on Java 19 or later (#3113)

Bugs

• Inverse Inheritance Strategy not working for ignored mappings only with target (#3652)
• Inconsistent ambiguous mapping method error when using SubclassMapping: generic vs raw types (#3668)
• Fix regression when using InheritInverseConfiguration with nested target properties and reversing target = "." (#3670)
• Deep mapping with multiple mappings broken in 1.6.0 (#3667)
• Two different constants are ignored in 1.6.0 (#3673)
• Inconsistent ambiguous mapping method error: generic vs raw types in 1.6.0 (#3668)
• Fix cross module records with interfaces not recognizing accessors (#3661)
• @AfterMapping methods are called twice when using target with builder (#3678)
• Compile error when using @AfterMapping method with Builder and TargetObject (#3703)

Behaviour change

Inverse Inheritance Strategy not working for ignored mappings only with target

Prior to this fix @Mapping(target = "myProperty", ignore = true) was being ignored when using @InheritInverseConfiguration.

e.g.

@Mapper
public interface ModelMapper {
@Mapping(target = "creationDate", ignore = true)
Entity toEntity(Model model);    
@InheritInverseConfiguration
Model toModel(Entity entity);

</tr></table>

... (truncated)

Commits

• b4e25e4 Releasing version 1.6.3
• 772fae4 Prepare release notes for 1.6.3
• efdf435 #3751 Improve readme to include support for Java 16+ records
• c2bd847 #3732 Do not generate obsolete imports for LocalDateTime <-> LocalDate conver...
• 21fdaa0 #3747 Do not generate redundant if condition with constructor mapping and RET...
• 32f1fea #3370 Prevent stack overflow error for Immutables with custom builder
• 26c5bcd Update readme with 1.6.2
• 4e0d73d Next version 1.7.0-SNAPSHOT
• 212607b Releasing version 1.6.2
• 4fd22d6 Prepare release notes for 1.6.2
• Additional commits viewable in compare view

Updates io.swagger.parser.v3:swagger-parser from 2.1.40 to 2.1.44

Release notes

Sourced from io.swagger.parser.v3:swagger-parser's releases.

Swagger-parser 2.1.44 released!

• fix: Replace the unsafe Yaml instantiation in ReferenceVisitor.getYam… (#2344)

Swagger-parser 2.1.43 released!

• fix: resolve refs within external schemas (#2338)

Swagger-parser 2.1.42 released!

• Update swagger-core to 2.2.50 (#2334)
• fix: use explicit prefix for array items with dotted property names (#2330)
• chore: migrate from tibdex/github-app-token to actions/create-github-app-token (#2324)
• build(deps): bump commons-io:commons-io from 2.20.0 to 2.22.0 (#2319)
• build(deps): bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 (#2318)
• build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.5.5 (#2316)

Swagger-parser 2.1.41 released!

• Bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.14 (#2317)
• chore: update v2 parser to 1.0.76 (#2314)
• Prevent StackOverflowError in ResolverFully (#2297)
• Fix thread-safety bug in OpenAPIDereferencer31 (#2294)
• fix(converter): keep x-nullable in shared $ref responses (#2276)

Commits

• 7e18bb6 prepare release 2.1.44 (#2345)
• 119fa73 fix: Replace the unsafe Yaml instantiation in ReferenceVisitor.getYaml() with...
• c81c557 bump snapshot 2.1.44-SNAPSHOT (#2341)
• 7babc5d prepare release 2.1.43 (#2340)
• 9292fcf fix: typo in README regarding Let's Encrypt
• 19dcc26 fix: resolve refs within external schemas (#2338)
• 702586f bump snapshot 2.1.43-SNAPSHOT (#2336)
• e8933f0 prepare release 2.1.42 (#2335)
• 4024d94 Update swagger-core to 2.2.50 (#2334)
• 9c19b19 fix: use explicit prefix for array items with dotted property names (#2330)
• Additional commits viewable in compare view

Updates org.jacoco:jacoco-maven-plugin from 0.8.14 to 0.8.15

Release notes

Sourced from org.jacoco:jacoco-maven-plugin's releases.

0.8.15

New Features

• JaCoCo now officially supports Java 26 (GitHub #2076).
• Experimental support for Java 27 class files (GitHub #2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #2065, #2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #2134).

Commits

• 6c5260a Prepare release v0.8.15
• 5c05141 Transfer of execution data through socket should use buffered stream (#2089)
• ab5efa9 Remove from Azure Pipelines all builds except with JDK 5 and JDK EA (#2148)
• 5f6ea38 Use Windows 2025 image in GitHub Actions (#2130)
• 35a8af2 Use Renovate instead of Dependabot for updates of ASM (#2137)
• 85b8ddf Upgrade ASM to 9.10.1 (#2134)
• 2988647 AgentModule should use ClassLoader of agent instead of SystemClassLoader (#1651)
• 75a4e31 Add filter for Kotlin @JvmExposeBoxed (#1944)
• 691fa1d Use Renovate instead of Dependabot for updates of GitHub Actions (#2132)
• 3e18f17 Require at least JDK 21 for build (#2128)
• Additional commits viewable in compare view

Updates org.codehaus.mojo:xml-maven-plugin from 1.1.0 to 1.2.1

Release notes

Sourced from org.codehaus.mojo:xml-maven-plugin's releases.

1.2.1

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#165) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0 (#164) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 94 to 95 (#163) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#160) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#161) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#162) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#159) @dependabot[bot]

1.2.0

🚀 New features and improvements

• Use Maven 3.9.11 as dependency, still required 3.6.3 (#154) @​slawekjaranowski
• Add support for classpath lookups. (#115) @​splatch
• Require Maven 3.6.3+ (#101) @​slachiewicz

🔧 Build

• Use default Maven version for build (#102) @​slawekjaranowski

📦 Dependency updates

• Use Maven 3.9.11 as dependency, still required 3.6.3 (#154) @​slawekjaranowski
• Bump org.codehaus.plexus:plexus-archiver from 4.10.2 to 4.10.3 (#152) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.1 to 3.5.2 (#153) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 93 to 94 (#151) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.2 (#145) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-resources from 1.3.0 to 1.3.1 (#144) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#143) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 92 to 93 (#142) @dependabot[bot]
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#141) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 91 to 92 (#138) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 87 to 91 (#137) @dependabot[bot]
• Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#133) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 86 to 87 (#132) @dependabot[bot]
• Bump commons-io:commons-io from 2.17.0 to 2.18.0 (#131) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 85 to 86 (#127) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.1 to 4.0.2 (#130) @dependabot[bot]
• Bump commons-io:commons-io from 2.16.1 to 2.17.0 (#129) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.5.0 to 3.5.1 (#126) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 84 to 85 (#125) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#123) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-io from 3.4.2 to 3.5.0 (#124) @dependabot[bot]
• Bump org.codehaus.mojo:mojo-parent from 80 to 84 (#122) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-xml from 3.0.0 to 3.0.1 (#121) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 4.0.0 to 4.0.1 (#118) @dependabot[bot]

... (truncated)

Commits

• 441049d [maven-release-plugin] prepare release xml-maven-plugin-1.2.1
• 9f7b349 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 1f1a73d Bump org.codehaus.plexus:plexus-archiver from 4.10.4 to 4.11.0
• 46288aa Bump org.codehaus.mojo:mojo-parent from 94 to 95
• 40e94cd Bump commons-io:commons-io from 2.20.0 to 2.21.0
• fb83f32 Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0
• 28bedc9 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
• b226817 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
• 15a383e [maven-release-plugin] prepare for next development iteration
• 17187cc [maven-release-plugin] prepare release 1.2.0
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-maven-plugin from 4.9.8.3 to 4.10.2.0

Release notes

Sourced from com.github.spotbugs:spotbugs-maven-plugin's releases.

Spotbugs Maven Plugin 4.10.2.0

• Support spotbugs 4.10.2

What's Changed

• Update ci.yaml by @​hazendaz in spotbugs/spotbugs-maven-plugin#1429
• Update spotbugs.version to v4.10.2 by @​renovate[bot] in spotbugs/spotbugs-maven-plugin#1425

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.5...spotbugs-maven-plugin-4.10.2.0

Spotbugs Maven Plugin 4.9.8.5

What's Changed

• Update README.md by @​hazendaz in spotbugs/spotbugs-maven-plugin#1426
• [fix] Toolchain used wrong flag name 'executable' instead of 'jvm' by @​hazendaz in spotbugs/spotbugs-maven-plugin#1428

Full Changelog: spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.9.8.4...spotbugs-maven-plugin-4.9.8.5

Spotbugs Maven Plugin 4.9.8.4

• build support for maven 4 with maven 4 plugins
• spotbugs extensions jars now moved to target/spotbugs instead of root
• new spotbugs-aggregate mojo for multi module
• support maven toolchains
• block gui when environment is headless
• all spotbug extensions as regular dependencies
• learn to map spotbug extensions to their source project documentation
• in auxiliary class path exclude java.* packages
• improve code coverage

note: This release was done on older spotbugs (not the new 4.10.1) on purpose to keep these changes separate from that of spotbugs. The spotbugs 4.10.1 support release will be available in a day or two and users can otherwise override the core module as there are no changes to be done internally.

Commits

• 2d39b75 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.10.2.0
• 6c300e6 [pom] Bump internal spotbugs to 4.9.8.5
• 250d685 Merge pull request #1425 from spotbugs/renovate/spotbugs.version
• 12f6fb3 Merge pull request #1429 from spotbugs/hazendaz-patch-1
• aaf0a09 Update ci.yaml
• 8b5dff4 Merge branch 'master' into renovate/spotbugs.version
• c83698d Update pom.xml
• b8788fd [maven-release-plugin] prepare for next development iteration
• f758cb5 [maven-release-plugin] prepare release spotbugs-maven-plugin-4.9.8.5
• cec6af5 Update pom.xml
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.