Bump the plugins group with 3 updates #2428

dependabot · 2025-12-01T05:09:41Z

Bumps the plugins group with 3 updates: org.apache.maven.plugins:maven-assembly-plugin, org.apache.maven.plugins:maven-source-plugin and org.apache.maven.plugins:maven-resources-plugin.

Updates org.apache.maven.plugins:maven-assembly-plugin from 3.7.1 to 3.8.0

Release notes

Sourced from org.apache.maven.plugins:maven-assembly-plugin's releases.

3.8.0

🐛 Bug Fixes

[MASSEMBLY-1030] - Manifest entries from archive configuration are not added in final MANIFEST (#205) @olamy

[MASSEMBLY-1029] - Use minimal level for model validation (#204) @gnodet

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#215) @Bukama

👻 Maintenance

chore: migrate junit3/4 to junit5 (#1260) @sparsick

feat: enable prevent branch protection rules (#1252) @sebtiem

Enable Github Issues (#219) @Bukama

📦 Dependency updates

Bump Maven to 3.9.11. Prerequisite still 3.6.3 (#1270) @slachiewicz

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#1269) @dependabot[bot]

Bump org.codehaus.plexus:plexus-io from 3.5.2 to 3.6.0 (#1264) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#1266) @dependabot[bot]

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#1267) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#1265) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#1258) @dependabot[bot]

Bump com.github.luben:zstd-jni from 1.5.7-5 to 1.5.7-6 (#1259) @dependabot[bot]

Bump plexus-archiver to 4.10.3 (#1255) @slachiewicz

Bump m-invoker-p to 3.9.1 for Java 25 (#1256) @slachiewicz

Bump com.github.luben:zstd-jni from 1.5.7-4 to 1.5.7-5 (#1254) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 44 to 45 (#1251) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 42 to 44 (#216) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.1 to 1.28.0 (#1248) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#1249) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#1250) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#1247) @dependabot[bot]

Bump com.github.luben:zstd-jni from 1.5.7-3 to 1.5.7-4 (#1244) @dependabot[bot]

Bump commons-fileupload:commons-fileupload from 1.5 to 1.6.0 in /src/it/projects/bugs/massembly-580 (#1245) @dependabot[bot]

Bump com.github.luben:zstd-jni from 1.5.7-2 to 1.5.7-3 (#225) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#209) @dependabot[bot]

Bump org.apache.maven.shared:maven-common-artifact-filters from 3.3.2 to 3.4.0 (#207) @dependabot[bot]

Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#224) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#223) @dependabot[bot]

Bump com.github.luben:zstd-jni from 1.5.6-3 to 1.5.7-2 (#222) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#221) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.27.0 to 1.27.1 (#213) @dependabot[bot]

Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 (#220) @dependabot[bot]

Bump org.codehaus.plexus:plexus-io from 3.4.2 to 3.5.1 (#214) @dependabot[bot]

Bump org.hamcrest:hamcrest from 2.2 to 3.0 (#212) @dependabot[bot]

Bump org.apache.commons:commons-compress from 1.26.1 to 1.27.0 (#211) @dependabot[bot]

... (truncated)

Commits

53dcfc0 Remove redundant escaping (#1277)
04cbbb3 some nits (#1279)
7c9e58a Plug ThreadLocal memory leak (#1276)
ceef4b0 commons-io version is now the same (#1274)
0a06350 Declare used dependencies (#1271)
31ac192 Remove commented code (#1273)
c5b8aff Document regex support in include/exclude patterns (#1243)
bd8cafc [maven-release-plugin] prepare for next development iteration
434b3aa [maven-release-plugin] prepare release maven-assembly-plugin-3.8.0
43666c3 Bump Maven to 3.9.11. Prerequisite still 3.6.3
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-source-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-source-plugin's releases.

3.4.0

🐛 Bug Fixes

[MSOURCES-140] - fail only if re-attach different files (#24) @hboutemy

👻 Maintenance

Bump m-invoker-p to 3.9.1 (#251) @slachiewicz

Allow to manually execute release drafter (#58) @slawekjaranowski

GH Issues (Maven 3 branch) (#57) @Bukama

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#49) @Bukama

📦 Dependency updates

Use plexus-utils version from parent (#252) @slachiewicz

Bump commons-io:commons-io from 2.20.0 to 2.21.0 (#247) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4 (#248) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5 (#241) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3 (#242) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#246) @dependabot[bot]

Bump mavenVersion from 3.2.5 to 3.9.11 (#221) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.10.0 to 4.10.1 (#233) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.3 to 3.6.4 (#229) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 41 to 45 (#218) @dependabot[bot]

Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 3.6.0 (#226) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#222) @dependabot[bot]

Bump commons-io:commons-io from 2.16.1 to 2.19.0 (#68) @dependabot[bot]

Bump org.codehaus.plexus:plexus-archiver from 4.9.2 to 4.10.0 (#63) @dependabot[bot]

Bump org.apache.maven:maven-archiver from 3.6.2 to 3.6.3 (#66) @dependabot[bot]

Bump commons-io:commons-io from 2.16.0 to 2.16.1 (#27) @dependabot[bot]

[MSOURCES-147] - Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 (#23) @dependabot[bot]

[MSOURCES-146] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#25) @dependabot[bot]

[MSOURCES-145] - Bump org.apache.maven:maven-archiver from 3.6.1 to 3.6.2 (#26) @dependabot[bot]

Commits

ecf937a [maven-release-plugin] prepare release maven-source-plugin-3.4.0
95b3bf4 Revert "[maven-release-plugin] prepare for next development iteration"
7a9a770 [maven-release-plugin] prepare for next development iteration
292c1ce Use plexus-utils version from parent
bf79b71 Bump m-invoker-p to 3.9.1
4f3fcb9 Bump commons-io:commons-io from 2.20.0 to 2.21.0
a867442 Bump org.codehaus.plexus:plexus-archiver from 4.10.3 to 4.10.4
51c66ac Bump org.apache.maven:maven-archiver from 3.6.4 to 3.6.5
267df46 Bump org.codehaus.plexus:plexus-archiver from 4.10.1 to 4.10.3
ef85324 Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness
Additional commits viewable in compare view

Updates org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0

Release notes

Sourced from org.apache.maven.plugins:maven-resources-plugin's releases.

3.4.0

🚀 New features and improvements

Enable GitHub Issues (#98) @slawekjaranowski

📝 Documentation updates

[MNGSITE-529] - Rename "Goals" to "Plugin Documentation" (#89) @Bukama

[MRESOURCES-299] - Be more accurate on using filtering element (#80) @pzygielo

Don't bother with very old versions (#59) @elharo

👻 Maintenance

Migrate site to Doxia 2 (#440) @slachiewicz

Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @slachiewicz

PlexusFileUtils Refaster recipes (#431) @slachiewicz

Add PR Automation action (#94) @slawekjaranowski

Improve release-drafter configuration (#93) @slawekjaranowski

Bump org.apache.maven.plugins:maven-plugins from 39 to 41 (#64) @dependabot[bot]

Add dependency to slf4j-simple for test scope (#60) @slachiewicz

Use try with resources in integration test (#58) @elharo

reduce dependency scope of plexus-utils and commons-io (#57) @elharo

📦 Dependency updates

Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439) @dependabot[bot]

Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24 (#413) @dependabot[bot]

Bump Maven to 3.9.11 while keep prerequisites on 3.6.3 (#437) @slachiewicz

Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29 (#432) @dependabot[bot]

Bump m-invoker-p to 3.9.1 (#433) @slachiewicz

Bump org.apache.maven.plugins:maven-plugins from 43 to 45 (#411) @dependabot[bot]

Bump org.codehaus.plexus:plexus-interpolation from 1.27 to 1.28 (#114) @dependabot[bot]

Bump org.apache.maven.plugin-testing:maven-plugin-testing-harness from 3.3.0 to 3.4.0 (#430) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.19.0 (#422) @dependabot[bot]

Bump commons-io:commons-io from 2.19.0 to 2.20.0 (#419) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 (#416) @dependabot[bot]

Bump commons-io:commons-io from 2.18.0 to 2.19.0 (#117) @dependabot[bot]

Bump org.apache.maven.shared:maven-filtering from 3.3.2 to 3.4.0 (#107) @dependabot[bot]

Bump commons-io:commons-io from 2.16.0 to 2.18.0 (#102) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.14.0 to 3.17.0 (#104) @dependabot[bot]

Bump org.apache.maven.plugins:maven-plugins from 41 to 43 (#101) @dependabot[bot]

[MRESOURCES-305] - Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 (#65) @dependabot[bot]

[MRESOURCES-304] - Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 (#66) @dependabot[bot]

[MRESOURCES-303] - Bump org.apache.maven.shared:maven-filtering from 3.3.1 to 3.3.2 (#68) @dependabot[bot]

Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 (#62) @dependabot[bot]

[MRESOURCES-302] - Bump commons-io:commons-io from 2.11.0 to 2.16.0 (#69) @dependabot[bot]

Bump apache/maven-gh-actions-shared from 3 to 4 (#67) @dependabot[bot]

Commits

b07d56e [maven-release-plugin] prepare for next development iteration
21e646c [maven-release-plugin] prepare release maven-resources-plugin-3.4.0
61801af Migrate site to Doxia 2
146ebb8 Bump org.apache.commons:commons-lang3 from 3.19.0 to 3.20.0 (#439)
5013682 Bump org.apache.maven.resolver:maven-resolver-api from 1.6.3 to 1.9.24
d7c4d28 Bump Maven to 3.9.11 while keep prerequisites on 3.6.3
e33f1ec Bump org.codehaus.plexus:plexus-interpolation from 1.28 to 1.29
ce77f50 Bump m-invoker-p to 3.9.1
726f429 Bump org.apache.maven.plugins:maven-plugins from 43 to 45
a747bae PlexusFileUtils Refaster recipes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the plugins group with 3 updates: [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin), [org.apache.maven.plugins:maven-source-plugin](https://github.com/apache/maven-source-plugin) and [org.apache.maven.plugins:maven-resources-plugin](https://github.com/apache/maven-resources-plugin). Updates `org.apache.maven.plugins:maven-assembly-plugin` from 3.7.1 to 3.8.0 - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](apache/maven-assembly-plugin@maven-assembly-plugin-3.7.1...v3.8.0) Updates `org.apache.maven.plugins:maven-source-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-source-plugin/releases) - [Commits](apache/maven-source-plugin@maven-source-plugin-3.3.1...maven-source-plugin-3.4.0) Updates `org.apache.maven.plugins:maven-resources-plugin` from 3.3.1 to 3.4.0 - [Release notes](https://github.com/apache/maven-resources-plugin/releases) - [Commits](apache/maven-resources-plugin@maven-resources-plugin-3.3.1...v3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: plugins - dependency-name: org.apache.maven.plugins:maven-source-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: plugins - dependency-name: org.apache.maven.plugins:maven-resources-plugin dependency-version: 3.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: plugins ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added 1.2 backport labels Dec 1, 2025

dependabot bot requested a review from a team as a code owner December 1, 2025 05:09

dependabot bot added backport 1.2 labels Dec 1, 2025

NSeydoux approved these changes Dec 1, 2025

View reviewed changes

NSeydoux enabled auto-merge (squash) December 1, 2025 11:00

dependabot bot force-pushed the dependabot/maven/1.2/plugins-627c575f7c branch from b11f956 to 1a08365 Compare December 1, 2025 11:01

dependabot bot force-pushed the dependabot/maven/1.2/plugins-627c575f7c branch from 1a08365 to 3596a57 Compare December 1, 2025 12:19

NSeydoux merged commit 9566948 into 1.2 Dec 1, 2025
8 checks passed

NSeydoux deleted the dependabot/maven/1.2/plugins-627c575f7c branch December 1, 2025 12:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the plugins group with 3 updates #2428

Bump the plugins group with 3 updates #2428

Uh oh!

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the plugins group with 3 updates #2428

Bump the plugins group with 3 updates #2428

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 1, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

3.8.0

🐛 Bug Fixes

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

3.4.0

🐛 Bug Fixes

👻 Maintenance

📦 Dependency updates

3.4.0

🚀 New features and improvements

📝 Documentation updates

👻 Maintenance

📦 Dependency updates

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Dec 1, 2025 •

edited

Loading