Bump the maven group with 13 updates

[dependabot]

Bumps the maven group with 13 updates:

Package	From	To
com.google.errorprone:error_prone_core	2.47.0	2.48.0
com.diffplug.spotless:spotless-maven-plugin	3.2.1	3.3.0
org.apache.maven.plugins:maven-surefire-plugin	3.5.4	3.5.5
org.apache.maven.plugins:maven-failsafe-plugin	3.5.4	3.5.5
com.google.errorprone:error_prone_annotations	2.47.0	2.48.0
com.guardsquare:proguard-core	9.3.0	9.3.2
org.apache.maven.plugins:maven-resources-plugin	3.4.0	3.5.0
org.graalvm.buildtools:native-maven-plugin	0.11.4	0.11.5
com.android.tools:r8	9.0.32	9.1.31
org.apache.maven.plugins:maven-shade-plugin	3.6.1	3.6.2
com.fasterxml.jackson.core:jackson-databind	2.21.0	2.21.1
com.google.protobuf:protobuf-java	4.33.5	4.34.0
io.github.ascopes:protobuf-maven-plugin	4.1.3	5.0.2

Updates com.google.errorprone:error_prone_core from 2.47.0 to 2.48.0

Release notes

Sourced from com.google.errorprone:error_prone_core's releases.

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (google/error-prone@8e84edf)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Commits

• 7cec0a0 Release Error Prone 2.48.0
• 01c603a Extend MissingTestCall to check for member references.
• 3d817b0 Handle var in UnnecessaryBoxedVariable
• ad26f3e Add ConcurrentHashMap.keys() and ConcurrentHashMap.elements() to `JdkObso...
• 7926dbc Fix MustBeClosedChecker crash on flexible constructors.
• d08f003 Check for jakarta annotations in DI checks
• 171448c Add android internal GuardedBy to ACCEPTED_GUARDED_BY_ANNOTATIONS
• 5cb6075 Remove the MissingTestCall:MatchGraphVerify flag.
• ab81681 Improve crash messages for fixes that don't apply
• fe9bb21 Add a test to confirm that TimeUnitMismatch catches `seconds * 1000 + nanos /...
• Additional commits viewable in compare view

Updates com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.3.0

Release notes

Sourced from com.diffplug.spotless:spotless-maven-plugin's releases.

Lib v3.3.0

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

Maven Plugin v3.3.0

Added

• Add tabletest-formatter support for Java and Kotlin. (#2860)

Fixed

• Fix the ability to specify a wildcard version (*) for external formatter executables, which did not work. (#2848)
• [fix] ConcurrentModificationException in expandWildcardImports (#2830)

Changelog

Sourced from com.diffplug.spotless:spotless-maven-plugin's changelog.

[3.3.0] - 2025-07-20

Added

• Allow specifying path to Biome JSON config file directly in biome step. Requires biome 2.x. (#2548)
• GitPrePushHookInstaller, a reusable library component for installing a Git pre-push hook that runs formatter checks. (#2553)
• Allow setting Eclipse XML config from a string, not only from files (#2361)

Changed

• Bump default gson version to latest 2.11.0 -> 2.13.1. (#2414)
• Bump default jackson version to latest 2.18.1 -> 2.19.2. (#2558)
• Bump default gherkin-utils version to latest 9.0.0 -> 9.2.0. (#2408)
• Bump default cleanthat version to latest 2.22 -> 2.23. (#2556)

[3.2.0] - 2025-07-07

Added

• Support for idea (#2020, #2535)
• Add support for removing wildcard imports via removeWildcardImports step. (#2517)
• scalafmt: enforce version consistency between the version configured in Spotless and the version declared in Scalafmt config file (#2460)

Fixed

• SortPom disable expandEmptyElements, to avoid empty body warnings. (#2520)
• Fix biome formatter for new major release 2.x of biome (#2537)
• Make sure npm-based formatters use the correct node_modules directory when running in parallel. (#2542)

Changed

• Bump internal dependencies for npm-based formatters (#2542)

[3.1.2] - 2025-05-27

Fixed

• Fix UnsupportedOperationException in the Gradle plugin when using targetExcludeContent[Pattern] (#2487)
• pgp key had expired, this and future releases will be signed by new key (details)

Changed

• Bump default eclipse version to latest 4.34 -> 4.35. (#2458)
• Bump default greclipse version to latest 4.32 -> 4.35. (#2458)

[3.1.1] - 2025-04-07

Changed

• Use palantir-java-format 2.57.0 on Java 21. (#2447)
• Re-try npm install with --prefer-online after ERESOLVE error. (#2448)
• Allow multiple npm-based formatters having the same module dependencies, to share a node_modules dir without race conditions. #2462)

[3.1.0] - 2025-02-20

Added

• Support forclang-format on maven-plugin (#2406)
• Allow overriding classLoader for all JarStates to enable spotless-cli (#2427)

[3.0.2] - 2025-01-14

Fixed

• Node.JS-based tasks now work with the configuration cache (#2372)
• Eclipse-based tasks can now handle parallel configuration (#2389)

[3.0.1] - 2025-01-07

Fixed

• Deployment was missing part of the CDT formatter, now fixed. (#2384)

... (truncated)

Commits

• 015df60 Published lib/3.3.0
• a7ea252 feat: supply eclipse formatter settings as XML content (#2361)
• 0d0192d Use try-with-resources to make sure we don't have dangling streams.
• b12ff7c More changelog fixup.
• b26c800 Update changelogs.
• 9798251 Merge branch 'main' into feature/eclipse-config-without-file-xml
• af40183 add git pre push hook (#2553)
• cee7009 fix(deps): update jackson monorepo to v2.19.2 (#2558)
• 2dadeb6 uninstall fix
• 259ec38 Modify git-hook docs, with an eye towards a future where there is both a pre-...
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5

Release notes

Sourced from org.apache.maven.plugins:maven-failsafe-plugin's releases.

3.5.5

🚀 New features and improvements

• Replace runing external process and parsing output with simple ProcessHandle if available (Java9+) (#3252) @​olamy
• Pass slf4j context to spawned thread (#3241) @​scottrw93
• [SUREFIRE-3239] - allow override of statistics file checksum (#3247) @​XN137
• Reduce log level for skipped tests result to info (#3232) @​strangelookingnerd

🐛 Bug Fixes

• Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258) @​jbliznak. Please note if you are using Windows with Java 8 and not PowerShell (you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4)
• Properly work with test failures caused during beforeAll phase (#3194) @​Frawless

📝 Documentation updates

• Clarify how late placeholder replacement (@{...}) deals with (#3208) @​kwin

👻 Maintenance

• Fix Jenkin badges in README (#3254) @​slawekjaranowski
• Use JUnit5 in failsafe ITs (#3251) @​slawekjaranowski
• Remove long-deprecated unused encoding property from VerifyMojo (#3198) @​Tomlincoln
• Add IT and deal with corner cases of handling beforeAll failures (#3200) @​Frawless
• Revert PR #3194 that handle beforeAll failures to follow proper contributing rules (#3211) @​Frawless

🔧 Build

• Missing many files in the GH Artifacts of CI ex-post. (#3219) @​Tibor17

📦 Dependency updates

• Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.1 (#3260) @dependabot[bot]
• Bump parent from 44 to 47 (#3253) @​slawekjaranowski
• Bump org.assertj:assertj-core from 3.16.1 to 3.27.7 in /surefire-its/src/test/resources/surefire-1733-testng (#3246) @dependabot[bot]
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 (#3245) @dependabot[bot]
• Bump org.codehaus.mojo:animal-sniffer-maven-plugin from 1.26 to 1.27 (#3243) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.20.0 to 4.21.0 (#3236) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.1 to 1.5.2 (#3235) @dependabot[bot]
• Bump org.apache.logging.log4j:log4j-core from 2.17.1 to 2.25.3 in /surefire-its/src/test/resources/surefire-1659-stream-corruption (#3234) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.19.0 to 4.20.0 (#3228) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.18.0 to 4.19.0 (#3224) @dependabot[bot]
• Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#3223) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#3221) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-i18n from 1.0.0 to 1.1.0 (#3220) @dependabot[bot]
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#3217) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#3214) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-java from 1.5.0 to 1.5.1 (#3218) @dependabot[bot]
• Bump org.htmlunit:htmlunit from 4.16.0 to 4.18.0 (#3213) @dependabot[bot]

... (truncated)

Commits

• 968cb38 [maven-release-plugin] prepare release surefire-3.5.5
• 8e7dc41 Reapply "Replace runing external process and parsing output with simple Proce...
• 4ced57c Revert "Replace runing external process and parsing output with simple Proces…"
• 8496d9a Bump org.xmlunit:xmlunit-core from 2.10.4 to 2.11.0 (#3209)
• 68265e5 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#3260)
• 0b19014 Replace runing external process and parsing output with simple ProcessHandle ...
• 688f8c4 Use PowerShell instead of WMIC for detecting zombie process on Windows (#3258)
• e5c01a6 Build only by the latest Maven on Jenkins (#3255)
• 9c99e97 Fix Jenkin badges in README (#3254)
• 20930ea Bump parent from 44 to 47 (#3253)
• Additional commits viewable in compare view

Updates com.google.errorprone:error_prone_annotations from 2.47.0 to 2.48.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.48.0

Changes:

• Added support for passing flags with command-line argument files (@-files) (google/error-prone@8e84edf)

New checks:

• AvoidValueSetter
• UnnecessarySemicolon

Closed issues: #5529, #5537, #5522, #5521

Full changelog: google/error-prone@v2.47.0...v2.48.0

Commits

• 7cec0a0 Release Error Prone 2.48.0
• 01c603a Extend MissingTestCall to check for member references.
• 3d817b0 Handle var in UnnecessaryBoxedVariable
• ad26f3e Add ConcurrentHashMap.keys() and ConcurrentHashMap.elements() to `JdkObso...
• 7926dbc Fix MustBeClosedChecker crash on flexible constructors.
• d08f003 Check for jakarta annotations in DI checks
• 171448c Add android internal GuardedBy to ACCEPTED_GUARDED_BY_ANNOTATIONS
• 5cb6075 Remove the MissingTestCall:MatchGraphVerify flag.
• ab81681 Improve crash messages for fixes that don't apply
• fe9bb21 Add a test to confirm that TimeUnitMismatch catches `seconds * 1000 + nanos /...
• Additional commits viewable in compare view

Updates com.guardsquare:proguard-core from 9.3.0 to 9.3.2

Release notes

Sourced from com.guardsquare:proguard-core's releases.

9.3.2

Version 9.3.2

Upgrade consideration

• The proguardCORE test fixtures module now requires Java 11.

Java support

• Update maximum supported Java class version to 70.65535 (Java 26).

API improvements

• Allow referencedClass to be provided in ClassBuilder.addAndReturnField.
• Add name property to ClassModel.

9.3.1

Kotlin support

• Add support for processing Kotlin 2.3 metadata.

Commits

• e728e2d Fix typo in release note
• e8e958e Fix release note quotations
• 5112781 Prepare release for java 26
• edac56f Update kotest to 6.1.4, address API changes
• edabeae Improve CommonTerminals
• 43ee355 Allow referencedClass to be provided in ClassBuilder#addAndReturnField
• cdc3841 Do not model null classes in ClassModel
• 9becda9 Add ClassModel name property
• 8997301 Support java 26
• bb606a6 Change ContextReceiver/Parameter test to BehaviorSpec
• Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.5.0

• Cleanup deps (#463) @​cstamas

🚀 New features and improvements

• Bug: use change detecton strategies (#462) @​cstamas

👻 Maintenance

• Add IT for #444 issue (#446) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#449) @​slawekjaranowski
• Migration to JUnit 5 - avoid using AbstractMojoTestCase (#447) @​slawekjaranowski

📦 Dependency updates

• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#461) @dependabot[bot]
• Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#457) @dependabot[bot]
• Bump mavenVersion from 3.9.11 to 3.9.12 (#452) @dependabot[bot]

Commits

• ce485a0 [maven-release-plugin] prepare release maven-resources-plugin-3.5.0
• bfadfff Use maven-filtering 3.5.0 (staged)
• 3f74ba2 Drop commons-io; unused
• caefcde Bug: use change detecton strategies (#462)
• 38534e3 Cleanup deps (#463)
• 0814ec7 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#461)
• e2f9135 Bump org.apache.maven.plugins:maven-plugins from 45 to 47 (#459)
• a050be3 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#457)
• 1825b2a Bump mavenVersion from 3.9.11 to 3.9.12 (#452)
• ad31b55 Add IT for #444 issue
• Additional commits viewable in compare view

Updates org.graalvm.buildtools:native-maven-plugin from 0.11.4 to 0.11.5

Release notes

Sourced from org.graalvm.buildtools:native-maven-plugin's releases.

0.11.5

What's Changed

• Bump version to 0.11.5-SNAPSHOT by @​graalvmbot in graalvm/native-build-tools#817
• Make environment variables set in the pom.xml of the native-maven-plugin be visible in the image builder by @​jormundur00 in graalvm/native-build-tools#819
• Add check if correct schemas are present in the reachability metadata repository provided to buildtools by @​jormundur00 in graalvm/native-build-tools#821
• Add fallback for jarless artifacts in the native-maven-plugin by @​jormundur00 in graalvm/native-build-tools#824
• Fix JUnit 6 not working correctly with JDK 21 by expanding the initialize-at-build-time-list by @​jormundur00 in graalvm/native-build-tools#832
• Remove the usage of the global metadata/index.json from the nbt plugins by @​jormundur00 in graalvm/native-build-tools#829
• Revert "Remove the usage of the global metadata/index.json from the nbt plugins" by @​jormundur00 in graalvm/native-build-tools#836
• Use JDK 21 Graal in the CI by @​jormundur00 in graalvm/native-build-tools#839
• Support -H:+CompatibilityMode in build tools by @​vjovanov in graalvm/native-build-tools#822
• Update reachability metadata to 0.3.34 by @​graalvmbot in graalvm/native-build-tools#842

Full Changelog: graalvm/native-build-tools@0.11.4...0.11.5

Commits

• ffd094d Release 0.11.5
• 1d7c2f7 Merge pull request #842 from graalvm/update-metadata-to-0.3.34
• ba1c2e8 Update reachability metadata to 0.3.34
• 790fa05 Merge pull request #822 from graalvm/vj/compatibility-mode
• 0631241 Implement Compatibility Mode detection
• 1844654 Use JDK 21 Graal in the CI (#839)
• 6315677 Revert "Remove the usage of the global metadata/index.json from the nbt plugi...
• fe065ce Remove the usage of the global metadata/index.json from the nbt plugins (#829)
• 94b5b54 Fix JUnit 6 not working correctly with JDK 21 by expanding the initialize-at-...
• 086cfdf Add fallback for jarless artifacts in the native-maven-plugin (#824)
• Additional commits viewable in compare view

Updates com.android.tools:r8 from 9.0.32 to 9.1.31

Updates org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2

Release notes

Sourced from org.apache.maven.plugins:maven-shade-plugin's releases.

3.6.2

🐛 Bug Fixes

• Bug: Extra JARs and Artifacts were not subjected to filtering (#785) @​cstamas

👻 Maintenance

• Drop excessive dependencies (#786) @​cstamas
• chore: remove junit3 reference (#762) @​sparsick
• Exclude Java 25 (#773) @​slachiewicz
• Update site descriptor, use site configuration from parent (#755) @​slawekjaranowski

📦 Dependency updates

• Drop unneeded dependencies (#788) @​cstamas
• Update to parent POM v 47 (#781) @​Bukama
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.5.0 to 3.5.1 (#782) @dependabot[bot]
• Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.4.0 to 3.5.0 (#778) @dependabot[bot]
• Bump asmVersion from 9.9 to 9.9.1 (#774) @dependabot[bot]
• Update invoker plugin to 3.9.1 to Support Java 25 (#769) @​Bukama
• Bump asmVersion from 9.8 to 9.9 (#761) @dependabot[bot]
• Bump org.xmlunit:xmlunit-legacy from 2.10.3 to 2.11.0 (#763) @dependabot[bot]
• Bump org.apache.maven.plugin-tools:maven-plugin-annotations from 3.15.1 to 3.15.2 (#764) @dependabot[bot]
• Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#768) @dependabot[bot]
• Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#758) @dependabot[bot]

Commits

• ad8de59 [maven-release-plugin] prepare release maven-shade-plugin-3.6.2
• 8eb19dc Drop unneeded dependencies (#788)
• 397b2cd Drop excessive dependencies (#786)
• eca6398 Bug: Extra JARs and Artifacts were not subjected to filtering (#785)
• 7edce17 Update to parent POM v 47 (#781)
• 3171a34 Mockito improvements (#783)
• 678844b Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#782)
• 73ec909 Bump org.codehaus.mojo:mrm-maven-plugin from 1.7.0 to 1.7.1 (#780)
• 5f7a877 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness (#778)
• 73c5247 chore: remove junit3 reference (#762)
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.21.0 to 2.21.1

Commits

• See full diff in compare view

Updates com.google.protobuf:protobuf-java from 4.33.5 to 4.34.0

Commits

• See full diff in compare view

Updates io.github.ascopes:protobuf-maven-plugin from 4.1.3 to 5.0.2

Release notes

Sourced from io.github.ascopes:protobuf-maven-plugin's releases.

v5.0.2

Bugfixes:

• Reimplement artifact resolution to handle additional edge cases that may previously have bled into other code and caused spurious/unhelpful/vague exceptions during dependency resolution.
  • Specifically, this handles a case where passing a non-existent classifier on a published dependency could result in an ArrayIndexOutOfBoundsException being raised at runtime. Other edge cases should also be handled more sensibly moving forwards.

Other changes:

• Dependency resolution now explicitly ensures additional configuration overrides within the Maven/Aether transports are propagated and used correctly with respect to things like proxies and custom authenticators.
• New examples by @​sleepkqq for building Kotlin gRPC projects in the documentation.
• Build on Maven 3.9.13 in addition to 3.9.6 and 4.0.0-rc-5, now that the former has been released.

v5.0.1 release notes

• Implemented partial workaround for GH-596 where users may experience OutOfMemoryExceptions being raised by Eclipse Aether during dependency resolution. - The plugin now follows similar behaviour to Maven Core by not recursing into transitive test dependencies and fat artifact dependencies, which was considered to be surprising and undefined behaviour.
  • Users depending on the old behaviour should explicitly declare their dependencies following standard Maven conventions.
  • This is not deemed a breaking change since the old behaviour is undefined and does not follow Maven default behaviour.
• Reverted offloading project dependency resolution to Maven to address GH-939.
  • This previously manifested as various Maven reactor failures when resolving sibling dependencies in a Maven multi-module project.
  • Users can now disable dependency resolution for the main project dependencies correctly by setting <ignoreProjectDependencies>true</ignoreProjectDependencies> and only specify their protobuf dependencies via the plugin itself.
• Reduced default concurrency multiplier used for various internal tasks after several JFR profiling sessions showed a general lack of utilisation of the thread pool.
  • This should reduce idle resources slightly in builds.
• Various Aether internals are now cached for the duration of the plugin goal rather than recreated numerous times during dependency resolution.
  • This should reduce resource usage slightly in builds.
• Updated plugin to use protobuf-java:4.34.0for various descriptor file-related activities.
• Updated project and integration test dependencies to verify plugin compatibility across various component matrices.

v5.0.0

New major version that removes some old tech debt introduced for backwards API compatibility with minor versions on v4.x and older. This allows extending this plugin with new features moving forwards by removing some limitations around the old way of configuring a couple of aspects.

The changes are fairly minor, but migration details have been added below.

[!TIP] Users with concerns about making changes across many projects due to being pinned to an older version of this plugin can first upgrade their parent projects to point at v4.1.3 of this plugin while they perform migration steps incrementally.

If there are any concerns or queries, please add a comment to the discussion.

Protoc plugin declarations

We have removed deprecated legacy protoc plugin parameters from GH-877 -- users must use the plugins parameter instead now.

• binaryMavenPlugins is removed, use plugins with kind="binary-maven" instead.
• binaryPathPlugins is removed, use plugins with kind="path" instead.
• binaryUrlPlugins is removed, use plugins with kind="url" instead.
• jvmMavenPlugins is removed, use plugins with kind="jvm-maven" instead.

See https://ascopes.github.io/protobuf-maven-plugin/using-protoc-plugins.html for full usage details and examples, but effectively...

Description has been truncated